urlscan.io logo urlscan.io
SecurityTrails logo

www.seqrite.com Open in urlscan Pro
103.228.50.20  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Submission: On November 19 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 6 countries across 9 domains to perform 74 HTTP transactions. The main IP is 103.228.50.20, located in India and belongs to BALASAINET-AS Balasai Net Pvt. Ltd., IN. The main domain is www.seqrite.com.
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on November 11th 2019. Valid for: a year.
This is the only time www.seqrite.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

59    103.228.50.20 (India)

ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN)
PTR: 50-20.static-pnq.balasai.com
www.seqrite.com
2    2001:4de0:ac19::1:b:1b (Netherlands)

ASN20446 (HIGHWINDS3, US)
maxcdn.bootstrapcdn.com
1    2a00:1450:4001:818::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
fonts.googleapis.com
2    2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
4    2a00:1450:4001:819::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a03:2880:f02d:e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK, US)
graph.facebook.com
Domain Requested by
59 www.seqrite.com www.seqrite.com
4 fonts.gstatic.com fonts.googleapis.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 platform.twitter.com www.seqrite.com
platform.twitter.com
2 maxcdn.bootstrapcdn.com www.seqrite.com
maxcdn.bootstrapcdn.com
1 graph.facebook.com www.seqrite.com
1 stats.g.doubleclick.net www.google-analytics.com
1 fonts.googleapis.com ajax.googleapis.com
1 ajax.googleapis.com www.seqrite.com
1 www.googletagmanager.com www.seqrite.com
74 10
Subject Issuer Validity Valid
*.seqrite.com
RapidSSL TLS RSA CA G1		 2019-11-11 -
2021-01-09		 a year crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2020-09-22 -
2021-10-12		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-10-28 -
2021-01-20		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-10-28 -
2021-01-20		 3 months crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2020-11-05 -
2021-11-09		 a year crt.sh
*.gstatic.com
GTS CA 1O1		 2020-10-28 -
2021-01-20		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-10-28 -
2021-01-20		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-11-02 -
2021-01-30		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Frame ID: 8DE94B4F71700C87B4BC2AB3C4A55AB6
Requests: 80 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.96fd96193cc66c3e11d4c5e4c7c7ec97.html?origin=https%3A%2F%2Fwww.seqrite.com
Frame ID: 55E5DB875A3A278C18A4629212F70A7E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

74
Requests

100 %
HTTPS

89 %
IPv6

9
Domains

10
Subdomains

10
IPs

6
Countries

1904 kB
Transfer

2580 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

74 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/ 		108 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache / PHP/5.3.14 ZendServer/5.0
Resource Hash
edac341909a1c3d3b7715cb76fed09a5070dc42e11e7f9c3f06c084eb912afa6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
www.seqrite.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:01 GMT
Server
Apache
X-Powered-By
PHP/5.3.14 ZendServer/5.0
X-Pingback
https://www.seqrite.com/blog/xmlrpc.php
Link
<https://www.seqrite.com/blog/wp-json/>; rel="https://api.w.org/" <https://www.seqrite.com/blog/?p=4580>; rel=shortlink
Cache-Control
max-age=2592000
Expires
Sat, 19 Dec 2020 13:43:01 GMT
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Content-Length
24353
Connection
close
Content-Type
text/html; charset=UTF-8
selection-sharer.css
www.seqrite.com/blog/wp-content/plugins/selection-sharer/css/ 		7 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/plugins/selection-sharer/css/selection-sharer.css?ver=0.1
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
bdf601f8148de797c84344e7c3b5bab384c195b7c7ac227c27cb0e05e491edc1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:02 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 13 Apr 2018 06:33:54 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
2646
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:02 GMT
email-subscribers-public.css
www.seqrite.com/blog/wp-content/plugins/email-subscribers/public/css/ 		807 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/plugins/email-subscribers/public/css/email-subscribers-public.css
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
f84eb4571c0eb40823ed47af468684cc9703ecfc89f6a38e569a470d504a3504
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:02 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 05 Aug 2019 06:40:46 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
363
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:02 GMT
style.css
www.seqrite.com/blog/wp-content/themes/goblog/ 		69 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/themes/goblog/style.css?ver=4.8.3
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
62b6bc5c239e5c0d68611117ce3960a76aeaed230392f0086d570644d10b7a56
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:02 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 08 Aug 2019 06:10:20 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
15261
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:02 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ 		27 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css?ver=2.2.0
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:1b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 19 Nov 2020 14:28:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 12 Dec 2018 18:35:19 GMT
etag
"1544639719"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
6241
magnific-popup.css
www.seqrite.com/blog/wp-content/themes/goblog/css/ 		8 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/themes/goblog/css/magnific-popup.css?ver=4.8.3
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
0fbf945eae1c5869be401c6db68da93f5a47f2c1ff6072151ebb4b2dea6d4f62
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:03 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Feb 2016 09:40:14 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
1936
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:03 GMT
responsive.css
www.seqrite.com/blog/wp-content/themes/goblog/css/ 		13 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/themes/goblog/css/responsive.css?ver=4.8.3
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
93754643da5a46ca1b7e1f6ba4378655974e11e1cbb432e8c5cbf54804b722bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:02 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Feb 2016 09:40:14 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
3334
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:02 GMT
wpp.css
www.seqrite.com/blog/wp-content/plugins/wordpress-popular-posts/style/ 		889 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/plugins/wordpress-popular-posts/style/wpp.css?ver=3.2.2
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
b4ae8ad8c560bb87aa8fe03d597e2a69eef809072a35415d32ba68757e13ece6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:02 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Feb 2016 09:41:46 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
433
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:02 GMT
sassy-social-share-public.css
www.seqrite.com/blog/wp-content/plugins/sassy-social-share/public/css/ 		30 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css?ver=3.2.3
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
680a80d356565114378e038218e6971571fb76e54ff0530999d38f2b3c99368f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:03 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 03 Jul 2018 09:32:39 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
8569
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:03 GMT
sassy-social-share-svg.css
www.seqrite.com/blog/wp-content/plugins/sassy-social-share/admin/css/ 		117 KB
37 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/plugins/sassy-social-share/admin/css/sassy-social-share-svg.css?ver=3.2.3
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
1c5fe2a18d6a2a223e6b8ee3f1876e841873b9235e2f170226eb583e073f587c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:03 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 03 Jul 2018 09:32:39 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
36679
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:03 GMT
jquery.js
www.seqrite.com/blog/wp-includes/js/jquery/ 		95 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-includes/js/jquery/jquery.js?ver=1.12.4
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:03 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 23 May 2016 19:30:30 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=31536000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
33766
X-XSS-Protection
1; mode=block
Expires
Fri, 19 Nov 2021 13:43:03 GMT
jquery-migrate.min.js
www.seqrite.com/blog/wp-includes/js/jquery/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:04 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 20 May 2016 16:41:28 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=31536000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
4014
X-XSS-Protection
1; mode=block
Expires
Fri, 19 Nov 2021 13:43:04 GMT
email-subscribers-public.js
www.seqrite.com/blog/wp-content/plugins/email-subscribers/public/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/plugins/email-subscribers/public/js/email-subscribers-public.js
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
34e35f893b634d5439db39f3c4f202ddc21aaf406e5724e8c118d513f086752f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:04 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 05 Aug 2019 06:40:50 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=31536000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
1458
X-XSS-Protection
1; mode=block
Expires
Fri, 19 Nov 2021 13:43:04 GMT
js
www.googletagmanager.com/gtag/ 		96 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-104093208-1
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c57527365136e97712143cb807f3f30646de6720b094f6ffa8a1acca6182fcdc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 19 Nov 2020 14:28:30 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38694
x-xss-protection
0
last-modified
Thu, 19 Nov 2020 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 19 Nov 2020 14:28:30 GMT
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1.5.3/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1.5.3/webfont.js
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
36ef095d011c4ced97b0acef551ca36d76b95299518595dc1acab792a2344601
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 13 Nov 2020 13:08:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
523199
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6791
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Nov 2021 13:08:31 GMT
seqrite_logo.jpg
www.seqrite.com/blog/wp-content/uploads/2019/02/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2019/02/seqrite_logo.jpg
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
3d602bd6510bdbcbcdb3e9fdcd9d23ab1bb0a44a41a2ecbc4d0daa55698e9c63
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:11 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 04 Feb 2019 14:13:54 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
4447
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:11 GMT
Thanos-Ransomware-adopts-hyper-weaponized-RIPlace-tactics-%E2%80%94-collects-huge-pay-offs.-770x360.jpg
www.seqrite.com/blog/wp-content/uploads/2020/11/ 		44 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/11/Thanos-Ransomware-adopts-hyper-weaponized-RIPlace-tactics-%E2%80%94-collects-huge-pay-offs.-770x360.jpg
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
e4645fb109bbb5d69bbfdeed02d15e2ed8001c333f3d1af1131aaf4f8fc8bcb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:11 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 18 Nov 2020 05:37:25 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
44869
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:11 GMT
priyanka_s-150x150.jpg
www.seqrite.com/blog/wp-content/uploads/2020/11/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/11/priyanka_s-150x150.jpg
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
313b529360ef15287929bf04fa0a29bbf84a08935ad39383ef09a710ccef5538
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:12 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 12 Nov 2020 12:14:12 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
6982
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:12 GMT
1.png
www.seqrite.com/blog/wp-content/uploads/2020/11/ 		98 KB
99 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/11/1.png
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
879bd79881de1930ac74d794359c345a63fbe029967a98e8b86ffb3954123c71
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:13 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 12 Nov 2020 11:22:42 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
100234
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:13 GMT
2.png
www.seqrite.com/blog/wp-content/uploads/2020/11/ 		64 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/11/2.png
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
a50298fe5412934b798ff0e368941f037ee3fae229468a79ac795b6e29523513
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:14 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 12 Nov 2020 11:23:25 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
65221
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:14 GMT
3.png
www.seqrite.com/blog/wp-content/uploads/2020/11/ 		507 KB
508 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/11/3.png
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
b4f7d8942d2f1737719f74c889c106fa9f38687f69774f7347907cb2e75206d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:14 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 12 Nov 2020 11:24:21 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
518892
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:14 GMT
4.png
www.seqrite.com/blog/wp-content/uploads/2020/11/ 		39 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/11/4.png
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
e4c46a3ca546d132d317811ff906ec065edf793ffcac85f818e00a9862150fff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:17 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 12 Nov 2020 11:25:31 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
39519
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:17 GMT
5.png
www.seqrite.com/blog/wp-content/uploads/2020/11/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/11/5.png
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
7394b7376c0bbf07e6a2737cbc677ea59613d68d33989b34fbeb3db02c7528f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:17 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 12 Nov 2020 11:26:42 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
16816
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:17 GMT
table.png
www.seqrite.com/blog/wp-content/uploads/2020/11/ 		22 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/11/table.png
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
3c029f2eb5bb38bd0f410719bad3b93cd85a9aaff0eebe458f9d40f1151340c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:17 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 12 Nov 2020 11:28:31 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
22647
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:17 GMT
6.png
www.seqrite.com/blog/wp-content/uploads/2020/11/ 		103 KB
104 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/11/6.png
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
85fb51e9f1327441d94b2c76706a1457a8f31de75fe4e3fa56057b089fce67bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:17 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 12 Nov 2020 11:31:13 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
105487
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:17 GMT
7.png
www.seqrite.com/blog/wp-content/uploads/2020/11/ 		116 KB
117 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/11/7.png
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
3c81e37e4d5a992f8257eb869d6bbbb2097382663c57544d70565284e491953c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:17 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 12 Nov 2020 11:33:26 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
118734
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:17 GMT
8.png
www.seqrite.com/blog/wp-content/uploads/2020/11/ 		118 KB
119 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/11/8.png
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
f2f80bf31de55ba662a002f40b489c8df6816517dc57c7afec3d57c5caa62506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:18 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 12 Nov 2020 11:34:13 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
120972
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:18 GMT
9.png
www.seqrite.com/blog/wp-content/uploads/2020/11/ 		70 KB
70 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/11/9.png
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
c59a0ffa115962d36dcef0de9602c89237a7c479f0d89a7e35db5918205a9181
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:18 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 12 Nov 2020 11:36:15 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
71210
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:18 GMT
10.png
www.seqrite.com/blog/wp-content/uploads/2020/11/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/11/10.png
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
2f71bc5ce723f15356b386ef8f915318b7e4eb0c00bd695399214cf9947f481f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:18 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 12 Nov 2020 11:37:23 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
30349
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:18 GMT
priyanka_s-226x168.jpg
www.seqrite.com/blog/wp-content/uploads/2020/11/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/11/priyanka_s-226x168.jpg
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
bd96b94f22f74265c000963bd4a49a95f9671189b8db4084f32e19df1e70d0c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:18 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 12 Nov 2020 12:14:12 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
9830
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:18 GMT
Could-rising-unemployment-lead-to-an-increase-in-cybercrimes-240x185.jpg
www.seqrite.com/blog/wp-content/uploads/2020/11/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/11/Could-rising-unemployment-lead-to-an-increase-in-cybercrimes-240x185.jpg
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
381a71814abbaba9947866b1ca73ae5afd7104e47e7259de3cbf81452fc8ea4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:18 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 06 Nov 2020 10:44:23 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
10163
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:18 GMT
Malware-as-a-service-Cybercrime%E2%80%99s-nine-to-five-240x185.png
www.seqrite.com/blog/wp-content/uploads/2020/10/ 		72 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/10/Malware-as-a-service-Cybercrime%E2%80%99s-nine-to-five-240x185.png
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
c9250b936e8a03fa333cde699acb9cbd6c47bee621045237a426184080f04a15
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:19 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 30 Oct 2020 13:10:12 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
73343
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:19 GMT
Seqrite-Endpoint-Security-supports-Windows-10-October-2020-Update-240x185.png
www.seqrite.com/blog/wp-content/uploads/2020/10/ 		58 KB
59 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/10/Seqrite-Endpoint-Security-supports-Windows-10-October-2020-Update-240x185.png
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
823874328b5368a5f6ed5a64b10fe19f927d515079a806f09ef78baaa45aeeda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:19 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 26 Oct 2020 07:54:51 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
59429
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:19 GMT
securimage_show.php
www.seqrite.com/blog/wp-content/plugins/si-captcha-for-wordpress/captcha/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/plugins/si-captcha-for-wordpress/captcha/securimage_show.php?si_form_id=com&prefix=TycOIztQJq7tQNDl
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache / PHP/5.3.14 ZendServer/5.0
Resource Hash
9efb59d8a7a273ce786cbbacfb083a3b9e9eaf1cb9235e2d7e7cee1231f83472
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 19 Nov 2020 13:43:19 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 19 Nov 2020 13:43:19GMT
Server
Apache
X-Powered-By
PHP/5.3.14 ZendServer/5.0
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/png
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
Vary
Accept-Encoding,User-Agent
Content-Length
17604
X-XSS-Protection
1; mode=block
Expires
Mon, 26 Jul 1997 05:00:00 GMT
refresh.png
www.seqrite.com/blog/wp-content/plugins/si-captcha-for-wordpress/captcha/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/plugins/si-captcha-for-wordpress/captcha/images/refresh.png
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
7efa72f5d3878a1f7145d552d8d2186bac3942fce7b3d7e3a51550c3bc9ab3cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:19 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Feb 2016 09:42:14 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
1106
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:19 GMT
2158-featured-80x81.jpg
www.seqrite.com/blog/wp-content/uploads/wordpress-popular-posts/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/wordpress-popular-posts/2158-featured-80x81.jpg
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
a8fee4cbbd9d665342da792fa3055b33d508f4ff3cd63065562eb0e5e68f481f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:16 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 30 May 2018 17:55:18 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
3329
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:16 GMT
1008-featured-80x81.jpg
www.seqrite.com/blog/wp-content/uploads/wordpress-popular-posts/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/wordpress-popular-posts/1008-featured-80x81.jpg
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
13d874471687d90dfb9d1aa90cfe742ee68fc016db77197306ee7d0f43db453d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:16 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 07 Feb 2019 15:14:55 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
2707
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:16 GMT
4493-featured-80x81.png
www.seqrite.com/blog/wp-content/uploads/wordpress-popular-posts/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/wordpress-popular-posts/4493-featured-80x81.png
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
9109301be9b91ad725cf3f91a13c37ef1c81d4b6d479673866e734f27b75b765
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:17 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 24 Sep 2020 14:02:02 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
13773
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:17 GMT
Final_seqrite_logo-red-option.png
www.seqrite.com/blog/wp-content/uploads/2017/06/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2017/06/Final_seqrite_logo-red-option.png
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
9d70a7e2a86a40b03aec810c473ff1443d9fa5181cb04b60f53454eead9ba579
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:17 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 27 Jun 2017 08:05:40 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
1450
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:17 GMT
Profile-150x150.jpg
www.seqrite.com/blog/wp-content/uploads/2019/07/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2019/07/Profile-150x150.jpg
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
4bf1ad51812d94bcd7e143640de308139744230c687fee1f613925e44f3dcf50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:16 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 03 Jul 2019 13:22:43 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
6412
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:16 GMT
SK_Photo12-150x149.jpg
www.seqrite.com/blog/wp-content/uploads/2017/09/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2017/09/SK_Photo12-150x149.jpg
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
c4594d5cd9d4ae7683d9af90f8946692ded44d22e423bc6700ff671c8fe2d00f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:17 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 25 Sep 2017 06:43:44 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
4765
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:17 GMT
Seqrite-Endpoint-Security-7.6-supports-macOS-Big-Sur-11-81x80.jpg
www.seqrite.com/blog/wp-content/uploads/2020/11/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/11/Seqrite-Endpoint-Security-7.6-supports-macOS-Big-Sur-11-81x80.jpg
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
e4b1c3567f8686ec70f7757ff390deedfc84d898406387b7d135616f5ead2e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:19 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 18 Nov 2020 10:03:32 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
2905
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:19 GMT
Seqrite-Endpoint-Security-Cloud-1.4-supports-macOS-Big-Sur-11-1-81x80.jpg
www.seqrite.com/blog/wp-content/uploads/2020/11/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/11/Seqrite-Endpoint-Security-Cloud-1.4-supports-macOS-Big-Sur-11-1-81x80.jpg
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
0c1db5822a02d411ef1a5164ef77c1322e91c9069eb010b53874ce4ea5b6111a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:21 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 13 Nov 2020 08:51:04 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
3088
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:21 GMT
Could-rising-unemployment-lead-to-an-increase-in-cybercrimes-81x80.jpg
www.seqrite.com/blog/wp-content/uploads/2020/11/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/uploads/2020/11/Could-rising-unemployment-lead-to-an-increase-in-cybercrimes-81x80.jpg
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
6dd7eca1dd781fd607b90cc77cee12257f5832f78193bf2d50cd76d751149128
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:19 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 06 Nov 2020 10:50:02 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
2569
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:19 GMT
spinner.gif
www.seqrite.com/blog/wp-content/plugins/email-subscribers/public/images/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/plugins/email-subscribers/public/images/spinner.gif
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
7837e876f1eef549b3250b78380ec2df00ad6da4da6c27667424b1636854df3c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:19 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 05 Aug 2019 06:40:50 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/gif
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
3208
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:19 GMT
si_captcha.js
www.seqrite.com/blog/wp-content/plugins/si-captcha-for-wordpress/captcha/ 		685 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/plugins/si-captcha-for-wordpress/captcha/si_captcha.js?ver=1.0
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
c52d8ecaada50da7a9739ca285872b431fad51042eccf398e2c2ecad8013880b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:06 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Feb 2016 09:42:14 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=31536000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
380
X-XSS-Protection
1; mode=block
Expires
Fri, 19 Nov 2021 13:43:06 GMT
slickQuiz.css
www.seqrite.com/blog/wp-content/plugins/slickquiz/slickquiz/css/ 		908 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/plugins/slickquiz/slickquiz/css/slickQuiz.css?ver=4.8.3
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
48d1d7078b27223c895b4a9604916429879cc4e00e3a8772d64c76aa406711f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:06 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 03 Apr 2017 09:41:26 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
475
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:06 GMT
front.css
www.seqrite.com/blog/wp-content/plugins/slickquiz/css/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/plugins/slickquiz/css/front.css?ver=4.8.3
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
0f8a76154e9d4d4f95724c6fa01caa18d4511ad594363004e03055859da90ccf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:07 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 03 Apr 2017 09:38:50 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
929
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:07 GMT
comment-reply.min.js
www.seqrite.com/blog/wp-includes/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-includes/js/comment-reply.min.js?ver=4.8.3
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
1b1ca0f15010e0124bd4ca481404643c88f7eda1b276e9554d0ed83fb45b7e30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:07 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 19 Nov 2015 06:45:28 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=31536000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
589
X-XSS-Protection
1; mode=block
Expires
Fri, 19 Nov 2021 13:43:07 GMT
jquery.magnific-popup.min.js
www.seqrite.com/blog/wp-content/themes/goblog/js/ 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/themes/goblog/js/jquery.magnific-popup.min.js?ver=0.9.9
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
21afd5dde7c1a80e8227df99b65b838d02411ee25dd37c8c6de6ab9b4a6a11f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:08 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Feb 2016 09:40:16 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=31536000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
7840
X-XSS-Protection
1; mode=block
Expires
Fri, 19 Nov 2021 13:43:08 GMT
theme-scripts.js
www.seqrite.com/blog/wp-content/themes/goblog/js/ 		64 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/themes/goblog/js/theme-scripts.js?ver=1.0
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
a46ad0cf194211eaa38d041861c834baca57d2531fa6bf7ed766441400f8c914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:08 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Feb 2016 09:40:16 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=31536000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
14567
X-XSS-Protection
1; mode=block
Expires
Fri, 19 Nov 2021 13:43:08 GMT
sassy-social-share-public.js
www.seqrite.com/blog/wp-content/plugins/sassy-social-share/public/js/ 		46 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js?ver=3.2.3
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
d4e8aef3270141a3bd33cfa0c36a91d75a3960a1e4a7eb346aa72101fa99f34b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:09 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 03 Jul 2018 09:32:39 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=31536000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
11655
X-XSS-Protection
1; mode=block
Expires
Fri, 19 Nov 2021 13:43:09 GMT
wp-embed.min.js
www.seqrite.com/blog/wp-includes/js/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-includes/js/wp-embed.min.js?ver=4.8.3
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
dcb5e540e62fc85857254a1066afb6a7e8999279c6d4c583eef855d39f9289c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:09 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 08 Nov 2017 07:20:23 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=31536000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
751
X-XSS-Protection
1; mode=block
Expires
Fri, 19 Nov 2021 13:43:09 GMT
selection-sharer.js
www.seqrite.com/blog/wp-content/plugins/selection-sharer/js/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/plugins/selection-sharer/js/selection-sharer.js?ver=0.1
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
04ea9714d2e845a02edcf1e3fafb76025674c880b42fa902f48f76b2d21ef045
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:10 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 13 Apr 2018 06:52:48 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=31536000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
2772
X-XSS-Protection
1; mode=block
Expires
Fri, 19 Nov 2021 13:43:10 GMT
slickQuiz.js
www.seqrite.com/blog/wp-content/plugins/slickquiz/slickquiz/js/ 		37 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/plugins/slickquiz/slickquiz/js/slickQuiz.js?ver=4.8.3
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
5ac7017782855b44f36da92da024c5de980002bd06ca9c94dc631e8c26e9b57c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:10 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 03 Apr 2017 09:41:43 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=31536000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
7289
X-XSS-Protection
1; mode=block
Expires
Fri, 19 Nov 2021 13:43:10 GMT
widgets.js
platform.twitter.com/ 		95 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js?ver=4.8.3
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40DD) /
Resource Hash
2b418a10ba4680c77fa07fb0e736eec6306cba0dbbbc8deac94a25e679178e15

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 14:28:30 GMT
Content-Encoding
gzip
Last-Modified
Thu, 01 Oct 2020 21:52:09 GMT
Server
ECS (fcn/40DD)
Age
18
Etag
"a671d4d584ef50954e5cebb21da17065+gzip"
Vary
Accept-Encoding
x-tw-cdn
VZ
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
X-Cache
HIT
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Content-Length
28698
main.min.js
www.seqrite.com/blog/wp-content/plugins/icegram/assets/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/plugins/icegram/assets/js/main.min.js?ver=1.10.16
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
9ebff7017dd268671621d8ee78f8d0fbbc8acf656f7f7988aec31da68be69e2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 23 Mar 2018 10:38:53 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=31536000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
975
X-XSS-Protection
1; mode=block
Expires
Fri, 19 Nov 2021 13:43:11 GMT
css
fonts.googleapis.com/ 		8 KB
962 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Noto+Sans:400%7CMontserrat:400%7COpen+Sans:700,600&amp;subset=latin
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.5.3/webfont.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ee35adbe96ff0b7ef2205a65bd7962a44e87b03c2200735cee75d4023c6636f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 19 Nov 2020 14:28:30 GMT
server
ESF
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
date
Thu, 19 Nov 2020 14:28:30 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Thu, 19 Nov 2020 14:28:30 GMT
o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2
fonts.gstatic.com/s/notosans/v11/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notosans/v11/o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400%7CMontserrat:400%7COpen+Sans:700,600&amp;subset=latin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e56f53b3b976e9c05d86645a1e85cfc69e961601d201e957768455580fa30478
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.seqrite.com
Referer
https://fonts.googleapis.com/css?family=Noto+Sans:400%7CMontserrat:400%7COpen+Sans:700,600&amp;subset=latin
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 17 Nov 2020 02:40:01 GMT
x-content-type-options
nosniff
last-modified
Thu, 24 Sep 2020 23:50:56 GMT
server
sffe
age
215309
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10292
x-xss-protection
0
expires
Wed, 17 Nov 2021 02:40:01 GMT
JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
fonts.gstatic.com/s/montserrat/v15/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v15/JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400%7CMontserrat:400%7COpen+Sans:700,600&amp;subset=latin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0ce5a460ace775560c3344a43245687bdbec5cb8ee20d209ab9fa67f4e09a3e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.seqrite.com
Referer
https://fonts.googleapis.com/css?family=Noto+Sans:400%7CMontserrat:400%7COpen+Sans:700,600&amp;subset=latin
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 12 Nov 2020 22:45:23 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:12:14 GMT
server
sffe
age
574987
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13708
x-xss-protection
0
expires
Fri, 12 Nov 2021 22:45:23 GMT
mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400%7CMontserrat:400%7COpen+Sans:700,600&amp;subset=latin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.seqrite.com
Referer
https://fonts.googleapis.com/css?family=Noto+Sans:400%7CMontserrat:400%7COpen+Sans:700,600&amp;subset=latin
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 16 Nov 2020 16:29:44 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:10:27 GMT
server
sffe
age
251926
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9080
x-xss-protection
0
expires
Tue, 16 Nov 2021 16:29:44 GMT
admin-ajax.php
www.seqrite.com/blog/wp-admin/ 		41 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-admin/admin-ajax.php
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache / PHP/5.3.14 ZendServer/5.0
Resource Hash
18a0e801d234cf1c91bcf57b7632322952685536ce0cf31ae29734535a1ad8b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

Date
Thu, 19 Nov 2020 13:43:16 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
PHP/5.3.14 ZendServer/5.0
Connection
close
Content-Length
61
X-XSS-Protection
1; mode=block
Server
Apache
X-Frame-Options
SAMEORIGIN, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Vary
Accept-Encoding,User-Agent
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
https://www.seqrite.com
Cache-Control
no-cache, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
X-Robots-Tag
noindex
Expires
Wed, 11 Jan 1984 05:00:00 GMT
bg.png
www.seqrite.com/blog/wp-content/themes/goblog/images/ 		95 B
969 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.seqrite.com/blog/wp-content/themes/goblog/images/bg.png
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:16 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Feb 2016 09:40:14 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
95
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:16 GMT
truncated
/ 		302 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b980f62a2d545d64f24e6f96902c8fbf5da0018569c369bc18f9e5b5fcf099ed

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/ 		682 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c2e8b4fba49f90cfca5a43371c09879aed7447e0ba2ed4abd75b81448776c4f7

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/ 		425 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
54c9560cb0117d8d1f955aefe0f88b843517964e118512d8f1a224a8a9b662f4

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/ 		436 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2662e0eef0f270830358bb255f079f695da71794ecbe8ba0825200862d8e9746

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/ 		65 KB
65 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0
Requested by
Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css?ver=2.2.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:1b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.seqrite.com
Referer
https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css?ver=2.2.0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 19 Nov 2020 14:28:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 12 Dec 2018 18:36:18 GMT
etag
"1544639778"
vary
Accept-Encoding
x-cache
HIT
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
66632
mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400%7CMontserrat:400%7COpen+Sans:700,600&amp;subset=latin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.seqrite.com
Referer
https://fonts.googleapis.com/css?family=Noto+Sans:400%7CMontserrat:400%7COpen+Sans:700,600&amp;subset=latin
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 14 Nov 2020 18:45:38 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:09:49 GMT
server
sffe
age
416577
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9180
x-xss-protection
0
expires
Sun, 14 Nov 2021 18:45:38 GMT
frontend.min.css
www.seqrite.com/blog/wp-content/plugins/icegram/assets/css/ 		19 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/plugins/icegram/assets/css/frontend.min.css?var=1.10.16
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/wp-includes/js/jquery/jquery.js?ver=1.12.4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
92d8884bb3f73093e6d0d49afb2d4e3129c7f92f5f9b0b741d2dc61a75dff904
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:16 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 23 Mar 2018 10:38:15 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
2386
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:16 GMT
popup.min.css
www.seqrite.com/blog/wp-content/plugins/icegram/message-types/popup/themes/ 		21 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/plugins/icegram/message-types/popup/themes/popup.min.css?var=1.10.16
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/wp-includes/js/jquery/jquery.js?ver=1.12.4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
2fea67957caea31ef5c4541c83f121cb0dd690da9c3e16c8a1a88ab60b7fcccb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:16 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 23 Mar 2018 10:39:41 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
4400
X-XSS-Protection
1; mode=block
Expires
Sat, 19 Dec 2020 13:43:16 GMT
icegram.min.js
www.seqrite.com/blog/wp-content/plugins/icegram/assets/js/ 		45 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-content/plugins/icegram/assets/js/icegram.min.js?var=1.10.16
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/wp-includes/js/jquery/jquery.js?ver=1.12.4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache /
Resource Hash
9bfbc0be0ca1c7fc6220860de2077caec179c03c5ff29e68bbeb148fe23d657c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:19 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 23 Mar 2018 10:38:53 GMT
Server
Apache
X-Frame-Options
ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=31536000
Connection
close
Accept-Ranges
bytes
Vary
Accept-Encoding,User-Agent
Content-Length
13287
X-XSS-Protection
1; mode=block
Expires
Fri, 19 Nov 2021 13:43:19 GMT
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1f31df3545a3dbd5c6f919c99ecb73f9e1837f1d987917093a68a84f2ac3107a

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2caa0ed2d3622d9969bf2ffada067adc6194aed5d87ed36ca352b313d5c54910

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		376 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
399f8348cc63a4853d4ff0536a5e7ec0f3c1e7fb6ab5d837db6ea4858b872f4a

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
widget_iframe.96fd96193cc66c3e11d4c5e4c7c7ec97.html
platform.twitter.com/widgets/ Frame 55E5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.96fd96193cc66c3e11d4c5e4c7c7ec97.html?origin=https%3A%2F%2Fwww.seqrite.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js?ver=4.8.3
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40B4) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
60024
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Thu, 19 Nov 2020 14:28:35 GMT
Etag
"9fa476ae827f556d5b037fe43632370d+gzip"
Last-Modified
Thu, 01 Oct 2020 21:50:01 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/40B4)
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
5825
analytics.js
www.google-analytics.com/ 		46 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-104093208-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
2351
date
Thu, 19 Nov 2020 13:49:24 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Thu, 19 Nov 2020 15:49:24 GMT
collect
www.google-analytics.com/j/ 		2 B
388 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1129356296&t=pageview&_s=1&dl=https%3A%2F%2Fwww.seqrite.com%2Fblog%2Fthanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic%2F&ul=en-us&de=UTF-8&dt=Thanos%20Ransomware%20Evading%20Anti-ransomware%20Protection%20With%20RIPlace%20Tactic&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=772190497&gjid=1260653900&cid=885094136.1605796116&tid=UA-104093208-1&_gid=1937956598.1605796116&_r=1&gtm=2oub41&z=945974564
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 19 Nov 2020 14:28:35 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.seqrite.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
87 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-104093208-1&cid=885094136.1605796116&jid=772190497&gjid=1260653900&_gid=1937956598.1605796116&_u=IEBAAUAAAAAAAC~&z=1900271400
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Thu, 19 Nov 2020 14:28:35 GMT
content-type
text/plain
access-control-allow-origin
https://www.seqrite.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
admin-ajax.php
www.seqrite.com/blog/wp-admin/ 		304 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.seqrite.com/blog/wp-admin/admin-ajax.php?action=heateor_sss_sharing_count&urls%5B%5D=https%3A%2F%2Fwww.seqrite.com%2Fblog%2Fthanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic%2F
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/wp-includes/js/jquery/jquery.js?ver=1.12.4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.228.50.20 , India, ASN133288 (BALASAINET-AS Balasai Net Pvt. Ltd., IN),
Reverse DNS
50-20.static-pnq.balasai.com
Software
Apache / PHP/5.3.14 ZendServer/5.0
Resource Hash
e9722365c1fb075f8395498bede78a14e2f225ebfb27c51b9e04af6737d73ad9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 19 Nov 2020 13:43:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
Apache
X-Powered-By
PHP/5.3.14 ZendServer/5.0
X-Frame-Options
SAMEORIGIN, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
close
X-Robots-Tag
noindex
Vary
Accept-Encoding,User-Agent
Content-Length
167
X-XSS-Protection
1; mode=block
Expires
Wed, 11 Jan 1984 05:00:00 GMT
/
graph.facebook.com/ 		202 B
582 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://graph.facebook.com/?id=https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
Requested by
Host: www.seqrite.com
URL: https://www.seqrite.com/blog/wp-includes/js/jquery/jquery.js?ver=1.12.4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9f82956d4523bab8608a4bd6e2c03536fdff718ecf7adbbacb778eec064165fa
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
br
www-authenticate
OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev
1003007786
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
149
pragma
no-cache
x-fb-debug
jvnkxdxQ8IktPgmhY9cVnRtph6jFFu0G64t0dagaQ3KWMLCip/IlffTb8mnN8RHZcHbZ8RvizvzxcaJ7DSc3JA==
x-fb-trace-id
D/Qe7PmRFyU
date
Thu, 19 Nov 2020 14:28:47 GMT
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-fb-request-id
A4X_BpRfVKlW3wKxjH3L-7I
cache-control
no-store
facebook-api-version
v3.2
expires
Sat, 01 Jan 2000 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

86 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| heateorSssLoadEvent string| heateorSssSharingAjaxUrl string| heateorSssCloseIconPath string| heateorSssPluginIconPath number| heateorSssHorizontalSharingCountEnable number| heateorSssVerticalSharingCountEnable number| heateorSssSharingOffset number| heateorSssMobileStickySharingEnabled string| heateorSssCopyLinkMessage boolean| heateorSssReduceVerticalSvgHeight object| heateorSssUrlCountFetched string| heateorSssSharesText string| heateorSssShareText function| heateorSssPopup object| WebFontConfig object| _wpemojiSettings object| webfont object| WebFont undefined| $ function| jQuery object| es_data object| jQuery11240729936604099652 number| sampling_active number| sampling_rate boolean| do_request undefined| num object| xhr string| url string| params function| gtag object| dataLayer object| google_tag_manager function| isScrolledIntoView function| processFooter function| si_captcha_refresh object| addComment object| html5 object| Modernizr function| yepnope function| heateorSssCallAjax function| heateorSssGetScript function| heateorSssMoreSharingPopup function| heateorSssFilterSharing object| heateorSssFacebookTargetUrls function| heateorSssGetSharingCounts function| heateorSssFetchFacebookShares function| heateorSssFBShareJSONCall function| heateorSssSaveFacebookShares function| heateorSssCalculateApproxCount function| heateorSssCalculateActualCount function| heateorSssCapitaliseFirstLetter function| heateorSssHideSharing object| wp function| SelectionSharer object| __twttrll object| twttr object| __twttr object| icegram_pre_data object| icegram_data function| load_scripts_and_css object| icegram_timing object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| Icegram function| Icegram_Message_Type function| es_responseHandler function| Icegram_Message_Type_Action_Bar function| Icegram_Message_Type_Messenger function| Icegram_Message_Type_Popup function| Icegram_Message_Type_Toast object| icegram

0 Cookies

2 Console Messages

Source Level URL
Text
console-api log URL: https://www.seqrite.com/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2)
Message:
JQMIGRATE: Migrate is installed, version 1.4.1
console-api log URL: https://www.seqrite.com/blog/thanos-ransomware-evading-anti-ransomware-protection-with-riplace-tactic/(Line 252)
Message:
WPP: OK. Execution time: 0.080235 seconds

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://quickheal.com/, ALLOW-FROM https://quickheal.co.in/, ALLOW-FROM https://www.doubleclick.net/, ALLOW-FROM https://www.googletagmanager.com/, ALLOW-FROM https://www.youtube.com/, ALLOW-FROM https://facebook.com/, ALLOW-FROM https://samespace.com/, ALLOW-FROM https://messaging.samespace.com/, SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
fonts.googleapis.com
fonts.gstatic.com
graph.facebook.com
maxcdn.bootstrapcdn.com
platform.twitter.com
stats.g.doubleclick.net
www.google-analytics.com
www.googletagmanager.com
www.seqrite.com
103.228.50.20
2001:4de0:ac19::1:b:1b
2606:2800:234:46c:e8b:1e2f:2bd:694
2a00:1450:4001:80b::200e
2a00:1450:4001:818::2008
2a00:1450:4001:819::2003
2a00:1450:4001:820::200a
2a00:1450:400c:c00::9b
2a03:2880:f02d:e:face:b00c:0:2
04ea9714d2e845a02edcf1e3fafb76025674c880b42fa902f48f76b2d21ef045
0c1db5822a02d411ef1a5164ef77c1322e91c9069eb010b53874ce4ea5b6111a
0ce5a460ace775560c3344a43245687bdbec5cb8ee20d209ab9fa67f4e09a3e8
0f8a76154e9d4d4f95724c6fa01caa18d4511ad594363004e03055859da90ccf
0fbf945eae1c5869be401c6db68da93f5a47f2c1ff6072151ebb4b2dea6d4f62
13d874471687d90dfb9d1aa90cfe742ee68fc016db77197306ee7d0f43db453d
18a0e801d234cf1c91bcf57b7632322952685536ce0cf31ae29734535a1ad8b3
1b1ca0f15010e0124bd4ca481404643c88f7eda1b276e9554d0ed83fb45b7e30
1c5fe2a18d6a2a223e6b8ee3f1876e841873b9235e2f170226eb583e073f587c
1f31df3545a3dbd5c6f919c99ecb73f9e1837f1d987917093a68a84f2ac3107a
21afd5dde7c1a80e8227df99b65b838d02411ee25dd37c8c6de6ab9b4a6a11f9
2662e0eef0f270830358bb255f079f695da71794ecbe8ba0825200862d8e9746
2b418a10ba4680c77fa07fb0e736eec6306cba0dbbbc8deac94a25e679178e15
2caa0ed2d3622d9969bf2ffada067adc6194aed5d87ed36ca352b313d5c54910
2f71bc5ce723f15356b386ef8f915318b7e4eb0c00bd695399214cf9947f481f
2fea67957caea31ef5c4541c83f121cb0dd690da9c3e16c8a1a88ab60b7fcccb
313b529360ef15287929bf04fa0a29bbf84a08935ad39383ef09a710ccef5538
34e35f893b634d5439db39f3c4f202ddc21aaf406e5724e8c118d513f086752f
36ef095d011c4ced97b0acef551ca36d76b95299518595dc1acab792a2344601
381a71814abbaba9947866b1ca73ae5afd7104e47e7259de3cbf81452fc8ea4f
399f8348cc63a4853d4ff0536a5e7ec0f3c1e7fb6ab5d837db6ea4858b872f4a
3c029f2eb5bb38bd0f410719bad3b93cd85a9aaff0eebe458f9d40f1151340c1
3c81e37e4d5a992f8257eb869d6bbbb2097382663c57544d70565284e491953c
3d602bd6510bdbcbcdb3e9fdcd9d23ab1bb0a44a41a2ecbc4d0daa55698e9c63
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
48d1d7078b27223c895b4a9604916429879cc4e00e3a8772d64c76aa406711f6
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4bf1ad51812d94bcd7e143640de308139744230c687fee1f613925e44f3dcf50
54c9560cb0117d8d1f955aefe0f88b843517964e118512d8f1a224a8a9b662f4
5ac7017782855b44f36da92da024c5de980002bd06ca9c94dc631e8c26e9b57c
62b6bc5c239e5c0d68611117ce3960a76aeaed230392f0086d570644d10b7a56
680a80d356565114378e038218e6971571fb76e54ff0530999d38f2b3c99368f
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6dd7eca1dd781fd607b90cc77cee12257f5832f78193bf2d50cd76d751149128
7394b7376c0bbf07e6a2737cbc677ea59613d68d33989b34fbeb3db02c7528f9
7837e876f1eef549b3250b78380ec2df00ad6da4da6c27667424b1636854df3c
7efa72f5d3878a1f7145d552d8d2186bac3942fce7b3d7e3a51550c3bc9ab3cb
823874328b5368a5f6ed5a64b10fe19f927d515079a806f09ef78baaa45aeeda
85fb51e9f1327441d94b2c76706a1457a8f31de75fe4e3fa56057b089fce67bb
879bd79881de1930ac74d794359c345a63fbe029967a98e8b86ffb3954123c71
9109301be9b91ad725cf3f91a13c37ef1c81d4b6d479673866e734f27b75b765
92d8884bb3f73093e6d0d49afb2d4e3129c7f92f5f9b0b741d2dc61a75dff904
93754643da5a46ca1b7e1f6ba4378655974e11e1cbb432e8c5cbf54804b722bc
9bfbc0be0ca1c7fc6220860de2077caec179c03c5ff29e68bbeb148fe23d657c
9d70a7e2a86a40b03aec810c473ff1443d9fa5181cb04b60f53454eead9ba579
9ebff7017dd268671621d8ee78f8d0fbbc8acf656f7f7988aec31da68be69e2a
9efb59d8a7a273ce786cbbacfb083a3b9e9eaf1cb9235e2d7e7cee1231f83472
9f82956d4523bab8608a4bd6e2c03536fdff718ecf7adbbacb778eec064165fa
a46ad0cf194211eaa38d041861c834baca57d2531fa6bf7ed766441400f8c914
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
a50298fe5412934b798ff0e368941f037ee3fae229468a79ac795b6e29523513
a8fee4cbbd9d665342da792fa3055b33d508f4ff3cd63065562eb0e5e68f481f
b4ae8ad8c560bb87aa8fe03d597e2a69eef809072a35415d32ba68757e13ece6
b4f7d8942d2f1737719f74c889c106fa9f38687f69774f7347907cb2e75206d1
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
b980f62a2d545d64f24e6f96902c8fbf5da0018569c369bc18f9e5b5fcf099ed
bd96b94f22f74265c000963bd4a49a95f9671189b8db4084f32e19df1e70d0c0
bdf601f8148de797c84344e7c3b5bab384c195b7c7ac227c27cb0e05e491edc1
c2e8b4fba49f90cfca5a43371c09879aed7447e0ba2ed4abd75b81448776c4f7
c4594d5cd9d4ae7683d9af90f8946692ded44d22e423bc6700ff671c8fe2d00f
c52d8ecaada50da7a9739ca285872b431fad51042eccf398e2c2ecad8013880b
c57527365136e97712143cb807f3f30646de6720b094f6ffa8a1acca6182fcdc
c59a0ffa115962d36dcef0de9602c89237a7c479f0d89a7e35db5918205a9181
c9250b936e8a03fa333cde699acb9cbd6c47bee621045237a426184080f04a15
d4e8aef3270141a3bd33cfa0c36a91d75a3960a1e4a7eb346aa72101fa99f34b
dcb5e540e62fc85857254a1066afb6a7e8999279c6d4c583eef855d39f9289c0
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e4645fb109bbb5d69bbfdeed02d15e2ed8001c333f3d1af1131aaf4f8fc8bcb9
e4b1c3567f8686ec70f7757ff390deedfc84d898406387b7d135616f5ead2e98
e4c46a3ca546d132d317811ff906ec065edf793ffcac85f818e00a9862150fff
e56f53b3b976e9c05d86645a1e85cfc69e961601d201e957768455580fa30478
e9722365c1fb075f8395498bede78a14e2f225ebfb27c51b9e04af6737d73ad9
edac341909a1c3d3b7715cb76fed09a5070dc42e11e7f9c3f06c084eb912afa6
ee35adbe96ff0b7ef2205a65bd7962a44e87b03c2200735cee75d4023c6636f0
f2f80bf31de55ba662a002f40b489c8df6816517dc57c7afec3d57c5caa62506
f84eb4571c0eb40823ed47af468684cc9703ecfc89f6a38e569a470d504a3504
fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995