blog.emsisoft.com Open in urlscan Pro
2606:4700:10::6814:5d21 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Submission: On September 28 via api (September 28th 2019, 1:26:36 am UTC) from US

Summary HTTP 58 Redirects Links 45 Behaviour Indicators

Summary

This website contacted 14 IPs in 5 countries across 14 domains to perform 58 HTTP transactions. The main IP is 2606:4700:10::6814:5d21, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is blog.emsisoft.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on May 28th 2018. Valid for: 2 years.

This is the only time blog.emsisoft.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
22	2606:4700:10:... 2606:4700:10::6814:5d21	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:3b	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
6	104.20.94.33 104.20.94.33	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:81a::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
1	2a00:1450:400... 2a00:1450:4001:824::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
2 5	2a00:1450:400... 2a00:1450:4001:815::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
10	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
2 2	2a00:1450:400... 2a00:1450:400c:c08::9a	15169 (GOOGLE) (GOOGLE - Google LLC)
2 2	2a00:1450:400... 2a00:1450:4001:821::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	151.101.12.134 151.101.12.134	54113 (FASTLY) (FASTLY - Fastly)
1	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
5	2606:4700::68... 2606:4700::6810:4da6	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	151.101.192.134 151.101.192.134	54113 (FASTLY) (FASTLY - Fastly)
58	14

22 2606:4700:10::6814:5d21 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

blog.emsisoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:3b (Netherlands)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.20.94.33 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

static.emsisoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:815::200e (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c08::9a (Brussels, Belgium) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.12.134 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

emsisoft.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:4da6 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.192.134 (United States)

ASN54113 (FASTLY - Fastly, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
28	emsisoft.com blog.emsisoft.com static.emsisoft.com	771 KB
10	gstatic.com fonts.gstatic.com	148 KB
5	disquscdn.com c.disquscdn.com	218 KB
5	google-analytics.com 2 redirects www.google-analytics.com	40 KB
4	disqus.com emsisoft.disqus.com disqus.com	26 KB
2	google.de www.google.de	218 B
2	google.com 2 redirects www.google.com	370 B
2	doubleclick.net 2 redirects stats.g.doubleclick.net	322 B
1	ytimg.com s.ytimg.com	9 KB
1	youtube.com www.youtube.com	923 B
1	googleapis.com fonts.googleapis.com	1 KB
1	gravatar.com secure.gravatar.com	6 KB
1	googletagmanager.com www.googletagmanager.com	32 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	7 KB
58	14

	Domain	Requested by
22	blog.emsisoft.com	blog.emsisoft.com
10	fonts.gstatic.com	blog.emsisoft.com
6	static.emsisoft.com	blog.emsisoft.com
5	c.disquscdn.com	emsisoft.disqus.com
5	www.google-analytics.com	2 redirects blog.emsisoft.com www.google-analytics.com
2	disqus.com	emsisoft.disqus.com
2	emsisoft.disqus.com	blog.emsisoft.com
2	www.google.de	blog.emsisoft.com
2	www.google.com	2 redirects
2	stats.g.doubleclick.net	2 redirects
1	s.ytimg.com	www.youtube.com
1	www.youtube.com	blog.emsisoft.com
1	fonts.googleapis.com	blog.emsisoft.com
1	secure.gravatar.com	blog.emsisoft.com
1	www.googletagmanager.com	blog.emsisoft.com
1	maxcdn.bootstrapcdn.com	blog.emsisoft.com
58	16

This site contains links to these domains. Also see Links.

Domain
www.emsisoft.com
help.emsisoft.com
support.emsisoft.com
my.emsisoft.com
www.bleepingcomputer.com
www.ibm.com
www.washingtonpost.com
www.wsj.com
www.facebook.com
twitter.com
www.linkedin.com
www.emsisoft.tv

Subject Issuer	Validity	Valid
*.emsisoft.com COMODO RSA Domain Validation Secure Server CA	`2018-05-28` - `2020-06-24`	2 years	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-09-14` - `2020-10-13`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
*.gravatar.com COMODO RSA Domain Validation Secure Server CA	`2018-09-06` - `2020-09-05`	2 years	crt.sh
*.googleapis.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
*.google.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
www.google.de GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2018-03-28` - `2020-04-27`	2 years	crt.sh
ssl565697.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-08-25` - `2020-03-02`	6 months	crt.sh

This page contains 4 frames:

Primary Page: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Frame ID: 00A56E79BF60C29655B95934FA9CC208
Requests: 55 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=emsisoft&t_i=34134%20https%3A%2F%2Fblog.emsisoft.com%2F%3Fp%3D34134&t_u=https%3A%2F%2Fblog.emsisoft.com%2Fen%2F34134%2Fwhy-are-cybercriminals-disguising-wipers-as-ransomware%2F&t_e=Why%20are%20cybercriminals%20disguising%20wipers%20as%20ransomware%3F&t_d=Why%20are%20cybercriminals%20disguising%20wipers%20as%20ransomware%3F&t_t=Why%20are%20cybercriminals%20disguising%20wipers%20as%20ransomware%3F&s_o=default
Frame ID: D38C228D9340B736BDD725D1528EFABE
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css
Frame ID: 81A507901CD0A4A7994E3C0C2A0949B3
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css
Frame ID: B64DE245043EB778AEC8C9093676A8A1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

58
Requests

100 %
HTTPS

81 %
IPv6

14
Domains

16
Subdomains

14
IPs

5
Countries

1259 kB
Transfer

1634 kB
Size

7
Cookies

45 Outgoing links

These are links going to different origins than the main page.

URL: https://www.emsisoft.com/
Title:

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/home/antimalware/
Title: For Home

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/home/antimalware/#scan-and-clean
Title: Scan & Clean

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/home/antimalware/#anti-ransomware
Title: Anti-Ransomware

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/home/antimalware/#layered-protection
Title: Layered Protection

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/home/antimalware/#emergency-kit
Title: Emergency Kit

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/home/antimalware/#anti-phishing
Title: Anti-Phishing (improved!)

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/home/antimalware/#mobile-security
Title: Mobile Security (optional)

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/business/
Title: For Business

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/business/businessecurity/
Title: Emsisoft Business Security features:

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/business/businessecurity/#scan-and-clean
Title: Scan & Clean

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/business/businessecurity/#command-line
Title: Command Line

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/business/businessecurity/#layered-protection
Title: Layered Protection

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/business/businessecurity/#enterprise-security
Title: Enterprise Security (optional)

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/business/businessecurity/#anti-ransomware
Title: Anti-Ransomware

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/business/businessecurity/#cloud-management
Title: Cloud Management (new!)

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/pricing/
Title: Pricing

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/pricing/?business
Title: For Business

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/order/renew/
Title: Renew license

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/order/partner/
Title: Buy from local partner

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/tools/
Title: Tools

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/ransomware-decryption-tools/
Title: Ransomware Decryption

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/business/eek/
Title: Emergency Kit Pro

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/software/cmd/
Title: Commandline Scanner

Search URL Search Domain Scan URL

URL: https://help.emsisoft.com/en/
Title: Support

Search URL Search Domain Scan URL

URL: https://support.emsisoft.com/
Title: Community Support

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/support/submit/
Title: Submit a suspicious file

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/company/about/
Title: Who is Emsisoft?

Search URL Search Domain Scan URL

URL: https://my.emsisoft.com/
Title: Login

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/destructive-ordinypt-malware-hitting-germany-in-new-spam-campaign/?utm_source=emsisoft
Title: Ordinypt spam campaign

Search URL Search Domain Scan URL

URL: https://www.ibm.com/downloads/cas/XZGZLRVD
Title: 200% increase in destructive malware cases

Search URL Search Domain Scan URL

URL: https://www.washingtonpost.com/world/national-security/russian-military-was-behind-notpetya-cyberattack-in-ukraine-cia-concludes/2018/01/12/048d8506-f7ca-11e7-b34a-b85626af34ef_story.html?utm_source=emsisoft
Title: Russian military hackers

Search URL Search Domain Scan URL

URL: https://www.wsj.com/articles/one-year-after-notpetya-companies-still-wrestle-with-financial-impacts-1530095906?utm_source=emsisoft
Title: caused more than $1 billion in economic disruption

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/company/privacy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/company/jobs/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/press/
Title: Press

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/partner/join/
Title: Become a partner

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/partner/affiliates/
Title: Online Affiliates

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Emsisoft/
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/emsisoft
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/emsisoft
Title:

Search URL Search Domain Scan URL

URL: https://www.emsisoft.tv/
Title:

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/company/terms/
Title: Terms

Search URL Search Domain Scan URL

URL: https://www.emsisoft.com/en/company/bugbounty/
Title: Bug Bounty

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://www.google-analytics.com/r/collect?v=1&_v=j79&aip=1&a=1902424229&t=pageview&_s=1&dl=https%3A%2F%2Fblog.emsisoft.com%2Fen%2F34134%2Fwhy-are-cybercriminals-disguising-wipers-as-ransomware%2F&ul=en-us&de=UTF-8&dt=Why%20are%20cybercriminals%20disguising%20wipers%20as%20ransomware%3F%20%7C%20Emsisoft%20%7C%20Security%20Blog&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YEBAAEAB~&jid=102285209&gjid=235015667&cid=371749743.1569633979&tid=UA-226711-18&_gid=897741360.1569633979&_r=1&z=589584559 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-226711-18&cid=371749743.1569633979&jid=102285209&_gid=897741360.1569633979&gjid=235015667&_v=j79&z=589584559 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-226711-18&cid=371749743.1569633979&jid=102285209&_v=j79&z=589584559 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-226711-18&cid=371749743.1569633979&jid=102285209&_v=j79&z=589584559&slf_rd=1&random=669019954

Request Chain 42

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1902424229&t=pageview&_s=1&dl=https%3A%2F%2Fblog.emsisoft.com%2Fen%2F34134%2Fwhy-are-cybercriminals-disguising-wipers-as-ransomware%2F&ul=en-us&de=UTF-8&dt=Why%20are%20cybercriminals%20disguising%20wipers%20as%20ransomware%3F%20%7C%20Emsisoft%20%7C%20Security%20Blog&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGDAAEAj~&jid=1196000591&gjid=1977010378&cid=371749743.1569633979&tid=UA-226711-1&_gid=897741360.1569633979&_r=1&gtm=2wg9i1WK8DP7&cg1=blog&cd4=1569633978563.o04zpag&cd1=371749743.1569633979&z=1108394953 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-226711-1&cid=371749743.1569633979&jid=1196000591&_gid=897741360.1569633979&gjid=1977010378&_v=j79&z=1108394953 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-226711-1&cid=371749743.1569633979&jid=1196000591&_v=j79&z=1108394953 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-226711-1&cid=371749743.1569633979&jid=1196000591&_v=j79&z=1108394953&slf_rd=1&random=4189878845

58 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/ 64 KB
15 KB 120ms
75ms Document
text/html 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac608e4e11a7ff0d681194733b060ed206c6424342745f6a7abeb4285a19ee4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: blog.emsisoft.com
:scheme: https
:path: /en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

status: 200
date: Sat, 28 Sep 2019 01:26:18 GMT
content-type: text/html
set-cookie: __cfduid=d0d5db7262e0ff21c7739b6258ce98e2f1569633978; expires=Sun, 27-Sep-20 01:26:18 GMT; path=/; domain=.emsisoft.com; HttpOnly
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 51d1edabdf65cbcc-VIE
content-encoding: gzip

GET
H2 200 style.min.css
blog.emsisoft.com/wp-includes/css/dist/block-library/ 29 KB
6 KB 20ms
18ms Stylesheet
text/css 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.emsisoft.com/wp-includes/css/dist/block-library/style.min.css?ver=5.2.3
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b8fe5c3d0e5ef7a6582185cbf5c535b5d369c8df1da98c03ed69833e55f474d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: public
date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 10 May 2019 13:20:28 GMT
server: cloudflare
age: 1971981
etag: W/"5cd57a9c-726f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edac5fe6cbcc-VIE
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 styles.css
blog.emsisoft.com/wp-content/plugins/better-click-to-tweet/assets/css/ 2 KB
639 B 20ms
18ms Stylesheet
text/css 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.emsisoft.com/wp-content/plugins/better-click-to-tweet/assets/css/styles.css?ver=3.0
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f81dce26b21d21ac28a37c18fc41159d2b03d7dd9a0e1799189622d3e3a07ae

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 21317110
cf-polished: origSize=2057
status: 200
pragma: public
last-modified: Fri, 18 Jan 2019 11:20:14 GMT
server: cloudflare
etag: W/"5c41b66e-809"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edac5fe7cbcc-VIE
cf-bgj: minify

GET
H2 200 wpsr.min.css
blog.emsisoft.com/wp-content/plugins/wp-socializer/public/css/ 21 KB
5 KB 19ms
17ms Stylesheet
text/css 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.emsisoft.com/wp-content/plugins/wp-socializer/public/css/wpsr.min.css?ver=4.1.8
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4f976a5ef7cc3061b85270f91d4b2e638022290572875eb73ab42996c81f3b8

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: public
date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 28 Aug 2019 08:54:10 GMT
server: cloudflare
age: 2647337
etag: W/"5d664132-553c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edac5fe8cbcc-VIE
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 20ms
7ms Stylesheet
text/css 2001:4de0:ac19::1:b:3b
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css?ver=4.1.8
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:3b , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

Sec-Fetch-Mode: cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Origin: https://blog.emsisoft.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
last-modified: Wed, 12 Dec 2018 18:35:20 GMT
status: 200
etag: "1544639720"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
timing-allow-origin: *
content-length: 7050

GET
H2 200 app.css
blog.emsisoft.com/wp-content/themes/emsisoft/dist/css/ 109 KB
18 KB 23ms
22ms Stylesheet
text/css 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.emsisoft.com/wp-content/themes/emsisoft/dist/css/app.css?id=fca298c5f4fe734841e6&ver=5.2.3
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ad0be5efb1a525bfee48cb662bf59262262b960c752218974c9cdb69f1afc52

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 753222
cf-polished: origSize=111949
status: 200
pragma: public
last-modified: Mon, 12 Aug 2019 10:55:45 GMT
server: cloudflare
etag: W/"5d5145b1-1b54d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edac6fe9cbcc-VIE
cf-bgj: minify

GET
H2 200 emsisoft.css
static.emsisoft.com/fonts/ 310 B
586 B 78ms
25ms Stylesheet
text/css 104.20.94.33
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://static.emsisoft.com/fonts/emsisoft.css?ver=5.2.3
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.94.33 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53b70289e8e7cb8e30efedf08b55288c62da462e3cc8ad54a7a9841c0ec6bf9b

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 1975627
cf-polished: origSize=334
status: 200
access-control-max-age: 600
pragma: public
last-modified: Mon, 23 Jan 2017 09:54:18 GMT
server: cloudflare
etag: W/"5885d2ca-14e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edacbd98dc03-LHR
cf-bgj: minify

GET
H2 200 jquery.js Show response
blog.emsisoft.com/wp-includes/js/jquery/ 95 KB
33 KB 28ms
26ms Script
application/javascript 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.emsisoft.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 333799
cf-polished: origSize=96873
status: 200
pragma: public
last-modified: Wed, 22 May 2019 03:01:51 GMT
server: cloudflare
etag: W/"5ce4bb9f-17a69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edac6feacbcc-VIE
cf-bgj: minify

GET
H2 200 jquery-migrate.min.js Show response
blog.emsisoft.com/wp-includes/js/jquery/ 10 KB
4 KB 18ms
17ms Script
application/javascript 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.emsisoft.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: public
date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 14 Apr 2017 15:17:10 GMT
server: cloudflare
age: 19945729
etag: W/"58f0e7f6-2748"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edac6febcbcc-VIE
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 external-tracking.min.js Show response
blog.emsisoft.com/wp-content/plugins/google-analyticator/ 1 KB
573 B 20ms
19ms Script
application/javascript 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.emsisoft.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.5.4
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5a9dcb270ba38d94fd27a5ae4c6a6d10bb6a25fe0473df95fe4c405e82801289

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: public
date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 02 Mar 2018 13:05:59 GMT
server: cloudflare
age: 21052710
etag: W/"5a994c37-4a6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edac6feecbcc-VIE
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 logo.svg
static.emsisoft.com/images/layout/ 2 KB
804 B 79ms
25ms Image
image/svg+xml 104.20.94.33
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.emsisoft.com/images/layout/logo.svg
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.94.33 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 20468f23efd590c59a9e0b0a7546d5ceb7d480ffcb500c7804f1714cd9b289dd

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 17839676
status: 200
pragma: public
last-modified: Sun, 01 Oct 2017 15:44:29 GMT
server: cloudflare
etag: W/"59d10d5d-6fe"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 600
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edacbd9adc03-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 logo_blog_blue.svg
static.emsisoft.com/images/layout/ 2 KB
1 KB 79ms
25ms Image
image/svg+xml 104.20.94.33
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.emsisoft.com/images/layout/logo_blog_blue.svg
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.94.33 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e29ecf67a8ad1d44954145a2e5b021c9496ae4f562bf4bef4a24f17b771b284

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 19427425
status: 200
pragma: public
last-modified: Tue, 04 Dec 2018 16:32:26 GMT
server: cloudflare
etag: W/"5c06ac1a-85a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 600
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edacbd99dc03-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Blog-2.png
blog.emsisoft.com/wp-content/uploads/2019/09/ 169 KB
169 KB 34ms
32ms Image
image/png 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.emsisoft.com/wp-content/uploads/2019/09/Blog-2.png
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b58197385644b65ad0b5bebdf7976e2a9fbe22e7849cb7d2be677cc28d857a9b

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
cf-cache-status: HIT
age: 88528
cf-polished: origSize=197315
status: 200
content-length: 173154
pragma: public
last-modified: Thu, 26 Sep 2019 03:46:27 GMT
server: cloudflare
etag: "5d8c3493-302c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 51d1edacf871cbcc-VIE
cf-bgj: imgq:100

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 106 KB
32 KB 18ms
16ms Script
application/javascript 2a00:1450:4001:81a::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WK8DP7

Requested by

Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

986a793ff52bca3ef1444f8563b26648e439df3ad6d9fcd417bdcf89b79d750e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: br
last-modified: Sat, 28 Sep 2019 00:36:56 GMT
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 32768
x-xss-protection: 0
expires: Sat, 28 Sep 2019 01:26:18 GMT

GET
H2 200 wp-emoji-release.min.js Show response
blog.emsisoft.com/wp-includes/js/ 14 KB
5 KB 22ms
21ms Script
application/javascript 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.emsisoft.com/wp-includes/js/wp-emoji-release.min.js?ver=5.2.3
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4799ef2939b8377cf33f07b07b6d90a4a245adbf1c6eaf47ee3b0fcefcc07fe

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: public
date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 10 May 2019 13:20:27 GMT
server: cloudflare
age: 753222
etag: W/"5cd57a9b-3610"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edacf873cbcc-VIE
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 9fd02f7724fb6f6ab41edea2d82942b5
secure.gravatar.com/avatar/ 6 KB
6 KB 39ms
12ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/9fd02f7724fb6f6ab41edea2d82942b5?s=127&d=mm&r=g
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: ab2137d3ae4fa9d7ddc7faf984c6704946c84d6209e914a82f6257f0bc966bec

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nc: HIT vie 3
date: Sat, 28 Sep 2019 01:26:18 GMT
last-modified: Wed, 07 Mar 2018 22:29:36 GMT
server: nginx
source-age: 7850124
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="9fd02f7724fb6f6ab41edea2d82942b5.jpeg"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/9fd02f7724fb6f6ab41edea2d82942b5?s=127&d=mm&r=g>; rel="canonical"
content-length: 6215
expires: Sat, 28 Sep 2019 01:31:18 GMT

GET
H2 200 emsisoft-ransomware-backup-1-370x208.png
blog.emsisoft.com/wp-content/uploads/2019/09/ 60 KB
60 KB 100ms
99ms Image
image/png 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.emsisoft.com/wp-content/uploads/2019/09/emsisoft-ransomware-backup-1-370x208.png
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 17ede6c9be1a55bd20979a6aeed0cb5b79cbbc4fde3012a4e5800a0e91ca2b6d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: public
date: Sat, 28 Sep 2019 01:26:18 GMT
cf-cache-status: MISS
last-modified: Fri, 20 Sep 2019 12:17:03 GMT
server: cloudflare
etag: "5d84c33f-efe2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 51d1edacf875cbcc-VIE
content-length: 61410
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 email-decode.min.js Show response
blog.emsisoft.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
813 B 15ms
14ms Script
application/javascript 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.emsisoft.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Mon, 23 Sep 2019 14:57:07 GMT
server: cloudflare
etag: W/"5d88dd43-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: application/javascript
status: 200
cache-control: max-age=172800, public
cf-ray: 51d1edace855cbcc-VIE
expires: Mon, 30 Sep 2019 01:26:18 GMT

GET
H2 200 syrk-decryptor-370x208.png
blog.emsisoft.com/wp-content/uploads/2019/08/ 64 KB
65 KB 24ms
22ms Image
image/png 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.emsisoft.com/wp-content/uploads/2019/08/syrk-decryptor-370x208.png
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3014e5c086d3f575691f0edb8f7d805346f15ab26c4949ce070a2f2216ddb76e

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
cf-cache-status: HIT
age: 160867
cf-polished: pngoptimizer, origSize=77436
status: 200
content-length: 65911
pragma: public
last-modified: Mon, 26 Aug 2019 18:40:27 GMT
server: cloudflare
etag: "5d64279b-12e7c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 51d1edacf876cbcc-VIE
cf-bgj: imgq:100

GET
H2 200 jsworm4.0-decryptor-370x208.png
blog.emsisoft.com/wp-content/uploads/2019/08/ 62 KB
62 KB 25ms
24ms Image
image/png 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.emsisoft.com/wp-content/uploads/2019/08/jsworm4.0-decryptor-370x208.png
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac78d90234b22fdc89df0edb20cb3e83b1b2b7e2d5f46e15f177e8c8bad10c10

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
cf-cache-status: HIT
age: 160866
cf-polished: pngoptimizer, origSize=74920
status: 200
content-length: 63664
pragma: public
last-modified: Fri, 16 Aug 2019 17:04:13 GMT
server: cloudflare
etag: "5d56e20d-124a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 51d1edacf878cbcc-VIE
cf-bgj: imgq:100

GET
H2 200 comment_count.js Show response
blog.emsisoft.com/wp-content/plugins/disqus-comment-system/public/js/ 708 B
518 B 16ms
16ms Script
application/javascript 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.emsisoft.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.17
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b385fd0614f2927f0e7fdc03ccdb2428e3a93de0c7fe467149b34213cc32c0f6

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 753221
cf-polished: origSize=889
status: 200
pragma: public
last-modified: Tue, 12 Mar 2019 09:39:14 GMT
server: cloudflare
etag: W/"5c877e42-379"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edace859cbcc-VIE
cf-bgj: minify

GET
H2 200 comment_embed.js Show response
blog.emsisoft.com/wp-content/plugins/disqus-comment-system/public/js/ 828 B
461 B 20ms
18ms Script
application/javascript 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.emsisoft.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.17
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7f5a831ead8920451598097754bb1d4fbf16fff1fd90794b950724867345794

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 753221
cf-polished: origSize=1150
status: 200
pragma: public
last-modified: Tue, 12 Mar 2019 09:39:14 GMT
server: cloudflare
etag: W/"5c877e42-47e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edacf869cbcc-VIE
cf-bgj: minify

GET
H2 200 jquery-3.3.1.min.js Show response
blog.emsisoft.com/wp-content/themes/emsisoft/dist/js/ 85 KB
34 KB 23ms
21ms Script
application/javascript 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.emsisoft.com/wp-content/themes/emsisoft/dist/js/jquery-3.3.1.min.js?id=a09e13ee94d51c524b7e&ver=5.2.3
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66567147f97c92275a1f85b2c70ae83dd9350b13f333887fcf294e311170df48

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: public
date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 18 Jan 2019 14:05:05 GMT
server: cloudflare
age: 1971981
etag: W/"5c41dd11-15499"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edacf86bcbcc-VIE
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 app.js Show response
blog.emsisoft.com/wp-content/themes/emsisoft/dist/js/ 12 KB
4 KB 20ms
18ms Script
application/javascript 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.emsisoft.com/wp-content/themes/emsisoft/dist/js/app.js?id=0e2b9e70c886eb771812&ver=5.2.3
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 92d70b12ff53ffa549f98dad424b72fdf00ecb623ebc5937c487c47becec8d6e

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 753221
cf-polished: origSize=12107
status: 200
pragma: public
last-modified: Tue, 14 May 2019 11:13:59 GMT
server: cloudflare
etag: W/"5cdaa2f7-2f4b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edacf86ccbcc-VIE
cf-bgj: minify

GET
H2 200 jquery.fancybox.min.js Show response
blog.emsisoft.com/wp-content/themes/emsisoft/dist/js/ 58 KB
22 KB 22ms
20ms Script
application/javascript 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.emsisoft.com/wp-content/themes/emsisoft/dist/js/jquery.fancybox.min.js?id=b92d47642e3247c8999d&ver=3.2.10
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1df31d818f1eb35a5e5dbd5fafa6cc4136244fe3737efc49ccabc8c744fa8903

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: public
date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 18 Jan 2019 14:05:05 GMT
server: cloudflare
age: 150240
etag: W/"5c41dd11-e7b9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edacf86ecbcc-VIE
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-embed.min.js Show response
blog.emsisoft.com/wp-includes/js/ 1 KB
862 B 20ms
18ms Script
application/javascript 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.emsisoft.com/wp-includes/js/wp-embed.min.js?ver=5.2.3
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: public
date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 13 Dec 2018 03:01:55 GMT
server: cloudflare
age: 1971981
etag: W/"5c11cba3-57b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edacf86fcbcc-VIE
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-socializer.min.js Show response
blog.emsisoft.com/wp-content/plugins/wp-socializer/public/js/ 5 KB
2 KB 20ms
19ms Script
application/javascript 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.emsisoft.com/wp-content/plugins/wp-socializer/public/js/wp-socializer.min.js?ver=4.1.8
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f4ba4e65d268acb504a279588dcfe31e090b590da3583a6aa4381da1c46073b

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: public
date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 28 Aug 2019 08:54:10 GMT
server: cloudflare
age: 2647337
etag: W/"5d664132-15e4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edacf870cbcc-VIE
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 20 KB
1 KB 22ms
20ms Stylesheet
text/css 2a00:1450:4001:824::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Noto+Serif:400,400i,700,700i%7CSource+Sans+Pro:400,400i,600,600i&subset=cyrillic

Requested by

Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

619368d054f4e737b7ba246fd018887e1e057593a3898d47f2d76a6fbd1a0457

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Sat, 28 Sep 2019 01:26:18 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
date: Sat, 28 Sep 2019 01:26:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
expires: Sat, 28 Sep 2019 01:26:18 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:815::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 3620
date: Sat, 28 Sep 2019 00:25:58 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Sat, 28 Sep 2019 02:25:58 GMT

GET
H2 200 icons.svg
blog.emsisoft.com/wp-content/themes/emsisoft/dist/images/ 5 KB
2 KB 25ms
24ms Other
image/svg+xml 2606:4700:10::6814:5d21
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.emsisoft.com/wp-content/themes/emsisoft/dist/images/icons.svg?id=44716d8c791ad9a5672a
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5d21 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55e89749ae8a76c4b43d528fc20f7cc2fb3dfee858eb16e4236914b45324b0ae

Request headers

Sec-Fetch-Mode: same-origin
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: public
date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 18 Jan 2019 14:05:02 GMT
server: cloudflare
age: 17230733
etag: W/"5c41dd0e-1425"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edacf87acbcc-VIE
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 menu_icons_v2.png
static.emsisoft.com/images/layout/ 3 KB
3 KB 22ms
22ms Image
image/png 104.20.94.33
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.emsisoft.com/images/layout/menu_icons_v2.png
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.94.33 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e84c6baf65696df133f6576220201edc0d6d220b2e4993c4d9f90a65e816833f

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/wp-content/themes/emsisoft/dist/css/app.css?id=fca298c5f4fe734841e6&ver=5.2.3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
cf-cache-status: HIT
age: 3998811
cf-polished: pngoptimizer, origSize=4631
status: 200
access-control-max-age: 600
content-length: 2837
pragma: public
last-modified: Mon, 18 Mar 2019 16:01:02 GMT
server: cloudflare
etag: "5c8fc0be-1217"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 51d1edacfdf3dc03-LHR
cf-bgj: imgq:100

GET
H2 200 SegoeUI.woff
static.emsisoft.com/fonts/ 240 KB
238 KB 82ms
43ms Font
application/font-woff 104.20.94.33
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://static.emsisoft.com/fonts/SegoeUI.woff
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.94.33 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88c5bf1d6f30b660f9764bd76aa70cdefcb11207fdc77d0d0285d95a0bc135ac

Request headers

Sec-Fetch-Mode: cors
Referer: https://blog.emsisoft.com/wp-content/themes/emsisoft/dist/css/app.css?id=fca298c5f4fe734841e6&ver=5.2.3
Origin: https://blog.emsisoft.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 4013013
status: 200
pragma: public
last-modified: Sat, 10 Aug 2019 09:49:57 GMT
server: cloudflare
etag: W/"5d4e9345-3c054"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 600
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edad3fe2bba0-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 DINWebPro-CondBold.woff
static.emsisoft.com/fonts/ 17 KB
17 KB 62ms
26ms Font
application/font-woff 104.20.94.33
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://static.emsisoft.com/fonts/DINWebPro-CondBold.woff
Requested by: Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.94.33 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa01ca9b038471923699e969ba137b5c769df9b184c0067dc1afcd318b0ecd50

Request headers

Sec-Fetch-Mode: cors
Referer: https://static.emsisoft.com/fonts/emsisoft.css?ver=5.2.3
Origin: https://blog.emsisoft.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 19334586
status: 200
pragma: public
last-modified: Mon, 23 Jan 2017 09:54:31 GMT
server: cloudflare
etag: W/"5885d2d7-4330"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 600
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
cf-ray: 51d1edad3fe3bba0-LHR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ODelI1aHBYDBqgeIAH2zlNV_2ngZ8dMf8fLgjYEouxg.woff2
fonts.gstatic.com/s/sourcesanspro/v10/ 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:80b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v10/ODelI1aHBYDBqgeIAH2zlNV_2ngZ8dMf8fLgjYEouxg.woff2

Requested by

Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

a769166be88381ff553dd898537609ee8a973c37bd5ba3890d6ea0bb7fc2a41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://blog.emsisoft.com/wp-content/themes/emsisoft/dist/css/app.css?id=fca298c5f4fe734841e6&ver=5.2.3
Origin: https://blog.emsisoft.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 26 Aug 2019 09:08:22 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Jun 2017 20:31:56 GMT
server: sffe
age: 2823476
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14624
x-xss-protection: 0
expires: Tue, 25 Aug 2020 09:08:22 GMT

GET
H2 200 toadOcfmlt9b38dHJxOBGCOFnW3Jk0f09zW_Yln67Ac.woff2
fonts.gstatic.com/s/sourcesanspro/v10/ 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:80b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v10/toadOcfmlt9b38dHJxOBGCOFnW3Jk0f09zW_Yln67Ac.woff2

Requested by

Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e5b92dc7ae4c3419f3325261ca30d76dc163b5ea628196dc493ea4152fca379f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://blog.emsisoft.com/wp-content/themes/emsisoft/dist/css/app.css?id=fca298c5f4fe734841e6&ver=5.2.3
Origin: https://blog.emsisoft.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 26 Aug 2019 09:08:21 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Jun 2017 20:32:13 GMT
server: sffe
age: 2823477
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14508
x-xss-protection: 0
expires: Tue, 25 Aug 2020 09:08:21 GMT

GET
H2 200 eCpfeMZI7q4jLksXVRWPQ_k_vArhqVIZ0nv9q090hN8.woff2
fonts.gstatic.com/s/notoserif/v4/ 23 KB
23 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:80b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notoserif/v4/eCpfeMZI7q4jLksXVRWPQ_k_vArhqVIZ0nv9q090hN8.woff2

Requested by

Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

2a1102749787811a8a8867540a17a0b3e05061683622c2c3ae78d3d382772e18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://blog.emsisoft.com/wp-content/themes/emsisoft/dist/css/app.css?id=fca298c5f4fe734841e6&ver=5.2.3
Origin: https://blog.emsisoft.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 23 Aug 2019 10:58:34 GMT
x-content-type-options: nosniff
last-modified: Thu, 28 Aug 2014 20:41:39 GMT
server: sffe
age: 3076064
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 23272
x-xss-protection: 0
expires: Sat, 22 Aug 2020 10:58:34 GMT

GET
H2 200 HQXBIwLHsOJCNEQeX9kNz-gdm0LZdjqr5-oayXSOefg.woff2
fonts.gstatic.com/s/notoserif/v4/ 21 KB
21 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:80b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notoserif/v4/HQXBIwLHsOJCNEQeX9kNz-gdm0LZdjqr5-oayXSOefg.woff2

Requested by

Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

c24cea5caf526a74d30801adc8b85a1b4f42f83a20318a212d358890d5a3148d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://blog.emsisoft.com/wp-content/themes/emsisoft/dist/css/app.css?id=fca298c5f4fe734841e6&ver=5.2.3
Origin: https://blog.emsisoft.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 25 Aug 2019 02:53:17 GMT
x-content-type-options: nosniff
last-modified: Thu, 28 Aug 2014 18:22:09 GMT
server: sffe
age: 2932381
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 21260
x-xss-protection: 0
expires: Mon, 24 Aug 2020 02:53:17 GMT

GET
H2 200 fpTVHK8qsXbIeTHTrnQH6GQKuzMuncr0JB710wa2dPI.woff2
fonts.gstatic.com/s/sourcesanspro/v10/ 13 KB
13 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:80b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v10/fpTVHK8qsXbIeTHTrnQH6GQKuzMuncr0JB710wa2dPI.woff2

Requested by

Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e4ba45e42b5433ab9f39accca6eb10471b61c31d172b3feec0cc12961080bbf1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://blog.emsisoft.com/wp-content/themes/emsisoft/dist/css/app.css?id=fca298c5f4fe734841e6&ver=5.2.3
Origin: https://blog.emsisoft.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 13 Sep 2019 08:00:33 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Jun 2017 20:33:17 GMT
server: sffe
age: 1272345
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 13688
x-xss-protection: 0
expires: Sat, 12 Sep 2020 08:00:33 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j79&aip=1&a=1902424229&t=pageview&_s=1&dl=https%3A%2F%2Fblog.emsisoft.com%2Fen%2F34134%2Fwhy-are-cybercriminals-disguising-wipers-as-ransomware%2F&...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-226711-18&cid=371749743.1569633979&jid=102285209&_gid=897741360.1569633979&gjid=235015667&_v=j79&z=589584559
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-226711-18&cid=371749743.1569633979&jid=102285209&_v=j79&z=589584559
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-226711-18&cid=371749743.1569633979&jid=102285209&_v=j79&z=589584559&slf_rd=1&random=669019954

42 B
109 B

18ms
18ms

Image
image/gif

2a00:1450:4001:81c::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-226711-18&cid=371749743.1569633979&jid=102285209&_v=j79&z=589584559&slf_rd=1&random=669019954

Requested by

Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 28 Sep 2019 01:26:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 28 Sep 2019 01:26:18 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-226711-18&cid=371749743.1569633979&jid=102285209&_v=j79&z=589584559&slf_rd=1&random=669019954
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
924 B 6ms
6ms Script
text/javascript 2a00:1450:4001:815::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 00:35:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 21 Apr 2016 03:17:22 GMT
server: sffe
age: 3029
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 856
x-xss-protection: 0
expires: Sat, 28 Sep 2019 01:35:49 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
923 B 22ms
22ms Script
application/javascript 2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

37520a7d4301bf54115512947334da543a8e05fd47f98f9e7064e1144f53e527

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 EST

GET
H/1.1 200
OK count.js Show response
emsisoft.disqus.com/ 1 KB
1 KB 2289ms
2218ms Script
application/javascript 151.101.12.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://emsisoft.disqus.com/count.js

Requested by

Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.17

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.134 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 28 Sep 2019 01:26:20 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 1673530
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 04 Sep 2019 20:05:34 GMT
Server: nginx
ETag: "5d70190e-367"
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect

GET
H/1.1 200
OK embed.js Show response
emsisoft.disqus.com/ 64 KB
22 KB 356ms
291ms Script
application/javascript 151.101.12.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://emsisoft.disqus.com/embed.js

Requested by

Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.17

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.134 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

openresty /

Resource Hash

1e19cea23f99c9d60e31863c808ec74406f5eb22db135b14103fc51f95144bc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 28 Sep 2019 01:26:18 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 21598

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1902424229&t=pageview&_s=1&dl=https%3A%2F%2Fblog.emsisoft.com%2Fen%2F34134%2Fwhy-are-cybercriminals-disguising-wipers-as-ransomware%2F&ul=en-...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-226711-1&cid=371749743.1569633979&jid=1196000591&_gid=897741360.1569633979&gjid=1977010378&_v=j79&z=1108394953
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-226711-1&cid=371749743.1569633979&jid=1196000591&_v=j79&z=1108394953
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-226711-1&cid=371749743.1569633979&jid=1196000591&_v=j79&z=1108394953&slf_rd=1&random=4189878845

42 B
109 B

24ms
24ms

Image
image/gif

2a00:1450:4001:81c::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-226711-1&cid=371749743.1569633979&jid=1196000591&_v=j79&z=1108394953&slf_rd=1&random=4189878845

Requested by

Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 28 Sep 2019 01:26:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 28 Sep 2019 01:26:18 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-226711-1&cid=371749743.1569633979&jid=1196000591&_v=j79&z=1108394953&slf_rd=1&random=4189878845
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2
fonts.gstatic.com/s/sourcesanspro/v13/ 13 KB
13 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:80b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v13/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2

Requested by

Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ecf76895be1cf9e8b3edb254030e9c9c1d8f3c2efc1f9dc7e04ceff29eccae9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Noto+Serif:400,400i,700,700i%7CSource+Sans+Pro:400,400i,600,600i&subset=cyrillic
Origin: https://blog.emsisoft.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 26 Aug 2019 09:24:58 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:46:19 GMT
server: sffe
age: 2822480
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 13324
x-xss-protection: 0
expires: Tue, 25 Aug 2020 09:24:58 GMT

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu3cOWxw.woff2
fonts.gstatic.com/s/sourcesanspro/v13/ 13 KB
13 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:80b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v13/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu3cOWxw.woff2

Requested by

Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

fc772b0188bc262494be9dc529c50893ae189110dfcad5a286512b737aef93b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Noto+Serif:400,400i,700,700i%7CSource+Sans+Pro:400,400i,600,600i&subset=cyrillic
Origin: https://blog.emsisoft.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 02 Sep 2019 13:45:54 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:46:07 GMT
server: sffe
age: 2202024
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 13108
x-xss-protection: 0
expires: Tue, 01 Sep 2020 13:45:54 GMT

GET
H2 200 ga6Iaw1J5X9T9RW6j9bNfFcWaDq8fMU.woff2
fonts.gstatic.com/s/notoserif/v8/ 13 KB
13 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:80b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notoserif/v8/ga6Iaw1J5X9T9RW6j9bNfFcWaDq8fMU.woff2

Requested by

Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e7be357ddd89fe4f85dd3a2f16929f2344148d0ede966e9bf92febe1b998cc9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Noto+Serif:400,400i,700,700i%7CSource+Sans+Pro:400,400i,600,600i&subset=cyrillic
Origin: https://blog.emsisoft.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 24 Aug 2019 14:55:12 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:17:21 GMT
server: sffe
age: 2975466
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 13192
x-xss-protection: 0
expires: Sun, 23 Aug 2020 14:55:12 GMT

GET
H2 200 ga6Kaw1J5X9T9RW6j9bNfFImajC7XsdBMg.woff2
fonts.gstatic.com/s/notoserif/v8/ 11 KB
11 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:80b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notoserif/v8/ga6Kaw1J5X9T9RW6j9bNfFImajC7XsdBMg.woff2

Requested by

Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

a8d4bc76fde10eb50371276c5c752217a23c992d8121cdc755992baddb1debd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Noto+Serif:400,400i,700,700i%7CSource+Sans+Pro:400,400i,600,600i&subset=cyrillic
Origin: https://blog.emsisoft.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 23 Aug 2019 10:37:49 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:17:28 GMT
server: sffe
age: 3077309
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 11060
x-xss-protection: 0
expires: Sat, 22 Aug 2020 10:37:49 GMT

GET
H2 200 6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lCds18S0xR41.woff2
fonts.gstatic.com/s/sourcesanspro/v13/ 12 KB
12 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:80b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v13/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lCds18S0xR41.woff2

Requested by

Host: blog.emsisoft.com
URL: https://blog.emsisoft.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

3b2ee86018faba83994809866cdcf3c06b4378f4036bcd9abddac47d2559120b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Noto+Serif:400,400i,700,700i%7CSource+Sans+Pro:400,400i,600,600i&subset=cyrillic
Origin: https://blog.emsisoft.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 26 Aug 2019 11:27:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:46:11 GMT
server: sffe
age: 2815151
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 12580
x-xss-protection: 0
expires: Tue, 25 Aug 2020 11:27:07 GMT

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflDuDH0c/ 23 KB
9 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflDuDH0c/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5594aad46162a604f53718c6eec2c9824317dddd03dab69822549cd36e5789dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 25 Sep 2019 05:40:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 243940
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 8703
x-xss-protection: 0
last-modified: Wed, 25 Sep 2019 03:54:04 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Thu, 03 Oct 2019 05:40:38 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 56 KB
21 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:815::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-P7CT5ZH&t=gtm36&cid=371749743.1569633979

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

05ad591cc4f273c62ea6900d6870511b530c7ced9b561f9374b986f28175ebd8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:18 GMT
content-encoding: br
last-modified: Sat, 28 Sep 2019 00:36:56 GMT
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 21299
x-xss-protection: 0
expires: Sat, 28 Sep 2019 01:26:18 GMT

GET
H2 200 lounge.9443104ff30a573f9d999b1f7f20c191.css
c.disquscdn.com/next/embed/styles/ 0
21 KB 55ms
20ms Other
text/css 2606:4700::6810:4da6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.9443104ff30a573f9d999b1f7f20c191.css

Requested by

Host: emsisoft.disqus.com
URL: https://emsisoft.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4da6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 111215
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 21506
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Thu, 26 Sep 2019 18:13:39 GMT
server: cloudflare
etag: "5d8cffd3-5402"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
cf-ray: 51d1edb0c876cbd0-VIE
expires: Fri, 25 Sep 2020 18:32:37 GMT

GET
H2 200 common.bundle.f91bb4d435d2d5726fa104d427b9c213.js
c.disquscdn.com/next/embed/ 0
89 KB 57ms
23ms Other
application/javascript 2606:4700::6810:4da6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.f91bb4d435d2d5726fa104d427b9c213.js

Requested by

Host: emsisoft.disqus.com
URL: https://emsisoft.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4da6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 111215
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 90400
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Thu, 26 Sep 2019 00:29:39 GMT
server: cloudflare
etag: "5d8c0673-16120"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
cf-ray: 51d1edb0c877cbd0-VIE
expires: Fri, 25 Sep 2020 16:20:27 GMT

GET
H2 200 lounge.bundle.c98c3dd54b0005c5c7818dc8255afa6c.js
c.disquscdn.com/next/embed/ 0
107 KB 66ms
32ms Other
application/javascript 2606:4700::6810:4da6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.c98c3dd54b0005c5c7818dc8255afa6c.js

Requested by

Host: emsisoft.disqus.com
URL: https://emsisoft.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4da6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 111215
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 109500
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Thu, 26 Sep 2019 18:13:39 GMT
server: cloudflare
etag: "5d8cffd3-1abbc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
cf-ray: 51d1edb0c878cbd0-VIE
expires: Fri, 25 Sep 2020 18:32:37 GMT

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
3 KB 53ms
17ms Other
application/javascript 151.101.192.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: emsisoft.disqus.com
URL: https://emsisoft.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 28 Sep 2019 01:26:19 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 13
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 2173
X-XSS-Protection: 1; mode=block
Server: nginx
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Timing-Allow-Origin: *

GET
H/1.1 200
OK /
disqus.com/embed/comments/ Frame D38C 0
0 213ms
212ms Document
text/html 151.101.192.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=emsisoft&t_i=34134%20https%3A%2F%2Fblog.emsisoft.com%2F%3Fp%3D34134&t_u=https%3A%2F%2Fblog.emsisoft.com%2Fen%2F34134%2Fwhy-are-cybercriminals-disguising-wipers-as-ransomware%2F&t_e=Why%20are%20cybercriminals%20disguising%20wipers%20as%20ransomware%3F&t_d=Why%20are%20cybercriminals%20disguising%20wipers%20as%20ransomware%3F&t_t=Why%20are%20cybercriminals%20disguising%20wipers%20as%20ransomware%3F&s_o=default

Requested by

Host: emsisoft.disqus.com
URL: https://emsisoft.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://www.google.com/recaptcha/ https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: disqus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/

Response headers

Server: nginx
Content-Type: text/html; charset=utf-8
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://www.google.com/recaptcha/ https://disqus.com
Last-Modified: Thu, 26 Sep 2019 13:30:10 GMT
ETag: W/"lounge:view:7651353065.84dac9ad7fb8d1205c78e8bdc1efb06c.2"
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 2672
Date: Sat, 28 Sep 2019 01:26:19 GMT
Age: 0
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains

GET
H2 200 realtime.af77184dec69e96e69aff958ae2bb738.css
c.disquscdn.com/next/embed/styles/ Frame 81A5 337 B
427 B 17ms
16ms Stylesheet
text/css 2606:4700::6810:4da6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css

Requested by

Host: emsisoft.disqus.com
URL: https://emsisoft.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4da6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 18697679
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 244
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Fri, 02 Nov 2018 00:21:20 GMT
server: cloudflare
fastly-debug-digest: ddbb547324842fbef412f9cb6a75e494efb72ac30deb102492dc2845863dccf3
etag: "5bdb9880-f4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
cf-ray: 51d1edb4bdbdcbd0-VIE
expires: Fri, 08 Nov 2019 10:18:08 GMT

GET
H2 200 realtime.af77184dec69e96e69aff958ae2bb738.css
c.disquscdn.com/next/embed/styles/ Frame B64D 337 B
310 B 17ms
17ms Stylesheet
text/css 2606:4700::6810:4da6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css

Requested by

Host: emsisoft.disqus.com
URL: https://emsisoft.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4da6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://blog.emsisoft.com/en/34134/why-are-cybercriminals-disguising-wipers-as-ransomware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 28 Sep 2019 01:26:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 18697679
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 244
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Fri, 02 Nov 2018 00:21:20 GMT
server: cloudflare
fastly-debug-digest: ddbb547324842fbef412f9cb6a75e494efb72ac30deb102492dc2845863dccf3
etag: "5bdb9880-f4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
cf-ray: 51d1edb4bdc9cbd0-VIE
expires: Fri, 08 Nov 2019 10:18:08 GMT

Verdicts & Comments Add Verdict or Comment

63 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
blog.emsisoft.com/	1970-01-19 12:33:12	Name: first_touch_medium Value: (none)
blog.emsisoft.com/	1970-01-19 12:33:12	Name: first_touch_source Value: (direct)
.emsisoft.com/	1970-01-19 04:00:34	Name: _gat Value: 1
.emsisoft.com/	1970-01-19 21:31:45	Name: _ga Value: GA1.2.371749743.1569633979
.emsisoft.com/	1970-01-19 04:00:34	Name: _gat_UA-226711-1 Value: 1
.emsisoft.com/	1970-01-19 04:02:00	Name: _gid Value: GA1.2.897741360.1569633979
.emsisoft.com/	1970-01-19 12:46:09	Name: __cfduid Value: d0d5db7262e0ff21c7739b6258ce98e2f1569633978

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://blog.emsisoft.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blog.emsisoft.com
c.disquscdn.com
disqus.com
emsisoft.disqus.com
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
s.ytimg.com
secure.gravatar.com
static.emsisoft.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.youtube.com
104.20.94.33
151.101.12.134
151.101.192.134
2001:4de0:ac19::1:b:3b
2606:4700:10::6814:5d21
2606:4700::6810:4da6
2a00:1450:4001:808::200e
2a00:1450:4001:80b::2003
2a00:1450:4001:80b::200e
2a00:1450:4001:815::200e
2a00:1450:4001:81a::2008
2a00:1450:4001:81c::2003
2a00:1450:4001:821::2004
2a00:1450:4001:824::200a
2a00:1450:400c:c08::9a
2a04:fa87:fffe::c000:4902
05ad591cc4f273c62ea6900d6870511b530c7ced9b561f9374b986f28175ebd8
17ede6c9be1a55bd20979a6aeed0cb5b79cbbc4fde3012a4e5800a0e91ca2b6d
1df31d818f1eb35a5e5dbd5fafa6cc4136244fe3737efc49ccabc8c744fa8903
1e19cea23f99c9d60e31863c808ec74406f5eb22db135b14103fc51f95144bc5
1f4ba4e65d268acb504a279588dcfe31e090b590da3583a6aa4381da1c46073b
20468f23efd590c59a9e0b0a7546d5ceb7d480ffcb500c7804f1714cd9b289dd
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2a1102749787811a8a8867540a17a0b3e05061683622c2c3ae78d3d382772e18
3014e5c086d3f575691f0edb8f7d805346f15ab26c4949ce070a2f2216ddb76e
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
37520a7d4301bf54115512947334da543a8e05fd47f98f9e7064e1144f53e527
3b2ee86018faba83994809866cdcf3c06b4378f4036bcd9abddac47d2559120b
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4b8fe5c3d0e5ef7a6582185cbf5c535b5d369c8df1da98c03ed69833e55f474d
53b70289e8e7cb8e30efedf08b55288c62da462e3cc8ad54a7a9841c0ec6bf9b
5594aad46162a604f53718c6eec2c9824317dddd03dab69822549cd36e5789dd
55e89749ae8a76c4b43d528fc20f7cc2fb3dfee858eb16e4236914b45324b0ae
5a9dcb270ba38d94fd27a5ae4c6a6d10bb6a25fe0473df95fe4c405e82801289
619368d054f4e737b7ba246fd018887e1e057593a3898d47f2d76a6fbd1a0457
66567147f97c92275a1f85b2c70ae83dd9350b13f333887fcf294e311170df48
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7f81dce26b21d21ac28a37c18fc41159d2b03d7dd9a0e1799189622d3e3a07ae
88c5bf1d6f30b660f9764bd76aa70cdefcb11207fdc77d0d0285d95a0bc135ac
8ad0be5efb1a525bfee48cb662bf59262262b960c752218974c9cdb69f1afc52
8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919
8e29ecf67a8ad1d44954145a2e5b021c9496ae4f562bf4bef4a24f17b771b284
92d70b12ff53ffa549f98dad424b72fdf00ecb623ebc5937c487c47becec8d6e
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
986a793ff52bca3ef1444f8563b26648e439df3ad6d9fcd417bdcf89b79d750e
a769166be88381ff553dd898537609ee8a973c37bd5ba3890d6ea0bb7fc2a41c
a8d4bc76fde10eb50371276c5c752217a23c992d8121cdc755992baddb1debd3
ab2137d3ae4fa9d7ddc7faf984c6704946c84d6209e914a82f6257f0bc966bec
ac608e4e11a7ff0d681194733b060ed206c6424342745f6a7abeb4285a19ee4c
ac78d90234b22fdc89df0edb20cb3e83b1b2b7e2d5f46e15f177e8c8bad10c10
b385fd0614f2927f0e7fdc03ccdb2428e3a93de0c7fe467149b34213cc32c0f6
b4f976a5ef7cc3061b85270f91d4b2e638022290572875eb73ab42996c81f3b8
b58197385644b65ad0b5bebdf7976e2a9fbe22e7849cb7d2be677cc28d857a9b
c24cea5caf526a74d30801adc8b85a1b4f42f83a20318a212d358890d5a3148d
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4ba45e42b5433ab9f39accca6eb10471b61c31d172b3feec0cc12961080bbf1
e5b92dc7ae4c3419f3325261ca30d76dc163b5ea628196dc493ea4152fca379f
e7be357ddd89fe4f85dd3a2f16929f2344148d0ede966e9bf92febe1b998cc9b
e7f5a831ead8920451598097754bb1d4fbf16fff1fd90794b950724867345794
e84c6baf65696df133f6576220201edc0d6d220b2e4993c4d9f90a65e816833f
ecf76895be1cf9e8b3edb254030e9c9c1d8f3c2efc1f9dc7e04ceff29eccae9c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4799ef2939b8377cf33f07b07b6d90a4a245adbf1c6eaf47ee3b0fcefcc07fe
fa01ca9b038471923699e969ba137b5c769df9b184c0067dc1afcd318b0ecd50
fc772b0188bc262494be9dc529c50893ae189110dfcad5a286512b737aef93b8

blog.emsisoft.com Open in urlscan Pro 2606:4700:10::6814:5d21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

58 Requests

100 %HTTPS

81 %IPv6

14 Domains

16 Subdomains

14 IPs

5 Countries

1259 kBTransfer

1634 kBSize

7 Cookies

45 Outgoing links

Redirected requests

58 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

blog.emsisoft.com Open in urlscan Pro
2606:4700:10::6814:5d21 Public Scan

Screenshot
Live screenshot

Full Image

58
Requests

100 %
HTTPS

81 %
IPv6

14
Domains

16
Subdomains

14
IPs

5
Countries

1259 kB
Transfer

1634 kB
Size

7
Cookies

58 HTTP transactions
0 data transactions