urlscan.io logo urlscan.io
SecurityTrails logo

blog.scrt.ch Open in urlscan Pro
2606:4700:3032::6815:1d23  Public Scan

Go To Rescan Add Verdict Report
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Submission: On March 29 via manual from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 26 HTTP transactions. The main IP is 2606:4700:3032::6815:1d23, located in United States and belongs to CLOUDFLARENET, US. The main domain is blog.scrt.ch.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 24th 2022. Valid for: a year.
This is the only time blog.scrt.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
20 2606:4700:303... 13335 (CLOUDFLAR...)
1 2404:6800:400... 15169 (GOOGLE)
3 2404:6800:400... 15169 (GOOGLE)
2 192.0.77.48 2635 (AUTOMATTIC)
26 5
Apex Domain
Subdomains		 Transfer
20 scrt.ch
blog.scrt.ch
296 KB
3 gstatic.com
fonts.gstatic.com
57 KB
2 w.org
s.w.org — Cisco Umbrella Rank: 1855
2 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 47
2 KB
26 4
Domain Requested by
20 blog.scrt.ch blog.scrt.ch
3 fonts.gstatic.com fonts.googleapis.com
2 s.w.org blog.scrt.ch
1 fonts.googleapis.com blog.scrt.ch
26 4

This site contains links to these domains. Also see Links.

Domain
github.com
en.wikipedia.org
clang.llvm.org
twitter.com
mathworld.wolfram.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-05-24 -
2023-05-24		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh
*.w.org
Sectigo ECC Domain Validation Secure Server CA		 2022-12-06 -
2024-01-06		 a year crt.sh

This page contains 1 frames:

Primary Page: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Frame ID: EA9980E9096B0F137EA0840703393D0C
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Engineering antivirus evasion – Sec Team Blog

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • lightbox(?:-plus-jquery)?.{0,32}\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

26
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

371 kB
Transfer

803 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/ 		71 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86600d3f1d065fa942ce6c413193f8428af30123aba9274b6078f743b04151e7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7af8a7017d8caf85-NRT
content-encoding
br
content-type
text/html
date
Wed, 29 Mar 2023 14:02:46 GMT
last-modified
Wed, 29 Mar 2023 13:03:44 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nL2NKQgY4OaWc54zZxwi0XGJUjdBqM45RtGIS%2FLEpE86hNAy0WuFrc1fzcyr0FH4yj3S0nwWSZtkTb7M8%2FfK0Qx2CK4sOYO8XceBNDda31VLL5H2EmJX3h28usLKLCBUr0MDMGmKpvitCCU%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=63072000; includeSubdomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1;mode=block
style.min.css
blog.scrt.ch/wp-includes/css/dist/block-library/ 		93 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.scrt.ch/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 29 Mar 2023 14:02:47 GMT
strict-transport-security
max-age=63072000; includeSubdomains
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1;mode=block
last-modified
Wed, 29 Mar 2023 13:03:44 GMT
server
cloudflare
etag
W/"172a9-5f8099b1adb80-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F9950ZXtAADUnaKRcDXoYGM6akwvSH%2BZssn7jAkvorngvkrMLim9l%2FEJTNXREAiY3A4v7zdVZSt%2FGalkauVMjp4GY7g6WY5qrbkvNsZsA%2FbMFGaVpRe6q8jd3wQ0zf90yZ7bvIRvu4x%2FARM%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7af8a706ab05af85-NRT
classic-themes.min.css
blog.scrt.ch/wp-includes/css/ 		217 B
485 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.scrt.ch/wp-includes/css/classic-themes.min.css?ver=1
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 29 Mar 2023 14:02:46 GMT
strict-transport-security
max-age=63072000; includeSubdomains
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1;mode=block
last-modified
Wed, 29 Mar 2023 13:03:44 GMT
server
cloudflare
etag
W/"d9-5f8099b1aeb20-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FO1sbdLtssxOxSsEWYae%2FaHinpLzfKpt101%2BDOUjPCKO5PG473brU3mGhnRQS9Ost35xDHN2jaWKCWUpj4J5E1kuL1StFPnPQUphjvBB6PzMYhQF5zPZm7u5vicKv0g7NgECEZH2uM6T2G8%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7af8a706ab06af85-NRT
foobox.free.min.css
blog.scrt.ch/wp-content/plugins/foobox-image-lightbox/free/css/ 		29 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.scrt.ch/wp-content/plugins/foobox-image-lightbox/free/css/foobox.free.min.css?ver=2.7.17
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f592c1248f3224a2adddaa84e9ec8c8e7ed7a7bcf0913e658534eeb1dd5fe00
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 29 Mar 2023 14:02:46 GMT
strict-transport-security
max-age=63072000; includeSubdomains
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1;mode=block
last-modified
Wed, 29 Mar 2023 13:03:44 GMT
server
cloudflare
etag
W/"7312-5f8099b1afac0-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SZjwyG7Pbf5NRyd0bt03C3bghZn6qJunVLgstLIoAM28KqLIm9mAd0riZw15azmFQZp3PS76tz3k0Z8mYV5OYxGEucewS8l91ZRPxa82BZ1zi%2FXuSBwmfoI96%2BDtU9%2BTcn8AT18lK70c5cE%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7af8a706ab08af85-NRT
css
fonts.googleapis.com/ 		20 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Noto+Sans%3A400italic%2C700italic%2C400%2C700%7CNoto+Serif%3A400italic%2C700italic%2C400%2C700%7CInconsolata%3A400%2C700&subset=latin%2Clatin-ext
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:811::200a , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1ebb59bb8897b36e178e6d5ad747440a17877c52b03dc5ff5d211e721b43f77a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 29 Mar 2023 14:02:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 29 Mar 2023 14:02:46 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 29 Mar 2023 14:02:46 GMT
genericons.css
blog.scrt.ch/wp-content/themes/scrt/genericons/ 		27 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.scrt.ch/wp-content/themes/scrt/genericons/genericons.css?ver=3.2
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a29c4fd82afd9f61263a0f7a2ed0ec5d307e2a454d2182a721844b14b37500fa
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 29 Mar 2023 14:02:47 GMT
strict-transport-security
max-age=63072000; includeSubdomains
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1;mode=block
last-modified
Wed, 29 Mar 2023 13:03:44 GMT
server
cloudflare
etag
W/"6c09-5f8099b1b0a60-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h3msV02Xalt8HZlQT8TF584RTO659YZzsvZVpvI8I4GZmP4ZgEQEdl9j09%2B7XK0jRZAknMmbFpZFznGw5v9urW9ca%2F%2BMt%2FfF91E5NGOoquQZl3H0GN%2BFn8cnewutvCaoEFPlW%2FW2KALvkoA%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7af8a706ab09af85-NRT
style.css
blog.scrt.ch/wp-content/themes/scrt/ 		95 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.scrt.ch/wp-content/themes/scrt/style.css?ver=6.1.1
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5103a474ded8b7a0bc46fd6e42bf2814b81acb2322a7aa3d4cda40ff4d8f04e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 29 Mar 2023 14:02:47 GMT
strict-transport-security
max-age=63072000; includeSubdomains
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1;mode=block
last-modified
Wed, 29 Mar 2023 13:03:44 GMT
server
cloudflare
etag
W/"17c2c-5f8099b1b1a00-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HyaJVKSGoF4LURzf1FHxO1gL2GlLaUpy9BcC8s%2F6VJSz%2BTvVMdtunE0TcnLlpeWwpFOI3iOY%2BWSTZsT10mD19o58WsvZ%2Ff5q7bougGJJIOBalzLJpq%2B%2BLZp1xmCsHT3DX9xRJrQyzhBFmpY%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7af8a706ab0aaf85-NRT
ytprefs.min.css
blog.scrt.ch/wp-content/plugins/youtube-embed-plus/styles/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.scrt.ch/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.4.1
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c9e9bd4e992b05389236894daba31e34cc03e95c1dcb18fdb229087df1606c6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 29 Mar 2023 14:02:46 GMT
strict-transport-security
max-age=63072000; includeSubdomains
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1;mode=block
last-modified
Wed, 29 Mar 2023 13:03:44 GMT
server
cloudflare
etag
W/"2080-5f8099b1b1a00-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c4hbkBZ9mdjqTC9WQ0nf%2BGIvJe%2BsEo6F7WSsBlZi2cu%2Fs6KGxruPZPa%2BMS64Jsx6usKkPlGkQXFOvKfU2vM%2FdylvKKa%2FDBN4HfSiDxoeSc%2F8BDNGwSoj5gFYmo8GaMBjyDk5t4GL%2BdXmTkA%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7af8a706ab0baf85-NRT
jquery.min.js
blog.scrt.ch/wp-includes/js/jquery/ 		88 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scrt.ch/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 29 Mar 2023 14:02:47 GMT
strict-transport-security
max-age=63072000; includeSubdomains
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1;mode=block
last-modified
Wed, 29 Mar 2023 13:03:44 GMT
server
cloudflare
etag
W/"15e54-5f8099b1b48e0-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iMuCKM0iLF4Y73OCd%2Fibzvg762yITaDqFfJYFrVgUo5FTsRsyj13cUE1zEpyEoUDQk8b0ZRMpbCcXRgNfUPx4WM8jt4DhxRH69Eb2ZPAgqEkUcQ4Vep5BNbYiLeHnZi8J3mm%2FP4y3BSVSVQ%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7af8a706ab0eaf85-NRT
jquery-migrate.min.js
blog.scrt.ch/wp-includes/js/jquery/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scrt.ch/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 29 Mar 2023 14:02:46 GMT
strict-transport-security
max-age=63072000; includeSubdomains
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1;mode=block
last-modified
Wed, 29 Mar 2023 13:03:44 GMT
server
cloudflare
etag
W/"2bd8-5f8099b1b5880-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q9ROqXlmtWw1iNPflaM0FoWthUgCpb%2BMdec%2Fa%2FJeGBEEOgAtu83urtYQ9rFoN3CKkXvCoS%2BLsMfGxdWc3O2PHbywivYnEoAMx9VjMHjl7MCmcW%2FyOngLp3MLRYn6u2wiM8grx8GsORJx7dI%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7af8a706ab0faf85-NRT
foobox.free.min.js
blog.scrt.ch/wp-content/plugins/foobox-image-lightbox/free/js/ 		98 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scrt.ch/wp-content/plugins/foobox-image-lightbox/free/js/foobox.free.min.js?ver=2.7.17
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ca8a4feeb61ae9e7c5b6dc7a7918cf9c214c601be52f73231bb20cec8861c00
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 29 Mar 2023 14:02:47 GMT
strict-transport-security
max-age=63072000; includeSubdomains
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1;mode=block
last-modified
Wed, 29 Mar 2023 13:03:44 GMT
server
cloudflare
etag
W/"18804-5f8099b1b77c0-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eI2laNUzQcCIF2ovvCzuinOBmyjYO7NcR%2BK9FEpz%2BPQkdmvR5o4Hqs%2Flu8XSWzpY4sKeI%2B1sflObxMjI8WbvpCFPCT0Q5XeN5KMOc714TdRxGAJe3iAlxWCSSEK%2FvPevq6yOsd1wECsJoeg%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7af8a706ab10af85-NRT
ytprefs.min.js
blog.scrt.ch/wp-content/plugins/youtube-embed-plus/scripts/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scrt.ch/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.4.1
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b44b18e9a6cced6ba24a25855c23095283dba1ddfad87bc68859d87463eac07f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 29 Mar 2023 14:02:46 GMT
strict-transport-security
max-age=63072000; includeSubdomains
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1;mode=block
last-modified
Wed, 29 Mar 2023 13:03:44 GMT
server
cloudflare
etag
W/"35f9-5f8099b1b77c0-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ONvje7XMu0G12hNR54KhpqaTm0jyFTU1IPo3CpKKl2kzlEE3YR%2BSGJx1iz9NVrbpCUv2viiARsHxTQrHZpgNh%2F1SAVjiTkhmAvKbZWn4cli5%2FK8psrE1cHoG%2BcnjtuDWEaEtymQIc3tg9wg%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7af8a706ab12af85-NRT
prettify.css
blog.scrt.ch/wp-content/plugins/code-prettify/prettify/ 		771 B
621 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.scrt.ch/wp-content/plugins/code-prettify/prettify/prettify.css
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10765865e03a12890cf5546f3e3828a3ba743f8116d5f438a71bc105e93f5faa
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 29 Mar 2023 14:02:47 GMT
strict-transport-security
max-age=63072000; includeSubdomains
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1;mode=block
last-modified
Wed, 29 Mar 2023 13:03:44 GMT
server
cloudflare
etag
W/"303-5f8099b1b3940-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EGASGtKBoDTGAGft9MqGo8NdzDf489I42l4JfYC2snw1RnkoPns1bmP8z4Qepk1MlcI7C1CRhSYgG8u66MHybXqQBAlVoP6cALRpAWi9kYVjoJ%2FPuIfbrjWQh7sz0oQYiIWSILmteY7ffIA%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7af8a706ab0daf85-NRT
logo-scrt.png
blog.scrt.ch/wp-content/uploads/2016/01/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.scrt.ch/wp-content/uploads/2016/01/logo-scrt.png
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
801e577c5160243b91d1df7daa24ffa34d21470929810e1b755e4663794fcb21
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 29 Mar 2023 14:02:48 GMT
strict-transport-security
max-age=63072000; includeSubdomains
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
16561
x-xss-protection
1;mode=block
last-modified
Wed, 29 Mar 2023 13:03:44 GMT
server
cloudflare
etag
"40b1-5f8099b1abc40"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NBicE2KRZVV7wQVPlEkySysXtyQKjKGOyLQQlnbDmCIi6BY%2BLw7lOpz3KsgmOMpZn5FI2cLYSPogP6V4brrNVQdb3sT%2BRfc%2F30CepM48XaCvpfGnouG8VxXca57pPhBN3igCGdRu%2FyuOwmI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
vary
Accept-Encoding
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7af8a70e3f7ddedf-NRT
wp-emoji-release.min.js
blog.scrt.ch/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scrt.ch/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 29 Mar 2023 14:02:48 GMT
strict-transport-security
max-age=63072000; includeSubdomains
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1;mode=block
last-modified
Wed, 29 Mar 2023 13:03:43 GMT
server
cloudflare
etag
W/"48b9-5f8099b13e640-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2YitQCVCMBwXq0dL0VdOPa%2BAiO1E%2BsAUr%2BDv4n8X0aDkDO2Knxzvglm5BXGlRQCD5A8OE%2F8lGAgXfYjsNj%2FAnH1UpdUXwodw8O5%2BtfzskKEppzQlJt7D25xKxu668ymGvtdBgCWocDlAgyI%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7af8a70e3f7ededf-NRT
LLVMCompiler1.png
blog.scrt.ch/wp-content/uploads/2020/06/ 		21 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.scrt.ch/wp-content/uploads/2020/06/LLVMCompiler1.png
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2dbf655761eece562032574c2864edf4ba50a3c37b2bc771ea564ff4061c3172
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 29 Mar 2023 14:02:48 GMT
strict-transport-security
max-age=63072000; includeSubdomains
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
21777
x-xss-protection
1;mode=block
last-modified
Wed, 29 Mar 2023 13:03:47 GMT
server
cloudflare
etag
"5511-5f8099b47c780"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vc%2F6%2FW%2FPaWJnK%2FEpNEa72IBLyeg0WoJ3gG6DMzC7XHeQcN%2B6x0kxoQOXAiFMXhHrRzIIWH%2BViobh4JBD7hY7BJ1CWV0Qmdht2h%2Bm%2BN1NB2iSdhyR%2B6JBvr9ojIXspgFA26SdflPLGx274s4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
vary
Accept-Encoding
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7af8a70e3f7fdedf-NRT
run_prettify.js
blog.scrt.ch/wp-content/plugins/code-prettify/prettify/ 		18 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scrt.ch/wp-content/plugins/code-prettify/prettify/run_prettify.js?ver=1.4.0
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9dc8ce8b5f8200d37b7434c106df70011a64a37a4ea31b5485dd0a3feae40798
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 29 Mar 2023 14:02:47 GMT
strict-transport-security
max-age=63072000; includeSubdomains
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1;mode=block
last-modified
Wed, 29 Mar 2023 13:03:44 GMT
server
cloudflare
etag
W/"4768-5f8099b1b8760-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pJbFyDVLDQi%2FEv45pKPQQhHeSk8d3DaVVs8NgSVOUk56QMWtkVEHbkJRSrT9NH9zbIcFOFJONrIA5dmga%2F15Lyo5erFjWO5gAVKZiPnrX01eJkw%2BvVliP05iihMuAfnElR09qf23KdTI1lo%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7af8a70d3ecbdedf-NRT
skip-link-focus-fix.js
blog.scrt.ch/wp-content/themes/scrt/js/ 		727 B
960 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scrt.ch/wp-content/themes/scrt/js/skip-link-focus-fix.js?ver=20141010
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c99b9b0e6f18e2095f1552d926fbb566e5cd18b3867672d84689ca97a69b9479
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 29 Mar 2023 14:02:48 GMT
strict-transport-security
max-age=63072000; includeSubdomains
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1;mode=block
last-modified
Wed, 29 Mar 2023 13:03:44 GMT
server
cloudflare
etag
W/"2d7-5f8099b1b9700-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=370MboEpTwCmQWWeMMgbQTtrAw7HARpxzbxqSy%2Bo2U2VGJ0VSqXzV6NDpn5Zz8NgaOrPdCLoHUzqge3TmuGy2X24y6i85dFMOUZGvESpYPIN9M9N8Rqnz%2B%2Fy%2BGNRYh18%2B4TxGTpG2jdX9sE%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7af8a70def3cdedf-NRT
functions.js
blog.scrt.ch/wp-content/themes/scrt/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scrt.ch/wp-content/themes/scrt/js/functions.js?ver=20150330
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a888921054db01c3913c8127d5a4dd01132808311c2de04f16d64977f7a96515
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 29 Mar 2023 14:02:48 GMT
strict-transport-security
max-age=63072000; includeSubdomains
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1;mode=block
last-modified
Wed, 29 Mar 2023 13:03:44 GMT
server
cloudflare
etag
W/"170b-5f8099b1ba6a0-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yC0TcAeTQ80%2FqCKkVasE4z0nHaR1xCMEDQRY%2BM%2FmiMUTfnRzc7jtdQyR7o5mAXufKwzxpGhuA5F51jT2%2Bet9s4D0jDYELgnsI2ZqdLX2Rg5w%2FVuyAVU%2B%2FzholXYyoSaWl%2BPb4CuYhtS1Gsg%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7af8a70e3f7adedf-NRT
fitvids.min.js
blog.scrt.ch/wp-content/plugins/youtube-embed-plus/scripts/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scrt.ch/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.1.4.1
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8be3a402a3b2ad808402cea111ba3d286239d88e06c8e2969c84f46050dc88a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 29 Mar 2023 14:02:48 GMT
strict-transport-security
max-age=63072000; includeSubdomains
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1;mode=block
last-modified
Wed, 29 Mar 2023 13:03:44 GMT
server
cloudflare
etag
W/"c1f-5f8099b1bb640-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zWkhaGh%2BicoBKjQHstRJrts%2BKTz487PEsjlyHsHLjhC9bD9AKbokJeMiEtVd1n%2F92HY3SXFbknCKQq1nkch0Sc23oQORifS7VwTlJav4EU%2FCenwS%2BSvPCFsnZyW%2FF2DfHcJbWwPxMwbBejA%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7af8a70e3f7bdedf-NRT
o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
fonts.gstatic.com/s/notosans/v27/ 		12 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notosans/v27/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans%3A400italic%2C700italic%2C400%2C700%7CNoto+Serif%3A400italic%2C700italic%2C400%2C700%7CInconsolata%3A400%2C700&subset=latin%2Clatin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:824::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c1c30918a861cb6a985ab55d54ad7e861682354197f164cb3b7194f20eed67ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://blog.scrt.ch
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Fri, 24 Mar 2023 11:47:46 GMT
x-content-type-options
nosniff
age
440101
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12684
x-xss-protection
0
last-modified
Mon, 09 May 2022 18:28:04 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 23 Mar 2024 11:47:46 GMT
o-0IIpQlx3QUlC5A4PNr5TRA.woff2
fonts.gstatic.com/s/notosans/v27/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notosans/v27/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans%3A400italic%2C700italic%2C400%2C700%7CNoto+Serif%3A400italic%2C700italic%2C400%2C700%7CInconsolata%3A400%2C700&subset=latin%2Clatin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:824::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88f00438d26021a325247c4427898f7c778a22976df9f1a9d9876429778bf265
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://blog.scrt.ch
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Fri, 24 Mar 2023 11:47:40 GMT
x-content-type-options
nosniff
age
440107
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12860
x-xss-protection
0
last-modified
Mon, 09 May 2022 18:27:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 23 Mar 2024 11:47:40 GMT
QlddNThLqRwH-OJ1UHjlKENVzkWGVkL3GZQmAwLyya15.woff2
fonts.gstatic.com/s/inconsolata/v31/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/inconsolata/v31/QlddNThLqRwH-OJ1UHjlKENVzkWGVkL3GZQmAwLyya15.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans%3A400italic%2C700italic%2C400%2C700%7CNoto+Serif%3A400italic%2C700italic%2C400%2C700%7CInconsolata%3A400%2C700&subset=latin%2Clatin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:824::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d5476afa39f08490e9c4e1844eb25fd5c1fd71169e360b44e1398ee5ecece40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://blog.scrt.ch
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Fri, 24 Mar 2023 11:49:46 GMT
x-content-type-options
nosniff
age
439981
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31760
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 18:59:15 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 23 Mar 2024 11:49:46 GMT
truncated
/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c9ee01ee8903499cb90168df3d5de82fdcf4660511aa12e06207bca6ccfdf064

Request headers

Referer
Origin
https://blog.scrt.ch
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
45n9vu.jpg
blog.scrt.ch/wp-content/uploads/2020/06/ 		95 KB
95 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.scrt.ch/wp-content/uploads/2020/06/45n9vu.jpg
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:1d23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b30c516aff39ef95f92f376ef8388501caaf2b964a6e25b540bd9a024388c389
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 29 Mar 2023 14:02:49 GMT
strict-transport-security
max-age=63072000; includeSubdomains
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
96944
x-xss-protection
1;mode=block
last-modified
Wed, 29 Mar 2023 13:03:47 GMT
server
cloudflare
etag
"17ab0-5f8099b4815a0"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ThZyPKDGlBVRsbPjmTGAqRkNEevADxcuSbg6E%2Bz1bqz4rBFtSU7GoyTnLwaZAYA1VMXC6c3eu%2FqCNpKwUDXVqGX0TdEUcavFyqy15A80b0Zqq%2Fy%2BzReKMT71K2dLNz0YU71vFEa0wygnsSs%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
vary
Accept-Encoding
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7af8a70e8fb0dedf-NRT
1f609.svg
s.w.org/images/core/emoji/14.0.0/svg/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.w.org/images/core/emoji/14.0.0/svg/1f609.svg
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
2468609517599c10415c9c9b65024cf697b747dbb837d07d0ea12130f224c65f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-nc
HIT nrt 2
date
Wed, 29 Mar 2023 14:02:48 GMT
x-content-type-options
nosniff
last-modified
Tue, 12 Apr 2022 03:47:26 GMT
server
nginx
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
max-age=315360000
accept-ranges
bytes
content-length
1183
expires
Thu, 31 Dec 2037 23:55:55 GMT
1f61b.svg
s.w.org/images/core/emoji/14.0.0/svg/ 		665 B
725 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.w.org/images/core/emoji/14.0.0/svg/1f61b.svg
Requested by
Host: blog.scrt.ch
URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
b5df5c8ea5019f4f1c8d162fa037b9be2fa6b1347d9553bfed77558e6b37c878
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://blog.scrt.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-nc
HIT nrt 2
date
Wed, 29 Mar 2023 14:02:48 GMT
x-content-type-options
nosniff
last-modified
Tue, 12 Apr 2022 03:53:43 GMT
server
nginx
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
max-age=315360000
accept-ranges
bytes
content-length
665
expires
Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| _wpemojiSettings undefined| $ function| jQuery object| FOOBOX object| FooBox object| _EPYT_ object| _EPADashboard_ function| onYouTubeIframeAPIReady string| codePrettifyLoaderBaseUrl boolean| PR_SHOULD_USE_CONTINUATION object| PR object| screenReaderText object| twemoji object| wp function| epdofitvids

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blog.scrt.ch
fonts.googleapis.com
fonts.gstatic.com
s.w.org
192.0.77.48
2404:6800:4004:811::200a
2404:6800:4004:824::2003
2606:4700:3032::6815:1d23
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
10765865e03a12890cf5546f3e3828a3ba743f8116d5f438a71bc105e93f5faa
1ebb59bb8897b36e178e6d5ad747440a17877c52b03dc5ff5d211e721b43f77a
1f592c1248f3224a2adddaa84e9ec8c8e7ed7a7bcf0913e658534eeb1dd5fe00
2468609517599c10415c9c9b65024cf697b747dbb837d07d0ea12130f224c65f
2dbf655761eece562032574c2864edf4ba50a3c37b2bc771ea564ff4061c3172
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5d5476afa39f08490e9c4e1844eb25fd5c1fd71169e360b44e1398ee5ecece40
6c9e9bd4e992b05389236894daba31e34cc03e95c1dcb18fdb229087df1606c6
801e577c5160243b91d1df7daa24ffa34d21470929810e1b755e4663794fcb21
86600d3f1d065fa942ce6c413193f8428af30123aba9274b6078f743b04151e7
88f00438d26021a325247c4427898f7c778a22976df9f1a9d9876429778bf265
8ca8a4feeb61ae9e7c5b6dc7a7918cf9c214c601be52f73231bb20cec8861c00
9dc8ce8b5f8200d37b7434c106df70011a64a37a4ea31b5485dd0a3feae40798
a29c4fd82afd9f61263a0f7a2ed0ec5d307e2a454d2182a721844b14b37500fa
a5103a474ded8b7a0bc46fd6e42bf2814b81acb2322a7aa3d4cda40ff4d8f04e
a888921054db01c3913c8127d5a4dd01132808311c2de04f16d64977f7a96515
b30c516aff39ef95f92f376ef8388501caaf2b964a6e25b540bd9a024388c389
b44b18e9a6cced6ba24a25855c23095283dba1ddfad87bc68859d87463eac07f
b5df5c8ea5019f4f1c8d162fa037b9be2fa6b1347d9553bfed77558e6b37c878
c1c30918a861cb6a985ab55d54ad7e861682354197f164cb3b7194f20eed67ac
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a
c99b9b0e6f18e2095f1552d926fbb566e5cd18b3867672d84689ca97a69b9479
c9ee01ee8903499cb90168df3d5de82fdcf4660511aa12e06207bca6ccfdf064
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
d8be3a402a3b2ad808402cea111ba3d286239d88e06c8e2969c84f46050dc88a