URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-...
Submission: On September 04 via manual from ES

Summary

This website contacted 35 IPs in 6 countries across 30 domains to perform 137 HTTP transactions. The main IP is 2a02:26f0:f1:29a::2469, located in Ascension Island and belongs to AKAMAI-ASN1, EU. The main domain is blogs.akamai.com.
TLS certificate: Issued by DigiCert Secure Site ECC CA-1 on March 11th 2020. Valid for: a year.
This is the only time blogs.akamai.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
14 2a02:26f0:f1:... 20940 (AKAMAI-ASN1)
6 2606:4700::68... 13335 (CLOUDFLAR...)
24 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
6 23.210.248.44 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a02:26f0:10:... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 23.210.250.213 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 151.101.112.157 54113 (FASTLY)
2 172.217.18.162 15169 (GOOGLE)
2 2a02:26f0:10c... 20940 (AKAMAI-ASN1)
2 104.108.64.24 16625 (AKAMAI-AS)
1 143.204.201.29 16509 (AMAZON-02)
6 2a02:26f0:f1:... 20940 (AKAMAI-ASN1)
2 2620:1ec:c11:... 8068 (MICROSOFT...)
2 2a03:2880:f01... 32934 (FACEBOOK)
16 2606:4700:20:... 13335 (CLOUDFLAR...)
1 1 68.67.153.60 29990 (ASN-APPNEX)
2 2 37.252.172.249 29990 (ASN-APPNEX)
1 99.86.2.45 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 2 2a05:f500:11:... 14413 (LINKEDIN)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
5 52.201.3.186 14618 (AMAZON-AES)
3 2a03:2880:f11... 32934 (FACEBOOK)
8 52.1.50.62 14618 (AMAZON-AES)
3 2a00:1450:400... 15169 (GOOGLE)
1 143.204.201.79 16509 (AMAZON-02)
2 2 52.212.22.61 16509 (AMAZON-02)
1 2 143.204.201.16 16509 (AMAZON-02)
1 104.244.42.197 13414 (TWITTER)
1 192.28.144.124 15224 (OMNITURE)
3 2a00:1450:400... 15169 (GOOGLE)
1 104.244.42.131 13414 (TWITTER)
2 2a03:2880:f01... 32934 (FACEBOOK)
137 35
Domain Requested by
24 www.akamai.com blogs.akamai.com
16 c.lytics.io blogs.akamai.com
c.lytics.io
14 blogs.akamai.com blogs.akamai.com
8 ing-district.clicktale.net cdnssl.clicktale.net
6 cdnssl.clicktale.net blogs.akamai.com
cdnssl.clicktale.net
6 cdn.cookielaw.org blogs.akamai.com
cdn.cookielaw.org
5 conductor.clicktale.net cdnssl.clicktale.net
4 www.google.de blogs.akamai.com
4 www.google.com blogs.akamai.com
4 www.google-analytics.com blogs.akamai.com
www.google-analytics.com
4 s7.addthis.com blogs.akamai.com
s7.addthis.com
3 googleads.g.doubleclick.net www.googleadservices.com
3 www.facebook.com blogs.akamai.com
3 ds-aksb-a.akamaihd.net blogs.akamai.com
ds-aksb-a.akamaihd.net
2 graph.facebook.com s7.addthis.com
2 segments.company-target.com 1 redirects blogs.akamai.com
2 match.prod.bidr.io 2 redirects
2 px.ads.linkedin.com 1 redirects blogs.akamai.com
2 secure.adnxs.com 2 redirects
2 connect.facebook.net blogs.akamai.com
connect.facebook.net
2 bat.bing.com blogs.akamai.com
2 munchkin.marketo.net blogs.akamai.com
munchkin.marketo.net
2 snap.licdn.com www.googletagmanager.com
snap.licdn.com
2 www.googleadservices.com www.googletagmanager.com
1 analytics.twitter.com static.ads-twitter.com
1 m.addthis.com s7.addthis.com
1 v1.addthisedge.com s7.addthis.com
1 642-skn-449.mktoresp.com munchkin.marketo.net
1 t.co blogs.akamai.com
1 api.company-target.com scripts.demandbase.com
1 www.linkedin.com 1 redirects
1 attr.ml-api.io blogs.akamai.com
1 s.ml-attr.com 1 redirects
1 scripts.demandbase.com blogs.akamai.com
1 static.ads-twitter.com www.googletagmanager.com
1 stats.g.doubleclick.net www.google-analytics.com
1 z.moatads.com s7.addthis.com
1 www.googletagmanager.com blogs.akamai.com
137 38
Subject Issuer Validity Valid
blogs.akamai.com
DigiCert Secure Site ECC CA-1
2020-03-11 -
2021-06-10
a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2020-07-01 -
2021-07-01
a year crt.sh
www.akamai.com
DigiCert SHA2 Secure Server CA
2020-01-27 -
2021-04-27
a year crt.sh
odc-prod-01.oracle.com
DigiCert Secure Site ECC CA-1
2020-07-22 -
2021-10-13
a year crt.sh
*.google-analytics.com
GTS CA 1O1
2020-08-19 -
2020-11-11
3 months crt.sh
a248.e.akamai.net
DigiCert Secure Site ECC CA-1
2020-07-15 -
2021-09-13
a year crt.sh
moatads.com
DigiCert SHA2 Secure Server CA
2020-01-17 -
2021-03-17
a year crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-08-19 -
2020-11-11
3 months crt.sh
ads-twitter.com
DigiCert SHA2 High Assurance Server CA
2020-08-14 -
2021-08-19
a year crt.sh
www.googleadservices.com
GTS CA 1O1
2020-08-19 -
2020-11-11
3 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA
2019-04-01 -
2021-05-07
2 years crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA
2020-03-14 -
2021-04-13
a year crt.sh
*.demandbase.com
Go Daddy Secure Certificate Authority - G2
2018-09-20 -
2020-11-19
2 years crt.sh
*.clicktale.net
DigiCert SHA2 Secure Server CA
2019-10-06 -
2020-11-04
a year crt.sh
www.bing.com
Microsoft IT TLS CA 2
2019-04-30 -
2021-04-30
2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2020-07-21 -
2020-10-12
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-07-17 -
2021-07-17
a year crt.sh
*.ml-api.io
Amazon
2020-02-06 -
2021-03-06
a year crt.sh
www.google.com
GTS CA 1O1
2020-08-19 -
2020-11-11
3 months crt.sh
www.google.de
GTS CA 1O1
2020-08-19 -
2020-11-11
3 months crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA
2020-08-05 -
2021-02-05
6 months crt.sh
*.company-target.com
Go Daddy Secure Certificate Authority - G2
2019-06-19 -
2021-08-18
2 years crt.sh
t.co
DigiCert SHA2 High Assurance Server CA
2020-03-05 -
2021-03-02
a year crt.sh
*.mktoresp.com
DigiCert SHA2 Secure Server CA
2020-01-17 -
2022-01-21
2 years crt.sh
*.google.com
GTS CA 1O1
2020-08-19 -
2020-11-11
3 months crt.sh
*.google.de
GTS CA 1O1
2020-08-19 -
2020-11-11
3 months crt.sh
*.twitter.com
DigiCert SHA2 High Assurance Server CA
2020-03-05 -
2021-03-02
a year crt.sh

This page contains 3 frames:

Primary Page: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Frame ID: C873B2D242933E767E7086AC35386033
Requests: 137 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: F4D0B29D11EF22EF98E8EC2600452664
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 6DAEC3E29008B8C87D3A44CA77F5575F
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

137
Requests

95 %
HTTPS

55 %
IPv6

30
Domains

38
Subdomains

35
IPs

6
Countries

2146 kB
Transfer

5821 kB
Size

21
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 63
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dakamai.com%26pId%3d%24UID HTTP 302
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dakamai.com%26pId%3d%24UID HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dakamai.com%2526pId%253d%2524UID HTTP 302
  • https://attr.ml-api.io/?domain=akamai.com&pId=3118772764964320911
Request Chain 71
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=62114&url=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&time=1599219353515 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D62114%26url%3Dhttps%253A%252F%252Fblogs.akamai.com%252Fsitr%252F2020%252F08%252Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html%26time%3D1599219353515%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=62114&url=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&time=1599219353515&liSync=true
Request Chain 81
  • https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
  • https://segments.company-target.com/log?vendor=choca&user_id=AAbZpU6-pE0AAA_OsuB0BA HTTP 303
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAbZpU6-pE0AAA_OsuB0BA&verifyHash=476ac11255ce8be4b6bf8c897368a91c5c507499

137 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
blogs.akamai.com/sitr/2020/08/
143 KB
23 KB
Document
General
Full URL
https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:f1:29a::2469 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
f41f5a37d81cec44b0eb3721edcc5c32880dfe9c8f71c586701c414935d23de0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
blogs.akamai.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Last-Modified
Tue, 25 Aug 2020 11:10:51 GMT
ETag
"2384f-5adb1c18acea8-gzip"
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Type
text/html
X-Akamai-Transformed
9 22301 0 pmb=mRUM,1
Date
Fri, 04 Sep 2020 11:35:52 GMT
Content-Length
22784
Connection
keep-alive
Set-Cookie
ak_bmsc=398D59D5AF3C533106DE7C840816A24B48F7B36EBE5100009826525F5207B225~plP4CwFuOuPkO300q2R+yGhiRZGduxTGAiR8c+X157N0GtMSmbKLhplzxQuz1z1z2NLWS0f0WaIasUlfTlH7Yzv/+HEpheTuwPyNOCmrvaTPwK91UCPHVDmWzMRGtWNZ16uRspoUYU9k5N7ysDd+HBUHgFBDfsFQnMJeesPPGlTdkBRBrZey6ZABQ6tITxIFLO1/6ezfmwaB1Itmc9YyMqok/dn3lhmYEppOe5Nb/igLQ=; expires=Fri, 04 Sep 2020 13:35:52 GMT; max-age=7200; path=/; domain=.akamai.com; HttpOnly
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
X-Frame-Options
SAMEORIGIN
Referrer-Policy
same-origin
Strict-Transport-Security
max-age=31536000
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
12 KB
5 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
396197a350c5f917f454cb764fa31f624d64f8fbac73445c4d2862bad7ca22bf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 04 Sep 2020 11:35:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
reFiWB6U0BSmOZ1FSpYaOw==
age
5539
status
200
vary
Accept-Encoding
content-length
3891
cf-request-id
04fa7fdd210000d6b593852200000001
x-ms-lease-status
unlocked
last-modified
Thu, 03 Sep 2020 01:45:05 GMT
server
cloudflare
etag
0x8D84FAAFB456885
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
ed0df6cc-101e-0024-6096-8141a8000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5cd768db6838d6b5-FRA
styles-31.css
blogs.akamai.com/sitr/
524 B
643 B
Stylesheet
General
Full URL
https://blogs.akamai.com/sitr/styles-31.css
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:f1:29a::2469 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
9b8e4ce379725beb99115050b7339852a1281bdab67ef7bc271a4a48b46969a3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:52 GMT
Content-Encoding
gzip
Referrer-Policy
same-origin
Last-Modified
Tue, 19 Nov 2019 11:09:51 GMT
ETag
"20c-597b11a62360b-gzip"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-XSS-Protection
1; mode=block
Connection
keep-alive
Strict-Transport-Security
max-age=31536000
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
201
X-Content-Type-Options
nosniff
mt.js
blogs.akamai.com/
31 KB
9 KB
Script
General
Full URL
https://blogs.akamai.com/mt.js
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:f1:29a::2469 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
5de8ecf84fbd0dce0dc678832bec4165d560defbb7561a601e35e7a41cc28b6c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:52 GMT
Content-Encoding
gzip
Referrer-Policy
same-origin
Last-Modified
Wed, 02 Sep 2020 20:36:58 GMT
ETag
"7b5b-5ae5a98e009a8-gzip"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
X-XSS-Protection
1; mode=block
Connection
keep-alive
Strict-Transport-Security
max-age=31536000
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
8778
X-Content-Type-Options
nosniff
jquery-3.3.1.min.js
blogs.akamai.com/js/
85 KB
30 KB
Script
General
Full URL
https://blogs.akamai.com/js/jquery-3.3.1.min.js
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:f1:29a::2469 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:52 GMT
Content-Encoding
gzip
Referrer-Policy
same-origin
Last-Modified
Wed, 21 Aug 2019 08:50:19 GMT
ETag
"1538f-5909ca9aeeb3e-gzip"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
X-XSS-Protection
1; mode=block
Connection
keep-alive
Strict-Transport-Security
max-age=31536000
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
30307
X-Content-Type-Options
nosniff
amp.min.js
blogs.akamai.com/js/amp/
295 KB
73 KB
Script
General
Full URL
https://blogs.akamai.com/js/amp/amp.min.js
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:f1:29a::2469 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
edfc6dedf98d3024cc61633b2ee53ab4398e59ad287b132ecf6a41a0acb47d68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:52 GMT
Content-Encoding
gzip
Referrer-Policy
same-origin
Last-Modified
Wed, 21 Aug 2019 08:50:19 GMT
ETag
"49d3c-5909ca9aefadf-gzip"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
X-XSS-Protection
1; mode=block
Connection
keep-alive
Strict-Transport-Security
max-age=31536000
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
73861
X-Content-Type-Options
nosniff
ga-events-new.js
blogs.akamai.com/
3 KB
1 KB
Script
General
Full URL
https://blogs.akamai.com/ga-events-new.js
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:f1:29a::2469 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
837b1df4e6afd164cddafe91e5801b3dfe5758c32418d1d5236d6c8a23eaf003
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:52 GMT
Content-Encoding
gzip
Referrer-Policy
same-origin
Last-Modified
Wed, 21 Aug 2019 08:50:19 GMT
ETag
"cba-5909ca9a90f1d-gzip"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
X-XSS-Protection
1; mode=block
Connection
keep-alive
Strict-Transport-Security
max-age=31536000
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
787
X-Content-Type-Options
nosniff
what-we-do-overview.jpg
www.akamai.com/us/en/multimedia/images/navigation/
11 KB
11 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/what-we-do-overview.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
9e03a63a27af3ed05eadbfdb9d7de4ccbfe24adadfa2c3390c70dc09bbd729fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
status
200
server-timing
cdn-cache; desc=MISS, edge; dur=-26, origin; dur=206
content-length
11162
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 14:33:48 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"1d7f4-5addcba48b179"
x-serial
86
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
private, no-transform, max-age=1911524
expires
Sat, 26 Sep 2020 14:34:37 GMT
what-we-do-intelligent-platform.jpg
www.akamai.com/us/en/multimedia/images/navigation/
30 KB
30 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/what-we-do-intelligent-platform.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
94b8297f3fb848f41fa988ebc575f65c4aa2e458f04dba48025287249bcba66f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
status
200
server-timing
cdn-cache; desc=MISS, edge; dur=-503, origin; dur=675
content-length
30490
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 02 Sep 2020 00:25:42 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"4b459-5addcba438b71"
x-serial
291
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
private, no-transform, max-age=2378995
expires
Fri, 02 Oct 2020 00:25:48 GMT
what-we-do-threat-research.jpg
www.akamai.com/us/en/multimedia/images/navigation/
31 KB
32 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/what-we-do-threat-research.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
943bf13a74414d92ca5351ee76bb447f6d251b4de19a82f0160f2450de186402
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
status
200
server-timing
cdn-cache; desc=HIT, edge; dur=48
content-length
32080
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 14:30:28 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"e1258-5addc482a6aad"
x-serial
1148
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
private, no-transform, max-age=1911570
expires
Sat, 26 Sep 2020 14:35:23 GMT
what-we-do-free-trials.jpg
www.akamai.com/us/en/multimedia/images/navigation/
20 KB
20 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/what-we-do-free-trials.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
b3d0954dce6e71682556b1c8ccaabb10adfb2ff8d6c1dd5c6a989660dcfa967b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
status
200
server-timing
cdn-cache; desc=HIT, edge; dur=40
content-length
20368
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 14:33:50 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"29b47-5addcba44625c"
x-serial
1084
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
private, no-transform, max-age=1911559
expires
Sat, 26 Sep 2020 14:35:12 GMT
globe-background.png
www.akamai.com/us/en/multimedia/images/custom/2019/
2 KB
2 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/custom/2019/globe-background.png?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
c52b6154710730fad4aea6cfd15cfd7226a6301285655980feff5cca135bb8c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 14:31:23 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"ed45-5addcba4970d0"
strict-transport-security
max-age=31536000
content-type
image/webp
status
200
x-xss-protection
1; mode=block
cache-control
private, no-transform, max-age=1911308
server-timing
cdn-cache; desc=HIT, edge; dur=144
content-length
1894
x-content-type-options
nosniff
expires
Sat, 26 Sep 2020 14:31:01 GMT
threats-can-come-from-anywhere-nav-image.png
www.akamai.com/us/en/multimedia/images/navigation/
48 KB
49 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/threats-can-come-from-anywhere-nav-image.png?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
f8e55488b7aab65a10ccfaa3990a2915d64c722d9b8bf384cd346a04fc511a0b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
status
200
server-timing
cdn-cache; desc=HIT, edge; dur=21
content-length
49622
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 15:19:05 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"c6be5-5addcba449cf2"
x-serial
105
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
private, no-transform, max-age=1914126
expires
Sat, 26 Sep 2020 15:17:59 GMT
products-web-performance.jpg
www.akamai.com/us/en/multimedia/images/navigation/
13 KB
14 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/products-web-performance.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
b458ee55ed784747e997d444d829a353186fa44f5762afe54c626b9fcec8aef5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 14:37:59 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"1d7f9-5addcba43703f"
strict-transport-security
max-age=31536000
content-type
image/webp
status
200
x-xss-protection
1; mode=block
cache-control
private, no-transform, max-age=1911758
server-timing
cdn-cache; desc=HIT, edge; dur=76
content-length
13720
x-content-type-options
nosniff
expires
Sat, 26 Sep 2020 14:38:31 GMT
products-media-delivery.jpg
www.akamai.com/us/en/multimedia/images/navigation/
16 KB
16 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/products-media-delivery.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
2a7af71edf6d8f39d2c39679cf0ba2f52b10f72a82be4ea866e97590f7be850e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 15:51:32 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"2af11-5addcba42a112"
strict-transport-security
max-age=31536000
content-type
image/webp
status
200
x-xss-protection
1; mode=block
cache-control
private, no-transform, max-age=1916124
server-timing
cdn-cache; desc=HIT, edge; dur=150
content-length
15996
x-content-type-options
nosniff
expires
Sat, 26 Sep 2020 15:51:17 GMT
products-network-operator.jpg
www.akamai.com/us/en/multimedia/images/navigation/
14 KB
14 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/products-network-operator.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
f32102e74e82fcae9c748b45d50ba0f5c112b60984f47db9eba4c1020770ef7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
status
200
server-timing
cdn-cache; desc=HIT, edge; dur=40
content-length
14294
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 14:30:36 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"1e340-5addcba48fba1"
x-serial
166
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
private, no-transform, max-age=1911553
expires
Sat, 26 Sep 2020 14:35:06 GMT
products-services.jpg
www.akamai.com/us/en/multimedia/images/navigation/
8 KB
9 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/products-services.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
4ea2958d7ec4ed3e4e29d5398463fd4196e128795eb99b467cd548aff6495b63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
status
200
server-timing
cdn-cache; desc=HIT, edge; dur=30
content-length
8694
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 15:02:34 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"20b48-5addcba43dd89"
x-serial
1557
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
private, no-transform, max-age=1913062
expires
Sat, 26 Sep 2020 15:00:15 GMT
products-developers.jpg
www.akamai.com/us/en/multimedia/images/navigation/
15 KB
16 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/products-developers.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
725a6e06c6c4db64af816ee1d9f6a82d1d5c99439c2ffe3cd1a58413c736946a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
status
200
server-timing
cdn-cache; desc=HIT, edge; dur=32
content-length
15656
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 14:39:36 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"2a716-5addcba487eaf"
x-serial
855
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
private, no-transform, max-age=1911914
expires
Sat, 26 Sep 2020 14:41:07 GMT
resources-case-studies.jpg
www.akamai.com/us/en/multimedia/images/navigation/
27 KB
28 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/resources-case-studies.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
d0b69006ced59bc683ec91dfa4c2647931b7f9e2fb0b28fb4aad32b3eb56747b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 14:28:14 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"46797-5addc48445123"
strict-transport-security
max-age=31536000
content-type
image/webp
status
200
x-xss-protection
1; mode=block
cache-control
private, no-transform, max-age=1911564
server-timing
cdn-cache; desc=HIT, edge; dur=30
content-length
27968
x-content-type-options
nosniff
expires
Sat, 26 Sep 2020 14:35:17 GMT
resources-insights.jpg
www.akamai.com/us/en/multimedia/images/navigation/
34 KB
35 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/resources-insights.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
fbd7dc11673944c030c85b314432593439647c0c602eee37dee363c2644465e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 14:39:02 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"5808d-5addcba484800"
strict-transport-security
max-age=31536000
content-type
image/webp
status
200
x-xss-protection
1; mode=block
cache-control
private, no-transform, max-age=1911874
server-timing
cdn-cache; desc=HIT, edge; dur=30
content-length
34916
x-content-type-options
nosniff
expires
Sat, 26 Sep 2020 14:40:27 GMT
resources-soti.jpg
www.akamai.com/us/en/multimedia/images/navigation/
29 KB
29 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/resources-soti.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
e4f900e261a4e95471b85d1b1a97e796c1de085fe6e3db2bd7bb7b3b5bb1e507
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
status
200
server-timing
cdn-cache; desc=MISS, edge; dur=-52, origin; dur=115
content-length
29280
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 02 Sep 2020 00:24:45 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"65bc8-5addcba42c052"
x-serial
3
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
private, no-transform, max-age=2378993
expires
Fri, 02 Oct 2020 00:25:46 GMT
resources-document-library.jpg
www.akamai.com/us/en/multimedia/images/navigation/
16 KB
16 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/resources-document-library.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
d327bc6cab8bbd2cc9cb1190c836e414b1c13ba03fd05c1f7e4adca28af12968
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
status
200
server-timing
cdn-cache; desc=MISS, edge; dur=-1033, origin; dur=1129
content-length
16306
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 31 Aug 2020 03:24:04 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"27653-5addcba426e50"
x-serial
937
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
private, no-transform, max-age=2216842
expires
Wed, 30 Sep 2020 03:23:15 GMT
resources-cdn.jpg
www.akamai.com/us/en/multimedia/images/navigation/
38 KB
38 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/resources-cdn.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
9b28e38e151bcfc7e99f314fb6208cdf4dccb19532794a087fd06d08e8ad9c52
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 14:34:48 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"5745c-5addcba4446f4"
strict-transport-security
max-age=31536000
content-type
image/webp
status
200
x-xss-protection
1; mode=block
cache-control
private, no-transform, max-age=1911454
server-timing
cdn-cache; desc=HIT, edge; dur=31
content-length
38412
x-content-type-options
nosniff
expires
Sat, 26 Sep 2020 14:33:27 GMT
resources-glossary.jpg
www.akamai.com/us/en/multimedia/images/navigation/
9 KB
9 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/resources-glossary.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
a1f08a0ffef73b63bbb91e8205a1d4560cc8ee214855558336f9d0473a20da26
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
status
200
server-timing
cdn-cache; desc=MISS, edge; dur=-165, origin; dur=227
content-length
8870
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 15:16:14 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"15e1b-5addcba48059c"
x-serial
390
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
private, no-transform, max-age=1914028
expires
Sat, 26 Sep 2020 15:16:21 GMT
resources-documentation.jpg
www.akamai.com/us/en/multimedia/images/navigation/
9 KB
10 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/resources-documentation.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
a9dc975308ae1e0ba49e3cf0cc63c99f9e13a130898abc11746b7e1a4e749471
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 14:33:58 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"2788c-5addcba47f20c"
strict-transport-security
max-age=31536000
content-type
image/webp
status
200
x-xss-protection
1; mode=block
cache-control
private, no-transform, max-age=1911486
server-timing
cdn-cache; desc=HIT, edge; dur=27
content-length
9650
x-content-type-options
nosniff
expires
Sat, 26 Sep 2020 14:33:59 GMT
resources-for-developers.jpg
www.akamai.com/us/en/multimedia/images/navigation/
19 KB
19 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/resources-for-developers.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
19219f72fd4543cecc1d8b29990dbad3d015c4d0e380c9dce85a3302d456ce1e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 14:33:58 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"33d16-5addcba42f325"
strict-transport-security
max-age=31536000
content-type
image/webp
status
200
x-xss-protection
1; mode=block
cache-control
private, no-transform, max-age=1911474
server-timing
cdn-cache; desc=HIT, edge; dur=41
content-length
19460
x-content-type-options
nosniff
expires
Sat, 26 Sep 2020 14:33:47 GMT
resources-community.jpg
www.akamai.com/us/en/multimedia/images/navigation/
23 KB
23 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/resources-community.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
f8b2738e130b776517f2ea440e738df920492b1445191f068bcec61511e9d5fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
status
200
server-timing
cdn-cache; desc=HIT, edge; dur=46
content-length
23374
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 14:31:48 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"38645-5addc48435723"
x-serial
1329
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
private, no-transform, max-age=1911457
expires
Sat, 26 Sep 2020 14:33:30 GMT
products-security.jpg
www.akamai.com/us/en/multimedia/images/navigation/
11 KB
12 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/products-security.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
42004773101c4797209f723da0d0bc72d504a0a5cc0c8ec05211a10c58ac0191
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 14:53:30 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"1ceb8-5addcba47c70e"
strict-transport-security
max-age=31536000
content-type
image/webp
status
200
x-xss-protection
1; mode=block
cache-control
private, no-transform, max-age=1912560
server-timing
cdn-cache; desc=HIT, edge; dur=41
content-length
11438
x-content-type-options
nosniff
expires
Sat, 26 Sep 2020 14:51:53 GMT
contact-locations.jpg
www.akamai.com/us/en/multimedia/images/navigation/
62 KB
62 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/contact-locations.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
74947c105fbe072189e449936e31c01048e8d20ea4137098eff1b1fdc09ec3c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
status
200
server-timing
cdn-cache; desc=MISS, edge; dur=-1484, origin; dur=1583
content-length
62998
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 15:46:10 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"5ae34-5addcba489ddd"
x-serial
1528
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
private, no-transform, max-age=1915721
expires
Sat, 26 Sep 2020 15:44:34 GMT
contact-us-featured.jpg
www.akamai.com/us/en/multimedia/images/navigation/
22 KB
22 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/navigation/contact-us-featured.jpg?imwidth=320
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
3dbb8c3acfe4fbeb258194c9f772218f7d4b825c0a7c96650dffe47f81495b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
status
200
server-timing
cdn-cache; desc=HIT, edge; dur=40
content-length
22412
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 27 Aug 2020 15:13:08 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"2016f-5addcba44bc24"
x-serial
1331
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
private, no-transform, max-age=1913742
expires
Sat, 26 Sep 2020 15:11:35 GMT
the-akamai-blog-hero-image.png
blogs.akamai.com/images/patterns/
273 KB
273 KB
Image
General
Full URL
https://blogs.akamai.com/images/patterns/the-akamai-blog-hero-image.png?imwidth=1366
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:f1:29a::2469 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
9696ba2db9650cf65d236998665cb42afb1bc877ceadd6f88fb542f7725ad557
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:52 GMT
Referrer-Policy
same-origin
Last-Modified
Mon, 13 Jan 2020 12:33:19 GMT
X-Frame-Options
SAMEORIGIN
ETag
"4429f-59c04ae2fc39d"
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
X-XSS-Protection
1; mode=block
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
279199
X-Content-Type-Options
nosniff
userpic-379-100x100.png
blogs.akamai.com/mt-static/support/assets_c/userpics/
25 KB
26 KB
Image
General
Full URL
https://blogs.akamai.com/mt-static/support/assets_c/userpics/userpic-379-100x100.png
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:f1:29a::2469 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
6d97ba15ff527c6ebd5b3b0128e67f14e4b7a95f85f877ce91b7694ea5d67453
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:53 GMT
Referrer-Policy
same-origin
Last-Modified
Wed, 21 Aug 2019 15:33:06 GMT
X-Frame-Options
SAMEORIGIN
ETag
"6564-590a24a264e43"
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
X-XSS-Protection
1; mode=block
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
25956
X-Content-Type-Options
nosniff
addthis_widget.js
s7.addthis.com/js/300/
353 KB
114 KB
Script
General
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Thu, 04 Jun 2020 15:49:19 GMT
server
nginx/1.15.8
etag
W/"5ed917ff-5834c"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
status
200
cache-control
public, max-age=600
date
Fri, 04 Sep 2020 11:35:53 GMT
x-host
s7.addthis.com
content-length
116324
cd9f1ea0-59ae-4aca-a474-1dc30ccae008.json
cdn.cookielaw.org/consent/cd9f1ea0-59ae-4aca-a474-1dc30ccae008/
2 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/cd9f1ea0-59ae-4aca-a474-1dc30ccae008/cd9f1ea0-59ae-4aca-a474-1dc30ccae008.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e0dea7631b5f30523b0e56256fb2b7d9b6dd02d4bc98556de875d6e53637802
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 04 Sep 2020 11:35:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
sk2tZCa9uS3ylpSlPJ5gNg==
age
5912
status
200
vary
Accept-Encoding
content-length
1113
cf-request-id
04fa7fdd420000980e3814d200000001
x-ms-lease-status
unlocked
last-modified
Thu, 03 Sep 2020 18:46:56 GMT
server
cloudflare
etag
0x8D85039BBA2152E
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
9ce72242-901e-003e-4d2d-826ec7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5cd768db9b1f980e-FRA
screen3.css
blogs.akamai.com/mt-static/support/themes/akamai/
856 KB
128 KB
Stylesheet
General
Full URL
https://blogs.akamai.com/mt-static/support/themes/akamai/screen3.css
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/styles-31.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:f1:29a::2469 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
b3b5a05e8b180cfb6d58884e4106df4c3e74c198e97f09c8d112a3645f265f71
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blogs.akamai.com/sitr/styles-31.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:52 GMT
Content-Encoding
gzip
Referrer-Policy
same-origin
Last-Modified
Wed, 21 Aug 2019 08:50:20 GMT
ETag
"d61b9-5909ca9b4a81f-gzip"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-XSS-Protection
1; mode=block
Connection
keep-alive
Strict-Transport-Security
max-age=31536000
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
130439
X-Content-Type-Options
nosniff
blogs_theme3_2.css
blogs.akamai.com/mt-static/support/themes/akamai/
41 KB
8 KB
Stylesheet
General
Full URL
https://blogs.akamai.com/mt-static/support/themes/akamai/blogs_theme3_2.css
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/styles-31.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:f1:29a::2469 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
68d7310e853e6676ab8a2cb0e5e815e7c514b6ea75ca1ba6674ccb0be6870bf2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blogs.akamai.com/sitr/styles-31.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:52 GMT
Content-Encoding
gzip
Referrer-Policy
same-origin
Last-Modified
Thu, 06 Aug 2020 10:55:53 GMT
ETag
"a30f-5ac33550c5d33-gzip"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-XSS-Protection
1; mode=block
Connection
keep-alive
Strict-Transport-Security
max-age=31536000
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
7547
X-Content-Type-Options
nosniff
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.5.0/
325 KB
68 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d139c3756ba4ea4e4672c12645de4977faa9ba7e0d550931d2086338fd72dfe9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 04 Sep 2020 11:35:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
AvbD4VHYe4H/QnyU6j8v5w==
age
5540
status
200
vary
Accept-Encoding
content-length
69711
cf-request-id
04fa7fddc10000d6b59385b200000001
x-ms-lease-status
unlocked
last-modified
Thu, 27 Aug 2020 03:43:22 GMT
server
cloudflare
etag
0x8D84A3B58DE8819
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
95919ae7-f01e-00e9-762c-7c24e0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5cd768dc6a66d6b5-FRA
analytics.js
www.google-analytics.com/
45 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1fbd06d98ff87713eb030669571c929ab75539f05252f04ae1df807c28b20e95
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 19 Aug 2020 20:46:40 GMT
server
Golfe2
age
1213
date
Fri, 04 Sep 2020 11:15:40 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18323
expires
Fri, 04 Sep 2020 13:15:40 GMT
aksb.min.js
ds-aksb-a.akamaihd.net/
13 KB
5 KB
Script
General
Full URL
https://ds-aksb-a.akamaihd.net/aksb.min.js
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:26f0:10::5c7a:d5ca , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Apache /
Resource Hash
7f06def529e0076b37f65c60085a6b1c65f1bbab0b1f87c72c188018b5094966

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:53 GMT
Content-Encoding
gzip
Last-Modified
Thu, 30 Aug 2018 18:25:26 GMT
Server
Apache
ETag
"15de19f42b35806faf815298644157e0:1535653526"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=43200
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
4826
gtm.js
www.googletagmanager.com/
413 KB
81 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MP7VKD
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fd08ce984c785c74899d85d7c3fe9239738ff675f8811bd2a9c2e4333c3c8ba5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
82883
x-xss-protection
0
last-modified
Fri, 04 Sep 2020 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 04 Sep 2020 11:35:53 GMT
akamai-logo.png
www.akamai.com/us/en/multimedia/images/logo/
4 KB
4 KB
Image
General
Full URL
https://www.akamai.com/us/en/multimedia/images/logo/akamai-logo.png
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/mt-static/support/themes/akamai/screen3.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::6a3 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
3dbdbf1c436bc7ac645619e20285acf1b944a4670cb34062cd10538640932368
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
referrer-policy
same-origin
last-modified
Thu, 19 Mar 2020 17:25:18 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
etag
"3077-58340f2ca4ca0"
strict-transport-security
max-age=31536000
content-type
image/png
status
200
x-xss-protection
1; mode=block
cache-control
private, no-transform, max-age=2008193
server-timing
cdn-cache; desc=HIT, edge; dur=26
content-length
4118
x-content-type-options
nosniff
expires
Sun, 27 Sep 2020 17:25:46 GMT
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fb86d56383ff7fa14b5260253935ce2c27f97945519ab5ff22fde97094926914

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
icomoon.woff
blogs.akamai.com/fonts/icomoon/
115 KB
115 KB
Font
General
Full URL
https://blogs.akamai.com/fonts/icomoon/icomoon.woff
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/mt-static/support/themes/akamai/blogs_theme3_2.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:f1:29a::2469 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
8073776d34872ade5733678679780ce4fdbe3f82fed48ce45da7bd19adc41c25
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://blogs.akamai.com
Referer
https://blogs.akamai.com/mt-static/support/themes/akamai/blogs_theme3_2.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:53 GMT
Referrer-Policy
same-origin
Last-Modified
Wed, 21 Aug 2019 08:50:19 GMT
X-Frame-Options
SAMEORIGIN
ETag
"1cbe8-5909ca9a8c0fb"
Strict-Transport-Security
max-age=31536000
Content-Type
application/font-woff
X-XSS-Protection
1; mode=block
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
117736
X-Content-Type-Options
nosniff
ubuntu-r.woff2
blogs.akamai.com/fonts/ubuntu/
29 KB
30 KB
Font
General
Full URL
https://blogs.akamai.com/fonts/ubuntu/ubuntu-r.woff2
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/mt-static/support/themes/akamai/blogs_theme3_2.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:f1:29a::2469 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
30d2499e284c2f1815b834bfd6500bf5ad829cc9395490a4fbd9940378e9b61c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://blogs.akamai.com
Referer
https://blogs.akamai.com/mt-static/support/themes/akamai/blogs_theme3_2.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:53 GMT
Referrer-Policy
same-origin
Last-Modified
Wed, 21 Aug 2019 08:50:19 GMT
X-Frame-Options
SAMEORIGIN
ETag
"7534-5909ca9a8c0fb"
Strict-Transport-Security
max-age=31536000
X-XSS-Protection
1; mode=block
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
30004
X-Content-Type-Options
nosniff
ubuntu-l.woff2
blogs.akamai.com/fonts/ubuntu/
28 KB
28 KB
Font
General
Full URL
https://blogs.akamai.com/fonts/ubuntu/ubuntu-l.woff2
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/mt-static/support/themes/akamai/blogs_theme3_2.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:f1:29a::2469 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
10493c31cbfb05ee4bd0f22af083230ea95ea86e926b4518fa8dd84b2fa088a3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://blogs.akamai.com
Referer
https://blogs.akamai.com/mt-static/support/themes/akamai/blogs_theme3_2.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:53 GMT
Referrer-Policy
same-origin
Last-Modified
Wed, 21 Aug 2019 08:50:19 GMT
X-Frame-Options
SAMEORIGIN
ETag
"7018-5909ca9a8c0fb"
Strict-Transport-Security
max-age=31536000
X-XSS-Protection
1; mode=block
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
28696
X-Content-Type-Options
nosniff
ubuntu-m.woff2
blogs.akamai.com/fonts/ubuntu/
29 KB
30 KB
Font
General
Full URL
https://blogs.akamai.com/fonts/ubuntu/ubuntu-m.woff2
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/mt-static/support/themes/akamai/blogs_theme3_2.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:f1:29a::2469 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
92db72d29e0b134689e612a6b14b56876d13046f8c85452dc84398fc4a4b5e1f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://blogs.akamai.com
Referer
https://blogs.akamai.com/mt-static/support/themes/akamai/blogs_theme3_2.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:53 GMT
Referrer-Policy
same-origin
Last-Modified
Wed, 21 Aug 2019 08:50:19 GMT
X-Frame-Options
SAMEORIGIN
ETag
"74a0-5909ca9a8c0fb"
Strict-Transport-Security
max-age=31536000
X-XSS-Protection
1; mode=block
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
29856
X-Content-Type-Options
nosniff
collect
www.google-analytics.com/j/
1 B
395 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j85&a=569676&t=pageview&_s=1&dl=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&ul=en-us&de=UTF-8&dt=Ransom%20Demands%20Return%3A%20New%20DDoS%20Extortion%20Threats%20From%20Old%20Actors%20Targeting%20Finance%20and%20Retail%20-%20Akamai%20Security%20Intelligence%20and%20Threat%20Research%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=38341108&gjid=1257816465&cid=1345044567.1599219353&tid=UA-34883906-1&_gid=1976423957.1599219353&_r=1&z=614630139
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
text/plain
access-control-allow-origin
https://blogs.akamai.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
en-us.json
cdn.cookielaw.org/consent/cd9f1ea0-59ae-4aca-a474-1dc30ccae008/79e79048-5d98-4078-9e1e-1feaa288d7f2/
50 KB
13 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/cd9f1ea0-59ae-4aca-a474-1dc30ccae008/79e79048-5d98-4078-9e1e-1feaa288d7f2/en-us.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ea7c7f59e99dfc7785f9ffefd329d64023dd97b9b27c1c12835fada874279a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 04 Sep 2020 11:35:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
ELdXJ3HgbAQ02zTbDiNNQw==
age
2138
status
200
vary
Accept-Encoding
content-length
12498
cf-request-id
04fa7fde830000980e38158200000001
x-ms-lease-status
unlocked
last-modified
Thu, 03 Sep 2020 18:43:34 GMT
server
cloudflare
etag
0x8D85039432A043B
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
b2d8a067-e01e-0013-1722-82ed07000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5cd768dd9ceb980e-FRA
moatframe.js
z.moatads.com/addthismoatframe568911941483/
2 KB
1 KB
Script
General
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
content-encoding
gzip
last-modified
Fri, 08 Nov 2019 20:13:52 GMT
server
AmazonS3
x-amz-request-id
FBAF69B7861DE212
etag
"f14b4e1f799b14f798a195f43cf58376"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=42038
accept-ranges
bytes
content-length
948
x-amz-id-2
mINJDBnKUfP83RzDJ6hQaYSGPvMPOM770jd+gXVSD8LFScfPdVPaVzI4W2IwmrtEKhDna93Nv9A=
otFlat.json
cdn.cookielaw.org/scripttemplates/6.5.0/assets/
12 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.5.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae407e415a45b6c720d8d61fef8c28756883d0f546a64e7a2969d6174c669951
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 04 Sep 2020 11:35:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
NgHQTHCGWwGmNE0ie37G8A==
age
5540
status
200
vary
Accept-Encoding
content-length
3248
cf-request-id
04fa7fdece0000980e3815b200000001
x-ms-lease-status
unlocked
last-modified
Thu, 27 Aug 2020 03:43:16 GMT
server
cloudflare
etag
0x8D84A3B556B9C39
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
1acb8152-f01e-00e2-472c-7c3c94000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5cd768de1d42980e-FRA
otPcTab.json
cdn.cookielaw.org/scripttemplates/6.5.0/assets/v2/
42 KB
11 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.5.0/assets/v2/otPcTab.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e767ae101e0f675e800b3c78bcce8b95658524a3b1df6d9d3f1931f41e31f09a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 04 Sep 2020 11:35:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
8O+MrA5l6uZAF8rA//NRFA==
age
5444
status
200
vary
Accept-Encoding
content-length
11144
cf-request-id
04fa7fdecf0000980e3815c200000001
x-ms-lease-status
unlocked
last-modified
Thu, 27 Aug 2020 03:43:19 GMT
server
cloudflare
etag
0x8D84A3B56BE267C
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
238e489b-601e-0149-0c2c-7cadd3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5cd768de1d44980e-FRA
truncated
/
817 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
collect
stats.g.doubleclick.net/j/
4 B
87 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j85&tid=UA-34796267-1&cid=1345044567.1599219353&jid=1668095876&gjid=1783922076&_gid=1976423957.1599219353&_u=aGDAgEABAAAAAG~&z=123856669
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 04 Sep 2020 11:35:53 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://blogs.akamai.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
uwt.js
static.ads-twitter.com/
5 KB
2 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MP7VKD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
content-encoding
gzip
age
50620
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
1958
x-served-by
cache-hhn4051-HHN
last-modified
Mon, 10 Aug 2020 18:10:59 GMT
x-timer
S1599219354.526246,VS0,VE0
etag
"a4cc3f907681b24a3efd540acd5d2996+gzip"
vary
Accept-Encoding,Host
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
no-cache
accept-ranges
bytes
conversion_async.js
www.googleadservices.com/pagead/
29 KB
11 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MP7VKD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s29-in-f2.1e100.net
Software
cafe /
Resource Hash
6c9459a6400a8cf7ef815379f9316dc26aeec43bcc48da1d1bd58d99a6109f7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
11311
x-xss-protection
0
server
cafe
etag
12833363978352728442
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 04 Sep 2020 11:35:53 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
964 B
759 B
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MP7VKD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:48b::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
b5840616d8bf9540bbe45a42f6841f92b78c70dabd3b8ee60abb51e79c47d5d6

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:53 GMT
Content-Encoding
gzip
Last-Modified
Thu, 03 Sep 2020 20:41:55 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=33084
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
446
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.64.24 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-64-24.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:53 GMT
Content-Encoding
gzip
Last-Modified
Wed, 05 Aug 2020 03:11:00 GMT
Server
AkamaiNetStorage
ETag
"a67ed8ce0a86706b9f73a86806ce5bd3:1596597060.25158"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
752
uDRtxOMd.min.js
scripts.demandbase.com/
70 KB
18 KB
Script
General
Full URL
https://scripts.demandbase.com/uDRtxOMd.min.js
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.201.29 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-201-29.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d69daccb0fc6797291cf45920cd24cc6876a52ed13a6ae5d76fc598d86c16619

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:11:36 GMT
content-encoding
gzip
last-modified
Thu, 03 Sep 2020 14:09:56 GMT
server
AmazonS3
age
1458
etag
W/"0dd3a3e96500a8f7554b4576b4d34edb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
65JtMpjs2W5KLjvnd_sFTS3SzQ796Zou
status
200
cache-control
public, max-age=3600
x-amz-cf-pop
FRA53-C1
content-type
application/javascript; charset=utf-8
x-amz-cf-id
MsOsyt4aqH5VjtI4_P8By7kOhNYQVYol-7xXkmGvS9AObP33FOIjmw==
via
1.1 0cbb1ca51bf146be48b40804581e4466.cloudfront.net (CloudFront)
b6be0a52-6193-4a3b-88ea-f63743b4294c.js
cdnssl.clicktale.net/www14/ptc/
193 KB
40 KB
Script
General
Full URL
https://cdnssl.clicktale.net/www14/ptc/b6be0a52-6193-4a3b-88ea-f63743b4294c.js
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f1:29d::2db0 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b5e36fb4f6453bfb96798405a29502339e71473be8234a9569b0a247074e5467

Request headers

Origin
https://blogs.akamai.com
Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
pCC_YxkX286bbJh5IUSaHMjrLeHLccrd
content-encoding
gzip
etag
"6bebda7bfbdc9f30da84572ad68ef922"
x-amz-request-id
DKEZ5PCVET9GFR4J
status
200
content-length
40833
x-amz-id-2
BKwlIW5xOn5q0IIdHIZs9Lb1zqitkwp5Vf/LIuPBJemmi25VO26G4oNRqcQbRlayK07kBfVmt2Q=
last-modified
Thu, 03 Sep 2020 13:48:56 GMT
server
AmazonS3
date
Fri, 04 Sep 2020 11:35:53 GMT
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
expires
Fri, 04 Sep 2020 11:45:53 GMT
bat.js
bat.bing.com/
26 KB
8 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5c622f5433cbb6ea1df5c0dd8671e55ef7d1464366074730473c453de50a579b

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
content-encoding
gzip
last-modified
Thu, 16 Jul 2020 20:00:00 GMT
x-msedge-ref
Ref A: CBBE4141DC244295BEBF53B58A59BE43 Ref B: FRAEDGE1421 Ref C: 2020-09-04T11:35:53Z
status
200
etag
"0e0bdafab5bd61:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
8022
conversion.js
www.googleadservices.com/pagead/
29 KB
12 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MP7VKD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s29-in-f2.1e100.net
Software
cafe /
Resource Hash
fd63d6a5ec44215e50612d8bea8eff0a12f5d4981ab6745db8d8479f7c102845
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
11416
x-xss-protection
0
server
cafe
etag
7270336119834106254
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 04 Sep 2020 11:35:53 GMT
fbevents.js
connect.facebook.net/en_US/
135 KB
34 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
34302
x-xss-protection
0
pragma
public
x-fb-debug
V9oUUy0knmImokN3gCNuJ/GJ5Ivy0cBuWY2+gyptZcrpLzyh8n3JZ624GjVkmw42vGCcfznFdhZqKxK4uOKj8g==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Fri, 04 Sep 2020 11:35:53 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires
Sat, 01 Jan 2000 00:00:00 GMT
latest.min.js
c.lytics.io/api/tag/bc0d9f30d3ead90686aad6258ab03f3c/
52 KB
17 KB
Script
General
Full URL
https://c.lytics.io/api/tag/bc0d9f30d3ead90686aad6258ab03f3c/latest.min.js
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d12dc2ddd089376d17b5b712998fa236901d62678aa88890e1010ec04899b44e

Request headers

Origin
https://blogs.akamai.com
Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray
5cd768e04a373258-FRA
date
Fri, 04 Sep 2020 11:35:53 GMT
via
1.1 google
cf-cache-status
HIT
server
cloudflare
age
1928
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=7200
content-encoding
br
access-control-allow-origin
*
cf-request-id
04fa7fe02c0000325837272200000001
collect
www.google-analytics.com/
35 B
122 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j85&a=569676&t=pageview&_s=1&dl=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&dp=%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html%3F&ul=en-us&de=UTF-8&dt=Ransom%20Demands%20Return%3A%20New%20DDoS%20Extortion%20Threats%20From%20Old%20Actors%20Targeting%20Finance%20and%20Retail%20-%20Akamai%20Security%20Intelligence%20and%20Threat%20Research%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAgEABAAAAAC~&jid=1668095876&gjid=1783922076&cid=1345044567.1599219353&tid=UA-34796267-1&_gid=1976423957.1599219353&gtm=2wg8q1MP7VKD&cd1=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F83.0.4103.61%20Safari%2F537.36&cd29=Not%20Known%20Bot&cd32=Not%20Known%20Bot&cd46=blogs-sitr&cd47=1345044567.1599219353&cd64=SITR&cd66=&z=96878349
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 08 Aug 2020 04:34:40 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
2358073
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
/
attr.ml-api.io/
Redirect Chain
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dakamai.com%26pId%3d%24UID
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dakamai.com%26pId%3d%24UID
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dakamai.com%2526pId%253d%2524UID
  • https://attr.ml-api.io/?domain=akamai.com&pId=3118772764964320911
4 B
484 B
Image
General
Full URL
https://attr.ml-api.io/?domain=akamai.com&pId=3118772764964320911
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
99.86.2.45 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-2-45.fra6.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:54 GMT
Via
1.1 25c6baf0a31a5ef699c1e219b25ce7b9.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA6-C1
x-amzn-RequestId
0a192ae9-bfa8-43de-92fb-a93b8bd000dc
X-Cache
Miss from cloudfront
Content-Type
image/jpeg
X-Amzn-Trace-Id
Root=1-5f52269a-521d08d01536db58c52a83a0;Sampled=0
Connection
keep-alive
x-amz-apigw-id
SVr4GFgjoAMFijw=
Content-Length
4
X-Amz-Cf-Id
tbdoNh0q9U9L00q_Kw4TwmXnCSmLk3_w4E-LqcYt81RDUAPlVe-0dg==

Redirect headers

Pragma
no-cache
Date
Fri, 04 Sep 2020 11:35:53 GMT
X-Proxy-Origin
89.238.186.243; 89.238.186.243; 534.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.238:80
AN-X-Request-Uuid
4f8718cb-4d82-4188-8f14-33f26607e18d
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://attr.ml-api.io/?domain=akamai.com&pId=3118772764964320911
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
insight.old.min.js
snap.licdn.com/li.lms-analytics/
3 KB
2 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:48b::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:53 GMT
Content-Encoding
gzip
Last-Modified
Thu, 03 Sep 2020 20:29:41 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=34625
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
1276761735802781
connect.facebook.net/signals/config/
524 KB
132 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1276761735802781?v=2.9.24&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f6d5a6119301cdd6d3d943c3902b117cffc00c580d65745b65cd8fdd34a789ed
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
134859
x-xss-protection
0
pragma
public
x-fb-debug
zfip3EEuN+ELkQFaMTyvinhTcK8ihcn/prwqefuuRQjaiKhXNJTvfwzI51O1brb2AYqX0usrZkc+CEWJqEjc6g==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Fri, 04 Sep 2020 11:35:53 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires
Sat, 01 Jan 2000 00:00:00 GMT
ga-audiences
www.google.com/ads/
42 B
106 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j85&tid=UA-34796267-1&cid=1345044567.1599219353&jid=1668095876&_u=aGDAgEABAAAAAG~&z=1524882799
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
106 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j85&tid=UA-34796267-1&cid=1345044567.1599219353&jid=1668095876&_u=aGDAgEABAAAAAG~&z=1524882799
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
monitor-latest.js
cdnssl.clicktale.net/www/
61 KB
19 KB
Script
General
Full URL
https://cdnssl.clicktale.net/www/monitor-latest.js
Requested by
Host: cdnssl.clicktale.net
URL: https://cdnssl.clicktale.net/www14/ptc/b6be0a52-6193-4a3b-88ea-f63743b4294c.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f1:29d::2db0 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
9d8a2811fe6cec544f8e4ba7915c7ee8d4caa72257d97bf4f8964dae6c621ff6

Request headers

Origin
https://blogs.akamai.com
Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
content-encoding
gzip
last-modified
Thu, 21 May 2020 17:11:46 GMT
server
Microsoft-IIS/8.5
status
200
etag
"0b51de8922fd61:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
content-length
19662
expires
Sat, 05 Sep 2020 11:35:53 GMT
b6be0a52-6193-4a3b-88ea-f63743b4294c.js
cdnssl.clicktale.net/www14/pcc/
160 KB
40 KB
Script
General
Full URL
https://cdnssl.clicktale.net/www14/pcc/b6be0a52-6193-4a3b-88ea-f63743b4294c.js?DeploymentConfigName=Release_20200903&Version=1
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f1:29d::2db0 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fb00dac8b604caf371a2193a6ddbda65195b30b01caef45d02763e089c196652

Request headers

Origin
https://blogs.akamai.com
Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
sJAyjssmx7iTvWZOPhJ1DIR38_.gnUvD
content-encoding
gzip
etag
"8fe5abdb98e65a759ec2f23972a4df38"
x-amz-request-id
39EE4B89EFA0D8F6
status
200
content-length
40554
x-amz-id-2
gHTjz3tgiRGudRvn4ysbK6+8630YTBIn/ahmlrKcRg1NC3d8cDHqYHEZFxW5bhF5bYTC56aGwJ4=
last-modified
Thu, 03 Sep 2020 13:48:56 GMT
server
AmazonS3
date
Fri, 04 Sep 2020 11:35:53 GMT
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
expires
Sat, 04 Sep 2021 11:35:53 GMT
WR-latest.js
cdnssl.clicktale.net/www/
57 KB
19 KB
Script
General
Full URL
https://cdnssl.clicktale.net/www/WR-latest.js
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f1:29d::2db0 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
d9935ecf3157e10ea14a8d5d54c5e60e0950330e69c6bc2714834e95d9a2624f

Request headers

Origin
https://blogs.akamai.com
Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
content-encoding
gzip
last-modified
Mon, 03 Aug 2020 12:57:03 GMT
server
Microsoft-IIS/8.5
status
200
etag
"80794e959569d61:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
content-length
19268
expires
Sat, 05 Sep 2020 11:35:53 GMT
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=62114&url=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-a...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D62114%26url%3Dhttps%253A%252F%252Fblogs.akamai.com%252Fsitr%252F2020%252F08%252Fr...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=62114&url=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-a...
0
80 B
Image
General
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=62114&url=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&time=1599219353515&liSync=true
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:54 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
status
200
x-li-proto
http/2
x-li-pop
prod-tln1
content-type
application/javascript
content-length
0
x-li-uuid
a0DPkYeRMRagPQwCWSsAAA==

Redirect headers

content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-content-type-options
nosniff
linkedin-action
1
status
302
content-length
0
x-li-uuid
EIo/ioeRMRZw2h9RdysAAA==
pragma
no-cache
x-li-pop
afd-prod-esv5
x-msedge-ref
Ref A: F4D40B5EB1994628B03AD1BC5EA75DAD Ref B: FRAEDGE1115 Ref C: 2020-09-04T11:35:53Z
x-frame-options
sameorigin
date
Fri, 04 Sep 2020 11:35:53 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
x-li-fabric
prod-lor1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=62114&url=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&time=1599219353515&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
monitor
conductor.clicktale.net/
1 B
254 B
Other
General
Full URL
https://conductor.clicktale.net/monitor?t=preinit&p=280&2=5087620232765486&v=1.5.5&7=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&3=2388541740305916&4=8840456027003028&5=0
Requested by
Host: cdnssl.clicktale.net
URL: https://cdnssl.clicktale.net/www/monitor-latest.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.201.3.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-201-3-186.compute-1.amazonaws.com
Software
/
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://blogs.akamai.com
Date
Fri, 04 Sep 2020 11:35:54 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
1
Content-Type
text/plain
monitor
conductor.clicktale.net/
1 B
263 B
XHR
General
Full URL
https://conductor.clicktale.net/monitor?t=auth&p=280&2=5087620232765486&v=1.5.5
Requested by
Host: cdnssl.clicktale.net
URL: https://cdnssl.clicktale.net/www/monitor-latest.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.201.3.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-201-3-186.compute-1.amazonaws.com
Software
/
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Date
Fri, 04 Sep 2020 11:35:53 GMT
Vary
*
Content-Type
text/plain
Access-Control-Allow-Origin
https://blogs.akamai.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
1
/
www.facebook.com/tr/
44 B
378 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1276761735802781&ev=PageView&dl=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&rl=&if=false&ts=1599219353563&sw=1600&sh=1200&v=2.9.24&r=stable&ec=0&o=30&fbp=fb.1.1599219353562.1790795646&it=1599219353496&coo=false&rqm=GET
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Fri, 04 Sep 2020 11:35:53 GMT
ChangeMonitor-latest.js
cdnssl.clicktale.net/www/
47 KB
16 KB
Script
General
Full URL
https://cdnssl.clicktale.net/www/ChangeMonitor-latest.js
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f1:29d::2db0 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
1958bb7f293956e7170f639ce93a3d628ae465fa24fd751e1a2b3cd837059ffa

Request headers

Origin
https://blogs.akamai.com
Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
content-encoding
gzip
last-modified
Thu, 21 May 2020 17:11:46 GMT
server
Microsoft-IIS/8.5
status
200
etag
"0b51de8922fd61:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
content-length
15711
expires
Sat, 05 Sep 2020 11:35:53 GMT
/
ing-district.clicktale.net/ctn_v2/auth/
239 B
388 B
XHR
General
Full URL
https://ing-district.clicktale.net/ctn_v2/auth/?pid=25500&as=1&232595327&subsid=232955&msgsize=120
Requested by
Host: cdnssl.clicktale.net
URL: https://cdnssl.clicktale.net/www/WR-latest.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.50.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-50-62.compute-1.amazonaws.com
Software
/
Resource Hash
44b0201bdc9aa3328906b708077ca31d7f947f48f74855fb692394080e5b5c4d

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

status
200
date
Fri, 04 Sep 2020 11:35:54 GMT
access-control-allow-credentials
true
access-control-allow-origin
https://blogs.akamai.com
content-length
239
content-type
application/json; charset=UTF-8
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/849939417/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/849939417/?random=1599219353715&cv=9&fst=1599219353715&num=1&label=mlQrCKqk0n0Q2ZeklQM&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8q1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&tiba=Ransom%20Demands%20Return%3A%20New%20DDoS%20Extortion%20Threats%20From%20Old%20Actors%20Targeting%20Finance%20and%20Retail%20-%20Akamai%20Security%20Intelligence%20and%20Threat%20Research%20Blog&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
17a51ef969df5807a6491fa1e0b97cdcca1f1b4a72fa5c55115affdb3037e96d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Sep 2020 11:35:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1202
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/933095421/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/933095421/?random=1599219353719&cv=9&fst=1599219353719&num=1&label=mlQrCKqk0n0Q2ZeklQM&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8q1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&tiba=Ransom%20Demands%20Return%3A%20New%20DDoS%20Extortion%20Threats%20From%20Old%20Actors%20Targeting%20Finance%20and%20Retail%20-%20Akamai%20Security%20Intelligence%20and%20Threat%20Research%20Blog&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8ec0d99c1df7594f58a377506eeb294da5b55c1039a383c74e4bc47e332f0df0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Sep 2020 11:35:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1200
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
munchkin.js
munchkin.marketo.net/159/
11 KB
5 KB
Script
General
Full URL
https://munchkin.marketo.net/159/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.64.24 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-64-24.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
459e23d23ffe65a86f3a1f67c07edc92e0c69461ff83fbd63764d7b36cac92fc

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:53 GMT
Content-Encoding
gzip
Last-Modified
Fri, 08 May 2020 02:24:14 GMT
Server
AkamaiNetStorage
ETag
"79274ffc293e4f76fc372b953f780d16:1588904654.430334"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
4810
Expires
Sun, 13 Dec 2020 11:35:53 GMT
ip.json
api.company-target.com/api/v2/
439 B
945 B
XHR
General
Full URL
https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&page_title=Ransom%20Demands%20Return%3A%20New%20DDoS%20Extortion%20Threats%20From%20Old%20Actors%20Targeting%20Finance%20and%20Retail%20-%20Akamai%20Security%20Intelligence%20and%20Threat%20Research%20Blog&src=tag&key=c07e50e50d026064d820ab45cdd46518636e8993
Requested by
Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/uDRtxOMd.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.201.79 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-201-79.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
6647bef5797b46447dcbeb44a211929c28694200a7e6b83fb25f8df9ee67bb97

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
identification-source
CENTRAL
vary
Accept-Encoding, Origin
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
status
200
request-id
eb02e2a9-83d4-483c-91cf-ecbb61938861
content-encoding
gzip
pragma
no-cache
access-control-allow-origin
https://blogs.akamai.com
server
nginx
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json;charset=utf-8
via
1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
api-version
v2
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
xpZHL4KBOfZAbHqqdPbvYIPAjD1NeNGfM737i2I9wXxOA_66eE9Mvw==
expires
Thu, 03 Sep 2020 11:35:53 GMT
validateCookie
segments.company-target.com/
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/demandbase
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
  • https://segments.company-target.com/log?vendor=choca&user_id=AAbZpU6-pE0AAA_OsuB0BA
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAbZpU6-pE0AAA_OsuB0BA&verifyHash=476ac11255ce8be4b6bf8c897368a91c5c507499
26 B
409 B
Image
General
Full URL
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAbZpU6-pE0AAA_OsuB0BA&verifyHash=476ac11255ce8be4b6bf8c897368a91c5c507499
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
143.204.201.16 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-201-16.fra53.r.cloudfront.net
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:54 GMT
Via
1.1 997f66fda0069dac50a85c7a4fa51b7e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA53-C1
Vary
Origin
X-Cache
Miss from cloudfront
Content-Type
image/gif
Transfer-Encoding
chunked
Connection
keep-alive
trace-id
7249175b3d55a996
X-Amz-Cf-Id
8Gk65tYtNADzv7Qck2d79peac5A_3NQLup458zP5ednhTCk8Ym-aMg==

Redirect headers

Date
Fri, 04 Sep 2020 11:35:54 GMT
Via
1.1 997f66fda0069dac50a85c7a4fa51b7e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA53-C1
Vary
Origin
X-Cache
Miss from cloudfront
Location
/validateCookie?vendor=choca&user_id=AAbZpU6-pE0AAA_OsuB0BA&verifyHash=476ac11255ce8be4b6bf8c897368a91c5c507499
Connection
keep-alive
trace-id
eb5cb9297926e262
Content-Length
0
X-Amz-Cf-Id
xnDOvHSse4Z-2yHJtybrZ0ZrMaHAm51BU96VcSPkkUWxoZu07xWhqA==
0
bat.bing.com/action/
0
148 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=5668197&Ver=2&mid=f694cf4b-9a40-dc6a-c6fd-067408083bb0&sid=635283d27a998429f83d2ed6a76d6048&vid=e51c56a65c04d15401ebe67712b5a390&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Ransom%20Demands%20Return%3A%20New%20DDoS%20Extortion%20Threats%20From%20Old%20Actors%20Targeting%20Finance%20and%20Retail%20-%20Akamai%20Security%20Intelligence%20and%20Threat%20Research%20Blog&p=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&r=&lt=779&evt=pageLoad&msclkid=N&sv=1&rn=637218
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
pragma
no-cache
date
Fri, 04 Sep 2020 11:35:53 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: FB14C13686B8426F933E26291A1FBDC5 Ref B: FRAEDGE1421 Ref C: 2020-09-04T11:35:53Z
access-control-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
adsct
t.co/i/
43 B
449 B
Image
General
Full URL
https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=nujvn&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.197 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
120
pragma
no-cache
last-modified
Fri, 04 Sep 2020 11:35:53 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
d39464a676820f042d507b9996477c76
x-transaction
00e25a920065ef51
expires
Tue, 31 Mar 1981 05:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/849939417/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/849939417/?random=1599219353761&cv=9&fst=1599219353761&num=1&label=mlQrCKqk0n0Q2ZeklQM&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&tiba=Ransom%20Demands%20Return%3A%20New%20DDoS%20Extortion%20Threats%20From%20Old%20Actors%20Targeting%20Finance%20and%20Retail%20-%20Akamai%20Security%20Intelligence%20and%20Threat%20Research%20Blog&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1700bbd3fd2e0283fa72eb61d05fee9271ddca01863de946823999a81ad86350
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Sep 2020 11:35:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1185
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bc0d9f30d3ead90686aad6258ab03f3c
c.lytics.io/c/
35 B
121 B
Image
General
Full URL
https://c.lytics.io/c/bc0d9f30d3ead90686aad6258ab03f3c?event=OneTrustLoaded&OnetrustActiveGroups=%2C%2C&gtm.uniqueEventId=1&_ts=1599219353776&_nmob=t&_device=desktop&url=blogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&_v=3.0.11&_uid=u_212378959610548770&_getid=t
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
status
200
content-length
35
cf-request-id
04fa7fe1360000c286ab99e200000001
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET, POST
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cf-ray
5cd768e1fa55c286-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Cookie, *
expires
0
bc0d9f30d3ead90686aad6258ab03f3c
c.lytics.io/c/
35 B
591 B
Image
General
Full URL
https://c.lytics.io/c/bc0d9f30d3ead90686aad6258ab03f3c?event=OptanonLoaded&OptanonActiveGroups=%2C%2C&gtm.uniqueEventId=2&_ts=1599219353777&_nmob=t&_device=desktop&url=blogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&_v=3.0.11&_uid=u_212378959610548770&_getid=t
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
status
200
content-length
35
cf-request-id
04fa7fe1360000c286ab99f200000001
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET, POST
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cf-ray
5cd768e1fa56c286-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Cookie, *
expires
0
bc0d9f30d3ead90686aad6258ab03f3c
c.lytics.io/c/
35 B
121 B
Image
General
Full URL
https://c.lytics.io/c/bc0d9f30d3ead90686aad6258ab03f3c?gtm.start=1599219352982&event=gtm.js&gtm.uniqueEventId=3&_ts=1599219353778&_nmob=t&_device=desktop&url=blogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&_v=3.0.11&_uid=u_212378959610548770&_getid=t
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
status
200
content-length
35
cf-request-id
04fa7fe1360000c286ab9a3200000001
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET, POST
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cf-ray
5cd768e1fa5bc286-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Cookie, *
expires
0
bc0d9f30d3ead90686aad6258ab03f3c
c.lytics.io/c/
35 B
121 B
Image
General
Full URL
https://c.lytics.io/c/bc0d9f30d3ead90686aad6258ab03f3c?publication=blogs-sitr&_ts=1599219353778&_nmob=t&_device=desktop&url=blogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&_v=3.0.11&_uid=u_212378959610548770&_getid=t
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
status
200
content-length
35
cf-request-id
04fa7fe1360000c286ab9a0200000001
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET, POST
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cf-ray
5cd768e1fa57c286-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Cookie, *
expires
0
bc0d9f30d3ead90686aad6258ab03f3c
c.lytics.io/c/
35 B
121 B
Image
General
Full URL
https://c.lytics.io/c/bc0d9f30d3ead90686aad6258ab03f3c?contentTag=&_ts=1599219353779&_nmob=t&_device=desktop&url=blogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&_v=3.0.11&_uid=u_212378959610548770&_getid=t
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
status
200
content-length
35
cf-request-id
04fa7fe1360000c286ab9a5200000001
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET, POST
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cf-ray
5cd768e1fa5dc286-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Cookie, *
expires
0
bc0d9f30d3ead90686aad6258ab03f3c
c.lytics.io/c/
35 B
121 B
Image
General
Full URL
https://c.lytics.io/c/bc0d9f30d3ead90686aad6258ab03f3c?contentTag=SITR&_ts=1599219353779&_nmob=t&_device=desktop&url=blogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&_v=3.0.11&_uid=u_212378959610548770&_getid=t
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
status
200
content-length
35
cf-request-id
04fa7fe1360000c286ab9a4200000001
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET, POST
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cf-ray
5cd768e1fa5cc286-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Cookie, *
expires
0
bc0d9f30d3ead90686aad6258ab03f3c
c.lytics.io/c/
35 B
121 B
Image
General
Full URL
https://c.lytics.io/c/bc0d9f30d3ead90686aad6258ab03f3c?event=OneTrustLoaded&OnetrustActiveGroups=%2CC0001%2CC0002%2CC0003%2CC0004%2CC0005%2C&gtm.uniqueEventId=5&_ts=1599219353780&_nmob=t&_device=desktop&url=blogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&_v=3.0.11&_uid=u_212378959610548770&_getid=t
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
status
200
content-length
35
cf-request-id
04fa7fe1360000c286ab9a1200000001
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET, POST
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cf-ray
5cd768e1fa58c286-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Cookie, *
expires
0
bc0d9f30d3ead90686aad6258ab03f3c
c.lytics.io/c/
35 B
121 B
Image
General
Full URL
https://c.lytics.io/c/bc0d9f30d3ead90686aad6258ab03f3c?event=OptanonLoaded&OptanonActiveGroups=%2CC0001%2CC0002%2CC0003%2CC0004%2CC0005%2C&gtm.uniqueEventId=6&_ts=1599219353780&_nmob=t&_device=desktop&url=blogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&_v=3.0.11&_uid=u_212378959610548770&_getid=t
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
status
200
content-length
35
cf-request-id
04fa7fe1360000c286ab9a7200000001
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET, POST
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cf-ray
5cd768e1fa5fc286-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Cookie, *
expires
0
bc0d9f30d3ead90686aad6258ab03f3c
c.lytics.io/c/
35 B
121 B
Image
General
Full URL
https://c.lytics.io/c/bc0d9f30d3ead90686aad6258ab03f3c?ga_fpc=set&_ts=1599219353781&_nmob=t&_device=desktop&url=blogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&_v=3.0.11&_uid=u_212378959610548770&_getid=t
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
status
200
content-length
35
cf-request-id
04fa7fe1360000c286ab9a6200000001
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET, POST
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cf-ray
5cd768e1fa5ec286-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Cookie, *
expires
0
bc0d9f30d3ead90686aad6258ab03f3c
c.lytics.io/c/
35 B
121 B
Image
General
Full URL
https://c.lytics.io/c/bc0d9f30d3ead90686aad6258ab03f3c?ga_fpc=set&_ts=1599219353782&_nmob=t&_device=desktop&url=blogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&_v=3.0.11&_uid=u_212378959610548770&_getid=t
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
status
200
content-length
35
cf-request-id
04fa7fe1360000c286ab9a2200000001
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET, POST
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cf-ray
5cd768e1fa59c286-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Cookie, *
expires
0
visitWebPage
642-skn-449.mktoresp.com/webevents/
2 B
311 B
XHR
General
Full URL
https://642-skn-449.mktoresp.com/webevents/visitWebPage?_mchNc=1599219353796&_mchCn=&_mchId=642-SKN-449&_mchTk=_mch-akamai.com-1599219353795-10200&_mchWs=j1RQ&_mchHo=blogs.akamai.com&_mchPo=&_mchRu=%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&_mchPc=https%3A&_mchVr=159&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/159/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Sep 2020 11:35:54 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
95d44c07-9ebf-4d3d-93f7-992877751b7b
/
www.google.com/pagead/1p-user-list/849939417/
42 B
65 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/849939417/?random=1599219353715&cv=9&fst=1599217200000&num=1&label=mlQrCKqk0n0Q2ZeklQM&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8q1&sendb=1&frm=0&url=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&tiba=Ransom%20Demands%20Return%3A%20New%20DDoS%20Extortion%20Threats%20From%20Old%20Actors%20Targeting%20Finance%20and%20Retail%20-%20Akamai%20Security%20Intelligence%20and%20Threat%20Research%20Blog&async=1&fmt=3&is_vtc=1&random=3546684379&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/849939417/
42 B
65 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/849939417/?random=1599219353715&cv=9&fst=1599217200000&num=1&label=mlQrCKqk0n0Q2ZeklQM&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8q1&sendb=1&frm=0&url=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&tiba=Ransom%20Demands%20Return%3A%20New%20DDoS%20Extortion%20Threats%20From%20Old%20Actors%20Targeting%20Finance%20and%20Retail%20-%20Akamai%20Security%20Intelligence%20and%20Threat%20Research%20Blog&async=1&fmt=3&is_vtc=1&random=3546684379&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/933095421/
42 B
340 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/933095421/?random=1599219353719&cv=9&fst=1599217200000&num=1&label=mlQrCKqk0n0Q2ZeklQM&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8q1&sendb=1&frm=0&url=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&tiba=Ransom%20Demands%20Return%3A%20New%20DDoS%20Extortion%20Threats%20From%20Old%20Actors%20Targeting%20Finance%20and%20Retail%20-%20Akamai%20Security%20Intelligence%20and%20Threat%20Research%20Blog&async=1&fmt=3&is_vtc=1&random=2914843360&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/933095421/
42 B
538 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/933095421/?random=1599219353719&cv=9&fst=1599217200000&num=1&label=mlQrCKqk0n0Q2ZeklQM&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8q1&sendb=1&frm=0&url=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&tiba=Ransom%20Demands%20Return%3A%20New%20DDoS%20Extortion%20Threats%20From%20Old%20Actors%20Targeting%20Finance%20and%20Retail%20-%20Akamai%20Security%20Intelligence%20and%20Threat%20Research%20Blog&async=1&fmt=3&is_vtc=1&random=2914843360&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/849939417/
42 B
65 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/849939417/?random=1599219353761&cv=9&fst=1599217200000&num=1&label=mlQrCKqk0n0Q2ZeklQM&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&tiba=Ransom%20Demands%20Return%3A%20New%20DDoS%20Extortion%20Threats%20From%20Old%20Actors%20Targeting%20Finance%20and%20Retail%20-%20Akamai%20Security%20Intelligence%20and%20Threat%20Research%20Blog&fmt=3&is_vtc=1&random=2558835317&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/849939417/
42 B
65 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/849939417/?random=1599219353761&cv=9&fst=1599217200000&num=1&label=mlQrCKqk0n0Q2ZeklQM&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&tiba=Ransom%20Demands%20Return%3A%20New%20DDoS%20Extortion%20Threats%20From%20Old%20Actors%20Targeting%20Finance%20and%20Retail%20-%20Akamai%20Security%20Intelligence%20and%20Threat%20Research%20Blog&fmt=3&is_vtc=1&random=2558835317&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Sep 2020 11:35:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
u_212378959610548770
c.lytics.io/api/personalize/bc0d9f30d3ead90686aad6258ab03f3c/user/_uid/
319 B
364 B
Script
General
Full URL
https://c.lytics.io/api/personalize/bc0d9f30d3ead90686aad6258ab03f3c/user/_uid/u_212378959610548770?segments=true&mergestate=true&state=%7B%22_uid%22%3A%22u_212378959610548770%22%2C%22_sesstart%22%3A%221%22%2C%22_tz%22%3A2%2C%22_ul%22%3A%22en-US%22%2C%22_sz%22%3A%221600x1200%22%2C%22_nmob%22%3A%22t%22%2C%22_device%22%3A%22desktop%22%2C%22url%22%3A%22blogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html%22%2C%22_v%22%3A%223.0.11%22%7D&ts=1599219353860&callback=u_19641304293090080
Requested by
Host: c.lytics.io
URL: https://c.lytics.io/api/tag/bc0d9f30d3ead90686aad6258ab03f3c/latest.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
324c1e055e98ea99ef1bee6648dd309f2b65fcd328c054fee536cc13fe0afe30

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray
5cd768e22acfc286-FRA
date
Fri, 04 Sep 2020 11:35:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status
200
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
content-encoding
br
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Cookie, *
cf-request-id
04fa7fe15d0000c286ab9ad200000001
bc0d9f30d3ead90686aad6258ab03f3c
c.lytics.io/c/
35 B
121 B
Image
General
Full URL
https://c.lytics.io/c/bc0d9f30d3ead90686aad6258ab03f3c?_sesstart=1&_tz=2&_ul=en-US&_sz=1600x1200&_ts=1599219353854&_nmob=t&_device=desktop&url=blogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&_uid=u_212378959610548770&_v=3.0.11
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
status
200
content-length
35
cf-request-id
04fa7fe15d0000c286ab9ac200000001
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET, POST
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cf-ray
5cd768e22acbc286-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Cookie, *
expires
0
collect
www.google-analytics.com/
35 B
57 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j85&a=569676&t=event&ni=1&_s=2&dl=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&dp=%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html%3F&ul=en-us&de=UTF-8&dt=Ransom%20Demands%20Return%3A%20New%20DDoS%20Extortion%20Threats%20From%20Old%20Actors%20Targeting%20Finance%20and%20Retail%20-%20Akamai%20Security%20Intelligence%20and%20Threat%20Research%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHDAiEABBAAAAG~&jid=&gjid=&cid=1345044567.1599219353&tid=UA-34796267-1&_gid=1976423957.1599219353&gtm=2wg8q1MP7VKD&cd1=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F83.0.4103.61%20Safari%2F537.36&cd29=Not%20Known%20Bot&cd32=Not%20Known%20Bot&cd46=blogs-sitr&cd47=1345044567.1599219353&cd64=SITR&cd66=&cd4=Bot&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=(Non-Company%20Visitor)&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=Czechia&cd11=(Non-Company%20Visitor)&cd12=(Non-Company%20Visitor)&cd13=10&cd14=(Non-Company%20Visitor)&cd15=(Non-Company%20Visitor)&cd16=(Non-Company%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-Company%20Visitor)&cd19=(Non-Company%20Visitor)&cd20=(Non-Company%20Visitor)&cd24=(Non-Company%20Visitor)&cd51=(Non-Company%20Visitor)&cd59=(Non-Company%20Visitor)&z=1251946963
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 08 Aug 2020 04:34:40 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
2358073
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
WR1034b.js
cdnssl.clicktale.net/www/
91 KB
31 KB
Script
General
Full URL
https://cdnssl.clicktale.net/www/WR1034b.js
Requested by
Host: cdnssl.clicktale.net
URL: https://cdnssl.clicktale.net/www/WR-latest.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f1:29d::2db0 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
9d641e1fc4cccde81893a6de386aa6eb11524b574f14e43ea2be72731c0ef7ba

Request headers

Origin
https://blogs.akamai.com
Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:54 GMT
content-encoding
gzip
last-modified
Tue, 28 Jul 2020 10:24:24 GMT
server
Microsoft-IIS/8.5
status
200
etag
"9f95d543c964d61:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
content-length
31009
expires
Sat, 04 Sep 2021 11:35:54 GMT
/
www.facebook.com/tr/
44 B
146 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1276761735802781&ev=Lytics%20Audiences&dl=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&rl=&if=false&ts=1599219354097&cd[all]=true&cd[smt_new]=true&cd[kc_test_stitching]=true&cd[default_anon_seg]=true&sw=1600&sh=1200&v=2.9.24&r=stable&ec=1&o=30&fbp=fb.1.1599219353562.1790795646&it=1599219353496&coo=false&rqm=GET
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:54 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Fri, 04 Sep 2020 11:35:54 GMT
/
ing-district.clicktale.net/ctn_v2/wr/
1 B
100 B
XHR
General
Full URL
https://ing-district.clicktale.net/ctn_v2/wr/?2935176462599495&25500&10&0&0&0&264&subsid=232955&msgsize=120
Requested by
Host: cdnssl.clicktale.net
URL: https://cdnssl.clicktale.net/www/WR-latest.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.50.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-50-62.compute-1.amazonaws.com
Software
/
Resource Hash
684888c0ebb17f374298b65ee2807526c066094c701bcc7ebbe1c1095f494fc1

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

status
200
date
Fri, 04 Sep 2020 11:35:54 GMT
access-control-allow-origin
*
content-length
1
content-type
text/plain; charset=UTF-8
monitor
conductor.clicktale.net/
1 B
254 B
XHR
General
Full URL
https://conductor.clicktale.net/monitor?t=init&p=280&2=5087620232765486&v=1.5.5
Requested by
Host: cdnssl.clicktale.net
URL: https://cdnssl.clicktale.net/www/monitor-latest.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.201.3.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-201-3-186.compute-1.amazonaws.com
Software
/
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://blogs.akamai.com
Date
Fri, 04 Sep 2020 11:35:54 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
1
Content-Type
text/plain
110b2716-ca3f-49f2-abca-ff8baf1b94b4
https://blogs.akamai.com/
0
0
Other
General
Full URL
blob:https://blogs.akamai.com/110b2716-ca3f-49f2-abca-ff8baf1b94b4
Requested by
Host: blogs.akamai.com
URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length
0
_ate.track.config_resp
v1.addthisedge.com/live/boost/ra-54527f043b9dd729/
12 KB
2 KB
Script
General
Full URL
https://v1.addthisedge.com/live/boost/ra-54527f043b9dd729/_ate.track.config_resp
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ec0ef12b22c4df7e2a0a9f7bc3eeb70daaf7e5358beac2865fb3c1d43457ca80

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:54 GMT
content-encoding
gzip
etag
1540161347--gzip
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
public, max-age=25, s-maxage=86400
content-disposition
attachment; filename=1.txt
content-length
1586
300lo.json
m.addthis.com/live/red_lojson/
90 B
250 B
Script
General
Full URL
https://m.addthis.com/live/red_lojson/300lo.json?si=5f522699a5078e1c&bkl=0&bl=1&pdt=325&sid=5f522699a5078e1c&pub=ra-54527f043b9dd729&rev=v8.28.7-wp&ln=en&pc=men&cb=0&ab=-&dp=blogs.akamai.com&fp=sitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=0&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1599219354496&jsl=8193&uvs=5f52269986d7cf06000&skipb=1&callback=addthis.cbs.jsonp__113506394001726020
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fead363dd335ed5f6900acd88c7ab3f1a6449739bedb0ac21cb622b51df6abde

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
pragma
no-cache
date
Fri, 04 Sep 2020 11:35:54 GMT
cache-control
max-age=0, no-cache, no-store, no-transform
content-disposition
attachment; filename=1.txt
content-length
90
content-type
application/javascript;charset=utf-8
sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame F4D0
0
0

sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 6DAE
0
0
Document
General
Full URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:method
GET
:authority
s7.addthis.com
:scheme
https
:path
/static/sh.f48a1a04fe8dbf021b4cda1d.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
server
nginx/1.15.8
content-type
text/html
last-modified
Mon, 09 Sep 2019 15:34:57 GMT
etag
W/"5d767121-1115f"
timing-allow-origin
*
cache-control
public, max-age=86313600
p3p
CP="NON ADM OUR DEV IND COM STA"
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
content-length
25412
date
Fri, 04 Sep 2020 11:35:54 GMT
vary
Accept-Encoding
x-host
s7.addthis.com
adsct
analytics.twitter.com/i/
31 B
651 B
Script
General
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=nujvn&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.131 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=631138519
content-length
57
x-xss-protection
0
x-response-time
122
pragma
no-cache
last-modified
Fri, 04 Sep 2020 11:35:54 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
6483abb08ceb4f59574d55f0241e9dba
x-transaction
00cef08a00be7a09
expires
Tue, 31 Mar 1981 05:00:00 GMT
layers.33f5b85045a5f2308467.js
s7.addthis.com/static/
263 KB
76 KB
Script
General
Full URL
https://s7.addthis.com/static/layers.33f5b85045a5f2308467.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
137e41c449677deb7c8da3afde63fc781b095bb028f78b789be44192e8e3f4be
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Thu, 04 Jun 2020 15:49:19 GMT
server
nginx/1.15.8
etag
W/"5ed917ff-41b9f"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86313600
date
Fri, 04 Sep 2020 11:35:54 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
77540
pathfora.min.js
c.lytics.io/static/
100 KB
20 KB
Script
General
Full URL
https://c.lytics.io/static/pathfora.min.js
Requested by
Host: c.lytics.io
URL: https://c.lytics.io/api/tag/bc0d9f30d3ead90686aad6258ab03f3c/latest.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d168ba515a51b5718ba8f51cc423e6458094e282e9426f9cbc03ed09166bd09a

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray
5cd768e67b53c286-FRA
date
Fri, 04 Sep 2020 11:35:54 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Fri, 12 Jun 2020 19:10:40 GMT
server
cloudflare
age
5971
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
status
200
cache-control
max-age=7200
content-encoding
br
cf-request-id
04fa7fe4060000c286ab9ee200000001
RRT
ds-aksb-a.akamaihd.net/
0
402 B
XHR
General
Full URL
https://ds-aksb-a.akamaihd.net/RRT
Requested by
Host: ds-aksb-a.akamaihd.net
URL: https://ds-aksb-a.akamaihd.net/aksb.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:26f0:10::5c7a:d5ca , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Fri, 04 Sep 2020 11:35:54 GMT
Server
nginx
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Timing-Allow-Origin
*
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
0
Expires
Fri, 04 Sep 2020 11:35:54 GMT
b
ds-aksb-a.akamaihd.net/2/135745/
0
269 B
Image
General
Full URL
https://ds-aksb-a.akamaihd.net/2/135745/b?dE=83&cS=83&cE=241&rqS=242&rsS=315&rsE=320&sS=88&dl=318&di=778&fp=677&dlS=778&dlE=778&dc=2064&leS=2065&leE=2084&to=&ol=0&cr=5&mt=&mb=&b=273&u=https%3A//blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&ua=Mozilla/5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/83.0.4103.61%20Safari/537.36&pl=Linux%20x86_64&us=&gh=72.247.179.110&t=&rid=5a34f51&r=31011&akM=dscx&akN=ae&vc=14:17&bpcip=ag1z17ozci&akTX=1&akTI=5a34f51&ai=197727&pmgn=rumBlogsAkamaiCom&pmgi=&pmp=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:26f0:10::5c7a:d5ca , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 04 Sep 2020 11:35:54 GMT
Content-Type
text/html
Cache-Control
max-age=0, no-cache, no-store, private
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
0
Expires
Fri, 04 Sep 2020 11:35:54 GMT
fb15a09e-11bd-43ed-920b-1909e8da9b19
https://blogs.akamai.com/
36 KB
0
Other
General
Full URL
blob:https://blogs.akamai.com/fb15a09e-11bd-43ed-920b-1909e8da9b19
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
411c045d2a620b9b58931bcfee6a2345031696ea884ff22ed59a20efd81bd217

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length
36838
pathfora.min.css
c.lytics.io/static/
20 KB
3 KB
Stylesheet
General
Full URL
https://c.lytics.io/static/pathfora.min.css
Requested by
Host: c.lytics.io
URL: https://c.lytics.io/static/pathfora.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
58aa5964d6f5dc68b2180e943ea63b6031c0ba83e44d9815e724b10f2f615f9f

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray
5cd768e73cf5c286-FRA
date
Fri, 04 Sep 2020 11:35:54 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Fri, 12 Jun 2020 19:10:39 GMT
server
cloudflare
age
5968
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
status
200
cache-control
max-age=7200
content-encoding
br
cf-request-id
04fa7fe47f0000c286ab9f9200000001
151.67aec2e0546e639563bb.js
s7.addthis.com/static/
2 KB
1 KB
Script
General
Full URL
https://s7.addthis.com/static/151.67aec2e0546e639563bb.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
e1fa72e38624f68bc2039aded02a054eead1fbf24646f4df60abcacc665a8690
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Wed, 18 Sep 2019 14:16:17 GMT
server
nginx/1.15.8
etag
W/"5d823c31-68f"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86313600
date
Fri, 04 Sep 2020 11:35:54 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
815
/
graph.facebook.com/
177 B
361 B
Script
General
Full URL
https://graph.facebook.com/?id=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_62vu0
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f1226d3e871d0f742dd3176517f97c55470a3577a0bc8819198636246d2d9ba4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
etag
"8f3e18bc160708217ec44fb3be5d30db2d03fbaf"
status
200
x-fb-rev
1002621492
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
177
pragma
no-cache
x-fb-debug
7faItEjPKhID4BtViWSUpzUY9HkH4FyQY/+I1Fe82oZrdKYONtag4X30GQdt3J8WnL3htRBv2NGwJt4gFoHgBQ==
x-fb-trace-id
H5iIuTrjHhU
date
Fri, 04 Sep 2020 11:35:54 GMT
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
AHDYX3Qpe9psEzwxbsHPVfJ
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v3.1
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
graph.facebook.com/
176 B
598 B
Script
General
Full URL
https://graph.facebook.com/?id=http%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_ghnc0
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0990023a928678ae6a416e5a8c9beeeed1ed4bff33959cc2d81c6f7bf4339a52
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
etag
"3470315c8f13c070f46fe706f2a29e3fc6d8ebc3"
status
200
x-fb-rev
1002621492
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
176
pragma
no-cache
x-fb-debug
NlSk1w4NU7xX6j3rzYZDQISySE1Mnpak6FD7QA6lddNBuw2MDrp8jC2KtVfxbRxAares8MmEShZf/UVqxq1cCg==
x-fb-trace-id
FVEyrNKByj8
date
Fri, 04 Sep 2020 11:35:54 GMT
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
AgOaiM4DZCNQ4Uu1DuPWGmY
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v3.1
expires
Sat, 01 Jan 2000 00:00:00 GMT
config.js
c.lytics.io/api/program/campaign/config/bc0d9f30d3ead90686aad6258ab03f3c/
327 B
315 B
Script
General
Full URL
https://c.lytics.io/api/program/campaign/config/bc0d9f30d3ead90686aad6258ab03f3c/config.js
Requested by
Host: c.lytics.io
URL: https://c.lytics.io/api/tag/bc0d9f30d3ead90686aad6258ab03f3c/latest.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89a13c0cdac85daa85ecb4690ecac7255aa96aa0fb7b3f88c99ed669018758be

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray
5cd768e76d68c286-FRA
date
Fri, 04 Sep 2020 11:35:54 GMT
via
1.1 google
cf-cache-status
HIT
server
cloudflare
age
6934
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=7200
content-encoding
br
access-control-allow-origin
*
cf-request-id
04fa7fe4a40000c286ab9ff200000001
/
ing-district.clicktale.net/ctn_v2/wr/
1 B
100 B
XHR
General
Full URL
https://ing-district.clicktale.net/ctn_v2/wr/?2935176462599495&25500&10&1&0&1&264&subsid=232955&msgsize=120
Requested by
Host: cdnssl.clicktale.net
URL: https://cdnssl.clicktale.net/www/WR-latest.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.50.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-50-62.compute-1.amazonaws.com
Software
/
Resource Hash
684888c0ebb17f374298b65ee2807526c066094c701bcc7ebbe1c1095f494fc1

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

status
200
date
Fri, 04 Sep 2020 11:35:54 GMT
access-control-allow-origin
*
content-length
1
content-type
text/plain; charset=UTF-8
/
ing-district.clicktale.net/ctn_v2/wr/
1 B
100 B
XHR
General
Full URL
https://ing-district.clicktale.net/ctn_v2/wr/?2935176462599495&25500&10&2&1&0&105&subsid=232955&msgsize=120
Requested by
Host: cdnssl.clicktale.net
URL: https://cdnssl.clicktale.net/www/WR-latest.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.50.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-50-62.compute-1.amazonaws.com
Software
/
Resource Hash
684888c0ebb17f374298b65ee2807526c066094c701bcc7ebbe1c1095f494fc1

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Fri, 04 Sep 2020 11:35:55 GMT
access-control-allow-origin
*
content-length
1
content-type
text/plain; charset=UTF-8
5db1f9ed-5622-4fed-8ced-11b5a0b297a0
https://blogs.akamai.com/
36 KB
0
Other
General
Full URL
blob:https://blogs.akamai.com/5db1f9ed-5622-4fed-8ced-11b5a0b297a0
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
411c045d2a620b9b58931bcfee6a2345031696ea884ff22ed59a20efd81bd217

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length
36838
dabee63d-01da-47f9-9c5a-b87c4c4c5b88
https://blogs.akamai.com/
36 KB
0
Other
General
Full URL
blob:https://blogs.akamai.com/dabee63d-01da-47f9-9c5a-b87c4c4c5b88
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
411c045d2a620b9b58931bcfee6a2345031696ea884ff22ed59a20efd81bd217

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length
36838
01536259-66be-4aab-9363-681c54a64f5b
https://blogs.akamai.com/
36 KB
0
Other
General
Full URL
blob:https://blogs.akamai.com/01536259-66be-4aab-9363-681c54a64f5b
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
411c045d2a620b9b58931bcfee6a2345031696ea884ff22ed59a20efd81bd217

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length
36838
6aa540ab-1fb6-4e5e-9208-73a50e266a03
https://blogs.akamai.com/
36 KB
0
Other
General
Full URL
blob:https://blogs.akamai.com/6aa540ab-1fb6-4e5e-9208-73a50e266a03
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
411c045d2a620b9b58931bcfee6a2345031696ea884ff22ed59a20efd81bd217

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length
36838
/
www.facebook.com/tr/
44 B
146 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1276761735802781&ev=Microdata&dl=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&rl=&if=false&ts=1599219355066&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Ransom%20Demands%20Return%3A%20New%20DDoS%20Extortion%20Threats%20From%20Old%20Actors%20Targeting%20Finance%20and%20Retail%20-%20Akamai%20Security%20Intelligence%20and%20Threat%20Research%20Blog%22%2C%22meta%3Adescription%22%3A%22Update%2008%2F24%2F2020%20As%20mentioned%20below%2C%20the%20Akamai%20SIRT%20has%20been%20tracking%20attacks%20from%20the%20so-called%20Armada%20Collective%20and%20Fancy%20Bear%20actors%2C%20who%20are%20sending%20ransom%20letters%20to%20various%20industry%20verticals%20such%20as%20finance%2C%20travel%2C%20and%20e-commerce.%20In%20addition%20to%20the...%22%2C%22meta%3Akeywords%22%3A%22%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.24&r=stable&ec=2&o=30&fbp=fb.1.1599219353562.1790795646&it=1599219353496&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 11:35:55 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Fri, 04 Sep 2020 11:35:55 GMT
/
ing-district.clicktale.net/ctn_v2/wr/
1 B
100 B
XHR
General
Full URL
https://ing-district.clicktale.net/ctn_v2/wr/?2935176462599495&25500&10&3&2&0&105&subsid=232955&msgsize=120
Requested by
Host: cdnssl.clicktale.net
URL: https://cdnssl.clicktale.net/www/WR-latest.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.50.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-50-62.compute-1.amazonaws.com
Software
/
Resource Hash
684888c0ebb17f374298b65ee2807526c066094c701bcc7ebbe1c1095f494fc1

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Fri, 04 Sep 2020 11:35:55 GMT
access-control-allow-origin
*
content-length
1
content-type
text/plain; charset=UTF-8
/
ing-district.clicktale.net/ctn_v2/wr/
1 B
100 B
XHR
General
Full URL
https://ing-district.clicktale.net/ctn_v2/wr/?2935176462599495&25500&10&4&4&0&105&subsid=232955&msgsize=120
Requested by
Host: cdnssl.clicktale.net
URL: https://cdnssl.clicktale.net/www/WR-latest.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.50.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-50-62.compute-1.amazonaws.com
Software
/
Resource Hash
684888c0ebb17f374298b65ee2807526c066094c701bcc7ebbe1c1095f494fc1

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Fri, 04 Sep 2020 11:35:55 GMT
access-control-allow-origin
*
content-length
1
content-type
text/plain; charset=UTF-8
/
ing-district.clicktale.net/ctn_v2/wr/
1 B
100 B
XHR
General
Full URL
https://ing-district.clicktale.net/ctn_v2/wr/?2935176462599495&25500&10&5&3&0&105&subsid=232955&msgsize=120
Requested by
Host: cdnssl.clicktale.net
URL: https://cdnssl.clicktale.net/www/WR-latest.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.50.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-50-62.compute-1.amazonaws.com
Software
/
Resource Hash
684888c0ebb17f374298b65ee2807526c066094c701bcc7ebbe1c1095f494fc1

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Fri, 04 Sep 2020 11:35:55 GMT
access-control-allow-origin
*
content-length
1
content-type
text/plain; charset=UTF-8
/
ing-district.clicktale.net/ctn_v2/wr/
1 B
100 B
XHR
General
Full URL
https://ing-district.clicktale.net/ctn_v2/wr/?2935176462599495&25500&10&6&5&0&105&subsid=232955&msgsize=120
Requested by
Host: cdnssl.clicktale.net
URL: https://cdnssl.clicktale.net/www/WR-latest.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.50.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-50-62.compute-1.amazonaws.com
Software
/
Resource Hash
684888c0ebb17f374298b65ee2807526c066094c701bcc7ebbe1c1095f494fc1

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Fri, 04 Sep 2020 11:35:55 GMT
access-control-allow-origin
*
content-length
1
content-type
text/plain; charset=UTF-8
monitor
conductor.clicktale.net/
1 B
254 B
XHR
General
Full URL
https://conductor.clicktale.net/monitor?t=chunk&p=280&2=5087620232765486&v=1.5.5
Requested by
Host: cdnssl.clicktale.net
URL: https://cdnssl.clicktale.net/www/monitor-latest.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.201.3.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-201-3-186.compute-1.amazonaws.com
Software
/
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://blogs.akamai.com
Date
Fri, 04 Sep 2020 11:35:56 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
1
Content-Type
text/plain
monitor
conductor.clicktale.net/
1 B
254 B
XHR
General
Full URL
https://conductor.clicktale.net/monitor?t=chunk&p=280&2=5087620232765486&v=1.5.5
Requested by
Host: cdnssl.clicktale.net
URL: https://cdnssl.clicktale.net/www/monitor-latest.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.201.3.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-201-3-186.compute-1.amazonaws.com
Software
/
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://blogs.akamai.com
Date
Fri, 04 Sep 2020 11:36:01 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
1
Content-Type
text/plain

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
s7.addthis.com
URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

295 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes object| OneTrustStub string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer function| OptanonWrapper object| otStubData string| mtCookieName string| mtCookieDomain string| mtCookiePath number| mtCookieTimeout function| mtHide function| mtShow function| mtAttachEvent function| mtFireEvent object| MT function| mtRelativeDate function| mtCommentFormOnFocus boolean| mtCaptchaVisible function| mtShowCaptcha undefined| is_preview undefined| user function| mtSetUser function| mtEscapeJS function| mtUnescapeJS function| mtBakeUserCookie function| mtUnbakeUserCookie function| mtGetUser boolean| mtFetchedUser function| mtFetchUser function| mtRememberMeOnClick boolean| mtRequestSubmitted function| mtCommentOnSubmit function| mtCommentSessionVerify function| mtUserOnLoad function| mtEntryOnLoad function| mtEntryOnUnload function| mtSignIn function| mtSignInOnClick function| mtSetUserOrLogin function| mtSignOut function| mtSignOutOnClick function| mtShowGreeting function| mtReplyCommentOnClick function| mtSetCommentParentID function| mtSaveUser function| mtClearUser function| mtSetCookie function| mtGetCookie function| mtDeleteCookie function| mtFixDate function| mtGetXmlHttp function| mtInit function| onusersignin number| _timer undefined| $ function| jQuery object| swfobject object| puremvc object| AKAMAI_MEDIA_PLAYER object| CaptionParsers object| akamai string| version object| addthis_share object| addthis_config string| adminurl string| blog_id string| page_id string| GoogleAnalyticsObject function| ga object| w object| d object| AKSB object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_tag_manager function| postscribe function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto object| Optanon object| OneTrust string| base_url function| twq string| _linkedin_data_partner_id object| loadScriptEvent boolean| clickTaleTagInjected object| uetq object| google_conversion_id object| google_conversion_label object| google_custom_params object| google_remarketing_only function| fbq function| _fbq object| script object| jstag boolean| __@@##MUH object| autoMonitorConfig string| ct_pdc_qs_val object| ClickTaleGlobal object| ClickTaleMonitor object| ClickTaleSettings object| ct_dispatcher function| ClickTaleCreateDOMElement function| ClickTaleAppendInHead function| ClickTaleXHTMLCompliantScriptTagCreate function| deleteIrrelevantUIDCookies undefined| uid string| cookieName undefined| expireCookie undefined| expireLocalStorage undefined| settings function| ClickTaleOnRecording boolean| isHttps undefined| scriptSource undefined| pccSource string| pccSrc object| scripts object| pccScriptElement object| ctVEconfig object| ClickTaleOnReadyList boolean| ClickTaleIsXHTMLCompliant boolean| ClickTaleIncludedOnDOMReady string| ClickTaleUIDCookieName string| ClickTaleScriptSource function| onloaded undefined| ClickTalePrevOnReady function| ClickTaleOnReady function| lintrk boolean| _already_called_lintrk object| CEC string| WRFi number| WRFk number| WRFh object| _ct_commands number| WRFj object| WRFw number| ClickTaleUnloadPause number| ClickTaleEventsMask string| ClickTaleIgnoreCookieName function| ClickTaleLog function| ClickTale string| ClickTaleCookieDomain function| ClickTaleUploadPage function| ClickTaleDelayUploadPage function| ClickTaleIsUploadPage function| ClickTaleSetAllSensitive function| ClickTaleResetAllSensitive function| ClickTaleSetSomeSensitive function| ClickTaleResetSomeSensitive function| ClickTaleIgnore function| ClickTaleRegisterFormSubmitFailure function| ClickTaleGetVersion function| ClickTaleSetCustomElementID function| ClickTaleRegisterFormSubmitSuccess function| ClickTaleExec function| ClickTaleField function| ClickTaleNote function| ClickTaleTag function| ClickTaleEvent function| ClickTaleGetPID function| ClickTaleSetUID function| ClickTaleGetUID function| ClickTaleGetSID function| ClickTaleUnsubscribe function| ClickTaleSubscribe function| ClickTaleLogical function| ClickTaleDetectAgent function| ClickTaleIsPlayback number| ClickTaleCookieExpiryDays function| ClickTaleIsSavedRecording function| ClickTaleIsRecording function| ClickTaleSendJsonMessage function| ClickTaleDispatchPersistedMessages function| ClickTaleUploadPageNow function| ClickTaleAddAugmentElementPathHandler function| ClickTaleGetAuthResponse function| ClickTaleGetSubscriberId function| ClickTaleGetPartition function| ClickTaleGetWRIgnoreExpiry number| WRInitTime object| ClickTaleFetchFromWithCookies object| _uxa object| ClickTaleOnStop object| ctRules_PrePCC object| ctCustomCode_PrePCC object| ct function| ClicktaleIntegrationExperienceHandler object| twttr function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin function| __extends object| Demandbase object| __db function| DBSegment function| UET function| MutationSummary object| ClickTaleOnUploadPageContentFetched object| __lytics__jstag__ object| google_conversion_date object| google_conversion_time number| google_conversion_snippets number| google_conversion_first_time object| google_conversion_js_version object| google_conversion_format object| google_enable_display_cookie_match object| google_conversion_type object| google_conversion_order_id object| google_conversion_language object| google_conversion_value object| google_conversion_currency object| google_conversion_domain object| google_conversion_color object| google_disable_viewthrough object| google_gtag_event_data object| google_conversion_linker object| google_tag_for_child_directed_treatment object| google_tag_for_under_age_of_consent object| google_allow_ad_personalization_signals object| google_restricted_data_processing object| google_conversion_items object| google_conversion_merchant_id object| google_user_id object| onload_callback object| opt_image_generator object| google_gtm_url_processor object| google_conversion_page_url object| google_conversion_referrer_url object| google_gtm object| google_gcl_cookie_prefix object| google_read_gcl_cookie_opt_out object| google_basket_feed_country object| google_basket_feed_language object| google_basket_discount object| google_basket_transaction_type object| google_additional_conversion_params object| google_additional_params object| google_transport_url object| MunchkinTracker undefined| u_19641304293090080 function| db_jquery function| WRAB function| ClickTaleStop function| ClickTaleTerm function| ClickTaleGetClientIp function| ClickTaleEventTrigger function| ClickTaleRegisterFormSubmit function| ClickTaleRegisterFormSubmitSent function| ClickTaleRegisterFormSubmitNotSent function| ClickTaleRebindEvents function| ClickTaleLogicalForm function| ClickTaleRegisterTouchAction function| ClickTaleRegisterElementAction function| ClickTaleFormDisable function| ClickTaleFormDisableAll function| ClickTaleFormGetInputs function| ClickTaleSendThresholdExceededEvent function| ClickTaleRegisterScroll function| ClickTaleSendImmediate function| ClickTaleRegisterManualEvent function| ClickTaleLogicalWithUploadPage object| WRDt boolean| ClickTaleFirstPCCGo string| cookieValue string| cookiePath string| expirationTime object| date number| dateTimeNow object| RT object| _atw string| addthis_exclude boolean| addthis_use_personalization string| addthis_options_default string| addthis_options_rank string| addthis_options object| __callbacks object| pathfora

21 Cookies

Domain/Path Name / Value
blogs.akamai.com/ Name: clientId
Value: 1345044567.1599219353
blogs.akamai.com/ Name: __atuvs
Value: 5f52269986d7cf06000
.akamai.com/ Name: __CT_Data
Value: gpv=1&ckp=tld&dm=akamai.com&apv_25500_www14=1&cpv_25500_www14=1&rpv_25500_www14=1
blogs.akamai.com/ Name: __attag
Value: lio%3Aall%2Clio%3Asmt_new%2Clio%3Akc_test_stitching%2Clio%3Adefault_anon_seg
.akamai.com/ Name: WRUID20190221
Value: 2935176462599495
.akamai.com/ Name: _CT_RS_
Value: Recording
.akamai.com/ Name: _mkto_trk
Value: id:642-SKN-449&token:_mch-akamai.com-1599219353795-10200
.blogs.akamai.com/ Name: seerid
Value: u_212378959610548770
.akamai.com/ Name: _uetvid
Value: e51c56a65c04d15401ebe67712b5a390
blogs.akamai.com/ Name: __atuvc
Value: 1%7C36
.akamai.com/ Name: _uetsid
Value: 635283d27a998429f83d2ed6a76d6048
.akamai.com/ Name: _fbp
Value: fb.1.1599219353562.1790795646
.akamai.com/ Name: _dc_gtm_UA-34796267-1
Value: 1
.akamai.com/ Name: ctm
Value: {'pgv':8840456027003028|'vst':2388541740305916|'vstr':5087620232765486|'intr':1599219353528|'v':1}
.akamai.com/ Name: _gcl_au
Value: 1.1.1262421246.1599219353
.akamai.com/ Name: _gat
Value: 1
.blogs.akamai.com/ Name: seerses
Value: e
.akamai.com/ Name: ak_bmsc
Value: 398D59D5AF3C533106DE7C840816A24B48F7B36EBE5100009826525F5207B225~plP4CwFuOuPkO300q2R+yGhiRZGduxTGAiR8c+X157N0GtMSmbKLhplzxQuz1z1z2NLWS0f0WaIasUlfTlH7Yzv/+HEpheTuwPyNOCmrvaTPwK91UCPHVDmWzMRGtWNZ16uRspoUYU9k5N7ysDd+HBUHgFBDfsFQnMJeesPPGlTdkBRBrZey6ZABQ6tITxIFLO1/6ezfmwaB1Itmc9YyMqok/dn3lhmYEppOe5Nb/igLQ=
.akamai.com/ Name: _gid
Value: GA1.2.1976423957.1599219353
.blogs.akamai.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Fri+Sep+04+2020+13%3A35%3A53+GMT%2B0200+(Central+European+Summer+Time)&version=6.5.0&hosts=&consentId=4b1603dd-fbd0-41aa-a250-45c88b082e9c&interactionCount=0&landingPath=https%3A%2F%2Fblogs.akamai.com%2Fsitr%2F2020%2F08%2Fransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1%2CC0005%3A1
.akamai.com/ Name: _ga
Value: GA1.2.1345044567.1599219353

2 Console Messages

Source Level URL
Text
console-api log URL: https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html(Line 1350)
Message:
/sitr/
console-api debug URL: https://munchkin.marketo.net/159/munchkin.js(Line 22)
Message:
Munchkin.init("%s") options: 642-SKN-449 [object Object]

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

642-skn-449.mktoresp.com
analytics.twitter.com
api.company-target.com
attr.ml-api.io
bat.bing.com
blogs.akamai.com
c.lytics.io
cdn.cookielaw.org
cdnssl.clicktale.net
conductor.clicktale.net
connect.facebook.net
ds-aksb-a.akamaihd.net
googleads.g.doubleclick.net
graph.facebook.com
ing-district.clicktale.net
m.addthis.com
match.prod.bidr.io
munchkin.marketo.net
px.ads.linkedin.com
s.ml-attr.com
s7.addthis.com
scripts.demandbase.com
secure.adnxs.com
segments.company-target.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
v1.addthisedge.com
www.akamai.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
z.moatads.com
s7.addthis.com
104.108.64.24
104.244.42.131
104.244.42.197
143.204.201.16
143.204.201.29
143.204.201.79
151.101.112.157
172.217.18.162
192.28.144.124
23.210.248.44
23.210.250.213
2606:4700:20::681a:216
2606:4700::6810:9440
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:800::2008
2a00:1450:4001:800::200e
2a00:1450:4001:801::200e
2a00:1450:4001:80b::2003
2a00:1450:4001:80b::2004
2a00:1450:4001:816::2004
2a00:1450:4001:81c::2002
2a00:1450:400c:c0c::9d
2a02:26f0:10::5c7a:d5ca
2a02:26f0:10c:48b::25ea
2a02:26f0:6c00:28c::6a3
2a02:26f0:f1:29a::2469
2a02:26f0:f1:29d::2db0
2a03:2880:f01c:800e:face:b00c:0:2
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:11:101::b93f:9005
37.252.172.249
52.1.50.62
52.201.3.186
52.212.22.61
68.67.153.60
99.86.2.45
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b
0990023a928678ae6a416e5a8c9beeeed1ed4bff33959cc2d81c6f7bf4339a52
10493c31cbfb05ee4bd0f22af083230ea95ea86e926b4518fa8dd84b2fa088a3
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
137e41c449677deb7c8da3afde63fc781b095bb028f78b789be44192e8e3f4be
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1700bbd3fd2e0283fa72eb61d05fee9271ddca01863de946823999a81ad86350
17a51ef969df5807a6491fa1e0b97cdcca1f1b4a72fa5c55115affdb3037e96d
19219f72fd4543cecc1d8b29990dbad3d015c4d0e380c9dce85a3302d456ce1e
1958bb7f293956e7170f639ce93a3d628ae465fa24fd751e1a2b3cd837059ffa
1fbd06d98ff87713eb030669571c929ab75539f05252f04ae1df807c28b20e95
2a7af71edf6d8f39d2c39679cf0ba2f52b10f72a82be4ea866e97590f7be850e
30d2499e284c2f1815b834bfd6500bf5ad829cc9395490a4fbd9940378e9b61c
324c1e055e98ea99ef1bee6648dd309f2b65fcd328c054fee536cc13fe0afe30
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
396197a350c5f917f454cb764fa31f624d64f8fbac73445c4d2862bad7ca22bf
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3dbb8c3acfe4fbeb258194c9f772218f7d4b825c0a7c96650dffe47f81495b19
3dbdbf1c436bc7ac645619e20285acf1b944a4670cb34062cd10538640932368
411c045d2a620b9b58931bcfee6a2345031696ea884ff22ed59a20efd81bd217
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
42004773101c4797209f723da0d0bc72d504a0a5cc0c8ec05211a10c58ac0191
44b0201bdc9aa3328906b708077ca31d7f947f48f74855fb692394080e5b5c4d
459e23d23ffe65a86f3a1f67c07edc92e0c69461ff83fbd63764d7b36cac92fc
4ea2958d7ec4ed3e4e29d5398463fd4196e128795eb99b467cd548aff6495b63
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
58aa5964d6f5dc68b2180e943ea63b6031c0ba83e44d9815e724b10f2f615f9f
5c622f5433cbb6ea1df5c0dd8671e55ef7d1464366074730473c453de50a579b
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55
5de8ecf84fbd0dce0dc678832bec4165d560defbb7561a601e35e7a41cc28b6c
5e0dea7631b5f30523b0e56256fb2b7d9b6dd02d4bc98556de875d6e53637802
5ea7c7f59e99dfc7785f9ffefd329d64023dd97b9b27c1c12835fada874279a8
6647bef5797b46447dcbeb44a211929c28694200a7e6b83fb25f8df9ee67bb97
684888c0ebb17f374298b65ee2807526c066094c701bcc7ebbe1c1095f494fc1
68d7310e853e6676ab8a2cb0e5e815e7c514b6ea75ca1ba6674ccb0be6870bf2
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c9459a6400a8cf7ef815379f9316dc26aeec43bcc48da1d1bd58d99a6109f7b
6d97ba15ff527c6ebd5b3b0128e67f14e4b7a95f85f877ce91b7694ea5d67453
725a6e06c6c4db64af816ee1d9f6a82d1d5c99439c2ffe3cd1a58413c736946a
74947c105fbe072189e449936e31c01048e8d20ea4137098eff1b1fdc09ec3c3
7f06def529e0076b37f65c60085a6b1c65f1bbab0b1f87c72c188018b5094966
8073776d34872ade5733678679780ce4fdbe3f82fed48ce45da7bd19adc41c25
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
837b1df4e6afd164cddafe91e5801b3dfe5758c32418d1d5236d6c8a23eaf003
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
89a13c0cdac85daa85ecb4690ecac7255aa96aa0fb7b3f88c99ed669018758be
8ec0d99c1df7594f58a377506eeb294da5b55c1039a383c74e4bc47e332f0df0
92db72d29e0b134689e612a6b14b56876d13046f8c85452dc84398fc4a4b5e1f
943bf13a74414d92ca5351ee76bb447f6d251b4de19a82f0160f2450de186402
94b8297f3fb848f41fa988ebc575f65c4aa2e458f04dba48025287249bcba66f
9696ba2db9650cf65d236998665cb42afb1bc877ceadd6f88fb542f7725ad557
9b28e38e151bcfc7e99f314fb6208cdf4dccb19532794a087fd06d08e8ad9c52
9b8e4ce379725beb99115050b7339852a1281bdab67ef7bc271a4a48b46969a3
9d641e1fc4cccde81893a6de386aa6eb11524b574f14e43ea2be72731c0ef7ba
9d8a2811fe6cec544f8e4ba7915c7ee8d4caa72257d97bf4f8964dae6c621ff6
9e03a63a27af3ed05eadbfdb9d7de4ccbfe24adadfa2c3390c70dc09bbd729fb
a1f08a0ffef73b63bbb91e8205a1d4560cc8ee214855558336f9d0473a20da26
a9dc975308ae1e0ba49e3cf0cc63c99f9e13a130898abc11746b7e1a4e749471
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae407e415a45b6c720d8d61fef8c28756883d0f546a64e7a2969d6174c669951
b3b5a05e8b180cfb6d58884e4106df4c3e74c198e97f09c8d112a3645f265f71
b3d0954dce6e71682556b1c8ccaabb10adfb2ff8d6c1dd5c6a989660dcfa967b
b458ee55ed784747e997d444d829a353186fa44f5762afe54c626b9fcec8aef5
b5840616d8bf9540bbe45a42f6841f92b78c70dabd3b8ee60abb51e79c47d5d6
b5e36fb4f6453bfb96798405a29502339e71473be8234a9569b0a247074e5467
c52b6154710730fad4aea6cfd15cfd7226a6301285655980feff5cca135bb8c4
d0b69006ced59bc683ec91dfa4c2647931b7f9e2fb0b28fb4aad32b3eb56747b
d12dc2ddd089376d17b5b712998fa236901d62678aa88890e1010ec04899b44e
d139c3756ba4ea4e4672c12645de4977faa9ba7e0d550931d2086338fd72dfe9
d168ba515a51b5718ba8f51cc423e6458094e282e9426f9cbc03ed09166bd09a
d327bc6cab8bbd2cc9cb1190c836e414b1c13ba03fd05c1f7e4adca28af12968
d69daccb0fc6797291cf45920cd24cc6876a52ed13a6ae5d76fc598d86c16619
d9935ecf3157e10ea14a8d5d54c5e60e0950330e69c6bc2714834e95d9a2624f
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e1fa72e38624f68bc2039aded02a054eead1fbf24646f4df60abcacc665a8690
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4f900e261a4e95471b85d1b1a97e796c1de085fe6e3db2bd7bb7b3b5bb1e507
e767ae101e0f675e800b3c78bcce8b95658524a3b1df6d9d3f1931f41e31f09a
eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746
ec0ef12b22c4df7e2a0a9f7bc3eeb70daaf7e5358beac2865fb3c1d43457ca80
edfc6dedf98d3024cc61633b2ee53ab4398e59ad287b132ecf6a41a0acb47d68
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1226d3e871d0f742dd3176517f97c55470a3577a0bc8819198636246d2d9ba4
f32102e74e82fcae9c748b45d50ba0f5c112b60984f47db9eba4c1020770ef7f
f41f5a37d81cec44b0eb3721edcc5c32880dfe9c8f71c586701c414935d23de0
f6d5a6119301cdd6d3d943c3902b117cffc00c580d65745b65cd8fdd34a789ed
f8b2738e130b776517f2ea440e738df920492b1445191f068bcec61511e9d5fc
f8e55488b7aab65a10ccfaa3990a2915d64c722d9b8bf384cd346a04fc511a0b
fb00dac8b604caf371a2193a6ddbda65195b30b01caef45d02763e089c196652
fb86d56383ff7fa14b5260253935ce2c27f97945519ab5ff22fde97094926914
fbd7dc11673944c030c85b314432593439647c0c602eee37dee363c2644465e4
fd08ce984c785c74899d85d7c3fe9239738ff675f8811bd2a9c2e4333c3c8ba5
fd63d6a5ec44215e50612d8bea8eff0a12f5d4981ab6745db8d8479f7c102845
fead363dd335ed5f6900acd88c7ab3f1a6449739bedb0ac21cb622b51df6abde