www.welivesecurity.com Open in urlscan Pro
2600:141b:9000::687c:2b9 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
Submission: On April 26 via api (April 26th 2022, 3:35:25 pm UTC) from CA — Scanned from CA

Summary HTTP 110 Redirects Links 32 Behaviour Indicators

Summary

This website contacted 30 IPs in 3 countries across 35 domains to perform 110 HTTP transactions. The main IP is 2600:141b:9000::687c:2b9, located in New York, United States and belongs to AKAMAI-ASN1, NL. The main domain is www.welivesecurity.com. The Cisco Umbrella rank of the primary domain is 325018.
TLS certificate: Issued by Thawte RSA CA 2018 on November 8th 2021. Valid for: a year.

This is the only time www.welivesecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
28	2600:141b:900... 2600:141b:9000::687c:2b9	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2620:1ec:46::40 2620:1ec:46::40	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2607:f8b0:400... 2607:f8b0:4006:822::2008	15169 (GOOGLE) (GOOGLE)
1	2606:2800:11f... 2606:2800:11f:17a5:191a:18d5:537:22f9	15133 (EDGECAST) (EDGECAST)
2	2600:141b:500... 2600:141b:5000:697::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2607:f8b0:400... 2607:f8b0:4006:80b::200e	15169 (GOOGLE) (GOOGLE)
1	13.225.213.72 13.225.213.72	16509 (AMAZON-02) (AMAZON-02)
2	199.232.196.134 199.232.196.134	54113 (FASTLY) (FASTLY)
21	2600:9000:21d... 2600:9000:21da:5200:6:8656:f5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	151.101.128.134 151.101.128.134	54113 (FASTLY) (FASTLY)
1	2600:141b:13:... 2600:141b:13:699::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	40.71.12.237 40.71.12.237	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	184.87.173.72 184.87.173.72	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	2600:141b:500... 2600:141b:5000::173f:4c1a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:141b:500... 2600:141b:5000::173f:4c19	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a03:2880:f01... 2a03:2880:f012:10c:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2607:f8b0:400... 2607:f8b0:4006:80d::200e	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f112:182:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	2607:f8b0:400... 2607:f8b0:4006:817::200d	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:823::2003	15169 (GOOGLE) (GOOGLE)
1	199.232.192.64 199.232.192.64	54113 (FASTLY) (FASTLY)
2 3	13.225.64.104 13.225.64.104	16509 (AMAZON-02) (AMAZON-02)
2 5	107.178.254.65 107.178.254.65	15169 (GOOGLE) (GOOGLE)
1 3	23.21.155.15 23.21.155.15	14618 (AMAZON-AES) (AMAZON-AES)
1 1	54.224.110.116 54.224.110.116	14618 (AMAZON-AES) (AMAZON-AES)
1	199.232.192.134 199.232.192.134	54113 (FASTLY) (FASTLY)
21 36	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
4 4	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
4 4	142.251.35.162 142.251.35.162	15169 (GOOGLE) (GOOGLE)
1 1	34.98.67.3 34.98.67.3	15169 (GOOGLE) (GOOGLE)
1 2	104.18.98.194 104.18.98.194	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	52.46.130.91 52.46.130.91	16509 (AMAZON-02) (AMAZON-02)
2 2	103.229.205.243 103.229.205.243	30419 (MEDIAMATH...) (MEDIAMATH-INC)
6 6	68.67.160.186 68.67.160.186	29990 (ASN-APPNEX) (ASN-APPNEX)
4 4	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
2 2	199.38.167.129 199.38.167.129	54312 (ROCKETFUEL) (ROCKETFUEL)
4 4	2620:100:a001::c 2620:100:a001::c	19750 (AS-CRITEO) (AS-CRITEO)
2 3	107.178.246.49 107.178.246.49	15169 (GOOGLE) (GOOGLE)
2 2	35.82.147.58 35.82.147.58	16509 (AMAZON-02) (AMAZON-02)
1 1	3.216.55.148 3.216.55.148	14618 (AMAZON-AES) (AMAZON-AES)
1	34.193.99.248 34.193.99.248	14618 (AMAZON-AES) (AMAZON-AES)
1 1	173.223.56.123 173.223.56.123	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.18.20.134 104.18.20.134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
110	30

28 2600:141b:9000::687c:2b9 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

www.welivesecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:46::40 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

assets.esetstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:822::2008 (Staten Island, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:11f:17a5:191a:18d5:537:22f9 (United States)

ASN15133 (EDGECAST, US)

az416426.vo.msecnd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:141b:5000:697::11a6 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
68794907.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:80b::200e (Staten Island, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.213.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-213-72.ewr50.r.cloudfront.net

cdn1.esetstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.196.134 (United States)

ASN54113 (FASTLY, US)

welivesecurity.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2600:9000:21da:5200:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.128.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:13:699::11a6 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 40.71.12.237 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

dc.services.visualstudio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.87.173.72 (New York, United States) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-87-173-72.deploy.static.akamaitechnologies.com

trial-eum-clientnsv4-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
su4jtmvyk6wuqytice3q-pf211c-b32daf93e-clientnsv4-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:5000::173f:4c1a (New York, United States) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

trial-eum-clienttons-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:5000::173f:4c19 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

eydvgaaamb4gojqacqnvaaaaabrgqejx-pf211c-01256956f-clienttons-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80d::200e (Staten Island, United States)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f112:182:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:817::200d (Staten Island, United States)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:823::2003 (Staten Island, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.192.64 (United States)

ASN54113 (FASTLY, US)

glitter.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.225.64.104 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-64-104.ewr53.r.cloudfront.net

live.rezync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 107.178.254.65 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.21.155.15 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-21-155-15.compute-1.amazonaws.com

io.narrative.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.224.110.116 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-224-110-116.compute-1.amazonaws.com

obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.192.134 (United States)

ASN54113 (FASTLY, US)

referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 35.190.60.146 (Kansas City, United States) 21 redirects

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ei.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rc.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.98.64.218 (Kansas City, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.35.162 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s78-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.3 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 3.67.98.34.bc.googleusercontent.com

tags.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.98.194 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

p.adsymptotic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.46.130.91 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.229.205.243 (Singapore) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 68.67.160.186 (Brooklyn, United States) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.33.220.150 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.38.167.129 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:100:a001::c (United States) 4 redirects

ASN19750 (AS-CRITEO, US)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 107.178.246.49 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 49.246.178.107.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.82.147.58 (Boardman, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-82-147-58.us-west-2.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.216.55.148 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-216-55-148.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.193.99.248 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-193-99-248.compute-1.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.223.56.123 (Secaucus, United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a173-223-56-123.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.20.134 (None, )

ASN13335 (CLOUDFLARENET, US)

idsync.reson8.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
36	rlcdn.com 21 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 294 ei.rlcdn.com — Cisco Umbrella Rank: 2098 rc.rlcdn.com — Cisco Umbrella Rank: 4023	3 KB
28	welivesecurity.com www.welivesecurity.com — Cisco Umbrella Rank: 325018	2 MB
21	disquscdn.com c.disquscdn.com — Cisco Umbrella Rank: 4066	597 KB
9	disqus.com welivesecurity.disqus.com disqus.com — Cisco Umbrella Rank: 2769 glitter.services.disqus.com — Cisco Umbrella Rank: 9530 referrer.disqus.com — Cisco Umbrella Rank: 6280	69 KB
6	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 226	6 KB
5	pippio.com 2 redirects pippio.com — Cisco Umbrella Rank: 772	6 KB
5	google.com apis.google.com — Cisco Umbrella Rank: 98 accounts.google.com — Cisco Umbrella Rank: 72	44 KB
4	criteo.com 4 redirects gum.criteo.com — Cisco Umbrella Rank: 381	1 KB
4	adsrvr.org 4 redirects match.adsrvr.org — Cisco Umbrella Rank: 326	2 KB
4	doubleclick.net 4 redirects cm.g.doubleclick.net — Cisco Umbrella Rank: 195	641 B
4	openx.net 4 redirects us-u.openx.net — Cisco Umbrella Rank: 369	591 B
4	akamaihd.net 2 redirects trial-eum-clientnsv4-s.akamaihd.net — Cisco Umbrella Rank: 1816 su4jtmvyk6wuqytice3q-pf211c-b32daf93e-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net — Cisco Umbrella Rank: 1814 eydvgaaamb4gojqacqnvaaaaabrgqejx-pf211c-01256956f-clienttons-s.akamaihd.net	1 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35	20 KB
3	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 405	635 B
3	amazon-adsystem.com 1 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 266	3 KB
3	narrative.io 1 redirects io.narrative.io — Cisco Umbrella Rank: 2191	1 KB
3	rezync.com 2 redirects live.rezync.com — Cisco Umbrella Rank: 2281	3 KB
3	esetstatic.com assets.esetstatic.com — Cisco Umbrella Rank: 528896 cdn1.esetstatic.com — Cisco Umbrella Rank: 471524	7 KB
2	krxd.net 1 redirects usermatch.krxd.net — Cisco Umbrella Rank: 1194 beacon.krxd.net — Cisco Umbrella Rank: 424	501 B
2	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 199	2 KB
2	rfihub.com 2 redirects p.rfihub.com — Cisco Umbrella Rank: 690	2 KB
2	mathtag.com 2 redirects sync.mathtag.com — Cisco Umbrella Rank: 419	1 KB
2	adsymptotic.com 1 redirects p.adsymptotic.com — Cisco Umbrella Rank: 510	484 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 137	83 KB
2	visualstudio.com dc.services.visualstudio.com — Cisco Umbrella Rank: 828	304 B
2	go-mpulse.net s.go-mpulse.net — Cisco Umbrella Rank: 1236 c.go-mpulse.net — Cisco Umbrella Rank: 546	50 KB
1	reson8.com idsync.reson8.com — Cisco Umbrella Rank: 1721	169 B
1	bluekai.com 1 redirects tags.bluekai.com — Cisco Umbrella Rank: 444	792 B
1	linksynergy.com 1 redirects tags.rd.linksynergy.com — Cisco Umbrella Rank: 3930	391 B
1	imrworldwide.com 1 redirects obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com — Cisco Umbrella Rank: 42649	283 B
1	gstatic.com www.gstatic.com	34 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 102
1	akstat.io 68794907.akstat.io — Cisco Umbrella Rank: 15598	207 B
1	msecnd.net az416426.vo.msecnd.net — Cisco Umbrella Rank: 1718	22 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 58	79 KB
110	35

	Domain	Requested by
28	www.welivesecurity.com	www.welivesecurity.com
21	c.disquscdn.com	welivesecurity.disqus.com disqus.com c.disquscdn.com
19	idsync.rlcdn.com	4 redirects live.rezync.com
16	rc.rlcdn.com	16 redirects
6	ib.adnxs.com	6 redirects
5	pippio.com	2 redirects c.disquscdn.com
5	disqus.com	welivesecurity.disqus.com c.disquscdn.com
4	gum.criteo.com	4 redirects
4	match.adsrvr.org	4 redirects
4	cm.g.doubleclick.net	4 redirects
4	us-u.openx.net	4 redirects
4	www.google-analytics.com	www.welivesecurity.com www.googletagmanager.com
3	pixel.tapad.com	2 redirects live.rezync.com
3	s.amazon-adsystem.com	1 redirects
3	io.narrative.io	1 redirects
3	live.rezync.com	2 redirects c.disquscdn.com
3	accounts.google.com	apis.google.com www.welivesecurity.com www.gstatic.com
2	dpm.demdex.net	2 redirects
2	p.rfihub.com	2 redirects
2	sync.mathtag.com	2 redirects
2	p.adsymptotic.com	1 redirects
2	apis.google.com	c.disquscdn.com apis.google.com
2	connect.facebook.net	c.disquscdn.com connect.facebook.net
2	dc.services.visualstudio.com	az416426.vo.msecnd.net
2	welivesecurity.disqus.com	www.welivesecurity.com
2	assets.esetstatic.com	www.welivesecurity.com
1	idsync.reson8.com
1	tags.bluekai.com	1 redirects
1	beacon.krxd.net
1	usermatch.krxd.net	1 redirects
1	tags.rd.linksynergy.com	1 redirects
1	ei.rlcdn.com	1 redirects
1	referrer.disqus.com
1	obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com	1 redirects
1	glitter.services.disqus.com	c.disquscdn.com
1	www.gstatic.com	accounts.google.com
1	www.facebook.com	c.disquscdn.com
1	eydvgaaamb4gojqacqnvaaaaabrgqejx-pf211c-01256956f-clienttons-s.akamaihd.net
1	trial-eum-clienttons-s.akamaihd.net	1 redirects
1	su4jtmvyk6wuqytice3q-pf211c-b32daf93e-clientnsv4-s.akamaihd.net
1	trial-eum-clientnsv4-s.akamaihd.net	1 redirects
1	68794907.akstat.io	s.go-mpulse.net
1	c.go-mpulse.net	az416426.vo.msecnd.net
1	cdn1.esetstatic.com	www.welivesecurity.com
1	s.go-mpulse.net	www.welivesecurity.com
1	az416426.vo.msecnd.net	www.welivesecurity.com
1	www.googletagmanager.com	www.welivesecurity.com
110	47

This site contains links to these domains. Also see Links.

Domain
www.eset.com
www.facebook.com
twitter.com
www.linkedin.com
www.politico.eu
www.reuters.com
github.com
symantec-enterprise-blogs.security.com
en.wikipedia.org
attack.mitre.org
eset.com

Subject Issuer	Validity	Valid
www.welivesecurity.com Thawte RSA CA 2018	`2021-11-08` - `2022-11-08`	a year	crt.sh
assets.esetstatic.com Thawte RSA CA 2018	`2021-10-28` - `2022-11-11`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2021-08-06` - `2022-08-06`	a year	crt.sh
akstat.io DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-15` - `2023-04-19`	a year	crt.sh
*.esetstatic.com Thawte RSA CA 2018	`2021-09-22` - `2022-10-02`	a year	crt.sh
*.disqus.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-20` - `2023-04-20`	a year	crt.sh
a.disquscdn.com Amazon	`2021-10-31` - `2022-11-28`	a year	crt.sh
in.applicationinsights.azure.com Microsoft RSA TLS CA 02	`2022-02-08` - `2023-02-08`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-02-01` - `2022-05-02`	3 months	crt.sh
*.apis.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.services.disqus.com GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-01-31` - `2023-03-04`	a year	crt.sh
*.rezync.com Amazon	`2021-12-26` - `2023-01-23`	a year	crt.sh
pippio.com GTS CA 1D4	`2022-04-09` - `2022-07-08`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
Frame ID: 058CC5D9535C69D8EB15AD3FE06CE38E
Requests: 49 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
Frame ID: 863F047E9F55264CD460495F436542F5
Requests: 31 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: 679D4B38AB89136324ABFFE7677B725F
Requests: 4 HTTP requests in this frame

Frame: https://live.rezync.com/pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=crvpolq2afleer&pctry=CA&referrer=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F
Frame ID: 58450690A115D5DA07CDE1002A4CC7AA
Requests: 4 HTTP requests in this frame

Frame: https://pippio.com/api/sync?pid=1391&ref=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&it=1&iv=crvpolq2afleer
Frame ID: CF18CADD3A6F63E5520B9134928F51A2
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

IsaacWiper y HermeticWizard: un nuevo wiper y worm utilizados en ciberataques a Ucrania | WeLiveSecurity

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js

Page Statistics

110
Requests

75 %
HTTPS

37 %
IPv6

35
Domains

47
Subdomains

30
IPs

3
Countries

2719 kB
Transfer

4478 kB
Size

40
Cookies

32 Outgoing links

These are links going to different origins than the main page.

URL: https://www.eset.com/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?&url=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&text=IsaacWiper%20y%20HermeticWizard:%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania%0A&via=welivesecurity

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F

Search URL Search Domain Scan URL

URL: https://twitter.com/ESETresearch/status/1496581903205511181
Title: tweet

Search URL Search Domain Scan URL

URL: https://www.politico.eu/article/minister-ukraine-websites-down-in-another-massive-online-attack/
Title: ataques distribuidos de denegación de servicio (DDoS) contra algunos de los principales sitios web ucranianos

Search URL Search Domain Scan URL

URL: https://www.reuters.com/world/europe/cyprus-games-writer-denies-links-malware-found-before-russian-invasion-2022-02-24/
Title: informe de Reuters

Search URL Search Domain Scan URL

URL: https://github.com/SecureAuthCorp/impacket
Title: Impacket

Search URL Search Domain Scan URL

URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
Title: publicación

Search URL Search Domain Scan URL

URL: https://github.com/SecureAuthCorp/impacket/blob/cd4fe47cfcb72d7d35237a99e3df95cedf96e94f/examples/wmiexec.py#L295
Title: GitHub

Search URL Search Domain Scan URL

URL: https://github.com/kavika13/RemCom
Title: RemCom

Search URL Search Domain Scan URL

URL: https://github.com/bleachbit/windows-wipe/blob/master/filewipe.py
Title: proyecto Windows Wipe en GitHub

Search URL Search Domain Scan URL

URL: https://twitter.com/AvastThreatLabs/status/1496663206634344449
Title: tweet

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/ISAAC_(cipher)
Title: ISAAC

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/resources/versions/
Title: versión 10

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1588/002
Title: T1588.002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1588/003
Title: T1588.003

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1078/002/
Title: T1078.002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1059/003
Title: T1059.003

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1106
Title: T1106

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1569/002
Title: T1569.002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1047
Title: T1047

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1018/
Title: T1018

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1021/002
Title: T1021.002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1021/003/
Title: T1021.003

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1561/002
Title: T1561.002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1561/001
Title: T1561.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1485
Title: T1485

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v10/techniques/T1499/002
Title: T1499.002

Search URL Search Domain Scan URL

URL: https://www.eset.com/int/business/services/threat-intelligence/?utm_source=welivesecurity.com&utm_medium=referral&utm_campaign=wls-research&utm_content=isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine

Search URL Search Domain Scan URL

URL: https://eset.com/
Title: ESET

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 55

https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=pf211cbcz HTTP 302
https://su4jtmvyk6wuqytice3q-pf211c-b32daf93e-clientnsv4-s.akamaihd.net/eum/results.txt

Request Chain 56

https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=pf211cbcz HTTP 302
https://eydvgaaamb4gojqacqnvaaaaabrgqejx-pf211c-01256956f-clienttons-s.akamaihd.net/eum/results.txt

Request Chain 83

https://io.narrative.io/?companyId=19&id=disqus_id%3Acrvpolq2afleer&ret=img&ref=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F HTTP 302
https://io.narrative.io/?io.narrative.guid.v2=7b2e2fc0-c576-11ec-8734-065a0b8073db&companyId=19&id=disqus_id%3Acrvpolq2afleer&ret=img&ref=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F

Request Chain 84

https://obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com/narr?gdpr=0&gdpr_consent=&url=https%3A%2F%2Fio.narrative.io%2F%3FcompanyId%3D19%26gdpr%3D0%26gdpr_consent%3D%26id%3Ddisqus_id%3Acrvpolq2afleer HTTP 302
https://io.narrative.io/?companyId=19&gdpr=0&gdpr_consent=&id=disqus_id:crvpolq2afleer&puid=7b32c3a0-c576-11ec-bcb6-3940fc81f233

Request Chain 86

https://idsync.rlcdn.com/462246.gif?partner_uid=crvpolq2afleer HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CKabHBIaChYIARDI-AEaDmNydnBvbHEyYWZsZWVyEAAaDQi4oqCTBhIFCOgHEABCAEoA HTTP 307
https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D HTTP 302
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=e11f0296-67fb-49c8-92f6-27c12f753053

Request Chain 87

https://ei.rlcdn.com/448046.gif?n=1&partner_site_id=1017&cparams=placement%3D1391 HTTP 307
https://pippio.com/api/sync?pid=5324&_=2 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpEhoKFggBEAAaEHZJZDJsNTlEVnZ3VmxSZTQQABoMCLiioJMGEgQIAhAAQgBKAA HTTP 302
https://pippio.com/api/sync/ddp?pid=2&m=CMwpEhoKFggBEAAaEHZJZDJsNTlEVnZ3VmxSZTQQABoMCLiioJMGEgQIAhAAQgBKAA&google_error=3

Request Chain 88

https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CO8KEhkKFQgBEPkHGg5jcnZwb2xxMmFmbGVlchAAGpcBCLiioJMGEgQIAhAAEgUIlCkQABIFCOUrEAASBQjmKxAAEgUI5ysQABIFCOgrEAASBQjpKxAAEgUI6isQABIFCOsrEAASBQjsKxAAEgUI7SsQABIFCO4rEAASBQjVQxAAEgUI3k4QABIGCOOvKxAAEgYI7a8rEAASBgjurysQABIGCO-vKxAAEgYI8K8rEAASBgjxrysQAEIASgA HTTP 302
https://pippio.com/api/sync/ddp?pid=2&m=CO8KEhkKFQgBEPkHGg5jcnZwb2xxMmFmbGVlchAAGpcBCLiioJMGEgQIAhAAEgUIlCkQABIFCOUrEAASBQjmKxAAEgUI5ysQABIFCOgrEAASBQjpKxAAEgUI6isQABIFCOsrEAASBQjsKxAAEgUI7SsQABIFCO4rEAASBQjVQxAAEgUI3k4QABIGCOOvKxAAEgYI7a8rEAASBgjurysQABIGCO-vKxAAEgYI8K8rEAASBgjxrysQAEIASgA&google_error=3 HTTP 307
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
https://idsync.rlcdn.com/458249.gif?partner_uid=8de75894-518c-4f05-9106-d660b582fdf6

Request Chain 89

https://p.adsymptotic.com/d/px?_pid=13553&_psign=9e62e5c043ecadc9479a0ccac401dd7d HTTP 302
https://p.adsymptotic.com/d/px?_pid=13553&_psign=9e62e5c043ecadc9479a0ccac401dd7d&_expected_cookie=f8cba70418e206500613cc18b3aeb50f

Request Chain 90

https://rc.rlcdn.com/456809.gif?n=1&cparams=placement%3D1391 HTTP 307
https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=&cb=00368373 HTTP 302
https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=&cb=00368373&dcc=t

Request Chain 91

https://rc.rlcdn.com/456809.gif?n=2&cparams=placement%3D1391 HTTP 307
https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D HTTP 302
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=e11f0296-67fb-49c8-92f6-27c12f753053

Request Chain 92

https://rc.rlcdn.com/456809.gif?n=3&cparams=placement%3D1391 HTTP 307
https://sync.mathtag.com/sync/img?mt_exid=10017&redir=https%3A%2F%2Fidsync.rlcdn.com%2F47154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%5BMM_UUID%5D HTTP 302
https://idsync.rlcdn.com/47154.gif?served_by=evergreen&partner_uid=22646268-1139-4300-b2a6-a2ea5a471f9e

Request Chain 93

https://rc.rlcdn.com/456809.gif?n=4&cparams=placement%3D1391 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm=&google_tc= HTTP 302
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEAMcZVM2K3xDCqnDUYXo_NI&google_cver=1

Request Chain 94

https://rc.rlcdn.com/456809.gif?n=5&cparams=placement%3D1391 HTTP 307
https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fidsync.rlcdn.com%252F52154.gif%253Fserved_by%253Devergreen%2526partner_uid%253D%2524UID HTTP 302
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=6096405577686448595

Request Chain 95

https://rc.rlcdn.com/456809.gif?n=6&cparams=placement%3D1391 HTTP 307
https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveramp&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=liveramp&ttd_tpi=1 HTTP 302
https://idsync.rlcdn.com/362588.gif?partner_uid=b5ffd9b7-caeb-48e1-a2cb-91be5aaa9338

Request Chain 96

https://ib.adnxs.com/getuid?https%3A//live.rezync.com/sync%3Fc%3D4656c20ee35215f78e9273796625d90b%26p%3D093016b0419d19c905c78c859b815219%26pid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%2F%2Flive.rezync.com%2Fsync%253Fc%253D4656c20ee35215f78e9273796625d90b%2526p%253D093016b0419d19c905c78c859b815219%2526pid%253D%2524UID HTTP 302
https://live.rezync.com/sync?c=4656c20ee35215f78e9273796625d90b&p=093016b0419d19c905c78c859b815219&pid=9129009528129850122 HTTP 302
https://p.rfihub.com/cm?pub=39342&in=1&userid=aff75e46-44ff-4fe8-b19c-aaec35b46188%3A1650987320.54&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3Dcrvpolq2afleer HTTP 302
https://idsync.rlcdn.com/501709.gif?partner_uid=crvpolq2afleer HTTP 307
https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40 HTTP 302
https://gum.criteo.com/sync?s=1&c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40 HTTP 302
https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=LDo7i47JjDR9bn8uun5G_GQB4nwiz9i_

Request Chain 97

https://p.rfihub.com/cm?pub=39342&in=1&userid=aff75e46-44ff-4fe8-b19c-aaec35b46188%3A1650987320.54&forward=https%3A//live.rezync.com/sync%3Fc%3D4656c20ee35215f78e9273796625d90b%26p%3D260a954059a0ab1986e4ee8c5c88c54c%26pid%3D%7Buserid%7D HTTP 302
https://live.rezync.com/sync?c=4656c20ee35215f78e9273796625d90b&p=260a954059a0ab1986e4ee8c5c88c54c&pid=968907257118560796 HTTP 302
https://idsync.rlcdn.com/501709.gif?partner_uid=crvpolq2afleer HTTP 307
https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID HTTP 302
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=6096405577686448595

Request Chain 98

https://pixel.tapad.com/idsync/ex/receive?partner_id=3181&partner_device_id=aff75e46-44ff-4fe8-b19c-aaec35b46188%3A1650987320.54 HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3181&partner_device_id=aff75e46-44ff-4fe8-b19c-aaec35b46188%3A1650987320.54 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=04ad03b4-a6c7-4698-bca0-d42b76934f05%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=b5ffd9b7-caeb-48e1-a2cb-91be5aaa9338&ttd_puid=04ad03b4-a6c7-4698-bca0-d42b76934f05%2C

Request Chain 99

https://rc.rlcdn.com/456809.gif?n=7&cparams=placement%3D1391 HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=82c417358f9bfa9597bd50ddfd228282ac0d4effb4466eca9c0d70fc41f628f4791426b5417dce21&_=2

Request Chain 100

https://rc.rlcdn.com/456809.gif?n=8&cparams=placement%3D1391 HTTP 307
https://sync.mathtag.com/sync/img?mt_exid=10017&redir=https%3A%2F%2Fidsync.rlcdn.com%2F47154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%5BMM_UUID%5D HTTP 302
https://idsync.rlcdn.com/47154.gif?served_by=evergreen&partner_uid=609e6268-1139-4200-97e9-fbe250df4bc9

Request Chain 101

https://rc.rlcdn.com/456809.gif?n=9&cparams=placement%3D1391 HTTP 307
https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveramp&ttd_tpi=1 HTTP 302
https://idsync.rlcdn.com/362588.gif?partner_uid=b5ffd9b7-caeb-48e1-a2cb-91be5aaa9338

Request Chain 102

https://rc.rlcdn.com/456809.gif?n=10&cparams=placement%3D1391 HTTP 307
https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID HTTP 302
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=6096405577686448595

Request Chain 103

https://rc.rlcdn.com/456809.gif?n=11&cparams=placement%3D1391 HTTP 307
https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=2192bf8161cd43ae32be2430482e27f1f2dac5baf39e86d53f6d4c37562dde35c0cb235b3774c97e&cb=00725999

Request Chain 104

https://rc.rlcdn.com/456809.gif?n=12&cparams=placement%3D1391 HTTP 307
https://dpm.demdex.net/ibs:dpid=477&dpuuid=ef2eb4cbd43e1d555f66ff158f40914a8eff13d1fc516cf46b5fe052d9aff4a6b0da87c991749652&redir=https%3A%2F%2Fidsync.rlcdn.com%2F362248.gif%3Fpartner_uid%3D%24%7BDD_UUID%7D HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=477&dpuuid=ef2eb4cbd43e1d555f66ff158f40914a8eff13d1fc516cf46b5fe052d9aff4a6b0da87c991749652&redir=https%3A%2F%2Fidsync.rlcdn.com%2F362248.gif%3Fpartner_uid%3D%24%7BDD_UUID%7D HTTP 302
https://idsync.rlcdn.com/362248.gif?partner_uid=38879067070989797010391371721850881281

Request Chain 105

https://rc.rlcdn.com/456809.gif?n=13&cparams=placement%3D1391 HTTP 307
https://usermatch.krxd.net/um/v2?partner=liveramp HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp

Request Chain 106

https://rc.rlcdn.com/456809.gif?n=14&cparams=placement%3D1391 HTTP 307
https://tags.bluekai.com/site/2035?phint=rluid=4c80736f1570cb9313aca9473178ca626021a61f977bc334b4304e01426555ec2971936f2f944561&redir=https%3A%2F%2Fidsync.rlcdn.com%2F401696.gif%3Fpartner_uid%3D%24BK_UUID_25515 HTTP 302
https://idsync.rlcdn.com/401696.gif?partner_uid=$BK_UUID_25515

Request Chain 107

https://rc.rlcdn.com/456809.gif?n=15&cparams=placement%3D1391 HTTP 307
https://idsync.reson8.com/sources/pixel/v1/sync?sourcekey=01EC61A11KAM4QCFG5RN38VQJZ

Request Chain 108

https://rc.rlcdn.com/456809.gif?n=16&cparams=placement%3D1391 HTTP 307
https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40 HTTP 302
https://gum.criteo.com/sync?s=1&c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40 HTTP 302
https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=HFlSXPWxpxzQzbg5T2X6vDK0aoVt3dca

110 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/ 88 KB
21 KB 606ms
402ms Document
text/html 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

81fd8e74d220c8d4edb6b772e93f8807b090ddfe64dc8b1720c4efdc1dc6dd70

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-origin: *
cache-control: max-age=3600 public
content-encoding: gzip
content-length: 20750
content-type: text/html; charset=UTF-8
date: Tue, 26 Apr 2022 15:35:18 GMT
expires: Tue, 26 Apr 2022 16:35:18 GMT
link: <https://www.welivesecurity.com/?p=159856>; rel=shortlink
referrer-policy: no-referrer-when-downgrade
server-timing: cdn-cache; desc=MISS edge; dur=25 origin; dur=325
strict-transport-security: max-age=15724800
vary: Accept-Encoding
x-akamai-transformed: 9 22326 0 pmb=mRUM,2
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 main.css
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/ 235 KB
31 KB 55ms
55ms Stylesheet
text/css 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=b3e7fe8a6c3736dca145

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

15937a97e8b39e8789fe44665a859856f2e1a8d7dbf93c7c6d8b31361c903f19

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 15:40:31 GMT
etag: W/"6218cb9c-3ac03"
content-type: text/css
access-control-allow-origin: *
cache-control: public
date: Tue, 26 Apr 2022 15:35:18 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 31024
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:37:48 GMT

GET
H2 200 cookiebar.min.css
assets.esetstatic.com/3PS/ 5 KB
2 KB 385ms
32ms Stylesheet
text/css 2620:1ec:46::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.esetstatic.com/3PS/cookiebar.min.css

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:46::40 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

fd8f6b19f6594c79bbf4e63b76d57e3230959f2fc0b3805277472b7e8061cdf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000;
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=2592000;
content-encoding: gzip
referrer-policy: no-referrer
server: Apache
date: Tue, 26 Apr 2022 15:35:18 GMT
x-frame-options: sameorigin
x-cache: TCP_HIT
content-type: text/css;charset=UTF-8
x-xss-protection: 1; mode=block
cache-control: max-age=3600, s-maxage=3600
x-azure-ref: 0NhFoYgAAAADVwGZ6EaFiQbMDOCEAMMbIQ0hHRURHRTE2MTQAZTQxNzJiYzEtNGZlZS00M2U2LWE3ZTgtMzVkZjVjYWQ3MDNl
x-azure-ref-originshield: 0jw1oYgAAAACwGcGv4IOyTLjXwtRhu3vgRVdSMzBFREdFMDUxOABlNDE3MmJjMS00ZmVlLTQzZTYtYTdlOC0zNWRmNWNhZDcwM2U=
vary: Accept-Encoding
content-length: 1481
x-content-type-options: nosniff

GET
H2 200 eset-wls-dark-header-1.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/ 3 KB
1 KB 52ms
52ms Image
image/svg+xml 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/eset-wls-dark-header-1.svg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f0edf4ed283d119399dcb7025914b6a68a187667085bcbc49fe91db20f952cc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Mar 2022 14:41:59 GMT
etag: W/"6218cb9c-bb2"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
date: Tue, 26 Apr 2022 15:35:18 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1049
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:54:55 GMT

GET
H2 200 eset-wls-dark-header-2.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/ 3 KB
1 KB 56ms
54ms Image
image/svg+xml 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/eset-wls-dark-header-2.svg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

35ccbb14f6d8b7ed5eb03728f94221f27ed194ae83b32c40315d531f49b10bc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 17:14:26 GMT
etag: W/"621cba3d-a8a"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
date: Tue, 26 Apr 2022 15:35:18 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1107
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:46:21 GMT

GET
H2 200 eset-wls-light-header-1.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/ 3 KB
1 KB 56ms
54ms Image
image/svg+xml 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/eset-wls-light-header-1.svg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5813b04bb0c879b76179735995127ddc2af1867f42d4a4b5a8d7c3103f348b05

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 17:01:59 GMT
etag: W/"62089c79-bc1"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
date: Tue, 26 Apr 2022 15:35:18 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1059
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:47:10 GMT

GET
H2 200 eset-wls-light-header-2.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/ 2 KB
1 KB 58ms
56ms Image
image/svg+xml 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/eset-wls-light-header-2.svg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

12c42fa79dc321e56bb3c23008cacf7a79771bab4fa61f765556e24ba13a89ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 15:39:13 GMT
etag: W/"620b9f4d-967"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
date: Tue, 26 Apr 2022 15:35:18 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=3
content-length: 986
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:37:48 GMT

GET
H2 200 twitter_profile_picture_400x400-222x179.png
www.welivesecurity.com/wp-content/uploads/2022/03/ 33 KB
33 KB 62ms
60ms Image
image/png 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/03/twitter_profile_picture_400x400-222x179.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

730d4b3194f10a8c177046e001a83e0391e3b6ef2f1386d368a51c2433a98127

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Mar 2022 12:31:36 GMT
etag: "6220b528-8287"
content-type: image/png
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Tue, 26 Apr 2022 15:35:18 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=2
accept-ranges: bytes
content-length: 33415
x-content-type-options: nosniff
expires: Wed, 01 Jun 2022 12:40:57 GMT

GET
H2 200 Figure-1.-Code-signing-certificate-assigned-to-Hermetic-Digital-Ltd-1024x607.png
www.welivesecurity.com/wp-content/uploads/2022/03/ 375 KB
376 KB 87ms
85ms Image
image/png 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/03/Figure-1.-Code-signing-certificate-assigned-to-Hermetic-Digital-Ltd-1024x607.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2230603b8ba7c0020fd16a1582d087decbc8381475e125271c2e13530f1592d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 01 Mar 2022 11:35:47 GMT
etag: "621e0513-5dc32"
content-type: image/png
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Tue, 26 Apr 2022 15:35:18 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=20
accept-ranges: bytes
content-length: 384050
x-content-type-options: nosniff
expires: Sat, 23 Jul 2022 20:43:52 GMT

GET
H2 200 Figure-2.-Timeline-of-important-events-1024x606.png
www.welivesecurity.com/wp-content/uploads/2022/03/ 217 KB
218 KB 103ms
101ms Image
image/png 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/03/Figure-2.-Timeline-of-important-events-1024x606.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

d34bbac8aeb622f108a95c454c22cf791d514432d9118ed19aabf361e4bed34c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 01 Mar 2022 11:37:06 GMT
etag: "621e0562-3636b"
content-type: image/png
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Tue, 26 Apr 2022 15:35:18 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=25
accept-ranges: bytes
content-length: 222059
x-content-type-options: nosniff
expires: Sun, 10 Jul 2022 18:44:55 GMT

GET
H2 200 Figure-3.-HermeticRansom%E2%80%99s-ransom-note-1024x471.png
www.welivesecurity.com/wp-content/uploads/2022/03/ 253 KB
254 KB 86ms
84ms Image
image/png 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/03/Figure-3.-HermeticRansom%E2%80%99s-ransom-note-1024x471.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

18fc4c578d185b0c9979c16e1c6b431e3079b3b06b98d56995a29ab7a90bdfe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 01 Mar 2022 11:37:51 GMT
etag: "621e058f-3f513"
content-type: image/png
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Tue, 26 Apr 2022 15:35:18 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=12
accept-ranges: bytes
content-length: 259347
x-content-type-options: nosniff
expires: Sat, 16 Jul 2022 19:28:10 GMT

GET
H2 200 bandook-bandidos-eti-cta.png
www.welivesecurity.com/wp-content/uploads/2021/07/ 47 KB
47 KB 71ms
69ms Image
image/png 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2021/07/bandook-bandidos-eti-cta.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

16446c63d4890cf1704eff93c7d261c1b1b950877ec708a49b380aaa6bc88195

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 07 Jul 2021 07:16:27 GMT
etag: "60e554cb-baae"
content-type: image/png
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Tue, 26 Apr 2022 15:35:18 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=3
accept-ranges: bytes
content-length: 47790
x-content-type-options: nosniff
expires: Mon, 18 Jul 2022 00:10:35 GMT

GET
H2 200 uefi-secure-lenovo-laptops-vulnerabilities-research-623x415.jpg
www.welivesecurity.com/wp-content/uploads/2022/04/ 24 KB
24 KB 84ms
82ms Image
image/jpeg 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/04/uefi-secure-lenovo-laptops-vulnerabilities-research-623x415.jpg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

db4802cdd77ee321f64c129088ac127ae97f09f283e9d90ef66e352a8e36340d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 11 Apr 2022 07:03:58 GMT
etag: "6253d2de-5e49"
content-type: image/jpeg
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Tue, 26 Apr 2022 15:35:18 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 24137
x-content-type-options: nosniff
expires: Mon, 18 Jul 2022 11:30:06 GMT

GET
H2 200 zloader-botnets-disruption-eset-global-operation-623x415.jpg
www.welivesecurity.com/wp-content/uploads/2022/04/ 82 KB
83 KB 128ms
126ms Image
image/jpeg 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/04/zloader-botnets-disruption-eset-global-operation-623x415.jpg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

1377c33abb24c615100b47c8d905ef0299112a22d097511cc569337b9633f21e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 03 Apr 2022 22:10:02 GMT
etag: "624a1b3a-1495a"
content-type: image/jpeg
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Tue, 26 Apr 2022 15:35:18 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=2
accept-ranges: bytes
content-length: 84314
x-content-type-options: nosniff
expires: Tue, 12 Jul 2022 16:29:06 GMT

GET
H2 200 industroyer2-malware-attack-ukraine-623x415.jpg
www.welivesecurity.com/wp-content/uploads/2022/04/ 47 KB
47 KB 139ms
138ms Image
image/jpeg 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/04/industroyer2-malware-attack-ukraine-623x415.jpg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fb07128372b2a8280ebd49f16bd784e55ae2c6162bb1be7fd7b9f18b6aa40ebf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 14 Apr 2022 10:32:32 GMT
etag: "6257f840-bacf"
content-type: image/jpeg
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Tue, 26 Apr 2022 15:35:18 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=2
accept-ranges: bytes
content-length: 47823
x-content-type-options: nosniff
expires: Wed, 13 Jul 2022 12:15:31 GMT

GET
H2 200 cyberattacks-nation-states-cyber-warfare-623x415.jpg
www.welivesecurity.com/wp-content/uploads/2022/03/ 61 KB
61 KB 148ms
147ms Image
image/jpeg 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/03/cyberattacks-nation-states-cyber-warfare-623x415.jpg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

63119c22e3d2c8906bdd3bc5257f676496b0f3233345fbc45bc566b4dcf73a6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Mar 2022 13:00:01 GMT
etag: "623c6b51-f313"
content-type: image/jpeg
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Tue, 26 Apr 2022 15:35:18 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=7
accept-ranges: bytes
content-length: 62227
x-content-type-options: nosniff
expires: Wed, 22 Jun 2022 16:07:47 GMT

GET
H2 200 eset-wls-footer-1.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/ 3 KB
1 KB 148ms
147ms Image
image/svg+xml 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/eset-wls-footer-1.svg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

7df5345a52f22643ef051bf74f41d9a5a5644d5e699480a81ae8825b8ab5e533

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 15:50:57 GMT
etag: W/"6218cb9c-be5"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
date: Tue, 26 Apr 2022 15:35:18 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=4
content-length: 1087
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:47:11 GMT

GET
H2 200 eset-wls-footer-2.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/ 3 KB
1 KB 157ms
155ms Image
image/svg+xml 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/eset-wls-footer-2.svg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e22e3416c5b454c2fc3c8e8185b478647446789abbee258ec18a5791880eaf1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 15:56:55 GMT
etag: W/"62089d0c-a0b"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
date: Tue, 26 Apr 2022 15:35:18 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=3
content-length: 1058
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:47:11 GMT

GET
H2 200 main.js Show response
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/js/ 318 KB
88 KB 57ms
57ms Script
application/javascript 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/js/main.js?id=fef3139dcedd23afc232

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

822800703045ecbccb15cff577f1f09d9b4efee6ae916396a6aceb3f6544b9a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 15:39:30 GMT
etag: W/"620b9f4d-4f74a"
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public
date: Tue, 26 Apr 2022 15:35:18 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 89989
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:37:48 GMT

GET
H2 200 crayon.min.js Show response
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/static/js/ 22 KB
6 KB 62ms
62ms Script
application/javascript 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/static/js/crayon.min.js

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

193fbb968733b8a7049da19274546e6b80b76e9a8f1b837fee9a5fdeb8f97c7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 15:48:39 GMT
etag: W/"62089d0c-5741"
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public
date: Tue, 26 Apr 2022 15:35:18 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=4
content-length: 6050
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:46:15 GMT

GET
H2 200 comment_count.js Show response
www.welivesecurity.com/wp-content/plugins/disqus-comment-system/public/js/ 889 B
628 B 53ms
52ms Script
application/javascript 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.16

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 16:50:36 GMT
etag: W/"62089d10-379"
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public
date: Tue, 26 Apr 2022 15:35:18 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 307
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:52:51 GMT

GET
H2 200 comment_embed.js Show response
www.welivesecurity.com/wp-content/plugins/disqus-comment-system/public/js/ 1 KB
700 B 52ms
52ms Script
application/javascript 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.16

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f055e217bde76d711bd8b42af773f9f99b8a29d81ad9ed10b6379cc7e6c60452

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 15:47:07 GMT
etag: W/"62089d05-47e"
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public
date: Tue, 26 Apr 2022 15:35:18 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 379
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:46:15 GMT

GET
H2 200 app.min.js Show response
assets.esetstatic.com/3PR/ 20 KB
5 KB 31ms
31ms Script
application/javascript 2620:1ec:46::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.esetstatic.com/3PR/app.min.js

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:46::40 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

7344c63c6a0d89b69a485af2ec5bcc1cad983150613510439371d5293ed1cc46

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000;
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=2592000;
content-encoding: gzip
referrer-policy: no-referrer
server: Apache
date: Tue, 26 Apr 2022 15:35:18 GMT
x-frame-options: sameorigin
x-cache: TCP_HIT
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=3600, s-maxage=3600
x-azure-ref: 0NhFoYgAAAAAyKUWcqmY6TpX35E6pSHAbQ0hHRURHRTE2MTQAZTQxNzJiYzEtNGZlZS00M2U2LWE3ZTgtMzVkZjVjYWQ3MDNl
x-azure-ref-originshield: 0ywhoYgAAAACB6jRliEFHRp556v6aUdLaRVdSMzBFREdFMDUwNgBlNDE3MmJjMS00ZmVlLTQzZTYtYTdlOC0zNWRmNWNhZDcwM2U=
vary: Accept-Encoding
content-length: 4904
x-content-type-options: nosniff

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 228 KB
79 KB 91ms
41ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PMDGSM

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

878ac17f57fe6802247164bd01bc25c4a666ad36935fac79d81608e91220a0a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:35:18 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 80037
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 26 Apr 2022 15:35:18 GMT

GET
H2 200 ai.0.js Show response
az416426.vo.msecnd.net/scripts/a/ 94 KB
22 KB 76ms
18ms Script
application/x-javascript 2606:2800:11f:17a5:191a:18d5:537:22f9
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Requested by: Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:11f:17a5:191a:18d5:537:22f9 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (nya/79DC) /
Resource Hash: 5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 26 Apr 2022 15:35:18 GMT
content-encoding: gzip
x-ms-meta-lastmodified: 2020-10-01 19:31:04
content-md5: HdY95yzx9wIyQkVEGES+Ew==
age: 1640
x-cache: HIT
content-length: 22495
x-ms-lease-status: unlocked
last-modified: Thu, 11 Mar 2021 07:46:59 GMT
server: ECAcc (nya/79DC)
etag: 0x8D8E461DA1A5889
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 70d5dee9-801e-0006-717f-59dbca000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800
x-ms-version: 2009-09-19
expires: Tue, 26 Apr 2022 16:05:18 GMT

GET
H2 200 7R9SM-QGSYF-QDLJK-UETXR-SPM6B Show response
s.go-mpulse.net/boomerang/ 205 KB
49 KB 167ms
54ms Script
application/javascript 2600:141b:5000:697::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B
Requested by: Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:141b:5000:697::11a6 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:35:18 GMT
content-encoding: br
last-modified: Wed, 13 Apr 2022 14:37:21 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
timing-allow-origin: *
content-length: 50393

GET
H2 200 single-wide-header-fade.png
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/images/ 92 KB
92 KB 157ms
157ms Image
image/png 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/images/single-wide-header-fade.png?5aa0f236a77ebb03d1bf2fbde7c17072

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=b3e7fe8a6c3736dca145

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e2a1c2c0322c2737e986c860da67fbb2b9e93b70527a943b8c35b9d6e81ebb42

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=b3e7fe8a6c3736dca145
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 13 Feb 2022 05:54:10 GMT
etag: "62089d02-16f67"
content-type: image/png
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Tue, 26 Apr 2022 15:35:18 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=8
accept-ranges: bytes
content-length: 94055
x-content-type-options: nosniff
expires: Sun, 29 May 2022 15:46:40 GMT

GET
H2 200 Fedra-Sans-Alt-Book.woff
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/ 40 KB
40 KB 153ms
152ms Font
font/woff 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/Fedra-Sans-Alt-Book.woff?c156eca4ec460dcfa741dfda69fb16d5

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=b3e7fe8a6c3736dca145

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

1ba0ff3994900740a94dc37300b7415b25d642f6ef495afc5ae4e16ae1128e66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=b3e7fe8a6c3736dca145
Origin: https://www.welivesecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 25 Feb 2022 12:29:16 GMT
etag: "6218cb9c-9ff1"
content-type: font/woff
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public
date: Tue, 26 Apr 2022 15:35:18 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 40945
x-content-type-options: nosniff
expires: Tue, 28 Feb 2023 15:46:39 GMT

GET
H2 200 isaacwiper-hermeticwizard-wiper-worm-Ukraine-cyberattacks-malware.jpg
www.welivesecurity.com/wp-content/uploads/2022/03/ 186 KB
187 KB 170ms
170ms Image
image/jpeg 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/03/isaacwiper-hermeticwizard-wiper-worm-Ukraine-cyberattacks-malware.jpg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

dd64ca752834b8f9c5c495a528c7ff54c6538cedd9f380e2106455f60610f613

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 01 Mar 2022 18:56:52 GMT
etag: "621e6c74-2e886"
content-type: image/jpeg
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=7776000, public
date: Tue, 26 Apr 2022 15:35:18 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=22
accept-ranges: bytes
content-length: 190598
x-content-type-options: nosniff
expires: Tue, 05 Jul 2022 13:04:20 GMT

GET
H2 200 li-shield-icon.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/images/ 961 B
793 B 235ms
235ms Image
image/svg+xml 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/images/li-shield-icon.svg?82256d0e5b3abb3d9d256afa85d732a4

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=b3e7fe8a6c3736dca145

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e0c2fd69b7d441b42045d474afe52d2bdbb81a44c8d73e2c8271e4114003d991

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=b3e7fe8a6c3736dca145
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Feb 2022 15:47:09 GMT
etag: W/"62089c79-3c1"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
date: Tue, 26 Apr 2022 15:35:18 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=118
content-length: 487
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 15:47:09 GMT

GET
H2 200 Fedra-Sans-Alt-Bold.woff
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/ 40 KB
40 KB 157ms
157ms Font
font/woff 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/Fedra-Sans-Alt-Bold.woff?0050bbd300d61bbb50d2fff0bb6cd926

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=b3e7fe8a6c3736dca145

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

12f37c0a70377ac636345742e2eb0d2acb70d411612020ae1608193330a5b15d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=b3e7fe8a6c3736dca145
Origin: https://www.welivesecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 18 Apr 2022 13:55:34 GMT
etag: "625d6dd6-9e73"
content-type: font/woff
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public
date: Tue, 26 Apr 2022 15:35:18 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 40563
x-content-type-options: nosniff
expires: Sun, 23 Apr 2023 02:37:57 GMT

GET
H2 200 icomoon.ttf
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/ 4 KB
2 KB 159ms
159ms Font
text/plain 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/icomoon.ttf?45b4319f2445b74719611d0ab85cf93a

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=b3e7fe8a6c3736dca145

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

d33fbf33d2895817029b01cf16d273104474646e4e441988ab4efcfa7563991b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=b3e7fe8a6c3736dca145
Origin: https://www.welivesecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 14 Apr 2022 13:02:09 GMT
etag: W/"62581b51-f94"
vary: Accept-Encoding
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=86400, public
date: Tue, 26 Apr 2022 15:35:18 GMT
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 2195
x-xss-protection: 1; mode=block
expires: Wed, 27 Apr 2022 11:11:49 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
393 B 71ms
19ms Image
image/gif 2607:f8b0:4006:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&cid=119269.26288772166&tid=UA-76266002-27&dl=https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/&t=event&ec=Tracking%20check%20-%20recurring&ea=Script%20loaded&ni=1&cd1=wls&aip=1&z=472028

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::200e Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 16:57:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 81483
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 check.png
cdn1.esetstatic.com/ESET/INT/assets/img/ 68 B
384 B 103ms
21ms Image
image/png 13.225.213.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.esetstatic.com/ESET/INT/assets/img/check.png?country=wls&gcode=scriptLoaded&z=185658
Requested by: Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.213.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-213-72.ewr50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 260865134b6e69ca7bafa9e8ddcd59fb6ffbf727f50a3d2dd186d217c8c79694

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 00:31:43 GMT
via: 1.1 f91b1dd39ce8309d7fc575add365607e.cloudfront.net (CloudFront)
last-modified: Tue, 10 Mar 2020 18:17:48 GMT
server: AmazonS3
age: 54216
etag: "5df0ac2d51cfecbde35e8dd1ba3a8d77"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: EWR50-C1
accept-ranges: bytes
content-length: 68
x-amz-cf-id: EKSGdTqbxfOhW3CGYv91jn1N09WY8O125JsGCGvfGuLnNEzHVpC4xg==

GET
H2 200 Fedra-Sans-Alt-Book-Italic.woff
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/ 40 KB
40 KB 89ms
87ms Font
font/woff 2600:141b:9000::687c:2b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/Fedra-Sans-Alt-Book-Italic.woff?f299cc2feeecf266ff50b5ea8b3a3deb

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=b3e7fe8a6c3736dca145

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::687c:2b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

63a41173db39c92635a87b39eedb581e8a1c3142372ebced441ce927fef343a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=b3e7fe8a6c3736dca145
Origin: https://www.welivesecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 13 Feb 2022 06:00:11 GMT
etag: "62089e6b-9ec0"
content-type: font/woff
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public
date: Tue, 26 Apr 2022 15:35:18 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 40640
x-content-type-options: nosniff
expires: Tue, 28 Feb 2023 15:46:39 GMT

GET
H/1.1 200
OK count.js Show response
welivesecurity.disqus.com/ 1 KB
2 KB 68ms
10ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://welivesecurity.disqus.com/count.js

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.16

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 15:35:18 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 155
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 11 Apr 2022 19:06:38 GMT
Server: nginx
ETag: "62547c3e-367"
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
X-Amz-Cf-Pop: DFW3-C1
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id: Ru_Vq-WyL-atLN-kAGhR0-KVytPL_WDKXW4uNSnyvvuIVKkPvCFqnA==

GET
H/1.1 200
OK embed.js Show response
welivesecurity.disqus.com/ 78 KB
25 KB 109ms
52ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://welivesecurity.disqus.com/embed.js

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.16

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

889001af5829071189d81073dbd54415b89aab539aa60fc082e23059f770d187

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 15:35:18 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 25429
Cross-Origin-Resource-Policy: cross-origin

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 22ms
20ms Script
text/javascript 2607:f8b0:4006:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMDGSM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::200e Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 2876
date: Tue, 26 Apr 2022 14:47:22 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 26 Apr 2022 16:47:22 GMT

GET
H2 200 lounge.63860eb743c7d9d2adf0fa435788abe7.css
c.disquscdn.com/next/embed/styles/ 0
26 KB 96ms
20ms Other
text/css 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Requested by

Host: welivesecurity.disqus.com
URL: https://welivesecurity.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 19:26:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3096545
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26078
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 21 Mar 2022 19:03:40 GMT
server: nginx
etag: "6238cc0c-65de"
content-type: text/css; charset=utf-8
via: 1.1 7f822cbc5468903ff5582a7c6af4c024.cloudfront.net (CloudFront)
expires: Tue, 21 Mar 2023 19:26:14 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: EWR53-C1
timing-allow-origin: *
x-amz-cf-id: rp-jQcrnXrDj-kQ0Pk-8LoXkZ8UJOc4eAayE0stNalvuW8U0tKSwaA==
x-cache-hits: 0

GET
H2 200 common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
c.disquscdn.com/next/embed/ 0
93 KB 110ms
35ms Other
application/javascript 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Requested by

Host: welivesecurity.disqus.com
URL: https://welivesecurity.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 20:31:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 587051
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94755
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 19 Apr 2022 20:21:53 GMT
server: nginx
etag: "625f19e1-17223"
content-type: application/javascript; charset=utf-8
via: 1.1 7f822cbc5468903ff5582a7c6af4c024.cloudfront.net (CloudFront)
expires: Wed, 19 Apr 2023 20:31:08 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: EWR53-C1
timing-allow-origin: *
x-amz-cf-id: 8o9rPF_6i3UEJ78VVofHB5cI2V_72X0hOI_3ijApoiAD2nIP7pMcCg==
x-cache-hits: 0

GET
H2 200 lounge.bundle.d295adc9f72a1145cb03cc5bc681e21c.js
c.disquscdn.com/next/embed/ 0
121 KB 132ms
57ms Other
application/javascript 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.d295adc9f72a1145cb03cc5bc681e21c.js

Requested by

Host: welivesecurity.disqus.com
URL: https://welivesecurity.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Fri, 22 Apr 2022 19:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 332484
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 123217
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Fri, 22 Apr 2022 18:32:47 GMT
server: nginx
etag: "6262f4cf-1e151"
content-type: application/javascript; charset=utf-8
via: 1.1 7f822cbc5468903ff5582a7c6af4c024.cloudfront.net (CloudFront)
expires: Sat, 22 Apr 2023 19:13:55 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: EWR53-C1
timing-allow-origin: *
x-amz-cf-id: AUN642KPyDXByYIRmJkiMjKgz-eknZpfmnDsPcyyY9qntd_Qy_Tqng==
x-cache-hits: 0

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
15 KB 59ms
11ms Other
application/javascript 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: welivesecurity.disqus.com
URL: https://welivesecurity.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 15:35:19 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 15
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 14885
X-XSS-Protection: 1; mode=block

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 19ms
18ms Image
image/gif 2607:f8b0:4006:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=1421812408&t=pageview&_s=1&dl=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&ul=en-us&de=UTF-8&dt=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania%20%7C%20WeLiveSecurity&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&cid=195141670.1650987319&tid=UA-37839312-1&_gid=52804342.1650987319&gtm=2wg4p0PMDGSM&cd1=Crisis%20en%20Ucrania%20-%20Centro%20de%20Recursos%20de%20Seguridad%20Digital&cd2=ESET%20Research&cd3=2.5k-3k&cd4=&cd5=2022-04-26T15%3A35%3A18.915%2B00%3A00&cd6=Office%20Hours&cd7=www.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&cd8=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&cd10=(not%20set)&cd11=es&cd12=not-a-bot&cd25=GTM-PMDGSM&cd33=consent%20not%20set&cd34=consent%20not%20set&z=1213597042

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::200e Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 16:57:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 81484
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 20ms
19ms Image
image/gif 2607:f8b0:4006:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=1421812408&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&ul=en-us&de=UTF-8&dt=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania%20%7C%20WeLiveSecurity&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=cookie%20consent&ea=cookie-consent-visible&_u=YEDAAEAB~&cid=195141670.1650987319&tid=UA-37839312-1&_gid=52804342.1650987319&gtm=2wg4p0PMDGSM&cd1=Crisis%20en%20Ucrania%20-%20Centro%20de%20Recursos%20de%20Seguridad%20Digital&cd2=ESET%20Research&cd3=2.5k-3k&cd4=&cd5=2022-04-26T15%3A35%3A18.954%2B00%3A00&cd6=Office%20Hours&cd7=www.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&cd8=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&cd10=(not%20set)&cd11=es&cd12=not-a-bot&cd25=GTM-PMDGSM&cd33=consent%20not%20set&cd34=consent%20not%20set&z=2036260544

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::200e Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 25 Apr 2022 16:57:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 81484
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ 3 KB
1 KB 155ms
102ms XHR
application/json 2600:141b:13:699::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=7R9SM-QGSYF-QDLJK-UETXR-SPM6B&d=www.welivesecurity.com&t=5503291&v=1.720.0&sl=0&si=624e8ef7-f2dd-4c9d-8ff8-b0775aaa5cdc-raydyu&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=757730
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:141b:13:699::11a6 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b6cf3e3da5f3d59ae2d23f2060d1c42732b1e90d540e0901a7412eed7bd390b8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 15:35:19 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 710

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame 863F 8 KB
5 KB 67ms
67ms Document
text/html 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es

Requested by

Host: welivesecurity.disqus.com
URL: https://welivesecurity.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

35ce72d85ac20c855ec514d68c3d7d252fdcd2b17728d3f0d5653b93df69033a

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Age: 0
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 3313
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Tue, 26 Apr 2022 15:35:19 GMT
ETag: W/"lounge:view:9050718870.93201d05a672639c1b9c1f2b5ae7bc32.2"
Last-Modified: Wed, 02 Mar 2022 05:29:57 GMT
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Referrer-Policy: no-referrer-when-downgrade
Server: nginx
Strict-Transport-Security: max-age=300; includeSubdomains
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"

OPTIONS
H2 200 track
dc.services.visualstudio.com/v2/ Frame 0
0 293ms
28ms Preflight 40.71.12.237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.71.12.237 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,sdk-context
Access-Control-Request-Method: POST
Origin: https://www.welivesecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 3600
content-length: 0
date: Tue, 26 Apr 2022 15:35:18 GMT
x-content-type-options: nosniff

POST
H2 200 track Show response
dc.services.visualstudio.com/v2/ 96 B
304 B 577ms
577ms XHR
application/json 40.71.12.237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.71.12.237 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

0d12043c7051fe9e78060b7ae447ec5aa8bfa744dd5520fb12e745a2bb0076da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
accept-language: en-CA,en;q=0.9
Sdk-Context: appId
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-type: application/json

Response headers

x-ms-session-id: 2B55C443-F97E-4888-AB9E-320201BFBF17
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Tue, 26 Apr 2022 15:35:19 GMT
access-control-max-age: 3600
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Cache-Control, Sdk-Context
content-length: 96

GET
H2 200 lounge.load.48980166e0153f33375a5a0d60b5e441.js Show response
c.disquscdn.com/next/embed/ Frame 863F 958 B
1 KB 54ms
17ms Script
application/javascript 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.48980166e0153f33375a5a0d60b5e441.js

Requested by

Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ec934eecf474af1cbf210cb0b23f14f407f7d6960eb2bd25bee29e4038cd5e08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
Origin: https://disqus.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Fri, 22 Apr 2022 19:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 332484
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 493
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Fri, 22 Apr 2022 18:32:47 GMT
server: nginx
etag: "6262f4cf-1ed"
content-type: application/javascript; charset=utf-8
via: 1.1 1089f52bc4f4516fdbd56d5c71d181e8.cloudfront.net (CloudFront)
expires: Sat, 22 Apr 2023 19:13:55 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: EWR53-C1
timing-allow-origin: *
x-amz-cf-id: iUKrgevw9eTofmmoRKzSMM91PTBeJ7NqABgaNdIl7b1stssLzowing==
x-cache-hits: 0

POST
H2 204 /
68794907.akstat.io/ 0
207 B 205ms
111ms Ping
image/gif 2600:141b:5000:697::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://68794907.akstat.io/

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2600:141b:5000:697::11a6 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 26 Apr 2022 15:35:19 GMT
content-type: image/gif
access-control-allow-origin: https://www.welivesecurity.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 0
expires: Tue, 26 Apr 2022 15:35:19 GMT

GET
H2 200 common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js Show response
c.disquscdn.com/next/embed/ Frame 863F 282 KB
93 KB 19ms
18ms Script
application/javascript 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.48980166e0153f33375a5a0d60b5e441.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

64cee676a611b27aca955c5e227666f9d955682512ec25b982bd5e2f92eb61dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 20:31:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 587051
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94755
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 19 Apr 2022 20:21:53 GMT
server: nginx
etag: "625f19e1-17223"
content-type: application/javascript; charset=utf-8
via: 1.1 7f822cbc5468903ff5582a7c6af4c024.cloudfront.net (CloudFront)
expires: Wed, 19 Apr 2023 20:31:08 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: EWR53-C1
timing-allow-origin: *
x-amz-cf-id: foudqyn2kTogJ4q8bRbq8Z-g8UNTWXd9-EwbKp4iRww3Z-Un5n08FA==
x-cache-hits: 0

GET
H2 200 lounge.63860eb743c7d9d2adf0fa435788abe7.css
c.disquscdn.com/next/embed/styles/ Frame 863F 165 KB
26 KB 23ms
23ms Stylesheet
text/css 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

8784042e14531617c1aef40d7623d3dd1d0b24730721c779e0c3ae86ed03990e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 19:26:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3096545
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26078
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 21 Mar 2022 19:03:40 GMT
server: nginx
etag: "6238cc0c-65de"
content-type: text/css; charset=utf-8
via: 1.1 7f822cbc5468903ff5582a7c6af4c024.cloudfront.net (CloudFront)
expires: Tue, 21 Mar 2023 19:26:14 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: EWR53-C1
timing-allow-origin: *
x-amz-cf-id: lwywe9VbgHsEr4g1qsBMCkTmk_3cl882Mq8hNImFK8aUHLmXNODMRg==
x-cache-hits: 0

GET
H2 200 lounge.bundle.d295adc9f72a1145cb03cc5bc681e21c.js Show response
c.disquscdn.com/next/embed/ Frame 863F 476 KB
121 KB 22ms
22ms Script
application/javascript 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.d295adc9f72a1145cb03cc5bc681e21c.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

7e49288cded16fd39b68f9a4c511e863ea5d03bef945cbc84ca5c1a8544664a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Fri, 22 Apr 2022 19:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 332484
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 123217
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Fri, 22 Apr 2022 18:32:47 GMT
server: nginx
etag: "6262f4cf-1e151"
content-type: application/javascript; charset=utf-8
via: 1.1 7f822cbc5468903ff5582a7c6af4c024.cloudfront.net (CloudFront)
expires: Sat, 22 Apr 2023 19:13:55 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: EWR53-C1
timing-allow-origin: *
x-amz-cf-id: AoJ53xews9hQrb_xkFixEEVolBPz2WpwJBPwuTjLXPgMGIfu1XOOvw==
x-cache-hits: 0

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame 863F 15 KB
15 KB 12ms
12ms Script
application/javascript 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e5f134c0c0d2b5be74c93255752f80fb05e1e644bf09273aa92ebde8e706fc99

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 15:35:19 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 15
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 14885
X-XSS-Protection: 1; mode=block

GET
H2 404 es.js
c.disquscdn.com/next/current/embed/lang/ Frame 863F 0
0 20ms
19ms Script
text/html 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.disquscdn.com/next/current/embed/lang/es.js
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame 863F 4 KB
4 KB 39ms
39ms XHR
application/json 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=welivesecurity&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a6a468c14177dcc22e8a5f340e7d99593f254708bd58b6ce819a343cb712b540

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
X-Requested-With: XMLHttpRequest
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 15:35:19 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 3899
X-XSS-Protection: 1; mode=block

GET
H/1.1

200
OK

results.txt Show response
su4jtmvyk6wuqytice3q-pf211c-b32daf93e-clientnsv4-s.akamaihd.net/eum/
Redirect Chain

https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=pf211cbcz
https://su4jtmvyk6wuqytice3q-pf211c-b32daf93e-clientnsv4-s.akamaihd.net/eum/results.txt

8 B
312 B

332ms
20ms

XHR
text/plain

184.87.173.72
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://su4jtmvyk6wuqytice3q-pf211c-b32daf93e-clientnsv4-s.akamaihd.net/eum/results.txt
Protocol: HTTP/1.1
Server: 184.87.173.72 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a184-87-173-72.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 15:35:19 GMT
Last-Modified: Wed, 08 May 2013 07:51:12 GMT
Server: AkamaiNetStorage
ETag: "402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8

Redirect headers

Location: https://su4jtmvyk6wuqytice3q-pf211c-b32daf93e-clientnsv4-s.akamaihd.net/eum/results.txt
Date: Tue, 26 Apr 2022 15:35:19 GMT
Server: AkamaiGHost
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0

GET
H/1.1

200
OK

results.txt Show response
eydvgaaamb4gojqacqnvaaaaabrgqejx-pf211c-01256956f-clienttons-s.akamaihd.net/eum/
Redirect Chain

https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=pf211cbcz
https://eydvgaaamb4gojqacqnvaaaaabrgqejx-pf211c-01256956f-clienttons-s.akamaihd.net/eum/results.txt

8 B
312 B

238ms
50ms

XHR
text/plain

2600:141b:5000::173f:4c19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://eydvgaaamb4gojqacqnvaaaaabrgqejx-pf211c-01256956f-clienttons-s.akamaihd.net/eum/results.txt
Protocol: HTTP/1.1
Server: 2600:141b:5000::173f:4c19 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 15:35:19 GMT
Last-Modified: Wed, 08 May 2013 07:51:12 GMT
Server: AkamaiNetStorage
ETag: "402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8

Redirect headers

Location: https://eydvgaaamb4gojqacqnvaaaaabrgqejx-pf211c-01256956f-clienttons-s.akamaihd.net/eum/results.txt
Date: Tue, 26 Apr 2022 15:35:19 GMT
Server: AkamaiGHost
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0

GET
H/1.1 200
OK loadReactions Show response
disqus.com/api/3.0/threadReactions/ Frame 863F 1 KB
2 KB 51ms
50ms XHR
application/json 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/threadReactions/loadReactions?thread=9050718870&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

92a9c26ff6f6e2d12c12c34a232a09de772baeffedca24cae54705b192d3460b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
X-Requested-With: XMLHttpRequest
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 15:35:19 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cache-Control: stale-while-revalidate=30, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 1351
X-XSS-Protection: 1; mode=block

GET
H2 200 avatar92.jpg
c.disquscdn.com/uploads/forums/215/2520/ Frame 863F 3 KB
3 KB 18ms
18ms Image
image/jpeg 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/uploads/forums/215/2520/avatar92.jpg?1422638690

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

55c9540888569c09e72cbfbadbe3a3fe888b0a3dec19d5a6fd085dcf09162cc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 10 May 2021 14:31:38 GMT
via: 1.1 7f822cbc5468903ff5582a7c6af4c024.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 30330221
x-cache: Hit from cloudfront
content-length: 3039
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Fri, 30 Jan 2015 17:24:51 GMT
server: nginx
etag: "24223861b0bcda3344ae2ab0243903e2"
content-type: image/jpeg
expires: Tue, 10 May 2022 14:31:38 GMT
cache-control: max-age=31536000, public, immutable
x-amz-cf-pop: EWR53-C1
accept-ranges: bytes
x-amz-cf-id: hNIYX_Wd0tAE_1FrPB6GhM9NyUja9LASlk3CkyNnuRyn7Fur5z6gqw==
x-cache-hits: 0

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame 863F 13 KB
13 KB 18ms
18ms Image
image/svg+xml 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 22 Feb 2022 13:24:20 GMT
via: 1.1 7f822cbc5468903ff5582a7c6af4c024.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 5451059
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 15 Feb 2022 19:58:21 GMT
server: nginx
etag: "620c05dd-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
expires: Wed, 22 Feb 2023 13:24:20 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: EWR53-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: X0YU8WG22THQ4bBOe6TMbUVGOL_ePsHt15LZOOLAwZJeOTGpigr3Jw==
x-cache-hits: 0

GET
H2 200 loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame 863F 3 KB
3 KB 18ms
18ms Image
image/gif 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 26 Sep 2021 08:36:58 GMT
via: 1.1 7f822cbc5468903ff5582a7c6af4c024.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 18341901
x-cache: Hit from cloudfront
content-length: 2971
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Thu, 23 Sep 2021 18:58:09 GMT
server: nginx
etag: "614cce41-b9b"
content-type: image/gif
access-control-allow-origin: *
expires: Mon, 26 Sep 2022 08:36:58 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: EWR53-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: Cgunmxh_tzM_BOGmtycHo8nqfMHFnS2m1kF563_dxF4SN79OKHjKrg==
x-cache-hits: 0

GET
H2 200 sprite.ad630a07080a45451f139a7487853ff8.png
c.disquscdn.com/next/embed/assets/img/ Frame 863F 2 KB
2 KB 18ms
18ms Image
image/png 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 19:47:47 GMT
via: 1.1 7f822cbc5468903ff5582a7c6af4c024.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 18647252
x-cache: Hit from cloudfront
content-length: 1763
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 22 Sep 2021 19:30:27 GMT
server: nginx
etag: "614b8453-6e3"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 22 Sep 2022 19:47:47 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: EWR53-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: BTG2ESA2SQEjLqVbBa-EbPnHuO4cEOAGN1GYSfULIuRx3A0iPuQgHA==
x-cache-hits: 0

GET
H2 200 icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame 863F 8 KB
8 KB 18ms
18ms Font
application/octet-stream 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
Origin: https://disqus.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 13:21:31 GMT
via: 1.1 1089f52bc4f4516fdbd56d5c71d181e8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 8028
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 7900
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Fri, 22 Apr 2022 18:32:47 GMT
server: nginx
etag: "6262f4cf-1edc"
content-type: application/octet-stream
access-control-allow-origin: *
expires: Wed, 26 Apr 2023 13:21:31 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: EWR53-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: pjlEeaoOffS_y9qPDo6ZdL9FvdouuNO9y2SLsvBHBQL6XTpQBMxQ6g==
x-cache-hits: 0

GET
H2 200 upvote-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 863F 8 KB
8 KB 21ms
20ms Image
image/png 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/upvote-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:34:50 GMT
via: 1.1 7f822cbc5468903ff5582a7c6af4c024.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 29
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8170
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Fri, 22 Apr 2022 18:32:47 GMT
server: nginx
etag: "6262f4cf-1fea"
content-type: image/png
access-control-allow-origin: *
expires: Tue, 26 Apr 2022 15:39:50 GMT
cache-control: max-age=300, public
x-amz-cf-pop: EWR53-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: daQiFz63X1jivpXJDxdqO5GasLWzdZshcY9Ao4d72AMzWKWBko_7uQ==
x-cache-hits: 0

GET
H2 200 funny-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 863F 9 KB
9 KB 20ms
18ms Image
image/png 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/funny-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:33:42 GMT
via: 1.1 7f822cbc5468903ff5582a7c6af4c024.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 97
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8883
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Fri, 22 Apr 2022 18:32:47 GMT
server: nginx
etag: "6262f4cf-22b3"
content-type: image/png
access-control-allow-origin: *
expires: Tue, 26 Apr 2022 15:38:42 GMT
cache-control: max-age=300, public
x-amz-cf-pop: EWR53-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: nMOt8hAb5g7zX0gU1vL-Skx_pFHNs-uKG3ZLa6FTql9zJPg2wOkXFQ==
x-cache-hits: 0

GET
H2 200 love-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 863F 12 KB
12 KB 20ms
18ms Image
image/png 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/love-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:55 GMT
via: 1.1 7f822cbc5468903ff5582a7c6af4c024.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 144
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 11910
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Fri, 22 Apr 2022 18:32:47 GMT
server: nginx
etag: "6262f4cf-2e86"
content-type: image/png
access-control-allow-origin: *
expires: Tue, 26 Apr 2022 15:37:55 GMT
cache-control: max-age=300, public
x-amz-cf-pop: EWR53-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 90vXwyeu9psDCufxKLzYRreZ1NQxk1ltsE29R_uvEYx0r2NeQVwbsw==
x-cache-hits: 0

GET
H2 200 surprised-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 863F 7 KB
8 KB 21ms
19ms Image
image/png 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/surprised-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4e14ce1bd0d4433eee84cbb16196a7a051126f07af888ef7f9d252120f32f907

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:34:54 GMT
via: 1.1 7f822cbc5468903ff5582a7c6af4c024.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 29
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 7308
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Fri, 22 Apr 2022 18:32:47 GMT
server: nginx
etag: "6262f4cf-1c8c"
content-type: image/png
access-control-allow-origin: *
expires: Tue, 26 Apr 2022 15:39:50 GMT
cache-control: max-age=300, public
x-amz-cf-pop: EWR53-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: gkg06iH2Sh850SyJbG2SQkmON2IBrBuER0RKgJ6n7dCjri91PfGNIw==
x-cache-hits: 0

GET
H2 200 angry-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 863F 20 KB
21 KB 21ms
20ms Image
image/png 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/angry-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

db865c8f3642f3485829c0ee0008fe04a32cc66af70867b39f60395a7fed3984

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:34:16 GMT
via: 1.1 7f822cbc5468903ff5582a7c6af4c024.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 63
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 20675
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Fri, 22 Apr 2022 18:32:47 GMT
server: nginx
etag: "6262f4cf-50c3"
content-type: image/png
access-control-allow-origin: *
expires: Tue, 26 Apr 2022 15:39:16 GMT
cache-control: max-age=300, public
x-amz-cf-pop: EWR53-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: Gjwt5mt1_Re4_m5m-05EsNOGshfD2GYVTRyQ7rDVRHs8aCaAn0TJAA==
x-cache-hits: 0

GET
H2 200 sad-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 863F 9 KB
9 KB 22ms
21ms Image
image/png 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/sad-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

11c401a81e32b086bea3798c033009907b429fb601411da6ffc266b78184898a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:31:13 GMT
via: 1.1 7f822cbc5468903ff5582a7c6af4c024.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 246
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8986
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Fri, 22 Apr 2022 18:32:47 GMT
server: nginx
etag: "6262f4cf-231a"
content-type: image/png
access-control-allow-origin: *
expires: Tue, 26 Apr 2022 15:36:13 GMT
cache-control: max-age=300, public
x-amz-cf-pop: EWR53-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: obTldVgApfvgjgn411UwI17ESj9duONih74Rr7n-pCQi82z4csFDZw==
x-cache-hits: 0

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame 863F 13 KB
13 KB 23ms
23ms Image
image/svg+xml 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 22 Feb 2022 13:24:20 GMT
via: 1.1 7f822cbc5468903ff5582a7c6af4c024.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 5451059
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 15 Feb 2022 19:58:21 GMT
server: nginx
etag: "620c05dd-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
expires: Wed, 22 Feb 2023 13:24:20 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: EWR53-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: E8bjI_LTvRFjd7kDDyo_-GpaGet2rr-W_s1UEdnMhJ-SWFFbHg3Gkg==
x-cache-hits: 0

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ Frame 863F 3 KB
2 KB 60ms
18ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c9542e88460bb259d8901db3b19609f30b0f4963d26a84fce49db015b08f5cd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: YtQ9KVokGtLcxDYllIcM1g==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
expires: Tue, 26 Apr 2022 15:38:35 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: zj+qNmsNlU43HScb+nvt0qBGc9DsjCFUUY+W5bX23TSNTxoq+3c3vAfwVqAGUOUieJwr8OCItQcdk9Ndj1SSCQ==
x-fb-trip-id: 1512268381
x-fb-content-md5: 1cbddb4a9eac786031fef84b53349162
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Tue, 26 Apr 2022 15:35:19 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "f165a4dabd9ab66300ceb3cfe1e25a94"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 api.js Show response
apis.google.com/js/ Frame 863F 14 KB
6 KB 129ms
79ms Script
text/javascript 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/api.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07eb93ac65bb359ad3d97cdf04b1744de9d3ecc0ac35b81e906cfb3bfb38d491

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5541
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
date: Tue, 26 Apr 2022 15:35:19 GMT
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "9464a0b09e1c963a"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Apr 2022 15:35:19 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ Frame 863F 283 KB
81 KB 44ms
19ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=9f50bef2f98fa21a5e8479e8241a1d19

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

76f71887e3b7f713d0ad1a9829332aa0463e713f5998a3ad37c38ff2d8ab2162

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
Origin: https://disqus.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: ajku5z0Zqp2jAhyg0D5Heg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
expires: Wed, 26 Apr 2023 13:17:57 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 82884
x-fb-rlafr: 0
x-fb-debug: l2LEN1xF7U4nSrjDbiNwVOUnQ3BZMpuwKUIlY4xl2pd8eUtIf8dAfLiGrc9nlQZnv/YwQeq2bHkSZuHmyQgKeg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 9deb593c00d2f0e9f474cd693b4b2768
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 26 Apr 2022 15:35:19 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "2550c6fa5791ada30010bb8ce42124b6"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.iTmf4rxOyWc.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-LTnDn-AS2QlMWYZdnaV1OuFR7Iw/ Frame 863F 108 KB
36 KB 62ms
20ms Script
text/javascript 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.iTmf4rxOyWc.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-LTnDn-AS2QlMWYZdnaV1OuFR7Iw/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1757f7a288131ceeb5bc1276d57640278bc5eecbbcae016189c274981d2b45c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Thu, 21 Apr 2022 00:34:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 486060
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36550
x-xss-protection: 0
last-modified: Mon, 21 Mar 2022 15:20:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 21 Apr 2023 00:34:19 GMT

GET
H2 200 status
www.facebook.com/x/oauth/ Frame 863F 0
0 71ms
33ms Fetch
text/plain 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?ancestor_origins=https%3A%2F%2Fwww.welivesecurity.com&client_id=52254943976&input_token&origin=1&redirect_uri=https%3A%2F%2Fdisqus.com%2Fembed%2Fcomments%2F%3Fbase%3Ddefault%26f%3Dwelivesecurity%26t_i%3D159856%2520https%253A%252F%252Fbackend.welivesecurity.com%252F%253Fp%253D159856%26t_u%3Dhttps%253A%252F%252Fwww.welivesecurity.com%252Fla-es%252F2022%252F03%252F02%252Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%252F%26t_e%3DIsaacWiper%2520y%2520HermeticWizard%253A%2520un%2520nuevo%2520wiper%2520y%2520worm%2520utilizados%2520en%2520ciberataques%2520a%2520Ucrania%26t_d%3DIsaacWiper%2520y%2520HermeticWizard%253A%2520un%2520nuevo%2520wiper%2520y%2520worm%2520utilizados%2520en%2520ciberataques%2520a%2520Ucrania%26t_t%3DIsaacWiper%2520y%2520HermeticWizard%253A%2520un%2520nuevo%2520wiper%2520y%2520worm%2520utilizados%2520en%2520ciberataques%2520a%2520Ucrania%26s_o%3Ddefault%26l%3Des%23version%3D48980166e0153f33375a5a0d60b5e441&sdk=joey&wants_cookie_data=false

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: Rb+7ENVLzNmhh/2xcI2AcCeWTFzWUU0oEE18tFQHoQUJFTdH31ztpdk1YzhGvzdf0qHUD/QTFzggWt8mbyjX7w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
fb-s: unknown
date: Tue, 26 Apr 2022 15:35:19 GMT
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://disqus.com
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 iframe Show response
accounts.google.com/o/oauth2/ Frame 679D 283 B
1 KB 97ms
49ms Document
text/html 2607:f8b0:4006:817::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframe

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.iTmf4rxOyWc.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-LTnDn-AS2QlMWYZdnaV1OuFR7Iw/cb=gapi.loaded_0?le=scs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200d Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1d3e1d3cc8ad05f02d0d3adba65f0db29655fd7d15d565835defe380f900241e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-+5eyS8qFfA8DiKEkCE6XDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-+5eyS8qFfA8DiKEkCE6XDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Tue, 26 Apr 2022 15:35:19 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
server: ESF
strict-transport-security: max-age=31536000; includeSubDomains
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 400 cspreport
accounts.google.com/_/IdpIFrameHttp/ Frame 679D 2 KB
849 B 92ms
42ms Other
text/html 2607:f8b0:4006:817::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/_/IdpIFrameHttp/cspreport

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/la-es/2022/03/02/isaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200d Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

312e8c79a9a1019995128f0a422a72886f54c832644a455d8452db4350861a4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://accounts.google.com/o/oauth2/iframe
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Tue, 26 Apr 2022 15:35:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 m=base Show response
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.en_US.LUcJPBjWmbo.es5.O/d=1/rs=AOaEmlGZRHYRfXfb5-f-ddcs6W65VbuASw/ Frame 679D 96 KB
34 KB 68ms
19ms Script
text/javascript 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.en_US.LUcJPBjWmbo.es5.O/d=1/rs=AOaEmlGZRHYRfXfb5-f-ddcs6W65VbuASw/m=base

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a05b46e255613894447a4f9e63b030f1dc7072d08c1bd08d3a7e73214c64b276

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 25 Apr 2022 21:49:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63959
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33655
x-xss-protection: 0
last-modified: Fri, 15 Apr 2022 20:41:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Apr 2023 21:49:21 GMT

GET
H3 200 iframerpc Show response
accounts.google.com/o/oauth2/ Frame 679D 49 B
95 B 275ms
274ms XHR
application/json 2607:f8b0:4006:817::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fdisqus.com&client_id=508198334196-bgmagrg0a2rub674g0shidj8fnd50dji.apps.googleusercontent.com

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.en_US.LUcJPBjWmbo.es5.O/d=1/rs=AOaEmlGZRHYRfXfb5-f-ddcs6W65VbuASw/m=base

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200d Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4836b6031bc4af96767f0121fa458714583340054aea6338ef99a1bc4011f43b

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport, script-src 'report-sample' 'nonce-nb84xi/6vIfwed1F6QRu1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/o/oauth2/iframe
X-Requested-With: XmlHttpRequest
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:35:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-embedder-policy: require-corp
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: same-site
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
cross-origin-opener-policy: same-origin
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: application/json; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=3600
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport, script-src 'report-sample' 'nonce-nb84xi/6vIfwed1F6QRu1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
expires: Tue, 26 Apr 2022 15:35:20 GMT

GET
H/1.1 200
OK / Show response
glitter.services.disqus.com/urls/ Frame 863F 919 B
946 B 64ms
33ms Script
application/javascript 199.232.192.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://glitter.services.disqus.com/urls/?callback=dsqGlitterResponseHandler&forum_shortname=welivesecurity&thread_id=9050718870&referer=

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.192.64 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

5204ce7d3c7dbbc8d8b126de7de3033583261dc86b8565e17c6ed8f3f76fb8dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 15:35:20 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: openresty
X-Frame-Options: DENY
Connection: keep-alive
Content-Type: application/javascript
Cache-Control: no-cache
transfer-encoding: chunked
X-Service: glitter
Content-Disposition: attachment; filename=f.txt
Strict-Transport-Security: max-age=300; includeSubdomains
Vary: Accept-Encoding, Cookie
Cross-Origin-Resource-Policy: cross-origin

GET
H2 200 avatar92.jpg
c.disquscdn.com/uploads/forums/215/2520/ Frame 863F 3 KB
3 KB 18ms
18ms Image
image/jpeg 2600:9000:21da:5200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/uploads/forums/215/2520/avatar92.jpg?1422638690

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.d295adc9f72a1145cb03cc5bc681e21c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:5200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

55c9540888569c09e72cbfbadbe3a3fe888b0a3dec19d5a6fd085dcf09162cc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Mon, 10 May 2021 14:31:38 GMT
via: 1.1 7f822cbc5468903ff5582a7c6af4c024.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 30330222
x-cache: Hit from cloudfront
content-length: 3039
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Fri, 30 Jan 2015 17:24:51 GMT
server: nginx
etag: "24223861b0bcda3344ae2ab0243903e2"
content-type: image/jpeg
expires: Tue, 10 May 2022 14:31:38 GMT
cache-control: max-age=31536000, public, immutable
x-amz-cf-pop: EWR53-C1
accept-ranges: bytes
x-amz-cf-id: bUXhdzuiZyTvc34cRpOjU7wTVLOl4QCQIzJPn_azhkp97bYUij4trw==
x-cache-hits: 0

GET
H2 200 pixel.html Show response
live.rezync.com/ Frame 5845 677 B
1 KB 175ms
89ms Document
text/html 13.225.64.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.rezync.com/pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=crvpolq2afleer&pctry=CA&referrer=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.64.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-64-104.ewr53.r.cloudfront.net
Software: lighttpd/1.4.33 /
Resource Hash: becb5b5fedb0ba2cf48c03c29c274658993b95314630a5b08965631a91afade8

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-length: 677
content-type: text/html; charset=utf-8
date: Tue, 26 Apr 2022 15:35:20 GMT
server: lighttpd/1.4.33
via: 1.1 dffe9476e426d3cb9c316316cb30d40e.cloudfront.net (CloudFront)
x-amz-cf-id: PfrDEgHeDnayY0PoopcfCqQcjjhhEgP5BiTktLtCLSAXMBSxHjPAwA==
x-amz-cf-pop: EWR53-C1
x-cache: Miss from cloudfront

GET
H2 200 sync Show response
pippio.com/api/ Frame CF18 5 KB
5 KB 90ms
66ms Document
text/html 107.178.254.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pippio.com/api/sync?pid=1391&ref=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&it=1&iv=crvpolq2afleer
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.178.254.65 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 65.254.178.107.bc.googleusercontent.com
Software: /
Resource Hash: 862788b26aad0f74b32461b841705bc6f9cbdf72ef1ffea22b68b4ef9d05f2b6

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store
content-type: text/html
date: Tue, 26 Apr 2022 15:35:20 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
timing-allow-origin: *
via: 1.1 google

GET
H/1.1

200
OK

/
io.narrative.io/ Frame 863F
Redirect Chain

https://io.narrative.io/?companyId=19&id=disqus_id%3Acrvpolq2afleer&ret=img&ref=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizad...
https://io.narrative.io/?io.narrative.guid.v2=7b2e2fc0-c576-11ec-8734-065a0b8073db&companyId=19&id=disqus_id%3Acrvpolq2afleer&ret=img&ref=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F...

35 B
319 B

25ms
24ms

Image
image/gif

23.21.155.15
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://io.narrative.io/?io.narrative.guid.v2=7b2e2fc0-c576-11ec-8734-065a0b8073db&companyId=19&id=disqus_id%3Acrvpolq2afleer&ret=img&ref=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F
Protocol: HTTP/1.1
Server: 23.21.155.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-21-155-15.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 15:35:20 GMT
Cache-Control: no-cache
Server: nginx/1.18.0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif

Redirect headers

Location: https://io.narrative.io/?io.narrative.guid.v2=7b2e2fc0-c576-11ec-8734-065a0b8073db&companyId=19&id=disqus_id%3Acrvpolq2afleer&ret=img&ref=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F
Date: Tue, 26 Apr 2022 15:35:20 GMT
Server: nginx/1.18.0
Connection: keep-alive
Content-Length: 0

GET
H/1.1

204
No Content

/
io.narrative.io/ Frame 863F
Redirect Chain

https://obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com/narr?gdpr=0&gdpr_consent=&url=https%3A%2F%2Fio.narrative.io%2F%3FcompanyId%3D19%26gdpr%3D0%26gdpr_consent%3D%26id%3Ddisqus_id%3Acrvpolq2afleer
https://io.narrative.io/?companyId=19&gdpr=0&gdpr_consent=&id=disqus_id:crvpolq2afleer&puid=7b32c3a0-c576-11ec-bcb6-3940fc81f233

0
247 B

24ms
24ms

Image
text/plain

23.21.155.15
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://io.narrative.io/?companyId=19&gdpr=0&gdpr_consent=&id=disqus_id:crvpolq2afleer&puid=7b32c3a0-c576-11ec-bcb6-3940fc81f233
Protocol: HTTP/1.1
Server: 23.21.155.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-21-155-15.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 15:35:20 GMT
Cache-Control: no-cache
Server: nginx/1.18.0
Connection: keep-alive

Redirect headers

location: https://io.narrative.io/?companyId=19&gdpr=0&gdpr_consent=&id=disqus_id:crvpolq2afleer&puid=7b32c3a0-c576-11ec-bcb6-3940fc81f233
date: Tue, 26 Apr 2022 15:35:20 GMT
cross-origin-resource-policy: cross-origin
content-length: 0

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame 863F 43 B
339 B 51ms
26ms Image
image/gif 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&integration=wordpress%203.0.16&load_time=997&event=init_embed&thread=9050718870&forum=welivesecurity&forum_id=2152520&imp=rvpojj2n9k55m&prev_imp&thread_slug=isaacwiper_y_hermeticwizard_un_nuevo_wiper_y_worm_utilizados_en_ciberataques_a_ucrania&user_type=anon&referrer=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&theme=next&dnt=0&tracking_enabled=1&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=false

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=159856%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D159856&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F&t_e=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_d=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&t_t=IsaacWiper%20y%20HermeticWizard%3A%20un%20nuevo%20wiper%20y%20worm%20utilizados%20en%20ciberataques%20a%20Ucrania&s_o=default&l=es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 15:35:20 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H3

200

396846.gif
idsync.rlcdn.com/ Frame CF18
Redirect Chain

https://idsync.rlcdn.com/462246.gif?partner_uid=crvpolq2afleer
https://idsync.rlcdn.com/1000.gif?memo=CKabHBIaChYIARDI-AEaDmNydnBvbHEyYWZsZWVyEAAaDQi4oqCTBhIFCOgHEABCAEoA
https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D
https://us-u.openx.net/w/1.0/cm?cc=1&id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=e11f0296-67fb-49c8-92f6-27c12f753053

42 B
60 B

43ms
43ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=e11f0296-67fb-49c8-92f6-27c12f753053
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 26 Apr 2022 15:35:20 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

date: Tue, 26 Apr 2022 15:35:20 GMT
content-encoding: gzip
server: OXGW/18.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=e11f0296-67fb-49c8-92f6-27c12f753053
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H3

200

ddp
pippio.com/api/sync/ Frame CF18
Redirect Chain

https://ei.rlcdn.com/448046.gif?n=1&partner_site_id=1017&cparams=placement%3D1391
https://pippio.com/api/sync?pid=5324&_=2
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpEhoKFggBEAAaEHZJZDJsNTlEVnZ3VmxSZTQQABoMCLiioJMGEgQIAhAAQgBKAA
https://pippio.com/api/sync/ddp?pid=2&m=CMwpEhoKFggBEAAaEHZJZDJsNTlEVnZ3VmxSZTQQABoMCLiioJMGEgQIAhAAQgBKAA&google_error=3

42 B
59 B

42ms
42ms

Image
image/gif

107.178.254.65
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pippio.com/api/sync/ddp?pid=2&m=CMwpEhoKFggBEAAaEHZJZDJsNTlEVnZ3VmxSZTQQABoMCLiioJMGEgQIAhAAQgBKAA&google_error=3
Protocol: H3
Server: 107.178.254.65 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 65.254.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 26 Apr 2022 15:35:20 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 26 Apr 2022 15:35:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pippio.com/api/sync/ddp?pid=2&m=CMwpEhoKFggBEAAaEHZJZDJsNTlEVnZ3VmxSZTQQABoMCLiioJMGEgQIAhAAQgBKAA&google_error=3
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

458249.gif
idsync.rlcdn.com/ Frame CF18
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CO8KEhkKFQgBEPkHGg5jcnZwb2xxMmFmbGVlchAAGpcBCLiioJMGEgQIAhAAEgUIlCkQABIFCOUrEAASBQjmKxAAEgUI5ysQABIFCOgrEAASBQjpKxA...
https://pippio.com/api/sync/ddp?pid=2&m=CO8KEhkKFQgBEPkHGg5jcnZwb2xxMmFmbGVlchAAGpcBCLiioJMGEgQIAhAAEgUIlCkQABIFCOUrEAASBQjmKxAAEgUI5ysQABIFCOgrEAASBQjpKxAAEgUI6isQABIFCOsrEAASBQjsKxAAEgUI7SsQABIFC...
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
https://idsync.rlcdn.com/458249.gif?partner_uid=8de75894-518c-4f05-9106-d660b582fdf6

42 B
60 B

44ms
43ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/458249.gif?partner_uid=8de75894-518c-4f05-9106-d660b582fdf6
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 26 Apr 2022 15:35:20 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

location: https://idsync.rlcdn.com/458249.gif?partner_uid=8de75894-518c-4f05-9106-d660b582fdf6
date: Tue, 26 Apr 2022 15:35:20 GMT
via: 1.1 google
x-samesite: secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111
content-type: text/html; charset=utf-8

GET
H2

200

px
p.adsymptotic.com/d/ Frame CF18
Redirect Chain

https://p.adsymptotic.com/d/px?_pid=13553&_psign=9e62e5c043ecadc9479a0ccac401dd7d
https://p.adsymptotic.com/d/px?_pid=13553&_psign=9e62e5c043ecadc9479a0ccac401dd7d&_expected_cookie=f8cba70418e206500613cc18b3aeb50f

43 B
142 B

47ms
46ms

Image
image/gif

104.18.98.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.adsymptotic.com/d/px?_pid=13553&_psign=9e62e5c043ecadc9479a0ccac401dd7d&_expected_cookie=f8cba70418e206500613cc18b3aeb50f
Protocol: H2
Server: 104.18.98.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:35:20 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 70206341ebe1a1f6-YYZ
p3p: CP='NON DSP COR CONi OUR BUS CNT'
content-type: image/gif
content-length: 43

Redirect headers

location: https://p.adsymptotic.com/d/px?_pid=13553&_psign=9e62e5c043ecadc9479a0ccac401dd7d&_expected_cookie=f8cba70418e206500613cc18b3aeb50f
date: Tue, 26 Apr 2022 15:35:20 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 702063419b65a1f6-YYZ
content-length: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame CF18
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=1&cparams=placement%3D1391
https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=&cb=00368373
https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=&cb=00368373&dcc=t

43 B
932 B

43ms
43ms

Image
image/gif

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=&cb=00368373&dcc=t

Protocol

HTTP/1.1

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 26 Apr 2022 15:35:20 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: VDTY1M5BMBM7T30E1432
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 26 Apr 2022 15:35:20 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: FQ62F7NJEJCMWAFRX0ZV
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=&cb=00368373&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

396846.gif
idsync.rlcdn.com/ Frame CF18
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=2&cparams=placement%3D1391
https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D
https://us-u.openx.net/w/1.0/cm?cc=1&id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=e11f0296-67fb-49c8-92f6-27c12f753053

42 B
60 B

44ms
44ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=e11f0296-67fb-49c8-92f6-27c12f753053
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 26 Apr 2022 15:35:20 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

date: Tue, 26 Apr 2022 15:35:20 GMT
content-encoding: gzip
server: OXGW/18.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=e11f0296-67fb-49c8-92f6-27c12f753053
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H3

200

47154.gif
idsync.rlcdn.com/ Frame CF18
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=3&cparams=placement%3D1391
https://sync.mathtag.com/sync/img?mt_exid=10017&redir=https%3A%2F%2Fidsync.rlcdn.com%2F47154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%5BMM_UUID%5D
https://idsync.rlcdn.com/47154.gif?served_by=evergreen&partner_uid=22646268-1139-4300-b2a6-a2ea5a471f9e

42 B
60 B

43ms
43ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/47154.gif?served_by=evergreen&partner_uid=22646268-1139-4300-b2a6-a2ea5a471f9e
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 26 Apr 2022 15:35:21 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

Date: Tue, 26 Apr 2022 15:35:21 GMT
Server: MT3 4363 5e696a4 master nrt-pixel-x14 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://idsync.rlcdn.com/47154.gif?served_by=evergreen&partner_uid=22646268-1139-4300-b2a6-a2ea5a471f9e
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 26 Apr 2022 15:35:20 GMT

GET
H3

200

362358.gif
idsync.rlcdn.com/ Frame CF18
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=4&cparams=placement%3D1391
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm=&google_tc=
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEAMcZVM2K3xDCqnDUYXo_NI&google_cver=1

42 B
60 B

47ms
46ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEAMcZVM2K3xDCqnDUYXo_NI&google_cver=1
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 26 Apr 2022 15:35:20 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 26 Apr 2022 15:35:20 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEAMcZVM2K3xDCqnDUYXo_NI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 289
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

52154.gif
idsync.rlcdn.com/ Frame CF18
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=5&cparams=placement%3D1391
https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fidsync.rlcdn.com%252F52154.gif%253Fserved_by%253Devergreen%2526partner_uid%253D%2524UID
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=6096405577686448595

42 B
60 B

43ms
43ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=6096405577686448595
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 26 Apr 2022 15:35:20 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

Pragma: no-cache
Date: Tue, 26 Apr 2022 15:35:20 GMT
X-Proxy-Origin: 149.56.153.178; 149.56.153.178; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 7ad14edf-94d2-4c51-889a-6b57abfa0d8b
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=6096405577686448595
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

362588.gif
idsync.rlcdn.com/ Frame CF18
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=6&cparams=placement%3D1391
https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveramp&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=liveramp&ttd_tpi=1
https://idsync.rlcdn.com/362588.gif?partner_uid=b5ffd9b7-caeb-48e1-a2cb-91be5aaa9338

42 B
60 B

43ms
42ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362588.gif?partner_uid=b5ffd9b7-caeb-48e1-a2cb-91be5aaa9338
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 26 Apr 2022 15:35:20 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 26 Apr 2022 15:35:20 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://idsync.rlcdn.com/362588.gif?partner_uid=b5ffd9b7-caeb-48e1-a2cb-91be5aaa9338
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 199

GET
H3

200

397676.gif
idsync.rlcdn.com/ Frame 5845
Redirect Chain

https://ib.adnxs.com/getuid?https%3A//live.rezync.com/sync%3Fc%3D4656c20ee35215f78e9273796625d90b%26p%3D093016b0419d19c905c78c859b815219%26pid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%2F%2Flive.rezync.com%2Fsync%253Fc%253D4656c20ee35215f78e9273796625d90b%2526p%253D093016b0419d19c905c78c859b815219%2526pid%253D%2524UID
https://live.rezync.com/sync?c=4656c20ee35215f78e9273796625d90b&p=093016b0419d19c905c78c859b815219&pid=9129009528129850122
https://p.rfihub.com/cm?pub=39342&in=1&userid=aff75e46-44ff-4fe8-b19c-aaec35b46188%3A1650987320.54&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3Dcrvpolq2afleer
https://idsync.rlcdn.com/501709.gif?partner_uid=crvpolq2afleer
https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40
https://gum.criteo.com/sync?s=1&c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40
https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=LDo7i47JjDR9bn8uun5G_GQB4nwiz9i_

42 B
60 B

43ms
43ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=LDo7i47JjDR9bn8uun5G_GQB4nwiz9i_
Requested by: Host: live.rezync.com
URL: https://live.rezync.com/pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=crvpolq2afleer&pctry=CA&referrer=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://live.rezync.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 26 Apr 2022 15:35:21 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

location: https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=LDo7i47JjDR9bn8uun5G_GQB4nwiz9i_
date: Tue, 26 Apr 2022 15:35:20 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 3835
content-length: 221
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8

GET
H3

200

52154.gif
idsync.rlcdn.com/ Frame 5845
Redirect Chain

https://p.rfihub.com/cm?pub=39342&in=1&userid=aff75e46-44ff-4fe8-b19c-aaec35b46188%3A1650987320.54&forward=https%3A//live.rezync.com/sync%3Fc%3D4656c20ee35215f78e9273796625d90b%26p%3D260a954059a0ab...
https://live.rezync.com/sync?c=4656c20ee35215f78e9273796625d90b&p=260a954059a0ab1986e4ee8c5c88c54c&pid=968907257118560796
https://idsync.rlcdn.com/501709.gif?partner_uid=crvpolq2afleer
https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=6096405577686448595

42 B
60 B

43ms
42ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=6096405577686448595
Requested by: Host: live.rezync.com
URL: https://live.rezync.com/pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=crvpolq2afleer&pctry=CA&referrer=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://live.rezync.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 26 Apr 2022 15:35:20 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

Pragma: no-cache
Date: Tue, 26 Apr 2022 15:35:20 GMT
X-Proxy-Origin: 149.56.153.178; 149.56.153.178; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: b5adb621-1d91-4c72-8898-84b6445e8f0f
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=6096405577686448595
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

receive
pixel.tapad.com/idsync/ex/ Frame 5845
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3181&partner_device_id=aff75e46-44ff-4fe8-b19c-aaec35b46188%3A1650987320.54
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3181&partner_device_id=aff75e46-44ff-4fe8-b19c-aaec35b46188%3A1650987320.54
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=04ad03b4-a6c7-4698-bca0-d42b76934f05%252C&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=b5ffd9b7-caeb-48e1-a2cb-91be5aaa9338&ttd_puid=04ad03b4-a6c7-4698-bca0-d42b76934f05%2C

95 B
113 B

40ms
40ms

Image
image/png

107.178.246.49
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=b5ffd9b7-caeb-48e1-a2cb-91be5aaa9338&ttd_puid=04ad03b4-a6c7-4698-bca0-d42b76934f05%2C

Requested by

Host: live.rezync.com
URL: https://live.rezync.com/pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=crvpolq2afleer&pctry=CA&referrer=https%3A%2F%2Fwww.welivesecurity.com%2Fla-es%2F2022%2F03%2F02%2Fisaacwiper-hermeticwizard-nuevo-wiper-y-worm-utilizados-ciberataques-ucrania%2F

Protocol

Server

107.178.246.49 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

49.246.178.107.bc.googleusercontent.com

Software

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://live.rezync.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:35:20 GMT
via: 1.1 google
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

pragma: no-cache
date: Tue, 26 Apr 2022 15:35:20 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=b5ffd9b7-caeb-48e1-a2cb-91be5aaa9338&ttd_puid=04ad03b4-a6c7-4698-bca0-d42b76934f05%2C
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 353

GET
H3

200

sync
pippio.com/api/ Frame CF18
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=7&cparams=placement%3D1391
https://pippio.com/api/sync?pid=5324&it=1&iv=82c417358f9bfa9597bd50ddfd228282ac0d4effb4466eca9c0d70fc41f628f4791426b5417dce21&_=2

42 B
59 B

48ms
47ms

Image
image/gif

107.178.254.65
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pippio.com/api/sync?pid=5324&it=1&iv=82c417358f9bfa9597bd50ddfd228282ac0d4effb4466eca9c0d70fc41f628f4791426b5417dce21&_=2
Protocol: H3
Server: 107.178.254.65 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 65.254.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 26 Apr 2022 15:35:20 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

date: Tue, 26 Apr 2022 15:35:20 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pippio.com/api/sync?pid=5324&it=1&iv=82c417358f9bfa9597bd50ddfd228282ac0d4effb4466eca9c0d70fc41f628f4791426b5417dce21&_=2
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

47154.gif
idsync.rlcdn.com/ Frame CF18
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=8&cparams=placement%3D1391
https://sync.mathtag.com/sync/img?mt_exid=10017&redir=https%3A%2F%2Fidsync.rlcdn.com%2F47154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%5BMM_UUID%5D
https://idsync.rlcdn.com/47154.gif?served_by=evergreen&partner_uid=609e6268-1139-4200-97e9-fbe250df4bc9

42 B
60 B

44ms
43ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/47154.gif?served_by=evergreen&partner_uid=609e6268-1139-4200-97e9-fbe250df4bc9
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 26 Apr 2022 15:35:21 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

Date: Tue, 26 Apr 2022 15:35:21 GMT
Server: MT3 4363 5e696a4 master nrt-pixel-x7 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://idsync.rlcdn.com/47154.gif?served_by=evergreen&partner_uid=609e6268-1139-4200-97e9-fbe250df4bc9
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 26 Apr 2022 15:35:20 GMT

GET
H3

200

362588.gif
idsync.rlcdn.com/ Frame CF18
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=9&cparams=placement%3D1391
https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveramp&ttd_tpi=1
https://idsync.rlcdn.com/362588.gif?partner_uid=b5ffd9b7-caeb-48e1-a2cb-91be5aaa9338

42 B
60 B

44ms
44ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362588.gif?partner_uid=b5ffd9b7-caeb-48e1-a2cb-91be5aaa9338
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 26 Apr 2022 15:35:20 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 26 Apr 2022 15:35:20 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://idsync.rlcdn.com/362588.gif?partner_uid=b5ffd9b7-caeb-48e1-a2cb-91be5aaa9338
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 199

GET
H3

200

52154.gif
idsync.rlcdn.com/ Frame CF18
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=10&cparams=placement%3D1391
https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=6096405577686448595

42 B
60 B

43ms
43ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=6096405577686448595
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 26 Apr 2022 15:35:20 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

Pragma: no-cache
Date: Tue, 26 Apr 2022 15:35:20 GMT
X-Proxy-Origin: 149.56.153.178; 149.56.153.178; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 19cd1b40-2ec7-44a1-b1c2-929d8458fc28
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=6096405577686448595
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame CF18
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=11&cparams=placement%3D1391
https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=2192bf8161cd43ae32be2430482e27f1f2dac5baf39e86d53f6d4c37562dde35c0cb235b3774c97e&cb=00725999

43 B
932 B

31ms
30ms

Image
image/gif

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=2192bf8161cd43ae32be2430482e27f1f2dac5baf39e86d53f6d4c37562dde35c0cb235b3774c97e&cb=00725999

Protocol

HTTP/1.1

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 26 Apr 2022 15:35:20 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 8B7QTVE1ZDRRK20H6WX9
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Tue, 26 Apr 2022 15:35:20 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://s.amazon-adsystem.com/dcm?pid=1f9f6bba-5ede-4cb5-997f-f0d0b894f672&id=2192bf8161cd43ae32be2430482e27f1f2dac5baf39e86d53f6d4c37562dde35c0cb235b3774c97e&cb=00725999
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

362248.gif
idsync.rlcdn.com/ Frame CF18
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=12&cparams=placement%3D1391
https://dpm.demdex.net/ibs:dpid=477&dpuuid=ef2eb4cbd43e1d555f66ff158f40914a8eff13d1fc516cf46b5fe052d9aff4a6b0da87c991749652&redir=https%3A%2F%2Fidsync.rlcdn.com%2F362248.gif%3Fpartner_uid%3D%24%7BD...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=477&dpuuid=ef2eb4cbd43e1d555f66ff158f40914a8eff13d1fc516cf46b5fe052d9aff4a6b0da87c991749652&redir=https%3A%2F%2Fidsync.rlcdn.com%2F362248.gif%3...
https://idsync.rlcdn.com/362248.gif?partner_uid=38879067070989797010391371721850881281

42 B
60 B

44ms
43ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362248.gif?partner_uid=38879067070989797010391371721850881281
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 26 Apr 2022 15:35:21 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

DCS: dcs-prod-usw2-2-v028-04fe772f5.edge-usw2.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: Vb//8vDBTdk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://idsync.rlcdn.com/362248.gif?partner_uid=38879067070989797010391371721850881281
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame CF18
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=13&cparams=placement%3D1391
https://usermatch.krxd.net/um/v2?partner=liveramp
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp

0
338 B

110ms
23ms

Image
text/plain

34.193.99.248
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp
Protocol: H2
Server: 34.193.99.248 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-99-248.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:35:21 GMT
cache-control: private, no-cache, no-store
x-request-time: D=41 t=1650987321
x-served-by: beacon-n014-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp
date: Tue, 26 Apr 2022 15:35:20 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a005-ash-prod.krxd.net

GET
H3

200

401696.gif
idsync.rlcdn.com/ Frame CF18
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=14&cparams=placement%3D1391
https://tags.bluekai.com/site/2035?phint=rluid=4c80736f1570cb9313aca9473178ca626021a61f977bc334b4304e01426555ec2971936f2f944561&redir=https%3A%2F%2Fidsync.rlcdn.com%2F401696.gif%3Fpartner_uid%3D%24...
https://idsync.rlcdn.com/401696.gif?partner_uid=$BK_UUID_25515

42 B
60 B

46ms
45ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/401696.gif?partner_uid=$BK_UUID_25515
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 26 Apr 2022 15:35:21 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

Location: https://idsync.rlcdn.com/401696.gif?partner_uid=$BK_UUID_25515
Date: Tue, 26 Apr 2022 15:35:20 GMT
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2

204

sync
idsync.reson8.com/sources/pixel/v1/ Frame CF18
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=15&cparams=placement%3D1391
https://idsync.reson8.com/sources/pixel/v1/sync?sourcekey=01EC61A11KAM4QCFG5RN38VQJZ

0
169 B

81ms
26ms

Image
text/plain

104.18.20.134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://idsync.reson8.com/sources/pixel/v1/sync?sourcekey=01EC61A11KAM4QCFG5RN38VQJZ

Protocol

Server

104.18.20.134 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 70206343ffa5547f-YYZ
date: Tue, 26 Apr 2022 15:35:20 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding

Redirect headers

date: Tue, 26 Apr 2022 15:35:20 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://idsync.reson8.com/sources/pixel/v1/sync?sourcekey=01EC61A11KAM4QCFG5RN38VQJZ
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

397676.gif
idsync.rlcdn.com/ Frame CF18
Redirect Chain

https://rc.rlcdn.com/456809.gif?n=16&cparams=placement%3D1391
https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40
https://gum.criteo.com/sync?s=1&c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40
https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=HFlSXPWxpxzQzbg5T2X6vDK0aoVt3dca

42 B
60 B

43ms
42ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=HFlSXPWxpxzQzbg5T2X6vDK0aoVt3dca
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 26 Apr 2022 15:35:21 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

location: https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=HFlSXPWxpxzQzbg5T2X6vDK0aoVt3dca
date: Tue, 26 Apr 2022 15:35:20 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 7145
content-length: 221
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8

Verdicts & Comments Add Verdict or Comment

84 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

40 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.welivesecurity.com/	1970-01-20 11:22:03	Name: pll_language Value: la-es
.welivesecurity.com/	1969-12-31 23:59:59	Name: TS01239cf7 Value: 0142213e1acd11e88890049eab7b9c68d55b0b546193c97114c9825dbd593535e50d124f0559d0c708d96731faee43a39bb12af6aa
www.welivesecurity.com/	1970-01-20 11:22:03	Name: ai_user Value: HXp7z\|2022-04-26T15:35:18.822Z
.welivesecurity.com/	1970-01-20 20:07:39	Name: _ga Value: GA1.2.195141670.1650987319
.welivesecurity.com/	1970-01-20 02:37:53	Name: _gid Value: GA1.2.52804342.1650987319
www.welivesecurity.com/	1970-01-20 02:36:29	Name: ai_session Value: h9HUO\|1650987319127.1\|1650987319127.1
disqus.com/	1970-01-20 02:36:29	Name: __jid Value: rvpojj2n9k55m
.disqus.com/	1970-01-20 11:22:03	Name: disqus_unique Value: rvpolq2afleer
.google.com/	1970-01-20 06:59:58	Name: NID Value: 511=KSuTqi1xyJZcxO8-zwo8Emc5_tFPwUlNEPPNJJZJSYugX8Z9FGynw1thYg7r8bH4P01enA38etkh7pFagEM_YE-OvRQz7p_n-xXDunEMGNyQuw9AR98luNx-4HUFOlnsqHALsvcLv2haSsxTg3T8C9aNSOXaQCtRbdSWJMa5nH4
.pippio.com/	1970-01-20 11:22:03	Name: did Value: vId2l59DVvwVlRe4
.pippio.com/	1970-01-20 11:22:03	Name: didts Value: 1650987320
.pippio.com/	1970-01-20 04:02:51	Name: nnls Value:
io.narrative.io/	1970-01-20 15:44:25	Name: io.narrative.guid.v2 Value: 7b2e2fc0-c576-11ec-8734-065a0b8073db
.rezync.com/	1970-01-20 11:57:38	Name: zync-uuid Value: aff75e46-44ff-4fe8-b19c-aaec35b46188:1650987320.54
live.rezync.com/	1970-01-20 11:58:03	Name: sd-session-id Value: eyJfcGVybWFuZW50Ijp0cnVlLCJjbGllbnRzIjp7ImRpc3F1cyI6ImNydnBvbHEyYWZsZWVyIn0sInNlc3Npb25faWQiOnsiIGIiOiJZV1ptTnpWbE5EWXRORFJtWmkwMFptVTRMV0l4T1dNdFlXRmxZek0xWWpRMk1UZzRPakUyTlRBNU9EY3pNakF1TlRRPSJ9fQ.FUmiuA.4jSi_r6RyOpOdD4kIAcdcwvZx_U
.adsymptotic.com/	1970-01-20 04:46:03	Name: U Value: f8cba70418e206500613cc18b3aeb50f
.tapad.com/	1970-01-20 04:02:51	Name: TapAd_TS Value: 1650987320647
.tapad.com/	1970-01-20 04:02:51	Name: TapAd_DID Value: 04ad03b4-a6c7-4698-bca0-d42b76934f05
.pippio.com/	1970-01-20 04:02:51	Name: pxrc Value: CLiioJMGEgQIAhAAEgUIlCkQABIFCOUrEAASBQjmKxAAEgUI5ysQABIFCOgrEAASBQjpKxAAEgUI6isQABIFCOsrEAASBQjsKxAAEgUI7SsQABIFCO4rEAASBQjVQxAAEgUI3k4QABIGCOzrARAAEgYI468rEAASBgjtrysQABIGCO6vKxAAEgYI768rEAASBgjwrysQABIGCPGvKxAA
.rfihub.com/	1970-01-20 11:58:03	Name: rud Value: H4sIAAAAAAAAAOMSsjSzsDQwNzI1NzS0MDUzMLc0E-Iz1DUITnU3CU50Sc4J9pDiNTQzNbC0MDc2MjCzNAYA8yUloDMAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSsjSzsDQwNzI1NzS0MDUzMLc0E-Iz1DUITnU3CU50Sc4J9gAAizC2XyQAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAAAAXBwRHAIAgEwE_aISN6IKYbdLhCrDy79-lJTiu4AKSAFbJ1HcmsM2zDNeJTt7Zijt5eww93D5gCNQAAAA
.adsrvr.org/	1970-01-20 11:22:03	Name: TDID Value: b5ffd9b7-caeb-48e1-a2cb-91be5aaa9338
.openx.net/	1970-01-20 11:22:03	Name: i Value: 677542a9-033b-405f-9759-6fda72c96276\|1650987320
.adnxs.com/	1970-01-20 04:46:03	Name: uuid2 Value: 6096405577686448595
.linksynergy.com/	1970-01-20 11:22:03	Name: rmuid Value: 8de75894-518c-4f05-9106-d660b582fdf6
.linksynergy.com/	1970-01-20 11:22:03	Name: icts Value: 2022-04-26T15:35:20Z
.doubleclick.net/	1970-01-20 20:07:39	Name: IDE Value: AHWqTUmdCu-FUm_NqIROOrI-sCw9Zl3TzUrbA10uB1IUylFLX6BmQ83DzisEA5o2QNo
.tapad.com/	1970-01-20 04:02:51	Name: TapAd_3WAY_SYNCS Value: 1!2799
.amazon-adsystem.com/	1970-01-20 08:36:27	Name: ad-id Value: A9i20h_VvkPLhi5j0U4Ffbo
.amazon-adsystem.com/	1970-01-22 00:00:56	Name: ad-privacy Value: 0
.rfihub.com/	1970-01-20 11:58:03	Name: eud Value: H4sIAAAAAAAAAEXHsRXAIAgFwAlSOQc-0Q9itkEfDJQy06bMdfeU7plTAkpAJiHDaPM65B5nyIay2c0qbdkcvVXBW67_xvIBtIuNAkUAAAA
.adsrvr.org/	1970-01-20 11:22:03	Name: TDCPM Value: CAESFAoFdGFwYWQSCwiaz7H9jOnTOhAFEhcKCGxpdmVyYW1wEgsInv3__Yzp0zoQBRgBIAEoAjILCJ71gquj6dM6EAU4AVoIbGl2ZXJhbXBgAg..
.rlcdn.com/	1970-01-20 04:02:51	Name: pxrc Value: CLiioJMGEgUI6EcQABIGCLrqARAAEgYIvuoBEAASBgjC6gEQAA==
.criteo.com/	1970-01-20 11:58:03	Name: uid Value: 5cf8160c-0885-4f20-b767-4f592425b405
.rlcdn.com/	1970-01-20 11:22:03	Name: rlas3 Value: mE019HjpDg2Ow/k/fKMlUzmJ09iyBi94vG7BzpvczyI=
.krxd.net/	1970-01-20 06:55:39	Name: _kuid_ Value: OzT6zXlE
.demdex.net/	1970-01-20 06:55:39	Name: demdex Value: 38879067070989797010391371721850881281
.dpm.demdex.net/	1970-01-20 06:55:39	Name: dpm Value: 38879067070989797010391371721850881281
.mathtag.com/	1970-01-20 12:02:22	Name: uuid Value: 609e6268-1139-4200-97e9-fbe250df4bc9

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://c.disquscdn.com/next/current/embed/lang/es.js Message: Failed to load resource: the server responded with a status of 404 ()
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
network	error	URL: https://accounts.google.com/_/IdpIFrameHttp/cspreport Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

68794907.akstat.io
accounts.google.com
apis.google.com
assets.esetstatic.com
az416426.vo.msecnd.net
beacon.krxd.net
c.disquscdn.com
c.go-mpulse.net
cdn1.esetstatic.com
cm.g.doubleclick.net
connect.facebook.net
dc.services.visualstudio.com
disqus.com
dpm.demdex.net
ei.rlcdn.com
eydvgaaamb4gojqacqnvaaaaabrgqejx-pf211c-01256956f-clienttons-s.akamaihd.net
glitter.services.disqus.com
gum.criteo.com
ib.adnxs.com
idsync.reson8.com
idsync.rlcdn.com
io.narrative.io
live.rezync.com
match.adsrvr.org
obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com
p.adsymptotic.com
p.rfihub.com
pippio.com
pixel.tapad.com
rc.rlcdn.com
referrer.disqus.com
s.amazon-adsystem.com
s.go-mpulse.net
su4jtmvyk6wuqytice3q-pf211c-b32daf93e-clientnsv4-s.akamaihd.net
sync.mathtag.com
tags.bluekai.com
tags.rd.linksynergy.com
trial-eum-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net
us-u.openx.net
usermatch.krxd.net
welivesecurity.disqus.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.gstatic.com
www.welivesecurity.com
103.229.205.243
104.18.20.134
104.18.98.194
107.178.246.49
107.178.254.65
13.225.213.72
13.225.64.104
142.251.35.162
151.101.128.134
173.223.56.123
184.87.173.72
199.232.192.134
199.232.192.64
199.232.196.134
199.38.167.129
23.21.155.15
2600:141b:13:699::11a6
2600:141b:5000:697::11a6
2600:141b:5000::173f:4c19
2600:141b:5000::173f:4c1a
2600:141b:9000::687c:2b9
2600:9000:21da:5200:6:8656:f5c0:93a1
2606:2800:11f:17a5:191a:18d5:537:22f9
2607:f8b0:4006:80b::200e
2607:f8b0:4006:80d::200e
2607:f8b0:4006:817::200d
2607:f8b0:4006:822::2008
2607:f8b0:4006:823::2003
2620:100:a001::c
2620:1ec:46::40
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:182:face:b00c:0:25de
3.216.55.148
3.33.220.150
34.193.99.248
34.98.64.218
34.98.67.3
35.190.60.146
35.82.147.58
40.71.12.237
52.46.130.91
54.224.110.116
68.67.160.186
07eb93ac65bb359ad3d97cdf04b1744de9d3ecc0ac35b81e906cfb3bfb38d491
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0d12043c7051fe9e78060b7ae447ec5aa8bfa744dd5520fb12e745a2bb0076da
11c401a81e32b086bea3798c033009907b429fb601411da6ffc266b78184898a
12c42fa79dc321e56bb3c23008cacf7a79771bab4fa61f765556e24ba13a89ff
12f37c0a70377ac636345742e2eb0d2acb70d411612020ae1608193330a5b15d
1377c33abb24c615100b47c8d905ef0299112a22d097511cc569337b9633f21e
15937a97e8b39e8789fe44665a859856f2e1a8d7dbf93c7c6d8b31361c903f19
16446c63d4890cf1704eff93c7d261c1b1b950877ec708a49b380aaa6bc88195
18fc4c578d185b0c9979c16e1c6b431e3079b3b06b98d56995a29ab7a90bdfe1
193fbb968733b8a7049da19274546e6b80b76e9a8f1b837fee9a5fdeb8f97c7b
1ba0ff3994900740a94dc37300b7415b25d642f6ef495afc5ae4e16ae1128e66
1d3e1d3cc8ad05f02d0d3adba65f0db29655fd7d15d565835defe380f900241e
20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd
2230603b8ba7c0020fd16a1582d087decbc8381475e125271c2e13530f1592d7
260865134b6e69ca7bafa9e8ddcd59fb6ffbf727f50a3d2dd186d217c8c79694
312e8c79a9a1019995128f0a422a72886f54c832644a455d8452db4350861a4d
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
35ccbb14f6d8b7ed5eb03728f94221f27ed194ae83b32c40315d531f49b10bc1
35ce72d85ac20c855ec514d68c3d7d252fdcd2b17728d3f0d5653b93df69033a
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
4836b6031bc4af96767f0121fa458714583340054aea6338ef99a1bc4011f43b
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
4e14ce1bd0d4433eee84cbb16196a7a051126f07af888ef7f9d252120f32f907
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e
5204ce7d3c7dbbc8d8b126de7de3033583261dc86b8565e17c6ed8f3f76fb8dc
55c9540888569c09e72cbfbadbe3a3fe888b0a3dec19d5a6fd085dcf09162cc8
5813b04bb0c879b76179735995127ddc2af1867f42d4a4b5a8d7c3103f348b05
63119c22e3d2c8906bdd3bc5257f676496b0f3233345fbc45bc566b4dcf73a6b
63a41173db39c92635a87b39eedb581e8a1c3142372ebced441ce927fef343a1
64cee676a611b27aca955c5e227666f9d955682512ec25b982bd5e2f92eb61dd
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f
730d4b3194f10a8c177046e001a83e0391e3b6ef2f1386d368a51c2433a98127
7344c63c6a0d89b69a485af2ec5bcc1cad983150613510439371d5293ed1cc46
76f71887e3b7f713d0ad1a9829332aa0463e713f5998a3ad37c38ff2d8ab2162
7df5345a52f22643ef051bf74f41d9a5a5644d5e699480a81ae8825b8ab5e533
7e49288cded16fd39b68f9a4c511e863ea5d03bef945cbc84ca5c1a8544664a5
81fd8e74d220c8d4edb6b772e93f8807b090ddfe64dc8b1720c4efdc1dc6dd70
822800703045ecbccb15cff577f1f09d9b4efee6ae916396a6aceb3f6544b9a5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
862788b26aad0f74b32461b841705bc6f9cbdf72ef1ffea22b68b4ef9d05f2b6
8784042e14531617c1aef40d7623d3dd1d0b24730721c779e0c3ae86ed03990e
878ac17f57fe6802247164bd01bc25c4a666ad36935fac79d81608e91220a0a9
889001af5829071189d81073dbd54415b89aab539aa60fc082e23059f770d187
92a9c26ff6f6e2d12c12c34a232a09de772baeffedca24cae54705b192d3460b
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
a05b46e255613894447a4f9e63b030f1dc7072d08c1bd08d3a7e73214c64b276
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a6a468c14177dcc22e8a5f340e7d99593f254708bd58b6ce819a343cb712b540
b6cf3e3da5f3d59ae2d23f2060d1c42732b1e90d540e0901a7412eed7bd390b8
becb5b5fedb0ba2cf48c03c29c274658993b95314630a5b08965631a91afade8
c1757f7a288131ceeb5bc1276d57640278bc5eecbbcae016189c274981d2b45c
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c9542e88460bb259d8901db3b19609f30b0f4963d26a84fce49db015b08f5cd4
cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d33fbf33d2895817029b01cf16d273104474646e4e441988ab4efcfa7563991b
d34bbac8aeb622f108a95c454c22cf791d514432d9118ed19aabf361e4bed34c
db4802cdd77ee321f64c129088ac127ae97f09f283e9d90ef66e352a8e36340d
db865c8f3642f3485829c0ee0008fe04a32cc66af70867b39f60395a7fed3984
dd64ca752834b8f9c5c495a528c7ff54c6538cedd9f380e2106455f60610f613
ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018
e0c2fd69b7d441b42045d474afe52d2bdbb81a44c8d73e2c8271e4114003d991
e22e3416c5b454c2fc3c8e8185b478647446789abbee258ec18a5791880eaf1b
e2a1c2c0322c2737e986c860da67fbb2b9e93b70527a943b8c35b9d6e81ebb42
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33
e5f134c0c0d2b5be74c93255752f80fb05e1e644bf09273aa92ebde8e706fc99
ec934eecf474af1cbf210cb0b23f14f407f7d6960eb2bd25bee29e4038cd5e08
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f055e217bde76d711bd8b42af773f9f99b8a29d81ad9ed10b6379cc7e6c60452
f0edf4ed283d119399dcb7025914b6a68a187667085bcbc49fe91db20f952cc1
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
fb07128372b2a8280ebd49f16bd784e55ae2c6162bb1be7fd7b9f18b6aa40ebf
fd8f6b19f6594c79bbf4e63b76d57e3230959f2fc0b3805277472b7e8061cdf0

www.welivesecurity.com Open in urlscan Pro 2600:141b:9000::687c:2b9 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

110 Requests

75 %HTTPS

37 %IPv6

35 Domains

47 Subdomains

30 IPs

3 Countries

2719 kBTransfer

4478 kBSize

40 Cookies

32 Outgoing links

Redirected requests

110 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.welivesecurity.com Open in urlscan Pro
2600:141b:9000::687c:2b9 Public Scan

Screenshot
Live screenshot

Full Image

110
Requests

75 %
HTTPS

37 %
IPv6

35
Domains

47
Subdomains

30
IPs

3
Countries

2719 kB
Transfer

4478 kB
Size

40
Cookies

110 HTTP transactions
0 data transactions