www.welivesecurity.com Open in urlscan Pro
2600:141b:13::17d7:823a Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
Submission: On May 05 via api (May 5th 2022, 8:35:15 pm UTC) from CA — Scanned from CA

Summary HTTP 110 Redirects Links 32 Behaviour Indicators

Summary

This website contacted 29 IPs in 2 countries across 34 domains to perform 110 HTTP transactions. The main IP is 2600:141b:13::17d7:823a, located in New York, United States and belongs to AKAMAI-ASN1, NL. The main domain is www.welivesecurity.com. The Cisco Umbrella rank of the primary domain is 484032.
TLS certificate: Issued by Thawte RSA CA 2018 on November 8th 2021. Valid for: a year.

This is the only time www.welivesecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
28	2600:141b:13:... 2600:141b:13::17d7:823a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2620:1ec:40::40 2620:1ec:40::40	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2607:f8b0:400... 2607:f8b0:4006:823::2008	15169 (GOOGLE) (GOOGLE)
1	2606:2800:11f... 2606:2800:11f:17a5:191a:18d5:537:22f9	15133 (EDGECAST) (EDGECAST)
2	2600:1400:d:5... 2600:1400:d:5aa::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2607:f8b0:400... 2607:f8b0:4006:817::200e	15169 (GOOGLE) (GOOGLE)
1	13.225.223.18 13.225.223.18	16509 (AMAZON-02) (AMAZON-02)
2	199.232.192.134 199.232.192.134	54113 (FASTLY) (FASTLY)
21	2600:9000:21e... 2600:9000:21ec:4200:6:8656:f5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	151.101.0.134 151.101.0.134	54113 (FASTLY) (FASTLY)
1	2600:1400:d:1... 2600:1400:d:19f::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	20.42.73.154 20.42.73.154	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	23.62.47.36 23.62.47.36	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	2600:141b:13:... 2600:141b:13::17d7:82da	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a03:2880:f01... 2a03:2880:f012:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
2	2607:f8b0:400... 2607:f8b0:4006:822::200e	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f112:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	2607:f8b0:400... 2607:f8b0:4006:807::200d	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81f::2003	15169 (GOOGLE) (GOOGLE)
1	199.232.196.64 199.232.196.64	54113 (FASTLY) (FASTLY)
2 3	13.225.223.63 13.225.223.63	16509 (AMAZON-02) (AMAZON-02)
2 5	107.178.254.65 107.178.254.65	15169 (GOOGLE) (GOOGLE)
1 3	23.21.155.15 23.21.155.15	14618 (AMAZON-AES) (AMAZON-AES)
1 1	54.144.226.112 54.144.226.112	14618 (AMAZON-AES) (AMAZON-AES)
1	199.232.196.134 199.232.196.134	54113 (FASTLY) (FASTLY)
21 37	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
6 6	142.251.40.162 142.251.40.162	15169 (GOOGLE) (GOOGLE)
1 1	34.98.67.3 34.98.67.3	15169 (GOOGLE) (GOOGLE)
1 2	104.18.99.194 104.18.99.194	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6 6	68.67.181.207 68.67.181.207	29990 (ASN-APPNEX) (ASN-APPNEX)
4 4	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
3 3	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
2 2	216.200.232.249 216.200.232.249	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 3	209.54.180.144 209.54.180.144	16509 (AMAZON-02) (AMAZON-02)
2 2	199.38.167.129 199.38.167.129	54312 (ROCKETFUEL) (ROCKETFUEL)
2 3	107.178.246.49 107.178.246.49	15169 (GOOGLE) (GOOGLE)
1 1	34.196.181.105 34.196.181.105	14618 (AMAZON-AES) (AMAZON-AES)
1	34.193.99.248 34.193.99.248	14618 (AMAZON-AES) (AMAZON-AES)
2 2	44.240.117.116 44.240.117.116	16509 (AMAZON-02) (AMAZON-02)
1 1	184.85.195.135 184.85.195.135	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	2620:100:a001::c 2620:100:a001::c	19750 (AS-CRITEO) (AS-CRITEO)
110	29

28 2600:141b:13::17d7:823a (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

www.welivesecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:40::40 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

assets.esetstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:823::2008 (Staten Island, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:11f:17a5:191a:18d5:537:22f9 (United States)

ASN15133 (EDGECAST, US)

az416426.vo.msecnd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1400:d:5aa::11a6 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
173bf10a.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:817::200e (Staten Island, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.223.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-223-18.jfk51.r.cloudfront.net

cdn1.esetstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.192.134 (United States)

ASN54113 (FASTLY, US)

welivesecurity.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2600:9000:21ec:4200:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.0.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1400:d:19f::11a6 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.42.73.154 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

dc.services.visualstudio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.62.47.36 (Piscataway, United States) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-62-47-36.deploy.static.akamaitechnologies.com

trial-eum-clientnsv4-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
su4jtoyxhyxsiytugt6q-p8kemd-728890304-clientnsv4-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:141b:13::17d7:82da (New York, United States) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

trial-eum-clienttons-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eydvgaaamb4gojqacqnqaeyaabrhinh5-p8kemd-764c70d19-clienttons-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:822::200e (Staten Island, United States)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:807::200d (Staten Island, United States)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81f::2003 (Staten Island, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.196.64 (United States)

ASN54113 (FASTLY, US)

glitter.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.225.223.63 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-223-63.jfk51.r.cloudfront.net

live.rezync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 107.178.254.65 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.21.155.15 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-21-155-15.compute-1.amazonaws.com

io.narrative.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.144.226.112 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-144-226-112.compute-1.amazonaws.com

obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.196.134 (United States)

ASN54113 (FASTLY, US)

referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 35.190.60.146 (Kansas City, United States) 21 redirects

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ei.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rc.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.251.40.162 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.3 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 3.67.98.34.bc.googleusercontent.com

tags.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.99.194 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

p.adsymptotic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 68.67.181.207 (Secaucus, United States) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 554.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 15.197.193.217 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.64.218 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.200.232.249 (Frederick, United States) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 209.54.180.144 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.38.167.129 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 107.178.246.49 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 49.246.178.107.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.196.181.105 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-181-105.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.193.99.248 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-193-99-248.compute-1.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.240.117.116 (Boardman, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-44-240-117-116.us-west-2.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.85.195.135 (Piscataway, United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-85-195-135.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:100:a001::c (United States) 2 redirects

ASN19750 (AS-CRITEO, US)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	rlcdn.com 21 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 491 ei.rlcdn.com — Cisco Umbrella Rank: 3198 rc.rlcdn.com — Cisco Umbrella Rank: 3423	3 KB
28	welivesecurity.com www.welivesecurity.com — Cisco Umbrella Rank: 484032	2 MB
21	disquscdn.com c.disquscdn.com — Cisco Umbrella Rank: 3919	597 KB
9	disqus.com welivesecurity.disqus.com disqus.com — Cisco Umbrella Rank: 2981 glitter.services.disqus.com — Cisco Umbrella Rank: 9824 referrer.disqus.com — Cisco Umbrella Rank: 6030	69 KB
6	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 326	6 KB
6	doubleclick.net 6 redirects cm.g.doubleclick.net — Cisco Umbrella Rank: 289	685 B
5	pippio.com 2 redirects pippio.com — Cisco Umbrella Rank: 1118	6 KB
5	google.com apis.google.com — Cisco Umbrella Rank: 179 accounts.google.com — Cisco Umbrella Rank: 120	44 KB
4	adsrvr.org 4 redirects match.adsrvr.org — Cisco Umbrella Rank: 447	2 KB
4	akamaihd.net 2 redirects trial-eum-clientnsv4-s.akamaihd.net — Cisco Umbrella Rank: 2636 su4jtoyxhyxsiytugt6q-p8kemd-728890304-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net — Cisco Umbrella Rank: 2630 eydvgaaamb4gojqacqnqaeyaabrhinh5-p8kemd-764c70d19-clienttons-s.akamaihd.net	1 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 101	20 KB
3	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 658	635 B
3	amazon-adsystem.com 1 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 382	3 KB
3	openx.net 3 redirects us-u.openx.net — Cisco Umbrella Rank: 632	420 B
3	narrative.io 1 redirects io.narrative.io — Cisco Umbrella Rank: 3783	1 KB
3	rezync.com 2 redirects live.rezync.com — Cisco Umbrella Rank: 2759	3 KB
3	esetstatic.com assets.esetstatic.com — Cisco Umbrella Rank: 741355 cdn1.esetstatic.com — Cisco Umbrella Rank: 546254	7 KB
2	criteo.com 2 redirects gum.criteo.com — Cisco Umbrella Rank: 448	764 B
2	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 283	2 KB
2	krxd.net 1 redirects usermatch.krxd.net — Cisco Umbrella Rank: 1936 beacon.krxd.net — Cisco Umbrella Rank: 662	499 B
2	rfihub.com 2 redirects p.rfihub.com — Cisco Umbrella Rank: 1180	2 KB
2	mathtag.com 2 redirects sync.mathtag.com — Cisco Umbrella Rank: 680	1 KB
2	adsymptotic.com 1 redirects p.adsymptotic.com — Cisco Umbrella Rank: 1079	484 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 195	85 KB
2	visualstudio.com dc.services.visualstudio.com — Cisco Umbrella Rank: 1106	281 B
2	go-mpulse.net s.go-mpulse.net — Cisco Umbrella Rank: 1680 c.go-mpulse.net — Cisco Umbrella Rank: 622	50 KB
1	bluekai.com 1 redirects tags.bluekai.com — Cisco Umbrella Rank: 693	792 B
1	linksynergy.com 1 redirects tags.rd.linksynergy.com — Cisco Umbrella Rank: 5276	390 B
1	imrworldwide.com 1 redirects obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com — Cisco Umbrella Rank: 34228	290 B
1	gstatic.com www.gstatic.com	34 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 100
1	akstat.io 173bf10a.akstat.io — Cisco Umbrella Rank: 21878	207 B
1	msecnd.net az416426.vo.msecnd.net — Cisco Umbrella Rank: 3373	22 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 142	79 KB
110	34

	Domain	Requested by
28	www.welivesecurity.com	www.welivesecurity.com
21	c.disquscdn.com	welivesecurity.disqus.com disqus.com c.disquscdn.com
20	idsync.rlcdn.com	4 redirects live.rezync.com
16	rc.rlcdn.com	16 redirects
6	ib.adnxs.com	6 redirects
6	cm.g.doubleclick.net	6 redirects
5	pippio.com	2 redirects c.disquscdn.com
5	disqus.com	welivesecurity.disqus.com c.disquscdn.com
4	match.adsrvr.org	4 redirects
4	www.google-analytics.com	www.welivesecurity.com www.googletagmanager.com
3	pixel.tapad.com	2 redirects live.rezync.com
3	s.amazon-adsystem.com	1 redirects
3	us-u.openx.net	3 redirects
3	io.narrative.io	1 redirects
3	live.rezync.com	2 redirects c.disquscdn.com
3	accounts.google.com	apis.google.com www.welivesecurity.com www.gstatic.com
2	gum.criteo.com	2 redirects
2	dpm.demdex.net	2 redirects
2	p.rfihub.com	2 redirects
2	sync.mathtag.com	2 redirects
2	p.adsymptotic.com	1 redirects
2	apis.google.com	c.disquscdn.com apis.google.com
2	connect.facebook.net	c.disquscdn.com connect.facebook.net
2	dc.services.visualstudio.com	az416426.vo.msecnd.net
2	welivesecurity.disqus.com	www.welivesecurity.com
2	assets.esetstatic.com	www.welivesecurity.com
1	tags.bluekai.com	1 redirects
1	beacon.krxd.net
1	usermatch.krxd.net	1 redirects
1	tags.rd.linksynergy.com	1 redirects
1	ei.rlcdn.com	1 redirects
1	referrer.disqus.com
1	obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com	1 redirects
1	glitter.services.disqus.com	c.disquscdn.com
1	www.gstatic.com	accounts.google.com
1	www.facebook.com	c.disquscdn.com
1	eydvgaaamb4gojqacqnqaeyaabrhinh5-p8kemd-764c70d19-clienttons-s.akamaihd.net
1	trial-eum-clienttons-s.akamaihd.net	1 redirects
1	su4jtoyxhyxsiytugt6q-p8kemd-728890304-clientnsv4-s.akamaihd.net
1	trial-eum-clientnsv4-s.akamaihd.net	1 redirects
1	173bf10a.akstat.io	s.go-mpulse.net
1	c.go-mpulse.net	az416426.vo.msecnd.net
1	cdn1.esetstatic.com	www.welivesecurity.com
1	s.go-mpulse.net	www.welivesecurity.com
1	az416426.vo.msecnd.net	www.welivesecurity.com
1	www.googletagmanager.com	www.welivesecurity.com
110	46

This site contains links to these domains. Also see Links.

Domain
www.eset.com
www.facebook.com
twitter.com
www.linkedin.com
www.politico.eu
www.reuters.com
github.com
symantec-enterprise-blogs.security.com
en.wikipedia.org
attack.mitre.org
eset.com

Subject Issuer	Validity	Valid
www.welivesecurity.com Thawte RSA CA 2018	`2021-11-08` - `2022-11-08`	a year	crt.sh
assets.esetstatic.com Thawte RSA CA 2018	`2021-10-28` - `2022-11-11`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2021-08-06` - `2022-08-06`	a year	crt.sh
akstat.io DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-15` - `2023-04-19`	a year	crt.sh
*.esetstatic.com Thawte RSA CA 2018	`2021-09-22` - `2022-10-02`	a year	crt.sh
*.disqus.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-20` - `2023-04-20`	a year	crt.sh
a.disquscdn.com Amazon	`2021-10-31` - `2022-11-28`	a year	crt.sh
in.applicationinsights.azure.com Microsoft RSA TLS CA 02	`2022-04-27` - `2023-04-27`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-02-12` - `2022-05-13`	3 months	crt.sh
*.apis.google.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
*.services.disqus.com GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-01-31` - `2023-03-04`	a year	crt.sh
*.rezync.com Amazon	`2021-12-26` - `2023-01-23`	a year	crt.sh
pippio.com GTS CA 1D4	`2022-04-09` - `2022-07-08`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
Frame ID: 1428B88EB4933CECF5B712D016BABF3F
Requests: 49 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
Frame ID: 863CBDD7B419B2250B2EFAEB1A3671AB
Requests: 31 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: 7F69FE16706A50D2D4B40B9CB22DAB33
Requests: 4 HTTP requests in this frame

Frame: https://live.rezync.com/pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=c1jmh86c1ua133n&pctry=CA&referrer=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F
Frame ID: 1CF3F3079B898F8B78525A7E35363201
Requests: 4 HTTP requests in this frame

Frame: https://pippio.com/api/sync?pid=1391&ref=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&it=1&iv=c1jmh86c1ua133n
Frame ID: 18C668AA5CE1E5F989AD6A83ABDFA2C7
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

IsaacWiper y HermeticWizard: un nuevo wiper y worm utilizados en ciberataques a Ucrania | WeLiveSecurity

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js

Page Statistics

110
Requests

75 %
HTTPS

37 %
IPv6

34
Domains

46
Subdomains

29
IPs

2
Countries

2722 kB
Transfer

4482 kB
Size

41
Cookies

32 Outgoing links

These are links going to different origins than the main page.

URL: https://www.eset.com/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?&url=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&text=IsaacWiper%20y%20HermeticWizard:%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania%0A&via=welivesecurity

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F

Search URL Search Domain Scan URL

URL: https://twitter.com/ESETresearch/status/1496581903205511181
Title: tweet

Search URL Search Domain Scan URL

URL: https://www.politico.eu/article/minister-ukraine-websites-down-in-another-massive-online-attack/
Title: ataques distribuidos de denegación de servicio (DDoS) contra algunos de los principales sitios web ucranianos

Search URL Search Domain Scan URL

URL: https://www.reuters.com/world/europe/cyprus-games-writer-denies-links-malware-found-before-russian-invasion-2022-02-24/
Title: informe de Reuters

Search URL Search Domain Scan URL

URL: https://github.com/SecureAuthCorp/impacket
Title: Impacket

Search URL Search Domain Scan URL

URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
Title: publicación

Search URL Search Domain Scan URL

URL: https://github.com/SecureAuthCorp/impacket/blob/cd4fe47cfcb72d7d35237a99e3df95cedf96e94f/examples/wmiexec.py#L295
Title: GitHub

Search URL Search Domain Scan URL

URL: https://github.com/kavika13/RemCom
Title: RemCom

Search URL Search Domain Scan URL

URL: https://github.com/bleachbit/windows-wipe/blob/master/filewipe.py
Title: proyecto Windows Wipe en GitHub

Search URL Search Domain Scan URL

URL: https://twitter.com/AvastThreatLabs/status/1496663206634344449
Title: tweet

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/ISAAC_(cipher)
Title: ISAAC

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/resources/versions/
Title: versión 10

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1588/002
Title: T1588.002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1588/003
Title: T1588.003

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1078/002/
Title: T1078.002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1059/003
Title: T1059.003

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1106
Title: T1106

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1569/002
Title: T1569.002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1047
Title: T1047

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1018/
Title: T1018

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1021/002
Title: T1021.002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1021/003/
Title: T1021.003

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1561/002
Title: T1561.002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1561/001
Title: T1561.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1485
Title: T1485

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1499/002
Title: T1499.002

Search URL Search Domain Scan URL

URL: https://www.eset.com/int/business/services/threat-intelligence/?utm_source=welivesecurity.com&utm_medium=referral&utm_campaign=wls-research&utm_content=isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine

Search URL Search Domain Scan URL

URL: https://eset.com/
Title: ESET

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 54

https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=p8kemd83p HTTP 302
https://su4jtoyxhyxsiytugt6q-p8kemd-728890304-clientnsv4-s.akamaihd.net/eum/results.txt

Request Chain 55

https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=p8kemd83p HTTP 302
https://eydvgaaamb4gojqacqnqaeyaabrhinh5-p8kemd-764c70d19-clienttons-s.akamaihd.net/eum/results.txt

Request Chain 83

https://io.narrative.io/?companyId=19&id=disqus_id%3Ac1jmh86c1ua133n&ret=img&ref=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F HTTP 302
https://io.narrative.io/?io.narrative.guid.v2=dbd33620-ccb2-11ec-96af-0e9f37bd45a9&companyId=19&id=disqus_id%3Ac1jmh86c1ua133n&ret=img&ref=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F

Request Chain 84

https://obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com/narr?gdpr=0&gdpr_consent=&url=https%3A%2F%2Fio.narrative.io%2F%3FcompanyId%3D19%26gdpr%3D0%26gdpr_consent%3D%26id%3Ddisqus_id%3Ac1jmh86c1ua133n HTTP 302
https://io.narrative.io/?companyId=19&gdpr=0&gdpr_consent=&id=disqus_id:c1jmh86c1ua133n&puid=dbd72dc0-ccb2-11ec-8245-2f44eb5ff7c1

Request Chain 86

https://idsync.rlcdn.com/462246.gif?partner_uid=c1jmh86c1ua133n HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CKabHBIbChcIARDI-AEaD2Mxam1oODZjMXVhMTMzbhAAGg0I_unQkwYSBQjoBxAAQgBKAA HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=dfb90e1c529ede5e445f94f03dcd06acb4c94d41591872cce994ff9286f60280791426b5417dce21&_=2

Request Chain 87

https://ei.rlcdn.com/448046.gif?n=1&partner_site_id=1017&cparams=placement%3D1391 HTTP 307
https://pippio.com/api/sync?pid=5324&_=2 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpEhoKFggBEAAaEG1kdXYtcnlXYklRYTR2QlIQABoMCP7p0JMGEgQIAhAAQgBKAA HTTP 302
https://pippio.com/api/sync/ddp?pid=2&m=CMwpEhoKFggBEAAaEG1kdXYtcnlXYklRYTR2QlIQABoMCP7p0JMGEgQIAhAAQgBKAA&google_error=3

Request Chain 88

https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CO8KEhoKFggBEPkHGg9jMWptaDg2YzF1YTEzM24QABqXAQj-6dCTBhIECAIQABIFCJQpEAASBQjlKxAAEgUI5isQABIFCOcrEAASBQjoKxAAEgUI6SsQABIFCOorEAASBQjrKxAAEgUI7CsQABIFCO0rEAASBQjuKxAAEgUI1UMQABIFCN5OEAASBgjjrysQABIGCO2vKxAAEgYI7q8rEAASBgjvrysQABIGCPCvKxAAEgYI8a8rEABCAEoA HTTP 302
https://pippio.com/api/sync/ddp?pid=2&m=CO8KEhoKFggBEPkHGg9jMWptaDg2YzF1YTEzM24QABqXAQj-6dCTBhIECAIQABIFCJQpEAASBQjlKxAAEgUI5isQABIFCOcrEAASBQjoKxAAEgUI6SsQABIFCOorEAASBQjrKxAAEgUI7CsQABIFCO0rEAASBQjuKxAAEgUI1UMQABIFCN5OEAASBgjjrysQABIGCO2vKxAAEgYI7q8rEAASBgjvrysQABIGCPCvKxAAEgYI8a8rEABCAEoA&google_error=3 HTTP 307
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
https://idsync.rlcdn.com/458249.gif?partner_uid=c5f5830f-041a-426a-b32a-84f7621fc10d

Request Chain 89

https://p.adsymptotic.com/d/px?_pid=13553&_psign=9e62e5c043ecadc9479a0ccac401dd7d HTTP 302
https://p.adsymptotic.com/d/px?_pid=13553&_psign=9e62e5c043ecadc9479a0ccac401dd7d&_expected_cookie=7f091cfd1e2aa98224b5f62ed19f792f

Request Chain 90

https://rc.rlcdn.com/456809.gif?n=1&cparams=placement%3D1391 HTTP 307
https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fidsync.rlcdn.com%252F52154.gif%253Fserved_by%253Devergreen%2526partner_uid%253D%2524UID HTTP 302
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=2532239475592321557

Request Chain 91

https://rc.rlcdn.com/456809.gif?n=2&cparams=placement%3D1391 HTTP 307
https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveramp&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=liveramp&ttd_tpi=1 HTTP 302
https://idsync.rlcdn.com/362588.gif?partner_uid=c314270d-9e2c-4279-9064-3988d23d378c

Request Chain 92

https://rc.rlcdn.com/456809.gif?n=3&cparams=placement%3D1391 HTTP 307
https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D HTTP 302
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=87c612aa-5d4b-4858-8c29-f2236b63aa27

Request Chain 93

https://rc.rlcdn.com/456809.gif?n=4&cparams=placement%3D1391 HTTP 307
https://sync.mathtag.com/sync/img?mt_exid=10017&redir=https%3A%2F%2Fidsync.rlcdn.com%2F47154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%5BMM_UUID%5D HTTP 302
https://idsync.rlcdn.com/47154.gif?served_by=evergreen&partner_uid=dd626274-34fe-4c00-a096-ec2b0397b6ae

Request Chain 94

https://rc.rlcdn.com/456809.gif?n=5&cparams=placement%3D1391 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm=&google_tc= HTTP 302
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEFTdusxHMTzqj-0ijSUKNGU&google_cver=1

Request Chain 95

https://rc.rlcdn.com/456809.gif?n=6&cparams=placement%3D1391 HTTP 307
https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=&cb=03199463 HTTP 302
https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=&cb=03199463&dcc=t

Request Chain 96

https://ib.adnxs.com/getuid?https%3A//live.rezync.com/sync%3Fc%3D4656c20ee35215f78e9273796625d90b%26p%3D093016b0419d19c905c78c859b815219%26pid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%2F%2Flive.rezync.com%2Fsync%253Fc%253D4656c20ee35215f78e9273796625d90b%2526p%253D093016b0419d19c905c78c859b815219%2526pid%253D%2524UID HTTP 302
https://live.rezync.com/sync?c=4656c20ee35215f78e9273796625d90b&p=093016b0419d19c905c78c859b815219&pid=6581935755848043056 HTTP 302
https://p.rfihub.com/cm?pub=39342&in=1&userid=72bca548-4f50-489e-8228-3e5af79f84ba%3A1651782910.62&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3Dc1jmh86c1ua133n HTTP 302
https://idsync.rlcdn.com/501709.gif?partner_uid=c1jmh86c1ua133n HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm HTTP 302
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEFTdusxHMTzqj-0ijSUKNGU&google_cver=1

Request Chain 97

https://p.rfihub.com/cm?pub=39342&in=1&userid=72bca548-4f50-489e-8228-3e5af79f84ba%3A1651782910.62&forward=https%3A//live.rezync.com/sync%3Fc%3D4656c20ee35215f78e9273796625d90b%26p%3D260a954059a0ab1986e4ee8c5c88c54c%26pid%3D%7Buserid%7D HTTP 302
https://live.rezync.com/sync?c=4656c20ee35215f78e9273796625d90b&p=260a954059a0ab1986e4ee8c5c88c54c&pid=1783777312688176391 HTTP 302
https://idsync.rlcdn.com/501709.gif?partner_uid=c1jmh86c1ua133n HTTP 307
https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID HTTP 302
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=2532239475592321557

Request Chain 98

https://pixel.tapad.com/idsync/ex/receive?partner_id=3181&partner_device_id=72bca548-4f50-489e-8228-3e5af79f84ba%3A1651782910.62 HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3181&partner_device_id=72bca548-4f50-489e-8228-3e5af79f84ba%3A1651782910.62 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=9ca999d6-8a5e-4ad5-b089-e12b073ff55f%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=c314270d-9e2c-4279-9064-3988d23d378c&ttd_puid=9ca999d6-8a5e-4ad5-b089-e12b073ff55f%2C

Request Chain 99

https://rc.rlcdn.com/456809.gif?n=7&cparams=placement%3D1391 HTTP 307
https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D HTTP 302
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=87c612aa-5d4b-4858-8c29-f2236b63aa27

Request Chain 100

https://rc.rlcdn.com/456809.gif?n=8&cparams=placement%3D1391 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm HTTP 302
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEFTdusxHMTzqj-0ijSUKNGU&google_cver=1

Request Chain 101

https://rc.rlcdn.com/456809.gif?n=9&cparams=placement%3D1391 HTTP 307
https://sync.mathtag.com/sync/img?mt_exid=10017&redir=https%3A%2F%2Fidsync.rlcdn.com%2F47154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%5BMM_UUID%5D HTTP 302
https://idsync.rlcdn.com/47154.gif?served_by=evergreen&partner_uid=dd626274-34fe-4c00-a096-ec2b0397b6ae

Request Chain 102

https://rc.rlcdn.com/456809.gif?n=10&cparams=placement%3D1391 HTTP 307
https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveramp&ttd_tpi=1 HTTP 302
https://idsync.rlcdn.com/362588.gif?partner_uid=c314270d-9e2c-4279-9064-3988d23d378c

Request Chain 103

https://rc.rlcdn.com/456809.gif?n=11&cparams=placement%3D1391 HTTP 307
https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID HTTP 302
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=2532239475592321557

Request Chain 104

https://rc.rlcdn.com/456809.gif?n=12&cparams=placement%3D1391 HTTP 307
https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=148ac8fda0d20dbd8453ad830d8cf89ff5448679f3eea507d248413bda382411c0cb235b3774c97e&cb=01036960

Request Chain 105

https://rc.rlcdn.com/456809.gif?n=13&cparams=placement%3D1391 HTTP 307
https://usermatch.krxd.net/um/v2?partner=liveramp HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp

Request Chain 106

https://rc.rlcdn.com/456809.gif?n=14&cparams=placement%3D1391 HTTP 307
https://dpm.demdex.net/ibs:dpid=477&dpuuid=ac778566c3ccae94a6044d0763300c79dc84d79ca1acf6be1990d2f945902a3cb0da87c991749652&redir=https%3A%2F%2Fidsync.rlcdn.com%2F362248.gif%3Fpartner_uid%3D%24%7BDD_UUID%7D HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=477&dpuuid=ac778566c3ccae94a6044d0763300c79dc84d79ca1acf6be1990d2f945902a3cb0da87c991749652&redir=https%3A%2F%2Fidsync.rlcdn.com%2F362248.gif%3Fpartner_uid%3D%24%7BDD_UUID%7D HTTP 302
https://idsync.rlcdn.com/362248.gif?partner_uid=21750738951886769762261123015491477881

Request Chain 107

https://rc.rlcdn.com/456809.gif?n=15&cparams=placement%3D1391 HTTP 307
https://tags.bluekai.com/site/2035?phint=rluid=354eb6fab9385712946b88b5300a0a74fa3896da441da0334a5be266d3c378cd2971936f2f944561&redir=https%3A%2F%2Fidsync.rlcdn.com%2F401696.gif%3Fpartner_uid%3D%24BK_UUID_25515 HTTP 302
https://idsync.rlcdn.com/401696.gif?partner_uid=$BK_UUID_25515

Request Chain 108

https://rc.rlcdn.com/456809.gif?n=16&cparams=placement%3D1391 HTTP 307
https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40 HTTP 302
https://gum.criteo.com/sync?s=1&c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40 HTTP 302
https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=qzWcBzWW8lXGWZsAkzkROj6T4yjF6U4z

110 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/ 88 KB
22 KB 448ms
324ms Document
text/html 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b73b5451007d692a5bc85a58e202330c63ae810ccf7d96f6c5d6d5ca913405ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-origin: *
cache-control: max-age=3600 public
content-encoding: gzip
content-length: 20779
content-type: text/html; charset=UTF-8
date: Thu, 05 May 2022 20:35:08 GMT
expires: Thu, 05 May 2022 21:35:08 GMT
link: <https://www.welivesecurity.com/?p=159856>; rel=shortlink <https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/Fedra-Sans-Alt-Book.woff?c156eca4ec460dcfa741dfda69fb16d5>;rel="preload";as="font";type="font/woff";crossorigin,<https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/Fedra-Sans-Alt-Bold.woff?0050bbd300d61bbb50d2fff0bb6cd926>;rel="preload";as="font";type="font/woff";crossorigin,<https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/Fedra-Sans-Alt-Book-Italic.woff?f299cc2feeecf266ff50b5ea8b3a3deb>;rel="preload";as="font";type="font/woff";crossorigin,<https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/icomoon.ttf?45b4319f2445b74719611d0ab85cf93a>;rel="preload";as="font";type="font/ttf";crossorigin
referrer-policy: no-referrer-when-downgrade
server-timing: cdn-cache; desc=REVALIDATE edge; dur=26 origin; dur=278
strict-transport-security: max-age=15724800
vary: Accept-Encoding
x-akamai-transformed: 9 22327 0 pmb=mRUM,2
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 Fedra-Sans-Alt-Book.woff
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/ 40 KB
40 KB 43ms
42ms Font
font/woff 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/Fedra-Sans-Alt-Book.woff?c156eca4ec460dcfa741dfda69fb16d5

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

1ba0ff3994900740a94dc37300b7415b25d642f6ef495afc5ae4e16ae1128e66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
Origin: https://www.welivesecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 27 Apr 2022 11:33:12 GMT
etag: "626929f8-9ff1"
content-type: font/woff
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public
date: Thu, 05 May 2022 20:35:08 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=11
accept-ranges: bytes
content-length: 40945
x-content-type-options: nosniff
expires: Sun, 30 Apr 2023 16:44:41 GMT

GET
H2 200 Fedra-Sans-Alt-Bold.woff
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/ 40 KB
40 KB 55ms
54ms Font
font/woff 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/Fedra-Sans-Alt-Bold.woff?0050bbd300d61bbb50d2fff0bb6cd926

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

12f37c0a70377ac636345742e2eb0d2acb70d411612020ae1608193330a5b15d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
Origin: https://www.welivesecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 13 Feb 2022 05:54:20 GMT
etag: "62089d0c-9e73"
content-type: font/woff
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public
date: Thu, 05 May 2022 20:35:08 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=13
accept-ranges: bytes
content-length: 40563
x-content-type-options: nosniff
expires: Tue, 28 Feb 2023 15:46:39 GMT

GET
H2 200 Fedra-Sans-Alt-Book-Italic.woff
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/ 40 KB
40 KB 59ms
59ms Font
font/woff 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/Fedra-Sans-Alt-Book-Italic.woff?f299cc2feeecf266ff50b5ea8b3a3deb

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

63a41173db39c92635a87b39eedb581e8a1c3142372ebced441ce927fef343a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
Origin: https://www.welivesecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 19 Apr 2022 14:42:38 GMT
etag: "625eca5e-9ec0"
content-type: font/woff
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public
date: Thu, 05 May 2022 20:35:08 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=6
accept-ranges: bytes
content-length: 40640
x-content-type-options: nosniff
expires: Thu, 20 Apr 2023 15:09:12 GMT

GET
H2 200 icomoon.ttf
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/ 4 KB
2 KB 61ms
61ms Font
text/plain 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/icomoon.ttf?45b4319f2445b74719611d0ab85cf93a

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8d8ba4c94f3b33965aa63ce307972277b1263dc40705b292af8f835f4eebd042

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
Origin: https://www.welivesecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 04 May 2022 01:30:04 GMT
etag: W/"6271d71c-f94"
vary: Accept-Encoding
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=86400, public
date: Thu, 05 May 2022 20:35:08 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=3
content-length: 2195
x-xss-protection: 1; mode=block
expires: Fri, 06 May 2022 04:16:13 GMT

GET
H2 200 main.css
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/ 235 KB
31 KB 0ms
0ms Stylesheet
text/css 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=b3e7fe8a6c3736dca145

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

15937a97e8b39e8789fe44665a859856f2e1a8d7dbf93c7c6d8b31361c903f19

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 15:40:31 GMT
etag: W/"6218cb9c-3ac03"
content-type: text/css
access-control-allow-origin: *
cache-control: public
date: Thu, 05 May 2022 20:35:08 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=2
content-length: 31024
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:37:48 GMT

GET
H2 200 cookiebar.min.css
assets.esetstatic.com/3PS/ 5 KB
2 KB 233ms
117ms Stylesheet
text/css 2620:1ec:40::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.esetstatic.com/3PS/cookiebar.min.css

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:40::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

fd8f6b19f6594c79bbf4e63b76d57e3230959f2fc0b3805277472b7e8061cdf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000;
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=2592000;
content-encoding: gzip
referrer-policy: no-referrer
server: Apache
date: Thu, 05 May 2022 20:35:08 GMT
x-frame-options: sameorigin
x-cache: TCP_REMOTE_HIT
content-type: text/css;charset=UTF-8
x-xss-protection: 1; mode=block
cache-control: max-age=3600, s-maxage=3600
x-azure-ref: 0/DR0YgAAAAAgELmeCfEVTbx/smzWDU/3WVRPMjIxMDkwODE4MDI5AGU0MTcyYmMxLTRmZWUtNDNlNi1hN2U4LTM1ZGY1Y2FkNzAzZQ==
x-azure-ref-originshield: 0/TR0YgAAAADj923daKKuSZHHYGsYOpylRVdSMzBFREdFMDYxMQBlNDE3MmJjMS00ZmVlLTQzZTYtYTdlOC0zNWRmNWNhZDcwM2U=
vary: Accept-Encoding
content-length: 1481
x-content-type-options: nosniff

GET
H2 200 eset-wls-dark-header-1.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/ 3 KB
1 KB 259ms
259ms Image
image/svg+xml 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/eset-wls-dark-header-1.svg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f0edf4ed283d119399dcb7025914b6a68a187667085bcbc49fe91db20f952cc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Mar 2022 14:41:59 GMT
etag: W/"6218cb9c-bb2"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
date: Thu, 05 May 2022 20:35:09 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=239
content-length: 1049
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:54:55 GMT

GET
H2 200 eset-wls-dark-header-2.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/ 3 KB
1 KB 249ms
246ms Image
image/svg+xml 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/eset-wls-dark-header-2.svg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

35ccbb14f6d8b7ed5eb03728f94221f27ed194ae83b32c40315d531f49b10bc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 17:14:26 GMT
etag: W/"621cba3d-a8a"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
date: Thu, 05 May 2022 20:35:09 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=226
content-length: 1107
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:46:21 GMT

GET
H2 200 eset-wls-light-header-1.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/ 3 KB
1 KB 296ms
294ms Image
image/svg+xml 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/eset-wls-light-header-1.svg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5813b04bb0c879b76179735995127ddc2af1867f42d4a4b5a8d7c3103f348b05

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 17:01:59 GMT
etag: W/"62089c79-bc1"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
date: Thu, 05 May 2022 20:35:09 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=271
content-length: 1059
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:47:10 GMT

GET
H2 200 eset-wls-light-header-2.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/ 2 KB
1 KB 248ms
245ms Image
image/svg+xml 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/eset-wls-light-header-2.svg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

12c42fa79dc321e56bb3c23008cacf7a79771bab4fa61f765556e24ba13a89ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 15:39:13 GMT
etag: W/"620b9f4d-967"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
date: Thu, 05 May 2022 20:35:09 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=220
content-length: 986
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:37:48 GMT

GET
H2 200 twitter_profile_picture_400x400-222x179.png
www.welivesecurity.com/wp-content/uploads/2022/03/ 33 KB
33 KB 31ms
28ms Image
image/png 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/03/twitter_profile_picture_400x400-222x179.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

730d4b3194f10a8c177046e001a83e0391e3b6ef2f1386d368a51c2433a98127

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Mar 2022 12:31:36 GMT
etag: "6220b528-8287"
content-type: image/png
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Thu, 05 May 2022 20:35:09 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=3
accept-ranges: bytes
content-length: 33415
x-content-type-options: nosniff
expires: Wed, 01 Jun 2022 12:40:57 GMT

GET
H2 200 Figure-1.-Code-signing-certificate-assigned-to-Hermetic-Digital-Ltd-1024x607.png
www.welivesecurity.com/wp-content/uploads/2022/03/ 375 KB
376 KB 55ms
52ms Image
image/png 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/03/Figure-1.-Code-signing-certificate-assigned-to-Hermetic-Digital-Ltd-1024x607.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2230603b8ba7c0020fd16a1582d087decbc8381475e125271c2e13530f1592d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 01 Mar 2022 11:35:47 GMT
etag: "621e0513-5dc32"
content-type: image/png
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Thu, 05 May 2022 20:35:09 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=21
accept-ranges: bytes
content-length: 384050
x-content-type-options: nosniff
expires: Sat, 23 Jul 2022 20:43:52 GMT

GET
H2 200 Figure-2.-Timeline-of-important-events-1024x606.png
www.welivesecurity.com/wp-content/uploads/2022/03/ 217 KB
218 KB 56ms
53ms Image
image/png 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/03/Figure-2.-Timeline-of-important-events-1024x606.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

d34bbac8aeb622f108a95c454c22cf791d514432d9118ed19aabf361e4bed34c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 01 Mar 2022 11:37:06 GMT
etag: "621e0562-3636b"
content-type: image/png
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Thu, 05 May 2022 20:35:09 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=20
accept-ranges: bytes
content-length: 222059
x-content-type-options: nosniff
expires: Sun, 10 Jul 2022 18:44:55 GMT

GET
H2 200 Figure-3.-HermeticRansom%E2%80%99s-ransom-note-1024x471.png
www.welivesecurity.com/wp-content/uploads/2022/03/ 253 KB
254 KB 61ms
59ms Image
image/png 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/03/Figure-3.-HermeticRansom%E2%80%99s-ransom-note-1024x471.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

18fc4c578d185b0c9979c16e1c6b431e3079b3b06b98d56995a29ab7a90bdfe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 01 Mar 2022 11:37:51 GMT
etag: "621e058f-3f513"
content-type: image/png
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Thu, 05 May 2022 20:35:09 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=22
accept-ranges: bytes
content-length: 259347
x-content-type-options: nosniff
expires: Sat, 16 Jul 2022 19:28:10 GMT

GET
H2 200 bandook-bandidos-eti-cta.png
www.welivesecurity.com/wp-content/uploads/2021/07/ 47 KB
47 KB 37ms
35ms Image
image/png 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2021/07/bandook-bandidos-eti-cta.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

16446c63d4890cf1704eff93c7d261c1b1b950877ec708a49b380aaa6bc88195

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 07 Jul 2021 07:16:27 GMT
etag: "60e554cb-baae"
content-type: image/png
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Thu, 05 May 2022 20:35:09 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=2
accept-ranges: bytes
content-length: 47790
x-content-type-options: nosniff
expires: Mon, 18 Jul 2022 00:10:35 GMT

GET
H2 200 uefi-secure-lenovo-laptops-vulnerabilities-research-623x415.jpg
www.welivesecurity.com/wp-content/uploads/2022/04/ 24 KB
24 KB 40ms
38ms Image
image/jpeg 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/04/uefi-secure-lenovo-laptops-vulnerabilities-research-623x415.jpg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

db4802cdd77ee321f64c129088ac127ae97f09f283e9d90ef66e352a8e36340d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 11 Apr 2022 07:03:58 GMT
etag: "6253d2de-5e49"
content-type: image/jpeg
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Thu, 05 May 2022 20:35:09 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 24137
x-content-type-options: nosniff
expires: Mon, 18 Jul 2022 10:00:10 GMT

GET
H2 200 zloader-botnets-disruption-eset-global-operation-623x415.jpg
www.welivesecurity.com/wp-content/uploads/2022/04/ 82 KB
83 KB 43ms
40ms Image
image/jpeg 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/04/zloader-botnets-disruption-eset-global-operation-623x415.jpg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

1377c33abb24c615100b47c8d905ef0299112a22d097511cc569337b9633f21e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 03 Apr 2022 22:10:02 GMT
etag: "624a1b3a-1495a"
content-type: image/jpeg
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Thu, 05 May 2022 20:35:09 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=4
accept-ranges: bytes
content-length: 84314
x-content-type-options: nosniff
expires: Tue, 12 Jul 2022 16:29:06 GMT

GET
H2 200 industroyer2-malware-attack-ukraine-623x415.jpg
www.welivesecurity.com/wp-content/uploads/2022/04/ 47 KB
47 KB 49ms
47ms Image
image/jpeg 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/04/industroyer2-malware-attack-ukraine-623x415.jpg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fb07128372b2a8280ebd49f16bd784e55ae2c6162bb1be7fd7b9f18b6aa40ebf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 15 Apr 2022 00:19:25 GMT
etag: "6258ba0d-bacf"
content-type: image/jpeg
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Thu, 05 May 2022 20:35:09 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=3
accept-ranges: bytes
content-length: 47823
x-content-type-options: nosniff
expires: Sun, 31 Jul 2022 19:30:36 GMT

GET
H2 200 cyberattacks-nation-states-cyber-warfare-623x415.jpg
www.welivesecurity.com/wp-content/uploads/2022/03/ 61 KB
61 KB 50ms
48ms Image
image/jpeg 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/03/cyberattacks-nation-states-cyber-warfare-623x415.jpg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

63119c22e3d2c8906bdd3bc5257f676496b0f3233345fbc45bc566b4dcf73a6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Mar 2022 13:00:01 GMT
etag: "623c6b51-f313"
content-type: image/jpeg
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Thu, 05 May 2022 20:35:09 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=3
accept-ranges: bytes
content-length: 62227
x-content-type-options: nosniff
expires: Wed, 22 Jun 2022 16:07:47 GMT

GET
H2 200 eset-wls-footer-1.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/ 3 KB
1 KB 294ms
292ms Image
image/svg+xml 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/eset-wls-footer-1.svg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

7df5345a52f22643ef051bf74f41d9a5a5644d5e699480a81ae8825b8ab5e533

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 15:50:57 GMT
etag: W/"6218cb9c-be5"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
date: Thu, 05 May 2022 20:35:09 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=249
content-length: 1087
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:47:11 GMT

GET
H2 200 eset-wls-footer-2.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/ 3 KB
1 KB 270ms
268ms Image
image/svg+xml 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/eset-wls-footer-2.svg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e22e3416c5b454c2fc3c8e8185b478647446789abbee258ec18a5791880eaf1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 15:56:55 GMT
etag: W/"62089d0c-a0b"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
date: Thu, 05 May 2022 20:35:09 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=224
content-length: 1058
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:47:11 GMT

GET
H2 200 main.js Show response
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/js/ 318 KB
88 KB 0ms
0ms Script
application/javascript 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/js/main.js?id=fef3139dcedd23afc232

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

822800703045ecbccb15cff577f1f09d9b4efee6ae916396a6aceb3f6544b9a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 15:39:30 GMT
etag: W/"620b9f4d-4f74a"
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public
date: Thu, 05 May 2022 20:35:08 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 89989
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:37:48 GMT

GET
H2 200 crayon.min.js Show response
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/static/js/ 22 KB
6 KB 0ms
0ms Script
application/javascript 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/static/js/crayon.min.js

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

193fbb968733b8a7049da19274546e6b80b76e9a8f1b837fee9a5fdeb8f97c7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 15:48:39 GMT
etag: W/"62089d0c-5741"
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public
date: Thu, 05 May 2022 20:35:08 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 6050
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:46:15 GMT

GET
H2 200 comment_count.js Show response
www.welivesecurity.com/wp-content/plugins/disqus-comment-system/public/js/ 889 B
628 B 0ms
0ms Script
application/javascript 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.16

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 15:52:59 GMT
etag: W/"62089c7c-379"
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public
date: Thu, 05 May 2022 20:35:08 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 307
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:46:17 GMT

GET
H2 200 comment_embed.js Show response
www.welivesecurity.com/wp-content/plugins/disqus-comment-system/public/js/ 1 KB
700 B 0ms
0ms Script
application/javascript 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.16

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f055e217bde76d711bd8b42af773f9f99b8a29d81ad9ed10b6379cc7e6c60452

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 16:12:51 GMT
etag: W/"62089d05-47e"
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public
date: Thu, 05 May 2022 20:35:08 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 379
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:46:17 GMT

GET
H2 200 app.min.js Show response
assets.esetstatic.com/3PR/ 20 KB
5 KB 171ms
127ms Script
application/javascript 2620:1ec:40::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.esetstatic.com/3PR/app.min.js

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:40::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

7344c63c6a0d89b69a485af2ec5bcc1cad983150613510439371d5293ed1cc46

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000;
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=2592000;
content-encoding: gzip
referrer-policy: no-referrer
server: Apache
date: Thu, 05 May 2022 20:35:08 GMT
x-frame-options: sameorigin
x-cache: TCP_REMOTE_HIT
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=3600, s-maxage=3600
x-azure-ref: 0/DR0YgAAAABftJsar2WDSK444rxtf90OWVRPMjIxMDkwODE4MDI5AGU0MTcyYmMxLTRmZWUtNDNlNi1hN2U4LTM1ZGY1Y2FkNzAzZQ==
x-azure-ref-originshield: 0/TR0YgAAAAAa4Zf7M037RKcMV6OuI1k5RVdSMzBFREdFMDYwOABlNDE3MmJjMS00ZmVlLTQzZTYtYTdlOC0zNWRmNWNhZDcwM2U=
vary: Accept-Encoding
content-length: 4904
x-content-type-options: nosniff

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 228 KB
79 KB 99ms
40ms Script
application/javascript 2607:f8b0:4006:823::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PMDGSM

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2008 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

46eb264a48c270c23ede9aa3b41f9b1e00e910428d852eb6f4fba10c1a3917ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 05 May 2022 20:35:09 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 79970
x-xss-protection: 0
last-modified: Thu, 05 May 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 05 May 2022 20:35:09 GMT

GET
H2 200 ai.0.js Show response
az416426.vo.msecnd.net/scripts/a/ 94 KB
22 KB 116ms
18ms Script
application/x-javascript 2606:2800:11f:17a5:191a:18d5:537:22f9
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Requested by: Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:11f:17a5:191a:18d5:537:22f9 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (nya/79DC) /
Resource Hash: 5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 05 May 2022 20:35:09 GMT
content-encoding: gzip
x-ms-meta-lastmodified: 2020-10-01 19:31:04
content-md5: HdY95yzx9wIyQkVEGES+Ew==
age: 1043
x-cache: HIT
content-length: 22495
x-ms-lease-status: unlocked
last-modified: Thu, 11 Mar 2021 07:46:59 GMT
server: ECAcc (nya/79DC)
etag: 0x8D8E461DA1A5889
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 6c9d1aed-301e-0071-03bd-600e5e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800
x-ms-version: 2009-09-19
expires: Thu, 05 May 2022 21:05:09 GMT

GET
H2 200 7R9SM-QGSYF-QDLJK-UETXR-SPM6B Show response
s.go-mpulse.net/boomerang/ 205 KB
49 KB 91ms
21ms Script
application/javascript 2600:1400:d:5aa::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B
Requested by: Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1400:d:5aa::11a6 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 05 May 2022 20:35:09 GMT
content-encoding: br
last-modified: Wed, 20 Apr 2022 12:24:54 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
timing-allow-origin: *
content-length: 50393

GET
H2 200 single-wide-header-fade.png
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/images/ 92 KB
92 KB 51ms
51ms Image
image/png 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/images/single-wide-header-fade.png?5aa0f236a77ebb03d1bf2fbde7c17072

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=b3e7fe8a6c3736dca145

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e2a1c2c0322c2737e986c860da67fbb2b9e93b70527a943b8c35b9d6e81ebb42

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=b3e7fe8a6c3736dca145
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 13 Feb 2022 05:54:10 GMT
etag: "62089d02-16f67"
content-type: image/png
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Thu, 05 May 2022 20:35:09 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=4
accept-ranges: bytes
content-length: 94055
x-content-type-options: nosniff
expires: Sun, 29 May 2022 15:46:40 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
393 B 72ms
18ms Image
image/gif 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&cid=309780.561944728&tid=UA-76266002-27&dl=https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/&t=event&ec=Tracking%20check%20-%20recurring&ea=Script%20loaded&ni=1&cd1=wls&aip=1&z=114141

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200e Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 May 2022 06:46:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 49735
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 check.png
cdn1.esetstatic.com/ESET/INT/assets/img/ 68 B
383 B 89ms
18ms Image
image/png 13.225.223.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.esetstatic.com/ESET/INT/assets/img/check.png?country=wls&gcode=scriptLoaded&z=266848
Requested by: Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.223.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-223-18.jfk51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 260865134b6e69ca7bafa9e8ddcd59fb6ffbf727f50a3d2dd186d217c8c79694

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Wed, 04 May 2022 21:26:40 GMT
via: 1.1 27f14fa3828b5a3937a29b10d6b5aa0e.cloudfront.net (CloudFront)
last-modified: Tue, 10 Mar 2020 18:17:48 GMT
server: AmazonS3
age: 83310
etag: "5df0ac2d51cfecbde35e8dd1ba3a8d77"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
content-length: 68
x-amz-cf-id: GPM4bo9BNjKFmcWv9EvyzctNaAeLDRzmGxOBf9RFxvINeJo-cQh-2g==

GET
H2 200 isaacwiper-hermeticwizard-wiper-worm-Ukraine-cyberattacks-malware.jpg
www.welivesecurity.com/wp-content/uploads/2022/03/ 186 KB
187 KB 51ms
45ms Image
image/jpeg 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/03/isaacwiper-hermeticwizard-wiper-worm-Ukraine-cyberattacks-malware.jpg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

dd64ca752834b8f9c5c495a528c7ff54c6538cedd9f380e2106455f60610f613

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 01 Mar 2022 18:56:52 GMT
etag: "621e6c74-2e886"
content-type: image/jpeg
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Thu, 05 May 2022 20:35:09 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=22
accept-ranges: bytes
content-length: 190598
x-content-type-options: nosniff
expires: Tue, 02 Aug 2022 14:17:11 GMT

GET
H2 200 li-shield-icon.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/images/ 961 B
793 B 252ms
247ms Image
image/svg+xml 2600:141b:13::17d7:823a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/images/li-shield-icon.svg?82256d0e5b3abb3d9d256afa85d732a4

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=b3e7fe8a6c3736dca145

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:823a New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e0c2fd69b7d441b42045d474afe52d2bdbb81a44c8d73e2c8271e4114003d991

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=b3e7fe8a6c3736dca145
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 15:47:09 GMT
etag: W/"62089c79-3c1"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
date: Thu, 05 May 2022 20:35:09 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=224
content-length: 487
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:47:09 GMT

GET
H/1.1 200
OK count.js Show response
welivesecurity.disqus.com/ 1 KB
2 KB 60ms
10ms Script
application/javascript 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://welivesecurity.disqus.com/count.js

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.16

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Thu, 05 May 2022 20:35:09 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 99
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 02 May 2022 21:24:36 GMT
Server: nginx
ETag: "62704c14-367"
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
X-Amz-Cf-Pop: DFW55-C3
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id: 6AM9EtGksbzM5fkM7lwPamc0GcRIX_k6r1fBV82ZDfQPEw-zjkXl6Q==

GET
H/1.1 200
OK embed.js Show response
welivesecurity.disqus.com/ 78 KB
25 KB 96ms
46ms Script
application/javascript 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://welivesecurity.disqus.com/embed.js

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.16

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

287e60c512b2232d8e5c31c3afbbf059bfbacd616020bcd28244207d30ca56a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Thu, 05 May 2022 20:35:09 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 25429
Cross-Origin-Resource-Policy: cross-origin

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 20ms
19ms Script
text/javascript 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMDGSM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200e Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 6675
date: Thu, 05 May 2022 18:43:54 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 05 May 2022 20:43:54 GMT

GET
H2 200 lounge.63860eb743c7d9d2adf0fa435788abe7.css
c.disquscdn.com/next/embed/styles/ 0
26 KB 102ms
20ms Other
text/css 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Requested by

Host: welivesecurity.disqus.com
URL: https://welivesecurity.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 19:26:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3892135
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26078
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 21 Mar 2022 19:03:40 GMT
server: nginx
etag: "6238cc0c-65de"
content-type: text/css; charset=utf-8
via: 1.1 9e89086b4bc4697bea1e1dec6ddc5c5c.cloudfront.net (CloudFront)
expires: Tue, 21 Mar 2023 19:26:14 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: JFK51-C1
timing-allow-origin: *
x-amz-cf-id: tSi2gZ8TazAt56gO6wXaZTRhpoRTEu_7RuEIjyeVDSRIb0lkoqxtWg==
x-cache-hits: 0

GET
H2 200 common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
c.disquscdn.com/next/embed/ 0
93 KB 115ms
35ms Other
application/javascript 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Requested by

Host: welivesecurity.disqus.com
URL: https://welivesecurity.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 20:31:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1382641
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94755
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 19 Apr 2022 20:21:53 GMT
server: nginx
etag: "625f19e1-17223"
content-type: application/javascript; charset=utf-8
via: 1.1 9e89086b4bc4697bea1e1dec6ddc5c5c.cloudfront.net (CloudFront)
expires: Wed, 19 Apr 2023 20:31:08 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: JFK51-C1
timing-allow-origin: *
x-amz-cf-id: QYrDMAUGoOlQELMnIVVIxtb9ZFsbc3RlzR6fqDKmq0TI6cw2uMu44A==
x-cache-hits: 0

GET
H2 200 lounge.bundle.d295adc9f72a1145cb03cc5bc681e21c.js
c.disquscdn.com/next/embed/ 0
121 KB 136ms
57ms Other
application/javascript 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.d295adc9f72a1145cb03cc5bc681e21c.js

Requested by

Host: welivesecurity.disqus.com
URL: https://welivesecurity.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 22 Apr 2022 19:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1128074
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 123217
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Fri, 22 Apr 2022 18:32:47 GMT
server: nginx
etag: "6262f4cf-1e151"
content-type: application/javascript; charset=utf-8
via: 1.1 9e89086b4bc4697bea1e1dec6ddc5c5c.cloudfront.net (CloudFront)
expires: Sat, 22 Apr 2023 19:13:55 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: JFK51-C1
timing-allow-origin: *
x-amz-cf-id: 3ICjfJLqn7nGu3oPX2DNqyUL91S-9Hmtnk_sp6KyJy92VevgifC_Eg==
x-cache-hits: 0

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
15 KB 43ms
10ms Other
application/javascript 151.101.0.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: welivesecurity.disqus.com
URL: https://welivesecurity.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Thu, 05 May 2022 20:35:09 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 15
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 15014
X-XSS-Protection: 1; mode=block

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 20ms
19ms Image
image/gif 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=2037278370&t=pageview&_s=1&dl=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&ul=en-us&de=UTF-8&dt=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania%20%7C%20WeLiveSecurity&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&cid=87570065.1651782909&tid=UA-37839312-1&_gid=768078441.1651782909&gtm=2wg540PMDGSM&cd1=Crisis%20en%20Ucrania%20-%20Centro%20de%20Recursos%20de%20Seguridad%20Digital&cd2=ESET%20Research&cd3=2.5k-3k&cd4=&cd5=2022-05-05T20%3A35%3A09.300%2B00%3A00&cd6=Non-Office%20Hours&cd7=www.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&cd8=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&cd10=(not%20set)&cd11=es&cd12=not-a-bot&cd25=GTM-PMDGSM&cd33=consent%20not%20set&cd34=consent%20not%20set&z=1733365963

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200e Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 May 2022 04:30:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 57853
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 20ms
19ms Image
image/gif 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=2037278370&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&ul=en-us&de=UTF-8&dt=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania%20%7C%20WeLiveSecurity&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=cookie%20consent&ea=cookie-consent-visible&_u=YEDAAEAB~&cid=87570065.1651782909&tid=UA-37839312-1&_gid=768078441.1651782909&gtm=2wg540PMDGSM&cd1=Crisis%20en%20Ucrania%20-%20Centro%20de%20Recursos%20de%20Seguridad%20Digital&cd2=ESET%20Research&cd3=2.5k-3k&cd4=&cd5=2022-05-05T20%3A35%3A09.338%2B00%3A00&cd6=Non-Office%20Hours&cd7=www.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&cd8=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&cd10=(not%20set)&cd11=es&cd12=not-a-bot&cd25=GTM-PMDGSM&cd33=consent%20not%20set&cd34=consent%20not%20set&z=1101604392

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200e Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 May 2022 04:30:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 57853
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ 3 KB
1 KB 101ms
33ms XHR
application/json 2600:1400:d:19f::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=7R9SM-QGSYF-QDLJK-UETXR-SPM6B&d=www.welivesecurity.com&t=5505943&v=1.720.0&sl=0&si=f619e9cd-2e12-42cf-8f17-e349f947d00e-rbffuk&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=757730
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1400:d:19f::11a6 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: ca438d06863819d0f070920bbb93347ed52f6ee9c6addaa0e47453294dda33b5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Thu, 05 May 2022 20:35:09 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 710

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame 863C 8 KB
5 KB 56ms
56ms Document
text/html 151.101.0.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es

Requested by

Host: welivesecurity.disqus.com
URL: https://welivesecurity.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

35ce72d85ac20c855ec514d68c3d7d252fdcd2b17728d3f0d5653b93df69033a

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Age: 0
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 3313
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Thu, 05 May 2022 20:35:09 GMT
ETag: W/"lounge:view:9050718870.93201d05a672639c1b9c1f2b5ae7bc32.2"
Last-Modified: Wed, 02 Mar 2022 05:29:57 GMT
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Referrer-Policy: no-referrer-when-downgrade
Server: nginx
Strict-Transport-Security: max-age=300; includeSubdomains
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"

POST
H2 200 track Show response
dc.services.visualstudio.com/v2/ 96 B
281 B 63ms
63ms XHR
application/json 20.42.73.154
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.42.73.154 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

0d12043c7051fe9e78060b7ae447ec5aa8bfa744dd5520fb12e745a2bb0076da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
accept-language: en-CA,en;q=0.9
Sdk-Context: appId
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-type: application/json

Response headers

x-ms-session-id: 6CE120B2-6C94-48AF-B462-9C6ECEAE063E
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 05 May 2022 20:35:08 GMT
access-control-max-age: 3600
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Cache-Control, Sdk-Context
content-length: 96

OPTIONS
H2 200 track
dc.services.visualstudio.com/v2/ Frame 0
0 147ms
27ms Preflight 20.42.73.154
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.42.73.154 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,sdk-context
Access-Control-Request-Method: POST
Origin: https://www.welivesecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 3600
content-length: 0
date: Thu, 05 May 2022 20:35:08 GMT
x-content-type-options: nosniff

POST
H2 204 /
173bf10a.akstat.io/ 0
207 B 59ms
48ms Ping
image/gif 2600:1400:d:5aa::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://173bf10a.akstat.io/

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2600:1400:d:5aa::11a6 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Thu, 05 May 2022 20:35:09 GMT
content-type: image/gif
access-control-allow-origin: https://www.welivesecurity.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 0
expires: Thu, 05 May 2022 20:35:09 GMT

GET
H2 200 lounge.load.48980166e0153f33375a5a0d60b5e441.js Show response
c.disquscdn.com/next/embed/ Frame 863C 958 B
1 KB 55ms
17ms Script
application/javascript 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.48980166e0153f33375a5a0d60b5e441.js

Requested by

Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ec934eecf474af1cbf210cb0b23f14f407f7d6960eb2bd25bee29e4038cd5e08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
Origin: https://disqus.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 22 Apr 2022 19:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1128074
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 493
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Fri, 22 Apr 2022 18:32:47 GMT
server: nginx
etag: "6262f4cf-1ed"
content-type: application/javascript; charset=utf-8
via: 1.1 b6cc1359c0cd55a8339441d8abb6a450.cloudfront.net (CloudFront)
expires: Sat, 22 Apr 2023 19:13:55 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: JFK51-C1
timing-allow-origin: *
x-amz-cf-id: dgXvNHXiRObkx26xB0J8Z_zp6wiRlLExa8uJDLkAo9xrx8HHz5qmLQ==
x-cache-hits: 0

GET
H2 200 common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js Show response
c.disquscdn.com/next/embed/ Frame 863C 282 KB
93 KB 18ms
18ms Script
application/javascript 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.48980166e0153f33375a5a0d60b5e441.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

64cee676a611b27aca955c5e227666f9d955682512ec25b982bd5e2f92eb61dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 20:31:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1382641
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94755
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 19 Apr 2022 20:21:53 GMT
server: nginx
etag: "625f19e1-17223"
content-type: application/javascript; charset=utf-8
via: 1.1 9e89086b4bc4697bea1e1dec6ddc5c5c.cloudfront.net (CloudFront)
expires: Wed, 19 Apr 2023 20:31:08 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: JFK51-C1
timing-allow-origin: *
x-amz-cf-id: Yagay61kqxTa_KemQJba4B31y7jZDe_2GEAZL6A7-PUL2ubFSqKghA==
x-cache-hits: 0

GET
H2 200 lounge.63860eb743c7d9d2adf0fa435788abe7.css
c.disquscdn.com/next/embed/styles/ Frame 863C 165 KB
26 KB 18ms
18ms Stylesheet
text/css 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

8784042e14531617c1aef40d7623d3dd1d0b24730721c779e0c3ae86ed03990e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 19:26:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3892135
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26078
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 21 Mar 2022 19:03:40 GMT
server: nginx
etag: "6238cc0c-65de"
content-type: text/css; charset=utf-8
via: 1.1 9e89086b4bc4697bea1e1dec6ddc5c5c.cloudfront.net (CloudFront)
expires: Tue, 21 Mar 2023 19:26:14 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: JFK51-C1
timing-allow-origin: *
x-amz-cf-id: FywQETeO9ukwSiB5SXY-xvszodeUGDuPzPe1NW9apffKLj1xtUtFvw==
x-cache-hits: 0

GET
H2 200 lounge.bundle.d295adc9f72a1145cb03cc5bc681e21c.js Show response
c.disquscdn.com/next/embed/ Frame 863C 476 KB
121 KB 18ms
18ms Script
application/javascript 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.d295adc9f72a1145cb03cc5bc681e21c.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

7e49288cded16fd39b68f9a4c511e863ea5d03bef945cbc84ca5c1a8544664a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 22 Apr 2022 19:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1128074
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 123217
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Fri, 22 Apr 2022 18:32:47 GMT
server: nginx
etag: "6262f4cf-1e151"
content-type: application/javascript; charset=utf-8
via: 1.1 9e89086b4bc4697bea1e1dec6ddc5c5c.cloudfront.net (CloudFront)
expires: Sat, 22 Apr 2023 19:13:55 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: JFK51-C1
timing-allow-origin: *
x-amz-cf-id: wWtS7k1x-jNYc1-L21ne5TXYnV5Ov5kdWHilNs4DLdjGA_KAil9wEA==
x-cache-hits: 0

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame 863C 15 KB
15 KB 12ms
12ms Script
application/javascript 151.101.0.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9ae8fa2561b9686ad863d2eb0aa5832be309875cad56ac19dc04f9f075dbca1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Thu, 05 May 2022 20:35:09 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 15
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 15014
X-XSS-Protection: 1; mode=block

GET
H2 404 es.js
c.disquscdn.com/next/current/embed/lang/ Frame 863C 0
0 28ms
28ms Script
text/html 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.disquscdn.com/next/current/embed/lang/es.js
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

GET
H/1.1

200
OK

results.txt Show response
su4jtoyxhyxsiytugt6q-p8kemd-728890304-clientnsv4-s.akamaihd.net/eum/
Redirect Chain

https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=p8kemd83p
https://su4jtoyxhyxsiytugt6q-p8kemd-728890304-clientnsv4-s.akamaihd.net/eum/results.txt

8 B
312 B

149ms
18ms

XHR
text/plain

23.62.47.36
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://su4jtoyxhyxsiytugt6q-p8kemd-728890304-clientnsv4-s.akamaihd.net/eum/results.txt
Protocol: HTTP/1.1
Server: 23.62.47.36 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-62-47-36.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Thu, 05 May 2022 20:35:10 GMT
Last-Modified: Wed, 08 May 2013 07:51:12 GMT
Server: AkamaiNetStorage
ETag: "402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8

Redirect headers

Location: https://su4jtoyxhyxsiytugt6q-p8kemd-728890304-clientnsv4-s.akamaihd.net/eum/results.txt
Date: Thu, 05 May 2022 20:35:09 GMT
Server: AkamaiGHost
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0

GET
H/1.1

200
OK

results.txt Show response
eydvgaaamb4gojqacqnqaeyaabrhinh5-p8kemd-764c70d19-clienttons-s.akamaihd.net/eum/
Redirect Chain

https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=p8kemd83p
https://eydvgaaamb4gojqacqnqaeyaabrhinh5-p8kemd-764c70d19-clienttons-s.akamaihd.net/eum/results.txt

8 B
312 B

200ms
18ms

XHR
text/plain

2600:141b:13::17d7:82da
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://eydvgaaamb4gojqacqnqaeyaabrhinh5-p8kemd-764c70d19-clienttons-s.akamaihd.net/eum/results.txt
Protocol: HTTP/1.1
Server: 2600:141b:13::17d7:82da New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Thu, 05 May 2022 20:35:10 GMT
Last-Modified: Wed, 08 May 2013 07:51:12 GMT
Server: AkamaiNetStorage
ETag: "402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8

Redirect headers

Location: https://eydvgaaamb4gojqacqnqaeyaabrhinh5-p8kemd-764c70d19-clienttons-s.akamaihd.net/eum/results.txt
Date: Thu, 05 May 2022 20:35:09 GMT
Server: AkamaiGHost
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame 863C 4 KB
4 KB 42ms
42ms XHR
application/json 151.101.0.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=welivesecurity&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a6a468c14177dcc22e8a5f340e7d99593f254708bd58b6ce819a343cb712b540

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
X-Requested-With: XMLHttpRequest
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Thu, 05 May 2022 20:35:09 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 3899
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK loadReactions Show response
disqus.com/api/3.0/threadReactions/ Frame 863C 1 KB
2 KB 65ms
59ms XHR
application/json 151.101.0.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/threadReactions/loadReactions?thread=9050718870&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

92a9c26ff6f6e2d12c12c34a232a09de772baeffedca24cae54705b192d3460b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
X-Requested-With: XMLHttpRequest
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Thu, 05 May 2022 20:35:09 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cache-Control: stale-while-revalidate=30, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 1351
X-XSS-Protection: 1; mode=block

GET
H2 200 avatar92.jpg
c.disquscdn.com/uploads/forums/215/2520/ Frame 863C 3 KB
3 KB 25ms
24ms Image
image/jpeg 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/uploads/forums/215/2520/avatar92.jpg?1422638690

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

55c9540888569c09e72cbfbadbe3a3fe888b0a3dec19d5a6fd085dcf09162cc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 10 May 2021 14:31:38 GMT
via: 1.1 9e89086b4bc4697bea1e1dec6ddc5c5c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 31125811
x-cache: Hit from cloudfront
content-length: 3039
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Fri, 30 Jan 2015 17:24:51 GMT
server: nginx
etag: "24223861b0bcda3344ae2ab0243903e2"
content-type: image/jpeg
expires: Tue, 10 May 2022 14:31:38 GMT
cache-control: max-age=31536000, public, immutable
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
x-amz-cf-id: xkjugufoPDNjzyIP5MMrbjKeADYf2_emFQyQV6falLJK_aDIiR2QOA==
x-cache-hits: 0

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame 863C 13 KB
13 KB 22ms
21ms Image
image/svg+xml 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 22 Feb 2022 13:24:20 GMT
via: 1.1 9e89086b4bc4697bea1e1dec6ddc5c5c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 6246649
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 15 Feb 2022 19:58:21 GMT
server: nginx
etag: "620c05dd-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
expires: Wed, 22 Feb 2023 13:24:20 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: wFT-M-0nID0tirEYignmXHGLRizeEcxB5VGyFYxSeAtH-iTuEHLXOg==
x-cache-hits: 0

GET
H2 200 loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame 863C 3 KB
3 KB 23ms
22ms Image
image/gif 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Sun, 26 Sep 2021 08:36:58 GMT
via: 1.1 9e89086b4bc4697bea1e1dec6ddc5c5c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 19137491
x-cache: Hit from cloudfront
content-length: 2971
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Thu, 23 Sep 2021 18:58:09 GMT
server: nginx
etag: "614cce41-b9b"
content-type: image/gif
access-control-allow-origin: *
expires: Mon, 26 Sep 2022 08:36:58 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: l_udkoFjzalWQUJzTFpwQCbzGzs9y-RUr3Evyi_Pcllta5qxlapRGg==
x-cache-hits: 0

GET
H2 200 sprite.ad630a07080a45451f139a7487853ff8.png
c.disquscdn.com/next/embed/assets/img/ Frame 863C 2 KB
2 KB 23ms
23ms Image
image/png 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 19:47:47 GMT
via: 1.1 9e89086b4bc4697bea1e1dec6ddc5c5c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 19442842
x-cache: Hit from cloudfront
content-length: 1763
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 22 Sep 2021 19:30:27 GMT
server: nginx
etag: "614b8453-6e3"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 22 Sep 2022 19:47:47 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: D_W8Nh88ra37-RZY2c0LFj64PvDZJq9t5L3Y318SVLgsZEDkqf4utA==
x-cache-hits: 0

GET
H2 200 icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame 863C 8 KB
8 KB 18ms
18ms Font
application/octet-stream 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
Origin: https://disqus.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 13:21:31 GMT
via: 1.1 b6cc1359c0cd55a8339441d8abb6a450.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 803618
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 7900
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Fri, 22 Apr 2022 18:32:47 GMT
server: nginx
etag: "6262f4cf-1edc"
content-type: application/octet-stream
access-control-allow-origin: *
expires: Wed, 26 Apr 2023 13:21:31 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: RAOYeGA_VFctpWExh5InGsec7apvhGHVimBWjMd3q2-RCuQGh11cOA==
x-cache-hits: 0

GET
H2 200 upvote-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 863C 8 KB
8 KB 28ms
26ms Image
image/png 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/upvote-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 05 May 2022 20:34:50 GMT
via: 1.1 9e89086b4bc4697bea1e1dec6ddc5c5c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 19
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8170
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Tue, 26 Apr 2022 19:12:12 GMT
server: nginx
etag: "6268440c-1fea"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 05 May 2022 20:39:50 GMT
cache-control: max-age=300, public
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: aD-iGBvq1ZWdf2N0vuDAhtfWqxZxcZKhtu8fUG0JPUJ_xvlk3_U6kw==
x-cache-hits: 0

GET
H2 200 funny-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 863C 9 KB
9 KB 21ms
20ms Image
image/png 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/funny-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 05 May 2022 20:34:13 GMT
via: 1.1 9e89086b4bc4697bea1e1dec6ddc5c5c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 71
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8883
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Tue, 26 Apr 2022 19:12:12 GMT
server: nginx
etag: "6268440c-22b3"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 05 May 2022 20:38:58 GMT
cache-control: max-age=300, public
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 754ppDrchm4uJ-BCA8LBSDTQKVq2qXYDRmuEHp2EAarYO6pX_wk6kA==
x-cache-hits: 0

GET
H2 200 love-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 863C 12 KB
12 KB 22ms
20ms Image
image/png 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/love-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 05 May 2022 20:34:05 GMT
via: 1.1 9e89086b4bc4697bea1e1dec6ddc5c5c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 64
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 11910
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Tue, 26 Apr 2022 19:12:12 GMT
server: nginx
etag: "6268440c-2e86"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 05 May 2022 20:39:05 GMT
cache-control: max-age=300, public
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: DpY5Qwtot3GUoBeTy1QSeL8ZCZL2Z8zlGjA-GZR00cjwmhnztQym6A==
x-cache-hits: 0

GET
H2 200 surprised-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 863C 7 KB
8 KB 28ms
26ms Image
image/png 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/surprised-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4e14ce1bd0d4433eee84cbb16196a7a051126f07af888ef7f9d252120f32f907

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 05 May 2022 20:34:50 GMT
via: 1.1 9e89086b4bc4697bea1e1dec6ddc5c5c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 19
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 7308
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Tue, 26 Apr 2022 19:12:12 GMT
server: nginx
etag: "6268440c-1c8c"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 05 May 2022 20:39:50 GMT
cache-control: max-age=300, public
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: gf7eGDwEwqS_VnqZhZCKeGmI5eV4t2soEpCQOz67R8cd6qE0_JeaAg==
x-cache-hits: 0

GET
H2 200 angry-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 863C 20 KB
21 KB 23ms
22ms Image
image/png 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/angry-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

db865c8f3642f3485829c0ee0008fe04a32cc66af70867b39f60395a7fed3984

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 05 May 2022 20:33:58 GMT
via: 1.1 9e89086b4bc4697bea1e1dec6ddc5c5c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 71
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 20675
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Tue, 26 Apr 2022 19:12:12 GMT
server: nginx
etag: "6268440c-50c3"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 05 May 2022 20:38:58 GMT
cache-control: max-age=300, public
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: uKy3oEQ4temTruBrJfBVaLZP5Z8dwL1wrPw2kU5st1R1HTwNtOK1fw==
x-cache-hits: 0

GET
H2 200 sad-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 863C 9 KB
9 KB 24ms
23ms Image
image/png 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/sad-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

11c401a81e32b086bea3798c033009907b429fb601411da6ffc266b78184898a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 05 May 2022 20:31:21 GMT
via: 1.1 9e89086b4bc4697bea1e1dec6ddc5c5c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 236
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8986
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Tue, 26 Apr 2022 19:12:12 GMT
server: nginx
etag: "6268440c-231a"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 05 May 2022 20:36:13 GMT
cache-control: max-age=300, public
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: b0Me30Ojy9iy7ABVS0QprcX30x2av5uq0hqMNcUEaUCfl15AgQKAtA==
x-cache-hits: 0

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ Frame 863C 3 KB
2 KB 67ms
18ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7e06b43129346c2d3e7068748026264b04136b29c1a978d28f9d8dd0e2e729fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: KESZ6SX+hG47RSuDaqACfQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: cW9+cfD/Yl0eMnwOqrhEzyOGlc7bo9Ucg/TDYbnLJKRhtuRu2whTCgX731HMN9bc1+XGWwmi2JcJE7qpmi5wiw==
x-fb-trip-id: 1512268381
x-fb-content-md5: 1a3bda4a1ff3acda59e9426458da5ecc
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 05 May 2022 20:35:09 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "6883e843839c5ab71da2470079404e27"
timing-allow-origin: *
priority: u=3,i
expires: Thu, 05 May 2022 20:52:49 GMT

GET
H2 200 api.js Show response
apis.google.com/js/ Frame 863C 14 KB
6 KB 99ms
51ms Script
text/javascript 2607:f8b0:4006:822::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/api.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::200e Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07eb93ac65bb359ad3d97cdf04b1744de9d3ecc0ac35b81e906cfb3bfb38d491

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5541
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
date: Thu, 05 May 2022 20:35:09 GMT
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "9464a0b09e1c963a"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 May 2022 20:35:09 GMT

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame 863C 13 KB
13 KB 21ms
21ms Image
image/svg+xml 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 22 Feb 2022 13:24:20 GMT
via: 1.1 9e89086b4bc4697bea1e1dec6ddc5c5c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 6246649
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 15 Feb 2022 19:58:21 GMT
server: nginx
etag: "620c05dd-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
expires: Wed, 22 Feb 2023 13:24:20 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 4A6GNc21DnsH1SjpDOhwUkJdFuMvFtugCvwOilFvMm0RY8byn_0y5g==
x-cache-hits: 0

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ Frame 863C 287 KB
82 KB 49ms
19ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=4ce79e993c4a7880de91aac2911eba8f

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c5ee3631bb6f2c7199e4c4ff6ca93ffe1d4f1796844c0dc46430a650cb883811

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
Origin: https://disqus.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 8SA/pDX1233Op1vLcKYJSQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 84426
x-fb-rlafr: 0
x-fb-debug: IvlDj+SX/OPliw+P/CUJFwJkYa52CAfp0USv2EbvjTGRme2a1rdupztWYNtMSVL0cf4F1tcWTZ31Ec7Q3tFJ8Q==
x-fb-content-md5: 507564faa57ad70e10a98a5209e86891
x-frame-options: DENY
date: Thu, 05 May 2022 20:35:10 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "0fac3442afcdb798a11f405f392c5cad"
timing-allow-origin: *
priority: u=3,i
expires: Fri, 05 May 2023 19:02:05 GMT

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.iTmf4rxOyWc.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-LTnDn-AS2QlMWYZdnaV1OuFR7Iw/ Frame 863C 108 KB
36 KB 62ms
19ms Script
text/javascript 2607:f8b0:4006:822::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.iTmf4rxOyWc.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-LTnDn-AS2QlMWYZdnaV1OuFR7Iw/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::200e Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1757f7a288131ceeb5bc1276d57640278bc5eecbbcae016189c274981d2b45c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Wed, 04 May 2022 00:23:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 159129
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36550
x-xss-protection: 0
last-modified: Mon, 21 Mar 2022 15:20:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 04 May 2023 00:23:01 GMT

GET
H2 200 status
www.facebook.com/x/oauth/ Frame 863C 0
0 102ms
51ms Fetch
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?ancestor_origins=https%3A%2F%2Fwww.welivesecurity.com&client_id=52254943976&input_token&origin=1&redirect_uri=https%3A%2F%2Fdisqus.com%2Fembed%2Fcomments%2F%3Fbase%3Ddefault%26f%3Dwelivesecurity%26t_i%3D159856%2520https%253A%252F%252Fbackend.welivesecurity.com%252F%253Fp%253D159856%26t_u%3Dhttps%253A%252F%252Fwww.welivesecurity.com%252Fla-es%252F2022%252F03%252F02%252Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%252F%26t_e%3DIsaacWiper%2520y%2520HermeticWizard%253A%2520un%2520nuevo%2520wiper%2520y%2520worm%2520utilizados%2520en%2520ciberataques%2520a%2520Ucrania%26t_d%3DIsaacWiper%2520y%2520HermeticWizard%253A%2520un%2520nuevo%2520wiper%2520y%2520worm%2520utilizados%2520en%2520ciberataques%2520a%2520Ucrania%26t_t%3DIsaacWiper%2520y%2520HermeticWizard%253A%2520un%2520nuevo%2520wiper%2520y%2520worm%2520utilizados%2520en%2520ciberataques%2520a%2520Ucrania%26s_o%3Ddefault%26l%3Des%23version%3D48980166e0153f33375a5a0d60b5e441&sdk=joey&wants_cookie_data=false

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: 9Xu9jRQgANfAeleJhKYe5lUsrmFtJBSNz42n6jhkf/72vz2EHbJWlZtmmsjMbpbNjuvLPkUNB/T9gIb5wsCaNA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
fb-s: unknown
date: Thu, 05 May 2022 20:35:10 GMT
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://disqus.com
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 iframe Show response
accounts.google.com/o/oauth2/ Frame 7F69 283 B
1 KB 109ms
63ms Document
text/html 2607:f8b0:4006:807::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframe

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.iTmf4rxOyWc.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-LTnDn-AS2QlMWYZdnaV1OuFR7Iw/cb=gapi.loaded_0?le=scs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::200d Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ef5b68f5000e5b927e37446387a463fe8f3397d6d4d7532748816887b5d06950

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fAChEwO7FSZ2qL/OmdW0uQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-fAChEwO7FSZ2qL/OmdW0uQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin; report-to="IdpIFrameHttp"
cross-origin-resource-policy: cross-origin
date: Thu, 05 May 2022 20:35:10 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"IdpIFrameHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/IdpIFrameHttp/external"}]}
server: ESF
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 400 cspreport
accounts.google.com/_/IdpIFrameHttp/ Frame 7F69 2 KB
851 B 84ms
40ms Other
text/html 2607:f8b0:4006:807::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/_/IdpIFrameHttp/cspreport

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::200d Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

10b80d3a1580d6941f75c0b81578bc7421e3016d60d233f4a5bfb8bf49077931

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://accounts.google.com/o/oauth2/iframe
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Thu, 05 May 2022 20:35:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 m=base Show response
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.en_US.Zktzoo6d6pw.es5.O/d=1/rs=AOaEmlFOWhn34DuXKSiI9nx9p2tV-OlEXQ/ Frame 7F69 97 KB
34 KB 66ms
20ms Script
text/javascript 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.en_US.Zktzoo6d6pw.es5.O/d=1/rs=AOaEmlFOWhn34DuXKSiI9nx9p2tV-OlEXQ/m=base

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35690da707ffc94cf3f4639b1f90cb710a630579cb75fcad0e2de9ed37c6c1ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 18:44:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 265844
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33723
x-xss-protection: 0
last-modified: Sat, 30 Apr 2022 03:41:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 May 2023 18:44:26 GMT

GET
H3 200 iframerpc Show response
accounts.google.com/o/oauth2/ Frame 7F69 49 B
95 B 49ms
49ms XHR
application/json 2607:f8b0:4006:807::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fdisqus.com&client_id=508198334196-bgmagrg0a2rub674g0shidj8fnd50dji.apps.googleusercontent.com

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.en_US.Zktzoo6d6pw.es5.O/d=1/rs=AOaEmlFOWhn34DuXKSiI9nx9p2tV-OlEXQ/m=base

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::200d Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4836b6031bc4af96767f0121fa458714583340054aea6338ef99a1bc4011f43b

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport, script-src 'report-sample' 'nonce-c5hLrkdU58yWCOsbaon38w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/o/oauth2/iframe
X-Requested-With: XmlHttpRequest
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 05 May 2022 20:35:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-embedder-policy: require-corp
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: same-site
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
cross-origin-opener-policy: same-origin
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: application/json; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=3600
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport, script-src 'report-sample' 'nonce-c5hLrkdU58yWCOsbaon38w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
expires: Thu, 05 May 2022 20:35:10 GMT

GET
H/1.1 200
OK / Show response
glitter.services.disqus.com/urls/ Frame 863C 923 B
948 B 85ms
43ms Script
application/javascript 199.232.196.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://glitter.services.disqus.com/urls/?callback=dsqGlitterResponseHandler&forum_shortname=welivesecurity&thread_id=9050718870&referer=

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.64 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

bec6c835a3bdeb3a9861c99a6d3e67390d032bd1c9210c5abb82ff495a9fb6bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Thu, 05 May 2022 20:35:10 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: openresty
X-Frame-Options: DENY
Connection: keep-alive
Content-Type: application/javascript
Cache-Control: no-cache
transfer-encoding: chunked
X-Service: glitter
Content-Disposition: attachment; filename=f.txt
Strict-Transport-Security: max-age=300; includeSubdomains
Vary: Accept-Encoding, Cookie
Cross-Origin-Resource-Policy: cross-origin

GET
H2 200 avatar92.jpg
c.disquscdn.com/uploads/forums/215/2520/ Frame 863C 3 KB
3 KB 18ms
17ms Image
image/jpeg 2600:9000:21ec:4200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/uploads/forums/215/2520/avatar92.jpg?1422638690

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.d295adc9f72a1145cb03cc5bc681e21c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ec:4200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

55c9540888569c09e72cbfbadbe3a3fe888b0a3dec19d5a6fd085dcf09162cc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 10 May 2021 14:31:38 GMT
via: 1.1 9e89086b4bc4697bea1e1dec6ddc5c5c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 31125812
x-cache: Hit from cloudfront
content-length: 3039
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Fri, 30 Jan 2015 17:24:51 GMT
server: nginx
etag: "24223861b0bcda3344ae2ab0243903e2"
content-type: image/jpeg
expires: Tue, 10 May 2022 14:31:38 GMT
cache-control: max-age=31536000, public, immutable
x-amz-cf-pop: JFK51-C1
accept-ranges: bytes
x-amz-cf-id: _bl4lMbgDjrAUaTmUaczEEnaFZgxr1W8Zl9y8MHa1ONMRE7d4VXPfw==
x-cache-hits: 0

GET
H2 200 pixel.html Show response
live.rezync.com/ Frame 1CF3 677 B
1 KB 173ms
94ms Document
text/html 13.225.223.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.rezync.com/pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=c1jmh86c1ua133n&pctry=CA&referrer=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.223.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-223-63.jfk51.r.cloudfront.net
Software: lighttpd/1.4.33 /
Resource Hash: a6eff2f3ecd9211db7c512605e2c88c5494b4578b9f0bd94dd51a1f69e5a534e

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-length: 677
content-type: text/html; charset=utf-8
date: Thu, 05 May 2022 20:35:10 GMT
server: lighttpd/1.4.33
via: 1.1 2370a7eb0d75907a0fd422bb3f42bcb6.cloudfront.net (CloudFront)
x-amz-cf-id: P-DYQsH3RINjeQA8cGu42UAbUzwrwu-tooSN5KbBYDKrwRqY59Aesw==
x-amz-cf-pop: JFK51-C1
x-cache: Miss from cloudfront

GET
H2 200 sync Show response
pippio.com/api/ Frame 18C6 5 KB
5 KB 88ms
60ms Document
text/html 107.178.254.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pippio.com/api/sync?pid=1391&ref=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&it=1&iv=c1jmh86c1ua133n
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.178.254.65 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 65.254.178.107.bc.googleusercontent.com
Software: /
Resource Hash: 5c3950d19e91a019b1ef7dc7db80031aa13868a2c8806a50155d618b8a1c55d1

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store
content-type: text/html
date: Thu, 05 May 2022 20:35:10 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
timing-allow-origin: *
via: 1.1 google

GET
H/1.1

200
OK

/
io.narrative.io/ Frame 863C
Redirect Chain

https://io.narrative.io/?companyId=19&id=disqus_id%3Ac1jmh86c1ua133n&ret=img&ref=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utiliza...
https://io.narrative.io/?io.narrative.guid.v2=dbd33620-ccb2-11ec-96af-0e9f37bd45a9&companyId=19&id=disqus_id%3Ac1jmh86c1ua133n&ret=img&ref=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2...

35 B
319 B

24ms
24ms

Image
image/gif

23.21.155.15
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://io.narrative.io/?io.narrative.guid.v2=dbd33620-ccb2-11ec-96af-0e9f37bd45a9&companyId=19&id=disqus_id%3Ac1jmh86c1ua133n&ret=img&ref=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F
Protocol: HTTP/1.1
Server: 23.21.155.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-21-155-15.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Thu, 05 May 2022 20:35:10 GMT
Cache-Control: no-cache
Server: nginx/1.18.0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif

Redirect headers

Location: https://io.narrative.io/?io.narrative.guid.v2=dbd33620-ccb2-11ec-96af-0e9f37bd45a9&companyId=19&id=disqus_id%3Ac1jmh86c1ua133n&ret=img&ref=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F
Date: Thu, 05 May 2022 20:35:10 GMT
Server: nginx/1.18.0
Connection: keep-alive
Content-Length: 0

GET
H/1.1

204
No Content

/
io.narrative.io/ Frame 863C
Redirect Chain

https://obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com/narr?gdpr=0&gdpr_consent=&url=https%3A%2F%2Fio.narrative.io%2F%3FcompanyId%3D19%26gdpr%3D0%26gdpr_consent%3D%26id%3Ddisqus_id%3Ac1jmh86c1ua133n
https://io.narrative.io/?companyId=19&gdpr=0&gdpr_consent=&id=disqus_id:c1jmh86c1ua133n&puid=dbd72dc0-ccb2-11ec-8245-2f44eb5ff7c1

0
247 B

26ms
24ms

Image
text/plain

23.21.155.15
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://io.narrative.io/?companyId=19&gdpr=0&gdpr_consent=&id=disqus_id:c1jmh86c1ua133n&puid=dbd72dc0-ccb2-11ec-8245-2f44eb5ff7c1
Protocol: HTTP/1.1
Server: 23.21.155.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-21-155-15.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Thu, 05 May 2022 20:35:10 GMT
Cache-Control: no-cache
Server: nginx/1.18.0
Connection: keep-alive

Redirect headers

location: https://io.narrative.io/?companyId=19&gdpr=0&gdpr_consent=&id=disqus_id:c1jmh86c1ua133n&puid=dbd72dc0-ccb2-11ec-8245-2f44eb5ff7c1
date: Thu, 05 May 2022 20:35:10 GMT
cross-origin-resource-policy: cross-origin
content-length: 0

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame 863C 43 B
339 B 55ms
24ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&integration=wordpress%203.0.16&load_time=749&event=init_embed&thread=9050718870&forum=welivesecurity&forum_id=2152520&imp=1jmh83t2jvcpc2&prev_imp&thread_slug=isaacwiper_y_hermeticwizard_un_nuevo_wiper_y_worm_utilizados_en_ciberataques_a_ucrania&user_type=anon&referrer=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&theme=next&dnt=0&tracking_enabled=1&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=false

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Thu, 05 May 2022 20:35:10 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H3

200

sync
pippio.com/api/ Frame 18C6
Redirect Chain

https://idsync.rlcdn.com/462246.gif?partner_uid=c1jmh86c1ua133n
https://idsync.rlcdn.com/1000.gif?memo=CKabHBIbChcIARDI-AEaD2Mxam1oODZjMXVhMTMzbhAAGg0I_unQkwYSBQjoBxAAQgBKAA
https://pippio.com/api/sync?pid=5324&it=1&iv=dfb90e1c529ede5e445f94f03dcd06acb4c94d41591872cce994ff9286f60280791426b5417dce21&_=2

42 B
59 B

52ms
52ms

Image
image/gif

107.178.254.65
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pippio.com/api/sync?pid=5324&it=1&iv=dfb90e1c529ede5e445f94f03dcd06acb4c94d41591872cce994ff9286f60280791426b5417dce21&_=2
Protocol: H3
Server: 107.178.254.65 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 65.254.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 05 May 2022 20:35:10 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

date: Thu, 05 May 2022 20:35:10 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pippio.com/api/sync?pid=5324&it=1&iv=dfb90e1c529ede5e445f94f03dcd06acb4c94d41591872cce994ff9286f60280791426b5417dce21&_=2
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

ddp
pippio.com/api/sync/ Frame 18C6
Redirect Chain

https://ei.rlcdn.com/448046.gif?n=1&partner_site_id=1017&cparams=placement%3D1391
https://pippio.com/api/sync?pid=5324&_=2
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpEhoKFggBEAAaEG1kdXYtcnlXYklRYTR2QlIQABoMCP7p0JMGEgQIAhAAQgBKAA
https://pippio.com/api/sync/ddp?pid=2&m=CMwpEhoKFggBEAAaEG1kdXYtcnlXYklRYTR2QlIQABoMCP7p0JMGEgQIAhAAQgBKAA&google_error=3

42 B
59 B

46ms
45ms

Image
image/gif

107.178.254.65
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pippio.com/api/sync/ddp?pid=2&m=CMwpEhoKFggBEAAaEG1kdXYtcnlXYklRYTR2QlIQABoMCP7p0JMGEgQIAhAAQgBKAA&google_error=3
Protocol: H3
Server: 107.178.254.65 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 65.254.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 05 May 2022 20:35:10 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 05 May 2022 20:35:10 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pippio.com/api/sync/ddp?pid=2&m=CMwpEhoKFggBEAAaEG1kdXYtcnlXYklRYTR2QlIQABoMCP7p0JMGEgQIAhAAQgBKAA&google_error=3
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

458249.gif
idsync.rlcdn.com/ Frame 18C6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CO8KEhoKFggBEPkHGg9jMWptaDg2YzF1YTEzM24QABqXAQj-6dCTBhIECAIQABIFCJQpEAASBQjlKxAAEgUI5isQABIFCOcrEAASBQjoKxAAEgUI6Ss...
https://pippio.com/api/sync/ddp?pid=2&m=CO8KEhoKFggBEPkHGg9jMWptaDg2YzF1YTEzM24QABqXAQj-6dCTBhIECAIQABIFCJQpEAASBQjlKxAAEgUI5isQABIFCOcrEAASBQjoKxAAEgUI6SsQABIFCOorEAASBQjrKxAAEgUI7CsQABIFCO0rEAASB...
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
https://idsync.rlcdn.com/458249.gif?partner_uid=c5f5830f-041a-426a-b32a-84f7621fc10d

42 B
60 B

42ms
41ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/458249.gif?partner_uid=c5f5830f-041a-426a-b32a-84f7621fc10d
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 05 May 2022 20:35:10 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

location: https://idsync.rlcdn.com/458249.gif?partner_uid=c5f5830f-041a-426a-b32a-84f7621fc10d
date: Thu, 05 May 2022 20:35:10 GMT
via: 1.1 google
x-samesite: secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111
content-type: text/html; charset=utf-8

GET
H2

200

px
p.adsymptotic.com/d/ Frame 18C6
Redirect Chain

https://p.adsymptotic.com/d/px?_pid=13553&_psign=9e62e5c043ecadc9479a0ccac401dd7d
https://p.adsymptotic.com/d/px?_pid=13553&_psign=9e62e5c043ecadc9479a0ccac401dd7d&_expected_cookie=7f091cfd1e2aa98224b5f62ed19f792f

43 B
142 B

45ms
44ms

Image
image/gif

104.18.99.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.adsymptotic.com/d/px?_pid=13553&_psign=9e62e5c043ecadc9479a0ccac401dd7d&_expected_cookie=7f091cfd1e2aa98224b5f62ed19f792f
Protocol: H2
Server: 104.18.99.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 05 May 2022 20:35:10 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 706c42d7eaa4a20a-YYZ
p3p: CP='NON DSP COR CONi OUR BUS CNT'
content-type: image/gif
content-length: 43

Redirect headers

location: https://p.adsymptotic.com/d/px?_pid=13553&_psign=9e62e5c043ecadc9479a0ccac401dd7d&_expected_cookie=7f091cfd1e2aa98224b5f62ed19f792f
date: Thu, 05 May 2022 20:35:10 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 706c42d7aa49a20a-YYZ
content-length: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

GET
H3

200

52154.gif
idsync.rlcdn.com/ Frame 18C6
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=1&cparams=placement%3D1391
https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fidsync.rlcdn.com%252F52154.gif%253Fserved_by%253Devergreen%2526partner_uid%253D%2524UID
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=2532239475592321557

42 B
60 B

42ms
41ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=2532239475592321557
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 05 May 2022 20:35:10 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

Pragma: no-cache
Date: Thu, 05 May 2022 20:35:10 GMT
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 554.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 3b10055b-2f88-45ab-84ae-1e80932735ca
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=2532239475592321557
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

362588.gif
idsync.rlcdn.com/ Frame 18C6
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=2&cparams=placement%3D1391
https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveramp&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=liveramp&ttd_tpi=1
https://idsync.rlcdn.com/362588.gif?partner_uid=c314270d-9e2c-4279-9064-3988d23d378c

42 B
60 B

43ms
43ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362588.gif?partner_uid=c314270d-9e2c-4279-9064-3988d23d378c
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 05 May 2022 20:35:10 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 05 May 2022 20:35:10 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://idsync.rlcdn.com/362588.gif?partner_uid=c314270d-9e2c-4279-9064-3988d23d378c
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 199

GET
H3

200

396846.gif
idsync.rlcdn.com/ Frame 18C6
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=3&cparams=placement%3D1391
https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D
https://us-u.openx.net/w/1.0/cm?cc=1&id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=87c612aa-5d4b-4858-8c29-f2236b63aa27

42 B
60 B

42ms
42ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=87c612aa-5d4b-4858-8c29-f2236b63aa27
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 05 May 2022 20:35:10 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

date: Thu, 05 May 2022 20:35:10 GMT
content-encoding: gzip
server: OXGW/18.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=87c612aa-5d4b-4858-8c29-f2236b63aa27
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H3

200

47154.gif
idsync.rlcdn.com/ Frame 18C6
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=4&cparams=placement%3D1391
https://sync.mathtag.com/sync/img?mt_exid=10017&redir=https%3A%2F%2Fidsync.rlcdn.com%2F47154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%5BMM_UUID%5D
https://idsync.rlcdn.com/47154.gif?served_by=evergreen&partner_uid=dd626274-34fe-4c00-a096-ec2b0397b6ae

42 B
60 B

43ms
43ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/47154.gif?served_by=evergreen&partner_uid=dd626274-34fe-4c00-a096-ec2b0397b6ae
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 05 May 2022 20:35:10 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

Date: Thu, 05 May 2022 20:35:10 GMT
Server: MT3 4390 fb8620d master ord-pixel-x27 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://idsync.rlcdn.com/47154.gif?served_by=evergreen&partner_uid=dd626274-34fe-4c00-a096-ec2b0397b6ae
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 05 May 2022 20:35:09 GMT

GET
H3

200

362358.gif
idsync.rlcdn.com/ Frame 18C6
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=5&cparams=placement%3D1391
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm=&google_tc=
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEFTdusxHMTzqj-0ijSUKNGU&google_cver=1

42 B
60 B

42ms
42ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEFTdusxHMTzqj-0ijSUKNGU&google_cver=1
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 05 May 2022 20:35:10 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 05 May 2022 20:35:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEFTdusxHMTzqj-0ijSUKNGU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 289
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 18C6
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=6&cparams=placement%3D1391
https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=&cb=03199463
https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=&cb=03199463&dcc=t

43 B
932 B

46ms
45ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=&cb=03199463&dcc=t

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 May 2022 20:35:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 9PJB7912B9CDWC7XEGSG
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 05 May 2022 20:35:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: VR0N7ZG21CR331G4BEX7
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=&cb=03199463&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

362358.gif
idsync.rlcdn.com/ Frame 1CF3
Redirect Chain

https://ib.adnxs.com/getuid?https%3A//live.rezync.com/sync%3Fc%3D4656c20ee35215f78e9273796625d90b%26p%3D093016b0419d19c905c78c859b815219%26pid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%2F%2Flive.rezync.com%2Fsync%253Fc%253D4656c20ee35215f78e9273796625d90b%2526p%253D093016b0419d19c905c78c859b815219%2526pid%253D%2524UID
https://live.rezync.com/sync?c=4656c20ee35215f78e9273796625d90b&p=093016b0419d19c905c78c859b815219&pid=6581935755848043056
https://p.rfihub.com/cm?pub=39342&in=1&userid=72bca548-4f50-489e-8228-3e5af79f84ba%3A1651782910.62&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3Dc1jmh86c1ua133n
https://idsync.rlcdn.com/501709.gif?partner_uid=c1jmh86c1ua133n
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEFTdusxHMTzqj-0ijSUKNGU&google_cver=1

42 B
60 B

43ms
42ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEFTdusxHMTzqj-0ijSUKNGU&google_cver=1
Requested by: Host: live.rezync.com
URL: https://live.rezync.com/pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=c1jmh86c1ua133n&pctry=CA&referrer=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://live.rezync.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 05 May 2022 20:35:11 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 05 May 2022 20:35:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEFTdusxHMTzqj-0ijSUKNGU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 289
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

52154.gif
idsync.rlcdn.com/ Frame 1CF3
Redirect Chain

https://p.rfihub.com/cm?pub=39342&in=1&userid=72bca548-4f50-489e-8228-3e5af79f84ba%3A1651782910.62&forward=https%3A//live.rezync.com/sync%3Fc%3D4656c20ee35215f78e9273796625d90b%26p%3D260a954059a0ab...
https://live.rezync.com/sync?c=4656c20ee35215f78e9273796625d90b&p=260a954059a0ab1986e4ee8c5c88c54c&pid=1783777312688176391
https://idsync.rlcdn.com/501709.gif?partner_uid=c1jmh86c1ua133n
https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=2532239475592321557

42 B
60 B

42ms
42ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=2532239475592321557
Requested by: Host: live.rezync.com
URL: https://live.rezync.com/pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=c1jmh86c1ua133n&pctry=CA&referrer=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://live.rezync.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 05 May 2022 20:35:11 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

Pragma: no-cache
Date: Thu, 05 May 2022 20:35:10 GMT
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 554.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 1a9bdb6e-3742-46b9-b883-ee40240c86d9
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=2532239475592321557
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

receive
pixel.tapad.com/idsync/ex/ Frame 1CF3
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3181&partner_device_id=72bca548-4f50-489e-8228-3e5af79f84ba%3A1651782910.62
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3181&partner_device_id=72bca548-4f50-489e-8228-3e5af79f84ba%3A1651782910.62
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=9ca999d6-8a5e-4ad5-b089-e12b073ff55f%252C&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=c314270d-9e2c-4279-9064-3988d23d378c&ttd_puid=9ca999d6-8a5e-4ad5-b089-e12b073ff55f%2C

95 B
113 B

38ms
38ms

Image
image/png

107.178.246.49
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=c314270d-9e2c-4279-9064-3988d23d378c&ttd_puid=9ca999d6-8a5e-4ad5-b089-e12b073ff55f%2C

Requested by

Host: live.rezync.com
URL: https://live.rezync.com/pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=c1jmh86c1ua133n&pctry=CA&referrer=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F

Protocol

Server

107.178.246.49 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

49.246.178.107.bc.googleusercontent.com

Software

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://live.rezync.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 05 May 2022 20:35:10 GMT
via: 1.1 google
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

pragma: no-cache
date: Thu, 05 May 2022 20:35:10 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=c314270d-9e2c-4279-9064-3988d23d378c&ttd_puid=9ca999d6-8a5e-4ad5-b089-e12b073ff55f%2C
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 353

GET
H3

200

396846.gif
idsync.rlcdn.com/ Frame 18C6
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=7&cparams=placement%3D1391
https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=87c612aa-5d4b-4858-8c29-f2236b63aa27

42 B
60 B

42ms
42ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=87c612aa-5d4b-4858-8c29-f2236b63aa27
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 05 May 2022 20:35:10 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

date: Thu, 05 May 2022 20:35:10 GMT
content-encoding: gzip
server: OXGW/18.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=87c612aa-5d4b-4858-8c29-f2236b63aa27
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H3

200

362358.gif
idsync.rlcdn.com/ Frame 18C6
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=8&cparams=placement%3D1391
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEFTdusxHMTzqj-0ijSUKNGU&google_cver=1

42 B
60 B

45ms
45ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEFTdusxHMTzqj-0ijSUKNGU&google_cver=1
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 05 May 2022 20:35:10 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 05 May 2022 20:35:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEFTdusxHMTzqj-0ijSUKNGU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 289
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

47154.gif
idsync.rlcdn.com/ Frame 18C6
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=9&cparams=placement%3D1391
https://sync.mathtag.com/sync/img?mt_exid=10017&redir=https%3A%2F%2Fidsync.rlcdn.com%2F47154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%5BMM_UUID%5D
https://idsync.rlcdn.com/47154.gif?served_by=evergreen&partner_uid=dd626274-34fe-4c00-a096-ec2b0397b6ae

42 B
60 B

43ms
43ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/47154.gif?served_by=evergreen&partner_uid=dd626274-34fe-4c00-a096-ec2b0397b6ae
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 05 May 2022 20:35:10 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

Date: Thu, 05 May 2022 20:35:10 GMT
Server: MT3 4390 fb8620d master ord-pixel-x5 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://idsync.rlcdn.com/47154.gif?served_by=evergreen&partner_uid=dd626274-34fe-4c00-a096-ec2b0397b6ae
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 05 May 2022 20:35:09 GMT

GET
H3

200

362588.gif
idsync.rlcdn.com/ Frame 18C6
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=10&cparams=placement%3D1391
https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveramp&ttd_tpi=1
https://idsync.rlcdn.com/362588.gif?partner_uid=c314270d-9e2c-4279-9064-3988d23d378c

42 B
60 B

44ms
43ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362588.gif?partner_uid=c314270d-9e2c-4279-9064-3988d23d378c
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 05 May 2022 20:35:10 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 05 May 2022 20:35:10 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://idsync.rlcdn.com/362588.gif?partner_uid=c314270d-9e2c-4279-9064-3988d23d378c
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 199

GET
H3

200

52154.gif
idsync.rlcdn.com/ Frame 18C6
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=11&cparams=placement%3D1391
https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=2532239475592321557

42 B
60 B

43ms
43ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=2532239475592321557
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 05 May 2022 20:35:10 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

Pragma: no-cache
Date: Thu, 05 May 2022 20:35:10 GMT
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 554.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 3576035f-10ae-4504-a915-57f6f5984afe
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=2532239475592321557
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 18C6
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=12&cparams=placement%3D1391
https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=148ac8fda0d20dbd8453ad830d8cf89ff5448679f3eea507d248413bda382411c0cb235b3774c97e&cb=01036960

43 B
932 B

31ms
31ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=148ac8fda0d20dbd8453ad830d8cf89ff5448679f3eea507d248413bda382411c0cb235b3774c97e&cb=01036960

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 May 2022 20:35:10 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: N76B0SS5M8PSRRY6HSBM
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Thu, 05 May 2022 20:35:10 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=148ac8fda0d20dbd8453ad830d8cf89ff5448679f3eea507d248413bda382411c0cb235b3774c97e&cb=01036960
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 18C6
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=13&cparams=placement%3D1391
https://usermatch.krxd.net/um/v2?partner=liveramp
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp

0
336 B

86ms
23ms

Image
text/plain

34.193.99.248
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp
Protocol: H2
Server: 34.193.99.248 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-99-248.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 05 May 2022 20:35:11 GMT
cache-control: private, no-cache, no-store
x-request-time: D=41 t=1651782911
x-served-by: beacon-n007-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp
date: Thu, 05 May 2022 20:35:10 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a006-ash-prod.krxd.net

GET
H3

200

362248.gif
idsync.rlcdn.com/ Frame 18C6
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=14&cparams=placement%3D1391
https://dpm.demdex.net/ibs:dpid=477&dpuuid=ac778566c3ccae94a6044d0763300c79dc84d79ca1acf6be1990d2f945902a3cb0da87c991749652&redir=https%3A%2F%2Fidsync.rlcdn.com%2F362248.gif%3Fpartner_uid%3D%24%7BD...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=477&dpuuid=ac778566c3ccae94a6044d0763300c79dc84d79ca1acf6be1990d2f945902a3cb0da87c991749652&redir=https%3A%2F%2Fidsync.rlcdn.com%2F362248.gif%3...
https://idsync.rlcdn.com/362248.gif?partner_uid=21750738951886769762261123015491477881

42 B
60 B

42ms
42ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362248.gif?partner_uid=21750738951886769762261123015491477881
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 05 May 2022 20:35:11 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

DCS: dcs-prod-usw2-1-v028-0cff4d82e.edge-usw2.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: ePHwPQNhT6U=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://idsync.rlcdn.com/362248.gif?partner_uid=21750738951886769762261123015491477881
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3

200

401696.gif
idsync.rlcdn.com/ Frame 18C6
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=15&cparams=placement%3D1391
https://tags.bluekai.com/site/2035?phint=rluid=354eb6fab9385712946b88b5300a0a74fa3896da441da0334a5be266d3c378cd2971936f2f944561&redir=https%3A%2F%2Fidsync.rlcdn.com%2F401696.gif%3Fpartner_uid%3D%24...
https://idsync.rlcdn.com/401696.gif?partner_uid=$BK_UUID_25515

42 B
60 B

43ms
43ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/401696.gif?partner_uid=$BK_UUID_25515
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 05 May 2022 20:35:11 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

Location: https://idsync.rlcdn.com/401696.gif?partner_uid=$BK_UUID_25515
Date: Thu, 05 May 2022 20:35:11 GMT
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H3

200

397676.gif
idsync.rlcdn.com/ Frame 18C6
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=16&cparams=placement%3D1391
https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40
https://gum.criteo.com/sync?s=1&c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40
https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=qzWcBzWW8lXGWZsAkzkROj6T4yjF6U4z

42 B
60 B

43ms
43ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=qzWcBzWW8lXGWZsAkzkROj6T4yjF6U4z
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 05 May 2022 20:35:11 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

location: https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=qzWcBzWW8lXGWZsAkzkROj6T4yjF6U4z
date: Thu, 05 May 2022 20:35:11 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 4041
content-length: 221
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8

Verdicts & Comments Add Verdict or Comment

84 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

41 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.welivesecurity.com/	1970-01-20 11:35:18	Name: pll_language Value: la-es
.welivesecurity.com/	1969-12-31 23:59:59	Name: TS01239cf7 Value: 0142213e1a38593ee4bdaee2af52859d667f847ce3effea070c6a7fefa16f161d926cde44237fff3c81c34289c71dc46cf335f03f8
.welivesecurity.com/	1970-01-20 02:49:46	Name: AKA_A2 Value: A
www.welivesecurity.com/	1970-01-20 11:35:18	Name: ai_user Value: /NEIs\|2022-05-05T20:35:09.286Z
.welivesecurity.com/	1970-01-20 20:20:54	Name: _ga Value: GA1.2.87570065.1651782909
.welivesecurity.com/	1970-01-20 02:51:09	Name: _gid Value: GA1.2.768078441.1651782909
www.welivesecurity.com/	1970-01-20 02:49:44	Name: ai_session Value: JO806\|1651782909488.6\|1651782909488.6
disqus.com/	1970-01-20 02:49:44	Name: __jid Value: 1jmh83t2jvcpc2
.disqus.com/	1970-01-20 11:35:18	Name: disqus_unique Value: 1jmh86c1ua133n
.google.com/	1970-01-20 07:13:14	Name: NID Value: 511=ZbqaRdg9jlCTDb0ZNwpIGPsKqR2LPCDc-130j1ihuBUizbfy17fBhfxVb6h39jyw2FBFYoRF2RDZ5Yj2PpuqOL2PGr1gY9waQvRLJU0Wvwk0PX10_RyiJL0ZA61cxeeMttv-YRE-xj3OtDLw_WId9nojAhcRjAgNEcv7snk43G8
.pippio.com/	1970-01-20 11:35:18	Name: did Value: mduv-ryWbIQa4vBR
.pippio.com/	1970-01-20 11:35:18	Name: didts Value: 1651782910
.pippio.com/	1970-01-20 04:16:06	Name: nnls Value:
io.narrative.io/	1970-01-20 15:57:40	Name: io.narrative.guid.v2 Value: dbd33620-ccb2-11ec-96af-0e9f37bd45a9
.rezync.com/	1970-01-20 12:10:53	Name: zync-uuid Value: 72bca548-4f50-489e-8228-3e5af79f84ba:1651782910.62
live.rezync.com/	1970-01-20 12:11:18	Name: sd-session-id Value: .eJwVykELgjAYgOG_Et_Zg3MVIXSIFFHadlnITmI6dGOuctuhxP-e3d4XngWal5yn1krrIfVzkBF0Rm3nIF2gV-4dtoIO6Wk8HTsUWoSxhTUCJ51TT9uo_i93j03Rb6VEkiOaDZ4WApFrHLPMmBsfPkQPniR3JGqBWS32tKhGpvOE8hyzrDwQfglUl2dY1x-PDTA1.FVXGfg._zvx0Rn5Wl-z7nEN36FfALzLcro
.adsymptotic.com/	1970-01-20 04:59:18	Name: U Value: 7f091cfd1e2aa98224b5f62ed19f792f
.tapad.com/	1970-01-20 04:16:06	Name: TapAd_TS Value: 1651782910737
.tapad.com/	1970-01-20 04:16:06	Name: TapAd_DID Value: 9ca999d6-8a5e-4ad5-b089-e12b073ff55f
.openx.net/	1970-01-20 11:35:18	Name: i Value: 01ac5295-398b-41cf-8986-ba3836dff802\|1651782910
.adsrvr.org/	1970-01-20 11:35:18	Name: TDID Value: c314270d-9e2c-4279-9064-3988d23d378c
.adnxs.com/	1970-01-20 04:59:18	Name: uuid2 Value: 2532239475592321557
.mathtag.com/	1970-01-20 12:15:38	Name: uuid Value: dd626274-34fe-4c00-a096-ec2b0397b6ae
.doubleclick.net/	1970-01-20 20:20:54	Name: IDE Value: AHWqTUmuyQrwbXOOE-BFLLZXGs7UmHHxH36CxXd9sAwPPOlKpDcWLy5Lqs3uu4RFgGM
.linksynergy.com/	1970-01-20 11:35:18	Name: rmuid Value: c5f5830f-041a-426a-b32a-84f7621fc10d
.linksynergy.com/	1970-01-20 11:35:18	Name: icts Value: 2022-05-05T20:35:10Z
.pippio.com/	1970-01-20 04:16:06	Name: pxrc Value: CP7p0JMGEgQIAhAAEgUIlCkQABIFCOUrEAASBQjmKxAAEgUI5ysQABIFCOgrEAASBQjpKxAAEgUI6isQABIFCOsrEAASBQjsKxAAEgUI7SsQABIFCO4rEAASBQjVQxAAEgUI3k4QABIGCOzrARAAEgYI468rEAASBgjtrysQABIGCO6vKxAAEgYI768rEAASBgjwrysQABIGCPGvKxAA
.rfihub.com/	1970-01-20 12:11:18	Name: rud Value: H4sIAAAAAAAAAOMSNjS3MDY3Nzc2NDKzsDA0NzO2NBTiM9Q1zAn2cnJJKnL0KImQ4jU0MwWqM7I0NLAwNgYAcYJU6DQAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjS3MDY3Nzc2NDKzsDA0NzO2NBTiM9Q1zAn2cnJJKnL0KIkAAFDVPq8lAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAAAAXBwRGAMAgEwI_t4IQTwmE3JBMKsXJ3vwuBtcuNYu1DjHmEAOU5Xh3ZtFWvTtcgUsc98QOCFWIqNQAAAA
.amazon-adsystem.com/	1970-01-20 08:36:45	Name: ad-id Value: A1_uAnq_ZEZrk9ck9lyk4Ss
.amazon-adsystem.com/	1970-01-22 00:01:14	Name: ad-privacy Value: 0
.tapad.com/	1970-01-20 04:16:06	Name: TapAd_3WAY_SYNCS Value: 1!3020
.rfihub.com/	1970-01-20 12:11:18	Name: eud Value: H4sIAAAAAAAAAEXHwRGAIAwEwAp8UUccOBK42E1wSEE-rdan-9unYGLdYUrRtCpK30KA0rdFTk_qiqsNa5PwVs-Btxz_6fgApC3KT0UAAAA
.adsrvr.org/	1970-01-20 11:35:18	Name: TDCPM Value: CAESFwoIbGl2ZXJhbXASCwiqpfeHmbjXOhAFEhQKBXRhcGFkEgsIjsCdh5m41zoQBRgBIAEoAjILCKqd-rSvuNc6EAU4AVoIbGl2ZXJhbXBgAg..
.rlcdn.com/	1970-01-20 04:16:06	Name: pxrc Value: CP7p0JMGEgUI6AcQABIFCOhHEAASBgi26gEQABIGCL7qARAAEgYIuOsBEAA=
.criteo.com/	1970-01-20 12:11:18	Name: uid Value: 2bfa17c1-087b-4efe-9d80-653c9272e9b0
.rlcdn.com/	1970-01-20 11:35:18	Name: rlas3 Value: KaUBPECa9QVCLbND9vR0YhwYthfTT/02DYMAafxsnds=
.krxd.net/	1970-01-20 07:08:54	Name: _kuid_ Value: O0eA43PY
.demdex.net/	1970-01-20 07:08:54	Name: demdex Value: 21750738951886769762261123015491477881
.dpm.demdex.net/	1970-01-20 07:08:54	Name: dpm Value: 21750738951886769762261123015491477881

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://c.disquscdn.com/next/current/embed/lang/es.js Message: Failed to load resource: the server responded with a status of 404 ()
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
network	error	URL: https://accounts.google.com/_/IdpIFrameHttp/cspreport Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

173bf10a.akstat.io
accounts.google.com
apis.google.com
assets.esetstatic.com
az416426.vo.msecnd.net
beacon.krxd.net
c.disquscdn.com
c.go-mpulse.net
cdn1.esetstatic.com
cm.g.doubleclick.net
connect.facebook.net
dc.services.visualstudio.com
disqus.com
dpm.demdex.net
ei.rlcdn.com
eydvgaaamb4gojqacqnqaeyaabrhinh5-p8kemd-764c70d19-clienttons-s.akamaihd.net
glitter.services.disqus.com
gum.criteo.com
ib.adnxs.com
idsync.rlcdn.com
io.narrative.io
live.rezync.com
match.adsrvr.org
obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com
p.adsymptotic.com
p.rfihub.com
pippio.com
pixel.tapad.com
rc.rlcdn.com
referrer.disqus.com
s.amazon-adsystem.com
s.go-mpulse.net
su4jtoyxhyxsiytugt6q-p8kemd-728890304-clientnsv4-s.akamaihd.net
sync.mathtag.com
tags.bluekai.com
tags.rd.linksynergy.com
trial-eum-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net
us-u.openx.net
usermatch.krxd.net
welivesecurity.disqus.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.gstatic.com
www.welivesecurity.com
104.18.99.194
107.178.246.49
107.178.254.65
13.225.223.18
13.225.223.63
142.251.40.162
15.197.193.217
151.101.0.134
184.85.195.135
199.232.192.134
199.232.196.134
199.232.196.64
199.38.167.129
20.42.73.154
209.54.180.144
216.200.232.249
23.21.155.15
23.62.47.36
2600:1400:d:19f::11a6
2600:1400:d:5aa::11a6
2600:141b:13::17d7:823a
2600:141b:13::17d7:82da
2600:9000:21ec:4200:6:8656:f5c0:93a1
2606:2800:11f:17a5:191a:18d5:537:22f9
2607:f8b0:4006:807::200d
2607:f8b0:4006:817::200e
2607:f8b0:4006:81f::2003
2607:f8b0:4006:822::200e
2607:f8b0:4006:823::2008
2620:100:a001::c
2620:1ec:40::40
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
34.193.99.248
34.196.181.105
34.98.64.218
34.98.67.3
35.190.60.146
44.240.117.116
54.144.226.112
68.67.181.207
07eb93ac65bb359ad3d97cdf04b1744de9d3ecc0ac35b81e906cfb3bfb38d491
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0d12043c7051fe9e78060b7ae447ec5aa8bfa744dd5520fb12e745a2bb0076da
10b80d3a1580d6941f75c0b81578bc7421e3016d60d233f4a5bfb8bf49077931
11c401a81e32b086bea3798c033009907b429fb601411da6ffc266b78184898a
12c42fa79dc321e56bb3c23008cacf7a79771bab4fa61f765556e24ba13a89ff
12f37c0a70377ac636345742e2eb0d2acb70d411612020ae1608193330a5b15d
1377c33abb24c615100b47c8d905ef0299112a22d097511cc569337b9633f21e
15937a97e8b39e8789fe44665a859856f2e1a8d7dbf93c7c6d8b31361c903f19
16446c63d4890cf1704eff93c7d261c1b1b950877ec708a49b380aaa6bc88195
18fc4c578d185b0c9979c16e1c6b431e3079b3b06b98d56995a29ab7a90bdfe1
193fbb968733b8a7049da19274546e6b80b76e9a8f1b837fee9a5fdeb8f97c7b
1ba0ff3994900740a94dc37300b7415b25d642f6ef495afc5ae4e16ae1128e66
20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd
2230603b8ba7c0020fd16a1582d087decbc8381475e125271c2e13530f1592d7
260865134b6e69ca7bafa9e8ddcd59fb6ffbf727f50a3d2dd186d217c8c79694
287e60c512b2232d8e5c31c3afbbf059bfbacd616020bcd28244207d30ca56a3
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
35690da707ffc94cf3f4639b1f90cb710a630579cb75fcad0e2de9ed37c6c1ab
35ccbb14f6d8b7ed5eb03728f94221f27ed194ae83b32c40315d531f49b10bc1
35ce72d85ac20c855ec514d68c3d7d252fdcd2b17728d3f0d5653b93df69033a
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
46eb264a48c270c23ede9aa3b41f9b1e00e910428d852eb6f4fba10c1a3917ca
4836b6031bc4af96767f0121fa458714583340054aea6338ef99a1bc4011f43b
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
4e14ce1bd0d4433eee84cbb16196a7a051126f07af888ef7f9d252120f32f907
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e
55c9540888569c09e72cbfbadbe3a3fe888b0a3dec19d5a6fd085dcf09162cc8
5813b04bb0c879b76179735995127ddc2af1867f42d4a4b5a8d7c3103f348b05
5c3950d19e91a019b1ef7dc7db80031aa13868a2c8806a50155d618b8a1c55d1
63119c22e3d2c8906bdd3bc5257f676496b0f3233345fbc45bc566b4dcf73a6b
63a41173db39c92635a87b39eedb581e8a1c3142372ebced441ce927fef343a1
64cee676a611b27aca955c5e227666f9d955682512ec25b982bd5e2f92eb61dd
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f
730d4b3194f10a8c177046e001a83e0391e3b6ef2f1386d368a51c2433a98127
7344c63c6a0d89b69a485af2ec5bcc1cad983150613510439371d5293ed1cc46
7df5345a52f22643ef051bf74f41d9a5a5644d5e699480a81ae8825b8ab5e533
7e06b43129346c2d3e7068748026264b04136b29c1a978d28f9d8dd0e2e729fe
7e49288cded16fd39b68f9a4c511e863ea5d03bef945cbc84ca5c1a8544664a5
822800703045ecbccb15cff577f1f09d9b4efee6ae916396a6aceb3f6544b9a5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8784042e14531617c1aef40d7623d3dd1d0b24730721c779e0c3ae86ed03990e
8d8ba4c94f3b33965aa63ce307972277b1263dc40705b292af8f835f4eebd042
92a9c26ff6f6e2d12c12c34a232a09de772baeffedca24cae54705b192d3460b
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
9ae8fa2561b9686ad863d2eb0aa5832be309875cad56ac19dc04f9f075dbca1e
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a6a468c14177dcc22e8a5f340e7d99593f254708bd58b6ce819a343cb712b540
a6eff2f3ecd9211db7c512605e2c88c5494b4578b9f0bd94dd51a1f69e5a534e
b73b5451007d692a5bc85a58e202330c63ae810ccf7d96f6c5d6d5ca913405ed
bec6c835a3bdeb3a9861c99a6d3e67390d032bd1c9210c5abb82ff495a9fb6bf
c1757f7a288131ceeb5bc1276d57640278bc5eecbbcae016189c274981d2b45c
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c5ee3631bb6f2c7199e4c4ff6ca93ffe1d4f1796844c0dc46430a650cb883811
ca438d06863819d0f070920bbb93347ed52f6ee9c6addaa0e47453294dda33b5
cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d34bbac8aeb622f108a95c454c22cf791d514432d9118ed19aabf361e4bed34c
db4802cdd77ee321f64c129088ac127ae97f09f283e9d90ef66e352a8e36340d
db865c8f3642f3485829c0ee0008fe04a32cc66af70867b39f60395a7fed3984
dd64ca752834b8f9c5c495a528c7ff54c6538cedd9f380e2106455f60610f613
ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018
e0c2fd69b7d441b42045d474afe52d2bdbb81a44c8d73e2c8271e4114003d991
e22e3416c5b454c2fc3c8e8185b478647446789abbee258ec18a5791880eaf1b
e2a1c2c0322c2737e986c860da67fbb2b9e93b70527a943b8c35b9d6e81ebb42
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33
ec934eecf474af1cbf210cb0b23f14f407f7d6960eb2bd25bee29e4038cd5e08
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef5b68f5000e5b927e37446387a463fe8f3397d6d4d7532748816887b5d06950
f055e217bde76d711bd8b42af773f9f99b8a29d81ad9ed10b6379cc7e6c60452
f0edf4ed283d119399dcb7025914b6a68a187667085bcbc49fe91db20f952cc1
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
fb07128372b2a8280ebd49f16bd784e55ae2c6162bb1be7fd7b9f18b6aa40ebf
fd8f6b19f6594c79bbf4e63b76d57e3230959f2fc0b3805277472b7e8061cdf0

www.welivesecurity.com Open in urlscan Pro 2600:141b:13::17d7:823a Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

110 Requests

75 %HTTPS

37 %IPv6

34 Domains

46 Subdomains

29 IPs

2 Countries

2722 kBTransfer

4482 kBSize

41 Cookies

32 Outgoing links

Redirected requests

110 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.welivesecurity.com Open in urlscan Pro
2600:141b:13::17d7:823a Public Scan

Screenshot
Live screenshot

Full Image

110
Requests

75 %
HTTPS

37 %
IPv6

34
Domains

46
Subdomains

29
IPs

2
Countries

2722 kB
Transfer

4482 kB
Size

41
Cookies

110 HTTP transactions
0 data transactions