urlscan.io logo urlscan.io
SecurityTrails logo

noransom.kaspersky.com Open in urlscan Pro
91.103.67.151  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.co/H4ncq3P3SZ
Effective URL: https://noransom.kaspersky.com/
Submission: On April 20 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 14 IPs in 5 countries across 11 domains to perform 34 HTTP transactions. The main IP is 91.103.67.151, located in Russian Federation and belongs to KL-AS, CH. The main domain is noransom.kaspersky.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on February 25th 2022. Valid for: 6 months.
This is the only time noransom.kaspersky.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    104.244.42.197 (United States)

ASN13414 (TWITTER, US)
t.co
14    91.103.67.151 (Russian Federation)

ASN41983 (KL-AS, CH)
noransom.kaspersky.com
1    2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    185.85.15.31 (Germany)

ASN200107 (KL-EXT, CH)
media.kaspersky.com
2    2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
4    2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    34.240.179.113 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-240-179-113.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    52.51.78.176 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-78-176.eu-west-1.compute.amazonaws.com
kaspersky.demdex.net
2    13.36.218.177 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
kaspersky.d3.sc.omtrdc.net
1    52.51.88.158 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-88-158.eu-west-1.compute.amazonaws.com
cm.everesttech.net
2    2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    2a02:26f0:6c00::210:baba (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
consent.cookiebot.com
1    2a02:26f0:6c00:281::f09 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
consentcdn.cookiebot.com
Apex Domain
Subdomains		 Transfer
15 kaspersky.com
noransom.kaspersky.com
media.kaspersky.com — Cisco Umbrella Rank: 133247
581 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 71
339 KB
3 cookiebot.com
consent.cookiebot.com — Cisco Umbrella Rank: 4770
consentcdn.cookiebot.com — Cisco Umbrella Rank: 5520
83 KB
3 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 216
kaspersky.demdex.net — Cisco Umbrella Rank: 261230
5 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 100
388 B
2 omtrdc.net
kaspersky.d3.sc.omtrdc.net — Cisco Umbrella Rank: 233454
568 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 138
172 KB
1 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1009
517 B
1 gstatic.com
www.gstatic.com
143 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 4
968 B
1 t.co
t.co — Cisco Umbrella Rank: 476
510 B
34 11
Domain Requested by
14 noransom.kaspersky.com t.co
noransom.kaspersky.com
4 www.googletagmanager.com noransom.kaspersky.com
www.googletagmanager.com
2 consent.cookiebot.com www.googletagmanager.com
consent.cookiebot.com
2 www.facebook.com noransom.kaspersky.com
2 kaspersky.d3.sc.omtrdc.net media.kaspersky.com
2 dpm.demdex.net media.kaspersky.com
noransom.kaspersky.com
2 connect.facebook.net noransom.kaspersky.com
connect.facebook.net
1 consentcdn.cookiebot.com consent.cookiebot.com
1 cm.everesttech.net 1 redirects
1 kaspersky.demdex.net media.kaspersky.com
1 www.gstatic.com www.google.com
1 media.kaspersky.com noransom.kaspersky.com
1 www.google.com noransom.kaspersky.com
1 t.co
34 14
Subject Issuer Validity Valid
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-07 -
2023-03-06		 a year crt.sh
noransom.kaspersky.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-25 -
2022-08-23		 6 months crt.sh
www.google.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
media.kaspersky.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-31 -
2023-03-31		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-01-27 -
2022-04-27		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-19 -
2022-11-19		 a year crt.sh
*.d3.sc.omtrdc.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-17 -
2023-03-07		 a year crt.sh
consent.cookiebot.com
DigiCert ECC Extended Validation Server CA		 2020-06-11 -
2022-06-11		 2 years crt.sh
*.cookiebot.com
DigiCert SHA2 Secure Server CA		 2021-07-05 -
2022-07-13		 a year crt.sh

This page contains 3 frames:

Primary Page: https://noransom.kaspersky.com/
Frame ID: 18BC6EAD6D9502113BEF3967481372BA
Requests: 34 HTTP requests in this frame

Frame: https://kaspersky.demdex.net/dest5.html?d_nsid=0
Frame ID: 5BA2AA49322A176CF48CBCA0FC38369B
Requests: 1 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 0502B4E9F5DB830FD5AF3735AA1CD1B3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

No Ransom: Free ransomware file decryption tools by KasperskyPowered by Cookiebot

Page URL History Show full URLs

  1. https://t.co/H4ncq3P3SZ Page URL
  2. https://noransom.kaspersky.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • consent\.cookiebot\.com
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

34
Requests

97 %
HTTPS

50 %
IPv6

11
Domains

14
Subdomains

14
IPs

5
Countries

1326 kB
Transfer

4091 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/H4ncq3P3SZ Page URL
  2. https://noransom.kaspersky.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23
  • https://cm.everesttech.net/cm/dd?d_uuid=58601168306480921321180679673734284912 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yl-cBgAAAGfy0wQE

34 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
H4ncq3P3SZ
t.co/ 		248 B
510 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/H4ncq3P3SZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.197 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private,max-age=300
content-encoding
gzip
content-length
177
content-type
text/html; charset=utf-8
date
Wed, 20 Apr 2022 10:10:12 GMT
expires
Wed, 20 Apr 2022 10:15:13 GMT
server
tsa_o
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
54c795f98c03d9b5f72727067c64db560c45a7dbcdb2ecd7f6a6bb2e78b7a5e6
x-response-time
119
x-xss-protection
0
Primary Request /
noransom.kaspersky.com/ 		45 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://noransom.kaspersky.com/
Requested by
Host: t.co
URL: https://t.co/H4ncq3P3SZ
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
91.103.67.151 , Russian Federation, ASN41983 (KL-AS, CH),
Reverse DNS
Software
nginx / PHP/7.4.28
Resource Hash
0021c4f5d5ff63e64ec5564d3750d1d6d20ae09fe241e4a10998ac4810ec1f2c
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.google.com https://cdnjs.cloudflare.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://www.gstatic.com https://media.kaspersky.com https://consent.cookiebot.com https://cdn.cookiebot.com; object-src 'self'
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff nosniff
X-Frame-Options DENY

Request headers

Referer
https://t.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials
false
Access-Control-Allow-Origin
https://noransom.kaspersky.com
Connection
keep-alive
Content-Encoding
gzip
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.google.com https://cdnjs.cloudflare.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://www.gstatic.com https://media.kaspersky.com https://consent.cookiebot.com https://cdn.cookiebot.com; object-src 'self'
Content-Type
text/html; charset=UTF-8
Date
Wed, 20 Apr 2022 10:10:13 GMT
Link
<https://noransom.kaspersky.com/wp-json/>; rel="https://api.w.org/" <https://noransom.kaspersky.com/wp-json/wp/v2/pages/7>; rel="alternate"; type="application/json" <https://noransom.kaspersky.com/>; rel=shortlink
Origin
https://noransom.kaspersky.com
Referrer-Policy
no-referrer-when-downgrade
Server
nginx
Strict-Transport-Security
max-age=2592000
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff nosniff
X-Frame-Options
DENY
X-Powered-By
PHP/7.4.28
main.css
noransom.kaspersky.com/content/themes/ransomware/static/css/ 		109 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://noransom.kaspersky.com/content/themes/ransomware/static/css/main.css
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
91.103.67.151 , Russian Federation, ASN41983 (KL-AS, CH),
Reverse DNS
Software
nginx /
Resource Hash
dea5bb320b8aa794d70c8a893b5a7122ef6acc8a4c553562538a7143ec7727ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 10:10:14 GMT
Content-Encoding
gzip
Origin
https://noransom.kaspersky.com
Last-Modified
Thu, 14 Apr 2022 13:17:56 GMT
Server
nginx
ETag
W/"1b332-5dc9d1f4f84bf"
X-Frame-Options
DENY
Content-Type
text/css
Access-Control-Allow-Origin
https://noransom.kaspersky.com
Transfer-Encoding
chunked
Connection
keep-alive
Access-Control-Allow-Credentials
false
X-Content-Type-Options
nosniff
addition.css
noransom.kaspersky.com/content/themes/ransomware/static/css/ 		37 B
510 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://noransom.kaspersky.com/content/themes/ransomware/static/css/addition.css
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
91.103.67.151 , Russian Federation, ASN41983 (KL-AS, CH),
Reverse DNS
Software
nginx /
Resource Hash
25ab69caf12d0d5d06289a483f2cd1a672fcfc8c60cb0a13056f1221b7bc1f79
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 10:10:14 GMT
Content-Encoding
gzip
Origin
https://noransom.kaspersky.com
Last-Modified
Thu, 14 Apr 2022 13:17:56 GMT
Server
nginx
ETag
W/"25-5dc9d1f4f5b4e"
X-Frame-Options
DENY
Content-Type
text/css
Access-Control-Allow-Origin
https://noransom.kaspersky.com
Transfer-Encoding
chunked
Connection
keep-alive
Access-Control-Allow-Credentials
false
X-Content-Type-Options
nosniff
api.js
www.google.com/recaptcha/ 		850 B
968 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?hl=%3C?if(get_current_language()==%22cz%22){echo%20%22cs%22;}elseif(get_current_language()==%22rs%22){echo%20%22sr%22;}elseif(get_current_language()==%22br%22){echo%20%22pt-BR%22;}else{echo%20get_current_language();};?%3E
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
9d31ba6646e46f3b036de14325472c4be1c992e80ed978b470c4f598e803a953
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 10:10:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
555
x-xss-protection
1; mode=block
expires
Wed, 20 Apr 2022 10:10:14 GMT
s_code_single_suite.js
media.kaspersky.com/tracking/omniture/ 		173 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
185.85.15.31 , Germany, ASN200107 (KL-EXT, CH),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
5e28c84350d366bdfe2f975b140ff03da2914afad19d8d72f93626714bbee238
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
etag
"8064ef82ed4fd81:0"
x-powered-by
Kaspersky Labs, Kaspersky Labs
alt-svc
h3=":443"; ma=86400
content-length
49335
x-xss-protection
1; mode=block
last-modified
Thu, 14 Apr 2022 10:50:53 GMT
server
x-frame-options
SAMEORIGIN
date
Wed, 20 Apr 2022 10:10:13 GMT
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=3600
x-server
fr2/FRA3
accept-ranges
bytes
x-content-type-options
nosniff
logo.svg
noransom.kaspersky.com/content/themes/ransomware/static/img/assets/logo/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://noransom.kaspersky.com/content/themes/ransomware/static/img/assets/logo/logo.svg
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
91.103.67.151 , Russian Federation, ASN41983 (KL-AS, CH),
Reverse DNS
Software
nginx /
Resource Hash
6670587c6c6f7eaea610366096842e6256d42aa527149b0627416005f81f3390
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 10:10:14 GMT
Content-Encoding
gzip
Origin
https://noransom.kaspersky.com
Last-Modified
Thu, 14 Apr 2022 13:17:58 GMT
Server
nginx
ETag
W/"d79-5dc9d1f6ab650"
X-Frame-Options
DENY
Content-Type
image/svg+xml
Access-Control-Allow-Origin
https://noransom.kaspersky.com
Transfer-Encoding
chunked
Connection
keep-alive
Access-Control-Allow-Credentials
false
X-Content-Type-Options
nosniff
illustration.svg
noransom.kaspersky.com/content/themes/ransomware/static/img/assets/illustration/ 		10 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://noransom.kaspersky.com/content/themes/ransomware/static/img/assets/illustration/illustration.svg
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
91.103.67.151 , Russian Federation, ASN41983 (KL-AS, CH),
Reverse DNS
Software
nginx /
Resource Hash
578d161057d45151b3b3bac271a43d41995075b12548328e21ddbb09838e5889
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 10:10:14 GMT
Content-Encoding
gzip
Origin
https://noransom.kaspersky.com
Last-Modified
Thu, 14 Apr 2022 13:17:58 GMT
Server
nginx
ETag
W/"27ff-5dc9d1f6a19de"
X-Frame-Options
DENY
Content-Type
image/svg+xml
Access-Control-Allow-Origin
https://noransom.kaspersky.com
Transfer-Encoding
chunked
Connection
keep-alive
Access-Control-Allow-Credentials
false
X-Content-Type-Options
nosniff
jquery.min.js
noransom.kaspersky.com/content/themes/ransomware/static/js/ 		87 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://noransom.kaspersky.com/content/themes/ransomware/static/js/jquery.min.js
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
91.103.67.151 , Russian Federation, ASN41983 (KL-AS, CH),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 10:10:14 GMT
Content-Encoding
gzip
Origin
https://noransom.kaspersky.com
Last-Modified
Thu, 14 Apr 2022 13:17:58 GMT
Server
nginx
ETag
W/"15d9d-5dc9d1f6e1e27"
X-Frame-Options
DENY
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
https://noransom.kaspersky.com
Transfer-Encoding
chunked
Connection
keep-alive
Access-Control-Allow-Credentials
false
X-Content-Type-Options
nosniff
main.js
noransom.kaspersky.com/content/themes/ransomware/static/js/ 		845 KB
179 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://noransom.kaspersky.com/content/themes/ransomware/static/js/main.js
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
91.103.67.151 , Russian Federation, ASN41983 (KL-AS, CH),
Reverse DNS
Software
nginx /
Resource Hash
e3b0030a7bfb603763421309a23e681f5b85ff1723d7221b2d363ddff1a6c6b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 10:10:14 GMT
Content-Encoding
gzip
Origin
https://noransom.kaspersky.com
Last-Modified
Thu, 14 Apr 2022 13:17:58 GMT
Server
nginx
ETag
W/"d35fd-5dc9d1f6f7a04"
X-Frame-Options
DENY
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
https://noransom.kaspersky.com
Transfer-Encoding
chunked
Connection
keep-alive
Access-Control-Allow-Credentials
false
X-Content-Type-Options
nosniff
fbevents.js
connect.facebook.net/en_US/ 		99 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26311
x-xss-protection
0
pragma
public
x-fb-debug
6QpAlw0fssbDmIoCzbth9Ox6kZh4F0wXrCJ5PwwCJpgksL5FqOKRzop/bVn98Ti3lN3f1kB2u0LAV5Sjiym1aA==
x-fb-trip-id
917726464
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Wed, 20 Apr 2022 10:10:14 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/6pQzWaE1NP-gB4FrqRViKjM-/ 		362 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/6pQzWaE1NP-gB4FrqRViKjM-/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=%3C?if(get_current_language()==%22cz%22){echo%20%22cs%22;}elseif(get_current_language()==%22rs%22){echo%20%22sr%22;}elseif(get_current_language()==%22br%22){echo%20%22pt-BR%22;}else{echo%20get_current_language();};?%3E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b3b3cb90a7ed89725522255170cc8b7a4b98d4f457ba4ebe222101e978d4ba15
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://noransom.kaspersky.com/
Origin
https://noransom.kaspersky.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 10:03:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
422
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
145700
x-xss-protection
0
last-modified
Sun, 10 Apr 2022 22:01:45 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 20 Apr 2023 10:03:12 GMT
gtm.js
www.googletagmanager.com/ 		183 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-K3WXWL
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
da0ea743dc1517602dd3893b85ae1268d838e7e766a19bfaad7fe7dff2af1e7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 10:10:14 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
59366
x-xss-protection
0
last-modified
Wed, 20 Apr 2022 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 20 Apr 2022 10:10:14 GMT
gtm.js
www.googletagmanager.com/ 		476 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
008492ee36278d4f300987c9fdbba1772a91430d66a5a1a835903bf25334cb04
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 10:10:14 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
116798
x-xss-protection
0
last-modified
Wed, 20 Apr 2022 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 20 Apr 2022 10:10:14 GMT
id
dpm.demdex.net/ 		368 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=983502BE532960BE0A490D4C%40AdobeOrg&d_nsid=0&ts=1650449414267
Requested by
Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.240.179.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-240-179-113.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
67fe938e139c62e71b1fcd3055ee728ac19dd266ce33217ee69ef253bfe91605
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://noransom.kaspersky.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-1-v031-08ace46bf.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
CB3THI1jRBk=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://noransom.kaspersky.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
312
Expires
Thu, 01 Jan 1970 00:00:00 UTC
svg-symbols.svg
noransom.kaspersky.com/content/themes/ransomware/ 		10 KB
5 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://noransom.kaspersky.com/content/themes/ransomware/svg-symbols.svg
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
91.103.67.151 , Russian Federation, ASN41983 (KL-AS, CH),
Reverse DNS
Software
nginx /
Resource Hash
ae4da3c4ac6f3ef859cc691730a9ec75f3928c7b7139e1d4ae85935477dcb5d2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 10:10:14 GMT
Content-Encoding
gzip
Origin
https://noransom.kaspersky.com
Last-Modified
Thu, 14 Apr 2022 13:17:59 GMT
Server
nginx
ETag
W/"2912-5dc9d1f73dde0"
X-Frame-Options
DENY
Content-Type
image/svg+xml
Access-Control-Allow-Origin
https://noransom.kaspersky.com
Transfer-Encoding
chunked
Connection
keep-alive
Access-Control-Allow-Credentials
false
X-Content-Type-Options
nosniff
MuseoSansCyrl-300.woff2
noransom.kaspersky.com/content/themes/ransomware/static/fonts/ 		55 KB
55 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://noransom.kaspersky.com/content/themes/ransomware/static/fonts/MuseoSansCyrl-300.woff2
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/content/themes/ransomware/static/css/main.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
91.103.67.151 , Russian Federation, ASN41983 (KL-AS, CH),
Reverse DNS
Software
nginx /
Resource Hash
cf698f15418a86648e506d9de05d3360a6bef1848d4d321f7ab01f0b091f953b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://noransom.kaspersky.com/content/themes/ransomware/static/css/main.css
Origin
https://noransom.kaspersky.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 10:10:14 GMT
Origin
https://noransom.kaspersky.com
Last-Modified
Thu, 14 Apr 2022 13:17:57 GMT
Server
nginx
ETag
"daa0-5dc9d1f5655b8"
X-Frame-Options
DENY
Content-Type
font/woff2
Access-Control-Allow-Origin
https://noransom.kaspersky.com
Access-Control-Allow-Credentials
false
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
55968
X-Content-Type-Options
nosniff
MuseoSansCyrl-700.woff2
noransom.kaspersky.com/content/themes/ransomware/static/fonts/ 		53 KB
54 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://noransom.kaspersky.com/content/themes/ransomware/static/fonts/MuseoSansCyrl-700.woff2
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/content/themes/ransomware/static/css/main.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
91.103.67.151 , Russian Federation, ASN41983 (KL-AS, CH),
Reverse DNS
Software
nginx /
Resource Hash
43015d8f1fd579f6eb383521ca52fea6da8ed3be0fe550408a05e7de20e444a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://noransom.kaspersky.com/content/themes/ransomware/static/css/main.css
Origin
https://noransom.kaspersky.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 10:10:14 GMT
Origin
https://noransom.kaspersky.com
Last-Modified
Thu, 14 Apr 2022 13:17:57 GMT
Server
nginx
ETag
"d5a0-5dc9d1f5c45cf"
X-Frame-Options
DENY
Content-Type
font/woff2
Access-Control-Allow-Origin
https://noransom.kaspersky.com
Access-Control-Allow-Credentials
false
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
54688
X-Content-Type-Options
nosniff
MuseoSansCyrl-900.woff2
noransom.kaspersky.com/content/themes/ransomware/static/fonts/ 		49 KB
50 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://noransom.kaspersky.com/content/themes/ransomware/static/fonts/MuseoSansCyrl-900.woff2
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/content/themes/ransomware/static/css/main.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
91.103.67.151 , Russian Federation, ASN41983 (KL-AS, CH),
Reverse DNS
Software
nginx /
Resource Hash
279587113f174ca5ead4cb9a95f726d0c489a0d6fe0c1297d99cbec85e4dfab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://noransom.kaspersky.com/content/themes/ransomware/static/css/main.css
Origin
https://noransom.kaspersky.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 10:10:14 GMT
Origin
https://noransom.kaspersky.com
Last-Modified
Thu, 14 Apr 2022 13:17:58 GMT
Server
nginx
ETag
"c510-5dc9d1f621067"
X-Frame-Options
DENY
Content-Type
font/woff2
Access-Control-Allow-Origin
https://noransom.kaspersky.com
Access-Control-Allow-Credentials
false
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
50448
X-Content-Type-Options
nosniff
KART-1.jpg
noransom.kaspersky.com/content/uploads/2018/04/ 		112 KB
112 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://noransom.kaspersky.com/content/uploads/2018/04/KART-1.jpg
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
91.103.67.151 , Russian Federation, ASN41983 (KL-AS, CH),
Reverse DNS
Software
nginx /
Resource Hash
c762acb008ab90d1ec4857712c46d851042e9858c8bf7360821e0975b530fb33
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 10:10:14 GMT
Content-Encoding
gzip
Origin
https://noransom.kaspersky.com
Last-Modified
Thu, 26 Apr 2018 13:24:50 GMT
Server
nginx
ETag
W/"1c0f2-56ac04fe18c80"
X-Frame-Options
DENY
Content-Type
image/jpeg
Access-Control-Allow-Origin
https://noransom.kaspersky.com
Transfer-Encoding
chunked
Connection
keep-alive
Access-Control-Allow-Credentials
false
X-Content-Type-Options
nosniff
truncated
/ 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/gif
club.png
noransom.kaspersky.com/content/themes/ransomware/static/img/assets/channels/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://noransom.kaspersky.com/content/themes/ransomware/static/img/assets/channels/club.png
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/content/themes/ransomware/static/css/main.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
91.103.67.151 , Russian Federation, ASN41983 (KL-AS, CH),
Reverse DNS
Software
nginx /
Resource Hash
14c5bc2a47638dcdd63ab2276a25fe3be81f0b24fbab44bf6bb1cf28c5580ef5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/content/themes/ransomware/static/css/main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 10:10:14 GMT
Content-Encoding
gzip
Origin
https://noransom.kaspersky.com
Last-Modified
Thu, 14 Apr 2022 13:17:58 GMT
Server
nginx
ETag
W/"5cb-5dc9d1f65aff5"
X-Frame-Options
DENY
Content-Type
image/png
Access-Control-Allow-Origin
https://noransom.kaspersky.com
Transfer-Encoding
chunked
Connection
keep-alive
Access-Control-Allow-Credentials
false
X-Content-Type-Options
nosniff
dest5.html
kaspersky.demdex.net/ Frame 5BA2 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kaspersky.demdex.net/dest5.html?d_nsid=0
Requested by
Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.51.78.176 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-78-176.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://noransom.kaspersky.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
text/html;charset=UTF-8
DCS
dcs-prod-irl1-2-v031-0cf28f2d1.edge-irl1.demdex.com UNKNOWN
Expires
Thu, 01 Jan 1970 00:00:00 UTC
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
p+dT3wtGRbw=
content-encoding
gzip
date
Wed, 20 Apr 2022 10:10:15 GMT
last-modified
Wed, 13 Apr 2022 15:25:41 GMT
transfer-encoding
chunked
vary
accept-encoding
id
kaspersky.d3.sc.omtrdc.net/ 		2 B
323 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://kaspersky.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&mid=68482032896283063662177622662825732138&ts=1650449414521
Requested by
Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://noransom.kaspersky.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Wed, 20 Apr 2022 10:10:14 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-7b6f4bb9f7-kfkk8
vary
Origin
x-c
main-1637.I660130.M0-562
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://noransom.kaspersky.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-type
application/x-javascript;charset=utf-8
content-length
2
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=Yl-cBgAAAGfy0wQE
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=58601168306480921321180679673734284912
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yl-cBgAAAGfy0wQE
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yl-cBgAAAGfy0wQE
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/
Protocol
HTTP/1.1
Server
34.240.179.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-240-179-113.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v031-055e58f9d.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
thSsJgDpRqs=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yl-cBgAAAGfy0wQE
Date
Wed, 20 Apr 2022 10:10:14 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
839281392784015
connect.facebook.net/signals/config/ 		496 KB
145 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/839281392784015?v=2.9.57&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3428e294d39289407a64eb72aab17dae85b421af8cf4dd4b552c2b8c7ded5a20
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
148418
x-xss-protection
0
pragma
public
x-fb-debug
V8viJfL6BIGlhrHS1oIOl/Ve2sbVMYUDRbWxBc/jdlm6AM4726wXDub0Y3A2U1l/51pusq5667WWTjiK2qfsJQ==
x-fb-trip-id
917726464
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Wed, 20 Apr 2022 10:10:14 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
gtm.js
www.googletagmanager.com/ 		420 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7bfcb64b9ec3bc21d2009206bf08e3e2a3ff0f4165eacc9fc8835c71127210ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 10:10:14 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
110042
x-xss-protection
0
last-modified
Wed, 20 Apr 2022 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 20 Apr 2022 10:10:14 GMT
/
www.facebook.com/tr/ 		44 B
297 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=839281392784015&ev=PageView&dl=https%3A%2F%2Fnoransom.kaspersky.com%2F&rl=https%3A%2F%2Ft.co%2F&if=false&ts=1650449415013&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1650449415012.1129206855&it=1650449414587&coo=false&rqm=GET
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 10:10:15 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Wed, 20 Apr 2022 10:10:15 GMT
rate.php
noransom.kaspersky.com/content/themes/ransomware/ 		5 B
383 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://noransom.kaspersky.com/content/themes/ransomware/rate.php
Requested by
Host: noransom.kaspersky.com
URL: https://noransom.kaspersky.com/content/themes/ransomware/static/js/main.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
91.103.67.151 , Russian Federation, ASN41983 (KL-AS, CH),
Reverse DNS
Software
nginx / PHP/7.4.28
Resource Hash
5115faeecc0db1adcfda7bb7a3ffd0bbc008309e0e1dba112ba3fce020ca1788
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Referer
https://noransom.kaspersky.com/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 10:10:15 GMT
Origin
https://noransom.kaspersky.com
Server
nginx
X-Powered-By
PHP/7.4.28
X-Frame-Options
DENY
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
https://noransom.kaspersky.com
Access-Control-Allow-Credentials
false
Connection
keep-alive
Content-Length
5
X-Content-Type-Options
nosniff
uc.js
consent.cookiebot.com/ 		90 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiebot.com/uc.js?cbid=d0dce20b-fb81-4ab6-99e9-1b7a2ba59675
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:baba Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
70139fbcc1972f9d790cc9fb10cd344668feb28bd366da912d62780f4cc2dc18

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 10:10:15 GMT
content-encoding
gzip
last-modified
Tue, 12 Apr 2022 08:26:54 GMT
etag
"01bdd10474ed81:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-expose-headers
Request-Context
cache-control
public, max-age=401
request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
accept-ranges
bytes
content-length
27845
expires
Wed, 20 Apr 2022 10:16:56 GMT
/
www.facebook.com/tr/ 		44 B
91 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=839281392784015&ev=Microdata&dl=https%3A%2F%2Fnoransom.kaspersky.com%2F&rl=https%3A%2F%2Ft.co%2F&if=false&ts=1650449415519&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22No%20Ransom%3A%20Free%20ransomware%20file%20decryption%20tools%20by%20Kaspersky%22%2C%22meta%3Adescription%22%3A%22Learn%20how%20to%20remove%20ransomware%20and%20download%20free%20decryption%20tools%20to%20get%20your%20files%20back.%20Powered%20by%20Kaspersky.%22%2C%22meta%3Akeywords%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Aimage%22%3A%22https%3A%2F%2Fnoransom.kaspersky.com%2Fcontent%2Fthemes%2Fransomware%2Fstatic%2Fimg%2Fassets%2Flogo%2Flogo-bg-square1.png%22%2C%22og%3Adescription%22%3A%22Don%E2%80%99t%20know%20how%20to%20remove%20ransomware%3F%20The%20No%20More%20Ransom%20website%20contains%20free%20decryption%20tools%20and%20comprehensive%20information%20on%20ransomware%20protection.%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.57&r=stable&ec=1&o=30&fbp=fb.1.1650449415012.1129206855&it=1650449414587&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 10:10:15 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority
u=3,i
expires
Wed, 20 Apr 2022 10:10:15 GMT
js
www.googletagmanager.com/gtag/ 		159 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-3G7M1SXZ71&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1815cbf18febdca8c15e39e95b4748bcf623e94083989a2dd9608edd18dde951
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 10:10:15 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60132
x-xss-protection
0
expires
Wed, 20 Apr 2022 10:10:15 GMT
s96098546848783
kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/ 		43 B
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/s96098546848783?AQB=1&ndh=1&pf=1&t=20%2F3%2F2022%2010%3A10%3A15%203%200&mid=68482032896283063662177622662825732138&aamlh=6&ce=UTF-8&ns=kaspersky&cdp=2&pageName=special%20project%20%3E%20home&g=https%3A%2F%2Fnoransom.kaspersky.com%2F&r=https%3A%2F%2Ft.co%2F&cc=USD&ch=special%20project&server=noransom.kaspersky.com&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=special%20project&c3=b2c&v3=special%20project%20%3E%20home&v9=https%3A%2F%2Fnoransom.kaspersky.com%2F&c20=dataLayer&c29=v1%3As_code_single_suite.js%3AtrackPageView%20%3E%20sng.t%3Ap&c30=v1%3A20220414%3A289%3AMicro%20Site%3A%5BNULL%5D&c31=https%3A%2F%2Fnoransom.kaspersky.com%2F&v35=https%3A%2F%2Ft.co%2F&v44=D%3Dv3&c47=Default&v47=D%3Dc47&c51=Micro%20Sites&c57=en-global&v57=D%3Dc57&c58=No%20Ransom%3A%20Free%20ransomware%20file%20decryption%20tools%20by%20Kaspersky&v71=v1%3APage%20View%3A%5BNULL%5D&v113=68482032896283063662177622662825732138&v116=%5BNULL%5D&v125=0.13674606302061698_1650449414271&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&AQE=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 10:10:15 GMT
x-content-type-options
nosniff
x-c
main-1637.I660130.M0-562
p3p
CP="This is not a P3P policy"
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Thu, 21 Apr 2022 10:10:15 GMT
server
jag
xserver
anedge-7b6f4bb9f7-29l2d
etag
3544313131691868160-4619899937939999387
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Tue, 19 Apr 2022 10:10:15 GMT
bc-v4.min.html
consentcdn.cookiebot.com/sdk/ Frame 0502 		627 B
692 B 		Document
General
Check archive.org
Download Go to
Full URL
https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js?cbid=d0dce20b-fb81-4ab6-99e9-1b7a2ba59675
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:281::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104

Request headers

Referer
https://noransom.kaspersky.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=30681221
content-encoding
gzip
content-length
392
content-type
text/html
date
Wed, 20 Apr 2022 10:10:16 GMT
etag
"3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires
Mon, 10 Apr 2023 12:43:57 GMT
last-modified
Mon, 04 Apr 2022 07:23:49 GMT
server
AkamaiNetStorage
server-timing
cdn-cache; desc=HIT edge; dur=1
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mRUM,1
cc.js
consent.cookiebot.com/d0dce20b-fb81-4ab6-99e9-1b7a2ba59675/ 		244 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiebot.com/d0dce20b-fb81-4ab6-99e9-1b7a2ba59675/cc.js?renew=false&referer=noransom.kaspersky.com&dnt=false
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js?cbid=d0dce20b-fb81-4ab6-99e9-1b7a2ba59675
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:baba Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
35743f63c634c69384fdea31073f7fd6d810ee4ecf9f1a3587dc37039c63de8e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://noransom.kaspersky.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 10:10:16 GMT
content-encoding
gzip
last-modified
Wed, 20 Apr 2022 10:10:16 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-expose-headers
Request-Context
cache-control
private, max-age=1200
content-length
55941
request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
truncated
/ 		293 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

126 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails function| fbq function| _fbq object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| dataLayer object| kaspersky object| prmOm object| omPlatformsSettings function| trackKLReferrer function| trackTrialSubmit function| trackFraud function| getFilename function| trackFile function| trackTrial function| trackTrialKMS function| trackPU function| trackPU2 function| trackDoc function| trackBeta function| trackDBUpdate function| trackDRFile function| trackLink function| trackCountrySelector function| trackLRC function| trackIPP function| trackPage function| trackLRCFallback function| trackMaxymiser function| trackAuditories function| trackCroSegment function| trackCta function| trackDownload function| trackEvent function| trackExit function| trackForm function| trackGoToPayment function| trackChangePaymentMethod function| trackLena function| trackMarketLincGroup function| trackMarketLincVisitor function| trackPageView function| trackPageViewOnLoad function| trackPartnerLocatorSearchEvent function| trackProductView function| trackRegistration function| trackSaleButton function| trackSignin function| trackSignIn function| trackUpsellPage function| omSetContext function| omSetOmnitureParameters function| omChooseCookieDomain function| omGetAbsoluteUrl function| omGetBusinessType function| omGetGoogleAnalyticsClientId function| omGetHostName function| omGetOrigin function| omGetPageNameFromPath function| omGetQueryParam function| omReadCookie function| omRemoveAllUrlParameters function| omRemoveAllUrlParametersForDownloads function| omRemoveUrlParameter function| omRemoveCookie function| omSafeParseJson function| omSetCookie function| omSetInp function| removeHashFromString function| omPushEventToDataLayer function| omCreateEventParamsObj function| omPushTrackingObjectToDataLayer function| omPrepareProductsString function| omHandleClick function| omHandleMessage function| e object| sng object| s object| visitorConfigObj function| AppMeasurement function| s_gi function| s_pgicq object| adobe function| Visitor object| s_c_il number| s_c_in object| _uxa number| s_objectID number| s_giq function| $ function| jQuery object| localizationInfo object| recaptcha object| google_tag_manager function| postscribe object| google_tag_manager_external object| regeneratorRuntime object| JSON3 function| onYouTubeIframeAPIReady string| main_loc undefined| in_domain undefined| locale_out undefined| url_path_start_latam undefined| locale_out_latam undefined| firstPart undefined| locale undefined| url_path_start object| google_tag_data object| s_i_kaspersky-single-suite object| CookieControl function| __uspapi function| addUspapiLocatorFrame function| __handleUspapiMessage function| propagateIABStub object| Cookiebot object| CookieConsent object| CookiebotDialog object| CookieConsentDialog

9 Cookies

Domain/Path Name / Value
.t.co/ Name: muc
Value: 614a6003-8253-49e6-a25f-4948c330f64e
.kaspersky.com/ Name: _cs_mk
Value: 0.13674606302061698_1650449414271
.demdex.net/ Name: demdex
Value: 58601168306480921321180679673734284912
.kaspersky.com/ Name: AMCVS_983502BE532960BE0A490D4C%40AdobeOrg
Value: 1
.kaspersky.com/ Name: _fbp
Value: fb.1.1650449415012.1129206855
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Yl-cBgAAAGfy0wQE
.dpm.demdex.net/ Name: dpm
Value: 58601168306480921321180679673734284912
.kaspersky.com/ Name: AMCV_983502BE532960BE0A490D4C%40AdobeOrg
Value: 1585540135%7CMCIDTS%7C19103%7CMCMID%7C68482032896283063662177622662825732138%7CMCAAMLH-1651054214%7C6%7CMCAAMB-1651054214%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1650456615s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19110%7CvVersion%7C4.4.0
.kaspersky.com/ Name: s_cc
Value: true

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cm.everesttech.net
connect.facebook.net
consent.cookiebot.com
consentcdn.cookiebot.com
dpm.demdex.net
kaspersky.d3.sc.omtrdc.net
kaspersky.demdex.net
media.kaspersky.com
noransom.kaspersky.com
t.co
www.facebook.com
www.google.com
www.googletagmanager.com
www.gstatic.com
104.244.42.197
13.36.218.177
185.85.15.31
2a00:1450:4001:810::2004
2a00:1450:4001:829::2008
2a00:1450:4001:82b::2003
2a02:26f0:6c00:281::f09
2a02:26f0:6c00::210:baba
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
34.240.179.113
52.51.78.176
52.51.88.158
91.103.67.151
0021c4f5d5ff63e64ec5564d3750d1d6d20ae09fe241e4a10998ac4810ec1f2c
008492ee36278d4f300987c9fdbba1772a91430d66a5a1a835903bf25334cb04
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14c5bc2a47638dcdd63ab2276a25fe3be81f0b24fbab44bf6bb1cf28c5580ef5
1815cbf18febdca8c15e39e95b4748bcf623e94083989a2dd9608edd18dde951
25ab69caf12d0d5d06289a483f2cd1a672fcfc8c60cb0a13056f1221b7bc1f79
279587113f174ca5ead4cb9a95f726d0c489a0d6fe0c1297d99cbec85e4dfab6
3428e294d39289407a64eb72aab17dae85b421af8cf4dd4b552c2b8c7ded5a20
35743f63c634c69384fdea31073f7fd6d810ee4ecf9f1a3587dc37039c63de8e
43015d8f1fd579f6eb383521ca52fea6da8ed3be0fe550408a05e7de20e444a0
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
5115faeecc0db1adcfda7bb7a3ffd0bbc008309e0e1dba112ba3fce020ca1788
578d161057d45151b3b3bac271a43d41995075b12548328e21ddbb09838e5889
5e28c84350d366bdfe2f975b140ff03da2914afad19d8d72f93626714bbee238
6670587c6c6f7eaea610366096842e6256d42aa527149b0627416005f81f3390
67fe938e139c62e71b1fcd3055ee728ac19dd266ce33217ee69ef253bfe91605
70139fbcc1972f9d790cc9fb10cd344668feb28bd366da912d62780f4cc2dc18
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7bfcb64b9ec3bc21d2009206bf08e3e2a3ff0f4165eacc9fc8835c71127210ca
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979
9d31ba6646e46f3b036de14325472c4be1c992e80ed978b470c4f598e803a953
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
ae4da3c4ac6f3ef859cc691730a9ec75f3928c7b7139e1d4ae85935477dcb5d2
b3b3cb90a7ed89725522255170cc8b7a4b98d4f457ba4ebe222101e978d4ba15
c762acb008ab90d1ec4857712c46d851042e9858c8bf7360821e0975b530fb33
cf698f15418a86648e506d9de05d3360a6bef1848d4d321f7ab01f0b091f953b
da0ea743dc1517602dd3893b85ae1268d838e7e766a19bfaad7fe7dff2af1e7e
dea5bb320b8aa794d70c8a893b5a7122ef6acc8a4c553562538a7143ec7727ad
e3b0030a7bfb603763421309a23e681f5b85ff1723d7221b2d363ddff1a6c6b7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e