www.trustwave.com Open in urlscan Pro
52.151.96.240 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
Submission: On December 04 via api (December 4th 2021, 7:13:44 pm UTC) from US — Scanned from GB

Summary HTTP 123 Redirects Links 39 Behaviour Indicators

Summary

This website contacted 42 IPs in 8 countries across 34 domains to perform 123 HTTP transactions. The main IP is 52.151.96.240, located in London, United Kingdom and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.trustwave.com.
TLS certificate: Issued by Trustwave Extended Validation SHA256 ... on November 4th 2021. Valid for: a year.

This is the only time www.trustwave.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 15	52.151.96.240 52.151.96.240	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2606:4700::68... 2606:4700::6811:e14e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2a02:26f0:64:... 2a02:26f0:64::210:6bc1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
17	104.18.138.190 104.18.138.190	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
1	104.18.140.190 104.18.140.190	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.136.190 104.18.136.190	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.111.234.67 104.111.234.67	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.101.192.217 151.101.192.217	54113 (FASTLY) (FASTLY)
4	104.75.88.126 104.75.88.126	16625 (AKAMAI-AS) (AKAMAI-AS)
4	204.79.197.234 204.79.197.234	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2606:4700::68... 2606:4700::6812:678	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	2606:2800:11f... 2606:2800:11f:1cb7:261b:1f9c:2074:3c	15133 (EDGECAST) (EDGECAST)
4	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	52.239.171.228 52.239.171.228	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
7	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1	2.18.235.40 2.18.235.40	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba0a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
1	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
2 6	142.250.186.166 142.250.186.166	15169 (GOOGLE) (GOOGLE)
1	52.222.236.25 52.222.236.25	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1	2606:4700:10:... 2606:4700:10::6814:b844	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
2 2	2620:119:50e8... 2620:119:50e8:101::9002:f05	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
2	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
2	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
2	2603:1030:f00... 2603:1030:f00::1b6	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
2 2	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
2 2	18.66.122.59 18.66.122.59	16509 (AMAZON-02) (AMAZON-02)
2	52.6.193.94 52.6.193.94	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4	2603:1020:a01... 2603:1020:a01:2::2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	13.69.106.216 13.69.106.216	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
123	42

15 52.151.96.240 (London, United Kingdom) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.trustwave.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:e14e (United States)

ASN13335 (CLOUDFLARENET, US)

fast.fonts.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a02:26f0:64::210:6bc1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

trustwave.azureedge.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 104.18.138.190 (None, )

ASN13335 (CLOUDFLARENET, US)

npercoco.typepad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.140.190 (None, )

ASN13335 (CLOUDFLARENET, US)

a6.typepad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.136.190 (None, )

ASN13335 (CLOUDFLARENET, US)

a1.typepad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.234.67 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-234-67.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.192.217 (United States)

ASN54113 (FASTLY, US)

player.vimeo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.75.88.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-126.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 204.79.197.234 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.atmrum.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:678 (United States)

ASN13335 (CLOUDFLARENET, US)

cookie-cdn.cookiepro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:11f:1cb7:261b:1f9c:2074:3c (United States)

ASN15133 (EDGECAST, US)

az416426.vo.msecnd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.239.171.228 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

trustwave.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.40 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba0a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.166 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f6.1e100.net

10419288.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
9785483.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-25.fra56.r.cloudfront.net

vidassets.terminus.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

815-rfm-693.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:b844 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e8:101::9002:f05 (San Francisco, United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2603:1030:f00::1b6 (Toronto, Canada)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

7fd22be8904968acc000469df13c58e1.azr.footprintdns.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.197.193.217 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.122.59 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

wec-assets.terminus.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.6.193.94 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-6-193-94.compute-1.amazonaws.com

wec-assets-api.terminus.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2603:1020:a01:2::2 (Zurich, Switzerland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

a1a803264f8debfb4aca2cec04caea67.azr.footprintdns.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
25714641fd509e770e90ca5f90381062.azr.footprintdns.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.69.106.216 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

dc.services.visualstudio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	typepad.com npercoco.typepad.com a6.typepad.com a1.typepad.com	2 MB
15	trustwave.com 1 redirects www.trustwave.com	178 KB
11	gstatic.com www.gstatic.com fonts.gstatic.com	529 KB
11	azureedge.net trustwave.azureedge.net	207 KB
8	doubleclick.net 2 redirects 10419288.fls.doubleclick.net 9785483.fls.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	5 KB
8	google.com www.google.com adservice.google.com	24 KB
6	footprintdns.com 7fd22be8904968acc000469df13c58e1.azr.footprintdns.com a1a803264f8debfb4aca2cec04caea67.azr.footprintdns.com 25714641fd509e770e90ca5f90381062.azr.footprintdns.com	810 B
5	terminus.services 2 redirects vidassets.terminus.services wec-assets.terminus.services wec-assets-api.terminus.services	13 KB
4	google.co.uk adservice.google.co.uk www.google.co.uk	2 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	3 KB
4	atmrum.net www.atmrum.net	4 KB
3	google-analytics.com www.google-analytics.com	56 KB
3	cookiepro.com cookie-cdn.cookiepro.com	24 KB
3	addthis.com s7.addthis.com m.addthis.com	141 KB
2	visualstudio.com dc.services.visualstudio.com	281 B
2	facebook.com www.facebook.com	386 B
2	adsrvr.org 2 redirects match.adsrvr.org	1016 B
2	t.co t.co	594 B
2	twitter.com analytics.twitter.com	910 B
2	facebook.net connect.facebook.net	113 KB
2	marketo.net munchkin.marketo.net	5 KB
2	fonts.net fast.fonts.net	2 KB
1	onetrust.com geolocation.onetrust.com	256 B
1	mktoresp.com 815-rfm-693.mktoresp.com	311 B
1	googleadservices.com www.googleadservices.com	14 KB
1	ads-twitter.com static.ads-twitter.com	6 KB
1	licdn.com snap.licdn.com	2 KB
1	addthisedge.com v1.addthisedge.com	325 B
1	moatads.com z.moatads.com	1 KB
1	windows.net trustwave.blob.core.windows.net	10 KB
1	msecnd.net az416426.vo.msecnd.net	22 KB
1	googleapis.com fonts.googleapis.com	2 KB
1	vimeo.com player.vimeo.com	7 KB
1	googletagmanager.com www.googletagmanager.com	69 KB
123	34

	Domain	Requested by
17	npercoco.typepad.com	www.trustwave.com
15	www.trustwave.com	1 redirects www.trustwave.com trustwave.azureedge.net az416426.vo.msecnd.net
11	trustwave.azureedge.net	www.trustwave.com trustwave.azureedge.net
7	fonts.gstatic.com	www.trustwave.com www.google.com
6	www.google.com	www.trustwave.com www.gstatic.com www.google.com
4	www.gstatic.com	www.google.com www.gstatic.com
4	www.atmrum.net	www.trustwave.com www.atmrum.net az416426.vo.msecnd.net
3	9785483.fls.doubleclick.net	1 redirects www.googletagmanager.com www.trustwave.com
3	10419288.fls.doubleclick.net	1 redirects www.googletagmanager.com www.trustwave.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com az416426.vo.msecnd.net
3	cookie-cdn.cookiepro.com	www.trustwave.com cookie-cdn.cookiepro.com
2	dc.services.visualstudio.com	az416426.vo.msecnd.net
2	25714641fd509e770e90ca5f90381062.azr.footprintdns.com	www.trustwave.com
2	a1a803264f8debfb4aca2cec04caea67.azr.footprintdns.com	www.trustwave.com
2	www.facebook.com	www.trustwave.com
2	www.google.co.uk	www.trustwave.com
2	adservice.google.co.uk	adservice.google.com
2	wec-assets-api.terminus.services	www.trustwave.com
2	wec-assets.terminus.services	2 redirects
2	match.adsrvr.org	2 redirects
2	7fd22be8904968acc000469df13c58e1.azr.footprintdns.com	www.trustwave.com
2	t.co	www.trustwave.com
2	analytics.twitter.com	static.ads-twitter.com
2	px.ads.linkedin.com	2 redirects
2	adservice.google.com	10419288.fls.doubleclick.net 9785483.fls.doubleclick.net
2	connect.facebook.net	www.trustwave.com connect.facebook.net
2	s7.addthis.com	www.trustwave.com s7.addthis.com
2	munchkin.marketo.net	www.trustwave.com trustwave.azureedge.net
2	fast.fonts.net	www.trustwave.com fast.fonts.net
1	googleads.g.doubleclick.net	www.googleadservices.com
1	stats.g.doubleclick.net	az416426.vo.msecnd.net
1	px4.ads.linkedin.com	www.trustwave.com
1	www.linkedin.com	1 redirects
1	geolocation.onetrust.com	trustwave.azureedge.net
1	815-rfm-693.mktoresp.com	munchkin.marketo.net
1	vidassets.terminus.services	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	z.moatads.com	s7.addthis.com
1	trustwave.blob.core.windows.net	www.trustwave.com
1	az416426.vo.msecnd.net	www.trustwave.com
1	fonts.googleapis.com	trustwave.azureedge.net
1	player.vimeo.com	www.trustwave.com
1	a1.typepad.com	www.trustwave.com
1	a6.typepad.com	www.trustwave.com
1	www.googletagmanager.com	www.trustwave.com
123	49

This site contains links to these domains. Also see Links.

Domain
onetrust.com
trustwave.ziftone.com
fusion.trustwave.com
segconsole.trustwave.com
login.trustwave.com
twitter.com
www.linkedin.com
www.facebook.com
github.com
npercoco.typepad.com
www.virustotal.com
blog.spiderlabs.com
en.wikipedia.org
jobs.jobvite.com
www.youtube.com

Subject Issuer	Validity	Valid
www.trustwave.com Trustwave Extended Validation SHA256 CA, Level 1	`2021-11-04` - `2022-11-25`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-06` - `2022-07-05`	a year	crt.sh
*.azureedge.net Microsoft RSA TLS CA 01	`2021-10-28` - `2022-10-28`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2021-03-29` - `2022-04-06`	a year	crt.sh
*.vimeo.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-09-15` - `2022-10-17`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-27`	a year	crt.sh
atmrum.net Microsoft Azure TLS Issuing CA 01	`2021-11-29` - `2022-11-24`	a year	crt.sh
cookiepro.com Cloudflare Inc ECC CA-3	`2021-05-20` - `2022-05-19`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
sni1e6ffgl.wpc.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2020-04-16` - `2022-04-21`	2 years	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-01-21` - `2022-01-25`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.terminus.services Amazon	`2021-11-16` - `2022-12-14`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-13` - `2021-12-12`	3 months	crt.sh
*.mktoresp.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2022-01-21`	2 years	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2021-02-12` - `2022-02-11`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-31` - `2022-10-30`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-01-12` - `2022-01-11`	a year	crt.sh
*.footprintdns.com Microsoft Azure TLS Issuing CA 06	`2021-09-06` - `2022-09-01`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.co.uk GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
www.google.co.uk GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
in.applicationinsights.azure.com Microsoft RSA TLS CA 01	`2021-07-22` - `2022-07-22`	a year	crt.sh

This page contains 10 frames:

Primary Page: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
Frame ID: 5996B173850CC18C94603A5F4A529DB4
Requests: 107 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 736CB19AF4F000EAB8095170DA8846D1
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 0E90D3E917117BD71509BFC923B645D4
Requests: 1 HTTP requests in this frame

Frame: https://10419288.fls.doubleclick.net/activityi;dc_pre=CNiijZHtyvQCFQXp5godnOUJrA;src=10419288;type=trust0;cat=trust0;ord=6466863853805;gtm=2wgc10;auiddc=1222576643.1638645218;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F
Frame ID: 319D79629B15224B8269A000D41CE372
Requests: 1 HTTP requests in this frame

Frame: https://9785483.fls.doubleclick.net/activityi;dc_pre=CJ-LjpHtyvQCFZgHBgAd8BMLEQ;src=9785483;type=siter0;cat=siter00;ord=4634200961307;gtm=2wgc10;auiddc=1222576643.1638645218;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F
Frame ID: 00FB7D9CC13CC9B474CF0748B6A65C54
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&cb=712l7nkr2nx5
Frame ID: C9001CA5B707F26DA742DCC235CCD2DA
Requests: 7 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CNiijZHtyvQCFQXp5godnOUJrA;src=10419288;type=trust0;cat=trust0;ord=6466863853805;gtm=2wgc10;auiddc=1222576643.1638645218;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F
Frame ID: 0328A04DD021BA2D72194241804891D1
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CJ-LjpHtyvQCFZgHBgAd8BMLEQ;src=9785483;type=siter0;cat=siter00;ord=4634200961307;gtm=2wgc10;auiddc=1222576643.1638645218;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F
Frame ID: E04ACE3911ECD42B55E5A27586A6BCE4
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.co.uk/ddm/fls/i/dc_pre=CJ-LjpHtyvQCFZgHBgAd8BMLEQ;src=9785483;type=siter0;cat=siter00;ord=4634200961307;gtm=2wgc10;auiddc=1222576643.1638645218;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F
Frame ID: 6B7D2AC3C652664180F1AE653A0BC218
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.co.uk/ddm/fls/i/dc_pre=CNiijZHtyvQCFQXp5godnOUJrA;src=10419288;type=trust0;cat=trust0;ord=6466863853805;gtm=2wgc10;auiddc=1222576643.1638645218;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F
Frame ID: 850BBD8443662C0FFBB871B935B4CFE7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BlackByte Ransomware – Pt. 1 In-depth Analysis | Trustwave

Page Statistics

123
Requests

96 %
HTTPS

51 %
IPv6

34
Domains

49
Subdomains

42
IPs

8
Countries

3517 kB
Transfer

5903 kB
Size

30
Cookies

39 Outgoing links

These are links going to different origins than the main page.

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

URL: https://trustwave.ziftone.com/#/page/reg
Title: Register

Search URL Search Domain Scan URL

URL: https://trustwave.ziftone.com/#/page/logged-out-home
Title: Login

Search URL Search Domain Scan URL

URL: https://fusion.trustwave.com/
Title: Fusion Platform Login

Search URL Search Domain Scan URL

URL: https://segconsole.trustwave.com/UserLogin.aspx
Title: MailMarshal SEG Login

Search URL Search Domain Scan URL

URL: https://login.trustwave.com/portal-core/home
Title: Legacy TrustKeeper Login

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/&text=BlackByte%20Ransomware%20%E2%80%93%20Pt.%201%20In-depth%20Analysis+-+Trustwave

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/&title=BlackByte%20Ransomware%20%E2%80%93%20Pt.%201%20In-depth%20Analysis

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Search URL Search Domain Scan URL

URL: https://github.com/SpiderLabs/BlackByteDecryptor
Title: here

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0282e1265fc9200b-pi

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/884e96a75dc568075e845ccac2d4b4ccec68017e6ef258c7c03da8c88a597534/detection
Title: VirusTotal link

Search URL Search Domain Scan URL

URL: https://blog.spiderlabs.com/2021/10/blackbyte-ransomware-de-obfuscating-the-obfuscated.html
Title: separate blog

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0282e1265ceb200b-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0278804df09a200d-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b026bdef611a7200c-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0282e1265d12200b-pi

Search URL Search Domain Scan URL

URL: https://github.com/CodeCracker-Tools/MegaDumper
Title: MegaDumper

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0282e1265d1d200b-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0278804df0d4200d-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0278804df13b200d-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0278804df184200d-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0278804ebc65200d-pi

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Wake-on-LAN#Magic_packet
Title: wake-on-lan magic packet

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b026bdef6dce3200c-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0278804df19b200d-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b026bdef612aa200c-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0282e1265de5200b-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0278804df1c1200d-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0278804df1db200d-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b026bdef612fe200c-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0282e1265e49200b-pi

Search URL Search Domain Scan URL

URL: https://npercoco.typepad.com/.a/6a0133f264aa62970b0278804df244200d-pi

Search URL Search Domain Scan URL

URL: https://jobs.jobvite.com/trustwave
Title: Careers

Search URL Search Domain Scan URL

URL: https://trustwave.ziftone.com/#/login
Title: PartnerOne Portal Login

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/trustwave

Search URL Search Domain Scan URL

URL: https://twitter.com/Trustwave

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Trustwave/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC2CCqdrAxD9-Fv83NOdjhqA

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 49

https://www.trustwave.com/media/15279/sl-blog-default-image.jpg?anchor=center&mode=crop&width=400&rnd=131897042940000000 HTTP 302
https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg

Request Chain 69

https://10419288.fls.doubleclick.net/activityi;src=10419288;type=trust0;cat=trust0;ord=6466863853805;gtm=2wgc10;auiddc=1222576643.1638645218;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F HTTP 302
https://10419288.fls.doubleclick.net/activityi;dc_pre=CNiijZHtyvQCFQXp5godnOUJrA;src=10419288;type=trust0;cat=trust0;ord=6466863853805;gtm=2wgc10;auiddc=1222576643.1638645218;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F

Request Chain 70

https://9785483.fls.doubleclick.net/activityi;src=9785483;type=siter0;cat=siter00;ord=4634200961307;gtm=2wgc10;auiddc=1222576643.1638645218;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F HTTP 302
https://9785483.fls.doubleclick.net/activityi;dc_pre=CJ-LjpHtyvQCFZgHBgAd8BMLEQ;src=9785483;type=siter0;cat=siter00;ord=4634200961307;gtm=2wgc10;auiddc=1222576643.1638645218;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F

Request Chain 92

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1638645218606&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D70652%26time%3D1638645218606%26url%3Dhttps%253A%252F%252Fwww.trustwave.com%252Fen-us%252Fresources%252Fblogs%252Fspiderlabs-blog%252Fblackbyte-ransomware-pt-1-in-depth-analysis%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1638645218606&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1638645218606&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F&liSync=true&e_ipv6=AQKMvC4kslOVrgAAAX2G3b_f23gDmbyOcxk0xgaZp4Ndr76fRQvaq0fVwULXuohGu-BjE-ss5g

Request Chain 103

https://match.adsrvr.org/track/cmf/generic?ttd_pid=id17evj&ttd_tpi=1&ttd_puid=af0d2044-417b-49dd-b4e9-25d4e62e0332|7bcd463c-916e-4d32-b587-44f1d30507e1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=id17evj&ttd_tpi=1&ttd_puid=af0d2044-417b-49dd-b4e9-25d4e62e0332|7bcd463c-916e-4d32-b587-44f1d30507e1 HTTP 302
https://wec-assets.terminus.services/s.gif?d=af0d2044-417b-49dd-b4e9-25d4e62e0332|7bcd463c-916e-4d32-b587-44f1d30507e1&t=3af8aacf-dda8-4542-be81-148e7958401d HTTP 301
https://wec-assets-api.terminus.services/v1/s.gif

Request Chain 104

https://wec-assets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/t.gif?d=7bcd463c-916e-4d32-b587-44f1d30507e1&s=b3badaf4-e787-491b-b53b-93585f3d6097&p=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F&cb=1638645218732&t=BlackByte%20Ransomware%20%E2%80%93%20Pt.%201%20In-depth%20Analysis%20%7C%20Trustwave&r=&e=page_viewed&u=5f188f30-3599-42b0-91b5-9a0e95be9795-1638645218732 HTTP 301
https://wec-assets-api.terminus.services/v1/af0d2044-417b-49dd-b4e9-25d4e62e0332/t.gif

123 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/ 147 KB
30 KB 1092ms
620ms Document
text/html 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

4187de8985a13d8bb191744e12f3f83c244f725da3fa82d558883f5578c72bc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=utf-8
content-encoding: gzip
expires: -1
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-aspnet-version
date: Sat, 04 Dec 2021 19:13:36 GMT
content-length: 30113

GET
H2 200 9c85e15b-99ed-40a4-929d-2262f9ed2706.css
fast.fonts.net/cssapi/ 6 KB
1 KB 194ms
74ms Stylesheet
text/css 2606:4700::6811:e14e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:e14e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6603122bf60f4b09cfab59cdc08d792c28773607d897ed680c7c0b607a44a879

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:37 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 252
x-amz-request-id: AH49FM4192CZRXZ9
x-amz-id-2: +MbJ35UzfRKSIzAlw7Gto9lC0VnS4MbE8tJTpPD5G7Y5oGf0UkYmGmDIneaODBf5OuT5Tgjrlos=
last-modified: Wed, 17 Feb 2021 13:45:35 GMT
server: cloudflare
etag: W/"95ca4d48d1f182a3a2e88fda5b54d70c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
expires: Sat, 04 Dec 2021 23:13:37 GMT
cache-control: public, max-age=14400
cf-ray: 6b875a603c9859bf-MXP
x-amz-meta-mtime: 1588085447

GET
H2 200 legacy.min.css
trustwave.azureedge.net/dist/css/ 262 KB
35 KB 162ms
32ms Stylesheet
text/css 2a02:26f0:64::210:6bc1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1031
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4288144386d0cb3dc13662bc9670cb65fe8180e845a4f37af5c73ef09f841b88

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Sat, 04 Dec 2021 19:13:37 GMT
content-encoding: gzip
last-modified: Thu, 02 Dec 2021 19:44:58 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: 3KUSurroAuSXOBiEPReJLA==
etag: 0x8D9B5CC39090793
vary: Accept-Encoding
content-type: text/css
x-ms-request-id: 42c0b098-001e-0085-27b5-e7437b000000
cache-control: public, max-age=31386446
x-ms-version: 2009-09-19
content-length: 35208

GET
H2 200 styles.min.css
www.trustwave.com/dist/css/ 151 KB
35 KB 209ms
208ms Stylesheet
text/css 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/dist/css/styles.min.css?id=1031

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

762a3064ed264b29dc4030e4fd1a71b5ea55759318489f63889ae955921c583d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Nov 2021 15:30:50 GMT
x-aspnet-version
x-frame-options: SAMEORIGIN
etag: "0b16a6e5addd71:0"
vary: Accept-Encoding
content-type: text/css
date: Sat, 04 Dec 2021 19:13:37 GMT
accept-ranges: bytes
content-length: 35524
x-xss-protection: 1; mode=block

GET
H2 200 feather.css
www.trustwave.com/dist/css/ 315 B
383 B 191ms
190ms Stylesheet
text/css 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/dist/css/feather.css?id=1031

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

4e5ab440329cd7d94538bc256cd00097682d6dcfb803cc0e9e64cfab683831dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Nov 2021 15:30:50 GMT
x-aspnet-version
x-frame-options: SAMEORIGIN
etag: "0b16a6e5addd71:0"
vary: Accept-Encoding
content-type: text/css
date: Sat, 04 Dec 2021 19:13:37 GMT
accept-ranges: bytes
content-length: 263
x-xss-protection: 1; mode=block

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 850 B
968 B 113ms
39ms Script
text/javascript 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

16a8259d421207cee1fe5452b8233fe2e252a43fdbd33a98cdd6b7e5388ee4dd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 555
x-xss-protection: 1; mode=block
expires: Sat, 04 Dec 2021 19:13:37 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 884 B
655 B 114ms
40ms Script
text/javascript 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

69fe2f2ce12f0fa72a52f780c447703eeba393c04b3fc38e5db381dc4039b65e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 586
x-xss-protection: 1; mode=block
expires: Sat, 04 Dec 2021 19:13:37 GMT

GET
H2 200 trustwave-logo-color.svg
trustwave.azureedge.net/dist/svg/logos/trustwave/ 3 KB
3 KB 59ms
54ms Image
image/svg+xml 2a02:26f0:64::210:6bc1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.azureedge.net/dist/svg/logos/trustwave/trustwave-logo-color.svg
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: eec92db3906701a283982a9ea481e806b6fd01fb2efb2c802cba1c376b19c2f5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Sat, 04 Dec 2021 19:13:37 GMT
last-modified: Wed, 18 Aug 2021 16:27:30 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: dve3eUlE6WumX3xgQyGMDA==
etag: 0x8D96265132E63E3
content-type: image/svg+xml
x-ms-request-id: fa8680ee-a01e-008c-5d73-9406a8000000
cache-control: public, max-age=22232103
x-ms-version: 2009-09-19
content-length: 2788

GET
H2 200 fusion-logo-color.svg
trustwave.azureedge.net/dist/svg/logos/fusion/ 9 KB
9 KB 61ms
56ms Image
image/svg+xml 2a02:26f0:64::210:6bc1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.azureedge.net/dist/svg/logos/fusion/fusion-logo-color.svg
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: a76b2bc12b0e3c9536c8c0c3af4170cc66c19ff44fb96326aa6b542ee272365f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Sat, 04 Dec 2021 19:13:37 GMT
last-modified: Wed, 18 Aug 2021 16:27:27 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: PEBEe6TBHJ1Si1foIhaJWA==
etag: 0x8D9626511AA3C5B
content-type: image/svg+xml
x-ms-request-id: afc3c0b9-501e-006c-3a73-948531000000
cache-control: public, max-age=22232076
x-ms-version: 2009-09-19
content-length: 9083

GET
H2 200 twitter.svg
www.trustwave.com/img/icon/social/svg/dark/ 778 B
823 B 204ms
200ms Image
image/svg+xml 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/img/icon/social/svg/dark/twitter.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

cf7008a1bb1e7dcffa096b3f0c782f3dd610f847413ae4861a5c03006f093553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Fri, 19 Nov 2021 15:32:16 GMT
x-aspnet-version
etag: "040ada15addd71:0"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
date: Sat, 04 Dec 2021 19:13:37 GMT
accept-ranges: bytes
content-length: 778
x-xss-protection: 1; mode=block

GET
H2 200 linkedin.svg
www.trustwave.com/img/icon/social/svg/dark/ 636 B
731 B 199ms
195ms Image
image/svg+xml 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/img/icon/social/svg/dark/linkedin.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

42f2f65a52347bf6ed6c0633b5458c48ddc1b439923c92caec18c6d6f111afe3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Fri, 19 Nov 2021 15:32:16 GMT
x-aspnet-version
etag: "040ada15addd71:0"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
date: Sat, 04 Dec 2021 19:13:37 GMT
accept-ranges: bytes
content-length: 636
x-xss-protection: 1; mode=block

GET
H2 200 facebook.svg
www.trustwave.com/img/icon/social/svg/dark/ 446 B
491 B 206ms
202ms Image
image/svg+xml 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/img/icon/social/svg/dark/facebook.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

3f18aeab9b9baa3e61c4bc2cd0372e3946f494bd03bff3cad740e5ea817fce2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Fri, 19 Nov 2021 15:32:16 GMT
x-aspnet-version
etag: "040ada15addd71:0"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
date: Sat, 04 Dec 2021 19:13:37 GMT
accept-ranges: bytes
content-length: 446
x-xss-protection: 1; mode=block

GET
H2 200 6a0133f264aa62970b0282e1265fc9200b-800wi
npercoco.typepad.com/.a/ 317 KB
318 KB 784ms
650ms Image
image/png 104.18.138.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://npercoco.typepad.com/.a/6a0133f264aa62970b0282e1265fc9200b-800wi

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.138.190 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

594348986e922bdb677b817c273a491bb41a9223d12eb1c2eb563e040c8566df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 252
cf-ray: 6b875a621a0075cb-LHR
content-disposition: inline; filename=6a0133f264aa62970b0282e1265fc9200b-800wi.png
vary: cookie
content-length: 324883
x-webserver: oak-tp-web085
last-modified: Mon, 04 Oct 2021 09:01:56 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
x-varnish: 206228640 206173440
cache-control: s-maxage=14400
x-phapp: oak-tp-web085
accept-ranges: bytes
content-type: image/png

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 198 KB
69 KB 124ms
47ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b402e029964902c382b3f0ec4d5a8881eadcc2d464a62ede7b37493d493c5352

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:37 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 70508
x-xss-protection: 0
last-modified: Sat, 04 Dec 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 04 Dec 2021 19:13:37 GMT

GET
H2 200 6a01676411d5a7970b0278804e1d06200d-800wi
a6.typepad.com/ 38 KB
39 KB 686ms
550ms Image
image/png 104.18.140.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a6.typepad.com/6a01676411d5a7970b0278804e1d06200d-800wi
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.140.190 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c0d2b8b193b0ce8aaf68a6a23a81d518cabe0af3c2f9d3985b57850dd32e017

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
via: 1.1 varnish
cf-cache-status: DYNAMIC
age: 252
cf-ray: 6b875a621c6b0702-LHR
content-disposition: inline; filename=6a01676411d5a7970b0278804e1d06200d-800wi.png
content-length: 39285
x-webserver: oak-tp-web054
last-modified: Mon, 04 Oct 2021 23:08:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: cookie
x-varnish: 4074697025 4074658151
cache-control: s-maxage=14400
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a01676411d5a7970b026bdef63ed1200c-800wi
a1.typepad.com/ 212 KB
213 KB 775ms
639ms Image
image/png 104.18.136.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a1.typepad.com/6a01676411d5a7970b026bdef63ed1200c-800wi
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.136.190 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f58d79562670c3158ce9a681f2a0f0a88fbcdf226281e199bd68089a85efdca7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
via: 1.1 varnish
cf-cache-status: DYNAMIC
age: 252
cf-ray: 6b875a62193b75db-LHR
content-disposition: inline; filename=6a01676411d5a7970b026bdef63ed1200c-800wi.png
content-length: 217342
x-webserver: oak-tp-web053
last-modified: Mon, 04 Oct 2021 23:11:38 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: cookie
x-varnish: 4074697047 4074658140
cache-control: s-maxage=14400
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b026bdef611a7200c-800wi
npercoco.typepad.com/.a/ 18 KB
18 KB 783ms
650ms Image
image/png 104.18.138.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://npercoco.typepad.com/.a/6a0133f264aa62970b026bdef611a7200c-800wi

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.138.190 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

548306df504e8495bba38368a29dae35c8eaacd5c3148e6253b11cbe0af3d7ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 252
cf-ray: 6b875a621a0475cb-LHR
content-disposition: inline; filename=6a0133f264aa62970b026bdef611a7200c-800wi.png
vary: cookie
content-length: 18473
x-webserver: oak-tp-web090
last-modified: Mon, 04 Oct 2021 08:10:35 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
x-varnish: 1168384776 1168340352
cache-control: s-maxage=14400
x-phapp: oak-tp-web090
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b0282e1265d12200b-800wi
npercoco.typepad.com/.a/ 167 KB
167 KB 838ms
705ms Image
image/png 104.18.138.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://npercoco.typepad.com/.a/6a0133f264aa62970b0282e1265d12200b-800wi

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.138.190 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7050ca2ee4b2c799d53a9f6095653af5b25e3d5b0fba1163e34f1d7d1acb598e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 252
cf-ray: 6b875a621a0375cb-LHR
content-disposition: inline; filename=6a0133f264aa62970b0282e1265d12200b-800wi.png
vary: cookie
content-length: 170883
x-webserver: oak-tp-web053
last-modified: Mon, 04 Oct 2021 08:11:27 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
x-varnish: 1384751548 1384712637
cache-control: s-maxage=14400
x-phapp: oak-tp-web053
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b0282e1265d1d200b-800wi
npercoco.typepad.com/.a/ 111 KB
112 KB 713ms
650ms Image
image/png 104.18.138.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://npercoco.typepad.com/.a/6a0133f264aa62970b0282e1265d1d200b-800wi

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.138.190 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccdfe54c69a6bb36cd65e7f2cc26a268e7beda0218f4e6d86ebf73c8689616c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 252
cf-ray: 6b875a621a0675cb-LHR
content-disposition: inline; filename=6a0133f264aa62970b0282e1265d1d200b-800wi.png
vary: cookie
content-length: 114139
x-webserver: oak-tp-web056
last-modified: Mon, 04 Oct 2021 08:12:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
x-varnish: 1168384775 1168340350
cache-control: s-maxage=14400
x-phapp: oak-tp-web056
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b0278804df0d4200d-800wi
npercoco.typepad.com/.a/ 120 KB
121 KB 563ms
561ms Image
image/png 104.18.138.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://npercoco.typepad.com/.a/6a0133f264aa62970b0278804df0d4200d-800wi

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.138.190 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfa30470226024e19712128cc0a66bbcae0e332e129b68a305487901b3364d7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 252
cf-ray: 6b875a623a4875cb-LHR
content-disposition: inline; filename=6a0133f264aa62970b0278804df0d4200d-800wi.png
vary: cookie
content-length: 123217
x-webserver: oak-tp-web065
last-modified: Mon, 04 Oct 2021 08:12:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
x-varnish: 206228637 206173441
cache-control: s-maxage=14400
x-phapp: oak-tp-web065
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b0278804df13b200d-800wi
npercoco.typepad.com/.a/ 126 KB
126 KB 582ms
579ms Image
image/png 104.18.138.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://npercoco.typepad.com/.a/6a0133f264aa62970b0278804df13b200d-800wi

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.138.190 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97f3935e542cf1c13933f0f7f326c4054041df4c85b40364646c97cab87d3281

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 252
cf-ray: 6b875a623a4b75cb-LHR
content-disposition: inline; filename=6a0133f264aa62970b0278804df13b200d-800wi.png
vary: cookie
content-length: 128580
x-webserver: oak-tp-web056
last-modified: Mon, 04 Oct 2021 08:22:36 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
x-varnish: 206228639 206173439
cache-control: s-maxage=14400
x-phapp: oak-tp-web056
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b0278804df184200d-800wi
npercoco.typepad.com/.a/ 39 KB
40 KB 631ms
629ms Image
image/png 104.18.138.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://npercoco.typepad.com/.a/6a0133f264aa62970b0278804df184200d-800wi

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.138.190 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29de9ac75867ab379d82571a556d0efd645704a87bac6eb23a1a765ecbddc645

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 252
cf-ray: 6b875a623a4e75cb-LHR
content-disposition: inline; filename=6a0133f264aa62970b0278804df184200d-800wi.png
vary: cookie
content-length: 40275
x-webserver: oak-tp-web067
last-modified: Mon, 04 Oct 2021 08:26:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
x-varnish: 1384751516 1384712642
cache-control: s-maxage=14400
x-phapp: oak-tp-web067
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b0278804ebc65200d-800wi
npercoco.typepad.com/.a/ 89 KB
89 KB 702ms
700ms Image
image/png 104.18.138.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://npercoco.typepad.com/.a/6a0133f264aa62970b0278804ebc65200d-800wi

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.138.190 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2aac204d22b7a0496acce69c7ef283b84c0e3a6e973d58c24ce57458128c3779

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 252
cf-ray: 6b875a623a5275cb-LHR
content-disposition: inline; filename=6a0133f264aa62970b0278804ebc65200d-800wi.png
vary: cookie
content-length: 91045
x-webserver: oak-tp-web075
last-modified: Thu, 07 Oct 2021 07:52:46 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
x-varnish: 1168384797 1168340376
cache-control: s-maxage=14400
x-phapp: oak-tp-web075
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b026bdef6dce3200c-800wi
npercoco.typepad.com/.a/ 96 KB
97 KB 685ms
683ms Image
image/png 104.18.138.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://npercoco.typepad.com/.a/6a0133f264aa62970b026bdef6dce3200c-800wi

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.138.190 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ec2be41883e1c3b9d2705e92c38e4d149da50844f86c27850485b038d1e0ecd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 252
cf-ray: 6b875a623a5775cb-LHR
content-disposition: inline; filename=6a0133f264aa62970b026bdef6dce3200c-800wi.png
vary: cookie
content-length: 98708
x-webserver: oak-tp-web066
last-modified: Thu, 07 Oct 2021 07:21:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
x-varnish: 4074697050 4074658143
cache-control: s-maxage=14400
x-phapp: oak-tp-web066
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b0278804df19b200d-800wi
npercoco.typepad.com/.a/ 68 KB
68 KB 585ms
583ms Image
image/png 104.18.138.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://npercoco.typepad.com/.a/6a0133f264aa62970b0278804df19b200d-800wi

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.138.190 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0fa483e2bb6a958feb8592376ce3f9dc7e03be8abfbc6a60c35a4345993daba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 252
cf-ray: 6b875a624a5a75cb-LHR
content-disposition: inline; filename=6a0133f264aa62970b0278804df19b200d-800wi.png
vary: cookie
content-length: 69581
x-webserver: oak-tp-web074
last-modified: Mon, 04 Oct 2021 08:27:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
x-varnish: 4074697030 4074658144
cache-control: s-maxage=14400
x-phapp: oak-tp-web074
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b026bdef612aa200c-800wi
npercoco.typepad.com/.a/ 51 KB
52 KB 631ms
629ms Image
image/png 104.18.138.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://npercoco.typepad.com/.a/6a0133f264aa62970b026bdef612aa200c-800wi

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.138.190 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cad52edc852c8799dc15d94859f4e1b844ee199d3f324d11ac372c55acc1db9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 252
cf-ray: 6b875a624a5d75cb-LHR
content-disposition: inline; filename=6a0133f264aa62970b026bdef612aa200c-800wi.png
vary: cookie
content-length: 52677
x-webserver: oak-tp-web063
last-modified: Mon, 04 Oct 2021 08:27:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
x-varnish: 4074697033 4074658142
cache-control: s-maxage=14400
x-phapp: oak-tp-web063
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b0282e1265de5200b-800wi
npercoco.typepad.com/.a/ 86 KB
86 KB 571ms
568ms Image
image/png 104.18.138.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://npercoco.typepad.com/.a/6a0133f264aa62970b0282e1265de5200b-800wi

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.138.190 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31cd32b0079a8fe3b5672ae37bc48e79cc179adf56f7a467ee2eee8377db0794

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 252
cf-ray: 6b875a624a5f75cb-LHR
content-disposition: inline; filename=6a0133f264aa62970b0282e1265de5200b-800wi.png
vary: cookie
content-length: 88095
x-webserver: oak-tp-web063
last-modified: Mon, 04 Oct 2021 08:28:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
x-varnish: 206228638 206173444
cache-control: s-maxage=14400
x-phapp: oak-tp-web063
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b0278804df1c1200d-800wi
npercoco.typepad.com/.a/ 100 KB
100 KB 685ms
682ms Image
image/png 104.18.138.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://npercoco.typepad.com/.a/6a0133f264aa62970b0278804df1c1200d-800wi

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.138.190 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

947ea664b3989be7ce261d96ecac895ad4dc1e84246091bb75b0ea0eb4c3de5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 252
cf-ray: 6b875a624a6075cb-LHR
content-disposition: inline; filename=6a0133f264aa62970b0278804df1c1200d-800wi.png
vary: cookie
content-length: 102129
x-webserver: oak-tp-web074
last-modified: Mon, 04 Oct 2021 08:29:06 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
x-varnish: 1168384789 1168340375
cache-control: s-maxage=14400
x-phapp: oak-tp-web074
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b0278804df1db200d-800wi
npercoco.typepad.com/.a/ 55 KB
55 KB 628ms
625ms Image
image/png 104.18.138.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://npercoco.typepad.com/.a/6a0133f264aa62970b0278804df1db200d-800wi

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.138.190 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dfbfcce286a8e3b0010ed25af6b321fbe655ead4bfbb525c750759e9a61ae01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 252
cf-ray: 6b875a624a6275cb-LHR
content-disposition: inline; filename=6a0133f264aa62970b0278804df1db200d-800wi.png
vary: cookie
content-length: 56036
x-webserver: oak-tp-web066
last-modified: Mon, 04 Oct 2021 08:31:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
x-varnish: 1168384774 1168340359
cache-control: s-maxage=14400
x-phapp: oak-tp-web066
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b026bdef612fe200c-800wi
npercoco.typepad.com/.a/ 57 KB
57 KB 625ms
623ms Image
image/png 104.18.138.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://npercoco.typepad.com/.a/6a0133f264aa62970b026bdef612fe200c-800wi

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.138.190 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55b511fe23feb5f5398700013f10e4eec0a75a267c83fc646f479dd4a0b73b15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 252
cf-ray: 6b875a624a6475cb-LHR
content-disposition: inline; filename=6a0133f264aa62970b026bdef612fe200c-800wi.png
vary: cookie
content-length: 58444
x-webserver: oak-tp-web057
last-modified: Mon, 04 Oct 2021 08:31:35 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
x-varnish: 1384751514 1384712649
cache-control: s-maxage=14400
x-phapp: oak-tp-web057
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b0282e1265e49200b-800wi
npercoco.typepad.com/.a/ 85 KB
85 KB 685ms
683ms Image
image/png 104.18.138.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://npercoco.typepad.com/.a/6a0133f264aa62970b0282e1265e49200b-800wi

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.138.190 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f522bab0c16e2b2494ee2a1e99c1aa3f50db00099193df43cc1faaae72308170

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 252
cf-ray: 6b875a624a6575cb-LHR
content-disposition: inline; filename=6a0133f264aa62970b0282e1265e49200b-800wi.png
vary: cookie
content-length: 86817
x-webserver: oak-tp-web060
last-modified: Mon, 04 Oct 2021 08:33:51 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
x-varnish: 4074697049 4074658141
cache-control: s-maxage=14400
x-phapp: oak-tp-web060
accept-ranges: bytes
content-type: image/png

GET
H2 200 6a0133f264aa62970b0278804df244200d-800wi
npercoco.typepad.com/.a/ 237 KB
238 KB 631ms
628ms Image
image/png 104.18.138.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://npercoco.typepad.com/.a/6a0133f264aa62970b0278804df244200d-800wi

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.138.190 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cce3de366eee70c8705fd57f741c79fe3fab41979092f74814fa3bb384fe0b0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 252
cf-ray: 6b875a625a8575cb-LHR
content-disposition: inline; filename=6a0133f264aa62970b0278804df244200d-800wi.png
vary: cookie
content-length: 242700
x-webserver: oak-tp-web069
last-modified: Mon, 04 Oct 2021 08:36:47 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
x-varnish: 4074697034 4074658149
cache-control: s-maxage=14400
x-phapp: oak-tp-web069
accept-ranges: bytes
content-type: image/png

GET
H2 200 trustwave-logo-white.svg
trustwave.azureedge.net/dist/svg/logos/trustwave/ 3 KB
3 KB 58ms
56ms Image
image/svg+xml 2a02:26f0:64::210:6bc1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.azureedge.net/dist/svg/logos/trustwave/trustwave-logo-white.svg
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: b0f35cc025dc27ea345536d4eafc13e52fe2b1c237fd6c4150d4dbf85c323c27

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Sat, 04 Dec 2021 19:13:37 GMT
last-modified: Wed, 18 Aug 2021 16:27:30 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: 6MtEXkwnMy6FcNENYC/dGQ==
etag: 0x8D96265132BCB61
content-type: image/svg+xml
x-ms-request-id: e2376204-901e-0097-5973-9438ab000000
cache-control: public, max-age=22232087
x-ms-version: 2009-09-19
content-length: 2776

GET
H2 200 legacy.min.js Show response
trustwave.azureedge.net/dist/js/ 459 KB
141 KB 34ms
34ms Script
application/javascript 2a02:26f0:64::210:6bc1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://trustwave.azureedge.net/dist/js/legacy.min.js?id=1031
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 2ebec01c14f767ba4cd4ed57b608075be23aa3c001cc6a4926442c72f4268a9c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Sat, 04 Dec 2021 19:13:37 GMT
content-encoding: gzip
last-modified: Thu, 02 Dec 2021 19:44:59 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: NTVllCCgW+UaGtZEqbPZ4A==
etag: 0x8D9B5CC39AD1ED2
vary: Accept-Encoding
content-type: application/javascript
x-ms-request-id: c82a348c-e01e-0024-6fb5-e79806000000
cache-control: public, max-age=31386416
x-ms-version: 2009-09-19
content-length: 143465

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/154/ 8 KB
4 KB 136ms
41ms Script
application/x-javascript 104.111.234.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/154/munchkin.js
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-234-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 9298a280eda6b54290d3c69fda3ae7da0cec1a0169d01d4e5944af63d68939d5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sat, 04 Dec 2021 19:13:37 GMT
Content-Encoding: gzip
Last-Modified: Fri, 18 May 2018 02:45:27 GMT
Server: AkamaiNetStorage
ETag: "808fc844032f646c32adce24553838be:1526611527"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 3700
Expires: Mon, 14 Mar 2022 19:13:37 GMT

GET
H/1.1 200
OK player.js Show response
player.vimeo.com/api/ 20 KB
7 KB 73ms
17ms Script
application/javascript 151.101.192.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://player.vimeo.com/api/player.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.192.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

81d1eeb980b09409744568d2ed3ca7ff1ee763d6aeb9dc6c66bc845dd3d3bb96

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

X-Varnish-Cache: 1
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 777
X-Cache: HIT
P3p: CP="This is not a P3P policy! See https://vimeo.com/privacy"
Connection: keep-alive
X-VServer: infra-playproxy-b-3
Content-Length: 5996
X-Xss-Protection: 1; mode=block
X-Served-By: cache-lcy19246-LCY
X-Player-Backend: p
Expires: Sat, 04 Dec 2021 19:30:40 GMT
Server: nginx
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-Timer: S1638645218.535067,VS0,VE0
Date: Sat, 04 Dec 2021 19:13:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: application/javascript;charset=utf-8
Via: 1.1 varnish, 1.1 varnish
Vary: Accept-Encoding
X-Vimeo-DC: ge
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache-Hits: 585

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 129ms
39ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: "5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
date: Sat, 04 Dec 2021 19:13:37 GMT
x-host: s7.addthis.com
content-length: 116382

GET
H2 200 rum.js Show response
www.atmrum.net/ 301 B
607 B 240ms
59ms Script
application/javascript 204.79.197.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.atmrum.net/rum.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

80afdcdab5af95e11f8edac404947668a91582b9799723a8d5272483a010f23d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:37 GMT
x-content-type-options: nosniff
last-modified: Wed, 17 Nov 2021 17:02:34 GMT
x-msedge-ref: Ref A: 298026F90EE8455CA28454AA4ABF6931 Ref B: LTSEDGE0911 Ref C: 2021-12-04T19:13:37Z
etag: 0x8D4FC0223F2F653
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: X-MSEdge-Ref
cache-control: no-store
accept-ranges: bytes
timing-allow-origin: *
content-length: 301

GET
H2 200 5142c8f1-532c-427b-a545-0bcfe1f6f4ea.js Show response
cookie-cdn.cookiepro.com/langswitch/ 2 KB
1 KB 206ms
73ms Script
application/x-javascript 2606:4700::6812:678
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/langswitch/5142c8f1-532c-427b-a545-0bcfe1f6f4ea.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:678 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9545498791418ba2847374815a974cc5bad7368ffb1df4c44c67d25027dd219e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 04 Dec 2021 19:13:37 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: 2Q95fkKCF+yYcVGygzYfBA==
age: 252
x-ms-lease-status: unlocked
last-modified: Mon, 29 Apr 2019 14:20:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 79dea03b-a01e-0069-4383-c40101000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
cf-ray: 6b875a622ea23756-MXP
expires: Sat, 04 Dec 2021 23:13:37 GMT

GET
H2 200 css2
fonts.googleapis.com/ 25 KB
2 KB 106ms
38ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap

Requested by

Host: trustwave.azureedge.net
URL: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1031

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

00c8eb28301cf1a0c2ff74264a1b5c80e592fb25c15391b73516823156e06ec2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://trustwave.azureedge.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 04 Dec 2021 17:47:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 04 Dec 2021 19:13:37 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 04 Dec 2021 19:13:37 GMT

GET
H2 200 1.css
fast.fonts.net/t/ 0
220 B 65ms
63ms Stylesheet
text/css 2606:4700::6811:e14e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/t/1.css?apiType=css&projectid=9c85e15b-99ed-40a4-929d-2262f9ed2706
Requested by: Host: fast.fonts.net
URL: https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:e14e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:37 GMT
cf-cache-status: HIT
age: 464519
cf-ray: 6b875a60ce1759bf-MXP
content-length: 0
x-amz-id-2: GMMP3WAoDIyXXG806Ks+snHi39YwvqVUIHw94l/I6gOh2RJ8VBs1Ww6IY+1evweUCTE7caLozbE=
last-modified: Tue, 23 Mar 2021 12:59:23 GMT
server: cloudflare
etag: "d41d8cd98f00b204e9800998ecf8427e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: Q82XA4HXVQQ4YMJR
cache-control: public, max-age=0, s-maxage=604800
accept-ranges: bytes
content-type: text/css; charset=utf-8
x-amz-meta-mtime: 1519217722

GET
H2 200 ai.0.js Show response
az416426.vo.msecnd.net/scripts/a/ 94 KB
22 KB 449ms
106ms Script
application/x-javascript 2606:2800:11f:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:11f:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (nya/79DC) /
Resource Hash: 5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 04 Dec 2021 19:13:38 GMT
content-encoding: gzip
x-ms-meta-lastmodified: 2020-10-01 19:31:04
content-md5: HdY95yzx9wIyQkVEGES+Ew==
age: 878
x-cache: HIT
content-length: 22495
x-ms-lease-status: unlocked
last-modified: Thu, 11 Mar 2021 07:46:59 GMT
server: ECAcc (nya/79DC)
etag: 0x8D8E461DA1A5889
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: ee9739d9-701e-0084-6a40-e99a74000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800
x-ms-version: 2009-09-19
expires: Sat, 04 Dec 2021 19:43:38 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/ 343 KB
135 KB 111ms
29ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7511f403bc5d8cdd240bbdb02c5848775e0f89f6dd952e70675d22fd434e1b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.trustwave.com/
Origin: https://www.trustwave.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 01:17:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64581
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137335
x-xss-protection: 0
last-modified: Mon, 15 Nov 2021 05:04:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
expires: Sun, 04 Dec 2022 01:17:16 GMT

GET
H2 200 twi-radar-color.svg
trustwave.azureedge.net/dist/svg/icons/trustwave/ 1 KB
2 KB 40ms
40ms Image
image/svg+xml 2a02:26f0:64::210:6bc1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.azureedge.net/dist/svg/icons/trustwave/twi-radar-color.svg
Requested by: Host: trustwave.azureedge.net
URL: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1031
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: a6843d5ffd9052e631f84994401389694fd86b7cff2f9910ec6a28814cbb6b03

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1031
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Sat, 04 Dec 2021 19:13:37 GMT
last-modified: Wed, 18 Aug 2021 16:27:29 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: GNjSQQWJRAl3TR5ibPNqMw==
etag: 0x8D9626512BEEBF7
content-type: image/svg+xml
x-ms-request-id: 1c12ce89-c01e-0041-2a75-943642000000
cache-control: public, max-age=22232684
x-ms-version: 2009-09-19
content-length: 1533

GET
H2 200 twi-cloud-lock-color.svg
trustwave.azureedge.net/dist/svg/icons/trustwave/ 2 KB
2 KB 40ms
40ms Image
image/svg+xml 2a02:26f0:64::210:6bc1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.azureedge.net/dist/svg/icons/trustwave/twi-cloud-lock-color.svg
Requested by: Host: trustwave.azureedge.net
URL: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1031
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 08529955a8d9e583dacd78d8ade75159e0869e25766fba0ac911d5fa3e3b234b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1031
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Sat, 04 Dec 2021 19:13:37 GMT
last-modified: Wed, 18 Aug 2021 16:27:28 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: tX3lBpqGWSajnyTY7cF8lg==
etag: 0x8D96265121BB071
content-type: image/svg+xml
x-ms-request-id: 048eae7c-801e-007f-1375-94a13d000000
cache-control: public, max-age=22232715
x-ms-version: 2009-09-19
content-length: 1770

GET
H2 200 twi-briefcase-color.svg
trustwave.azureedge.net/dist/svg/icons/trustwave/ 1 KB
2 KB 40ms
40ms Image
image/svg+xml 2a02:26f0:64::210:6bc1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.azureedge.net/dist/svg/icons/trustwave/twi-briefcase-color.svg
Requested by: Host: trustwave.azureedge.net
URL: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1031
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: b016380c1e5281bf5629d39c1dd2d79d1d8eec45e77f69d7f101105b93e813e0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1031
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Sat, 04 Dec 2021 19:13:37 GMT
last-modified: Wed, 18 Aug 2021 16:27:28 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: hGlggEcUaBxKcCIx033beQ==
etag: 0x8D9626511F3AEC8
content-type: image/svg+xml
x-ms-request-id: 4c7c6a14-401e-0012-3d75-941576000000
cache-control: public, max-age=22232707
x-ms-version: 2009-09-19
content-length: 1289

GET
H2 200 twi-dashboard-color.svg
trustwave.azureedge.net/dist/svg/icons/trustwave/ 8 KB
9 KB 41ms
40ms Image
image/svg+xml 2a02:26f0:64::210:6bc1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.azureedge.net/dist/svg/icons/trustwave/twi-dashboard-color.svg
Requested by: Host: trustwave.azureedge.net
URL: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1031
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 85617163a0d798f5865addd9cb026438b1096093b4cac1838630ad93ebfdf4b4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1031
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Sat, 04 Dec 2021 19:13:37 GMT
last-modified: Wed, 18 Aug 2021 16:27:28 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: acoxEKKx1R/DrtFbiOadbQ==
etag: 0x8D96265122D66E6
content-type: image/svg+xml
x-ms-request-id: 89ccae81-501e-000e-2875-944716000000
cache-control: public, max-age=22232803
x-ms-version: 2009-09-19
content-length: 8525

GET
H2 200 twi-database-color.svg
trustwave.azureedge.net/dist/svg/icons/trustwave/ 1 KB
2 KB 41ms
40ms Image
image/svg+xml 2a02:26f0:64::210:6bc1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.azureedge.net/dist/svg/icons/trustwave/twi-database-color.svg
Requested by: Host: trustwave.azureedge.net
URL: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1031
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 9a2b09b1bd7190df58b8462804537f71a64e447921a03e62dc16148f9c433511

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1031
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Sat, 04 Dec 2021 19:13:37 GMT
last-modified: Wed, 18 Aug 2021 16:27:28 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: q85KHiSPCUDrj48jT/7LXA==
etag: 0x8D96265122F14EB
content-type: image/svg+xml
x-ms-request-id: 5c5d5b75-201e-003b-3375-942b02000000
cache-control: public, max-age=22232658
x-ms-version: 2009-09-19
content-length: 1431

GET
H2 200 twi-email-color.svg
trustwave.azureedge.net/dist/svg/icons/trustwave/ 719 B
1 KB 41ms
40ms Image
image/svg+xml 2a02:26f0:64::210:6bc1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.azureedge.net/dist/svg/icons/trustwave/twi-email-color.svg
Requested by: Host: trustwave.azureedge.net
URL: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1031
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: b9833a558a67d159aa6139bb0b9168560a37f580ae04654ccc7b6b1ce0d75ea6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://trustwave.azureedge.net/dist/css/legacy.min.css?id=1031
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Sat, 04 Dec 2021 19:13:37 GMT
last-modified: Wed, 18 Aug 2021 16:27:28 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: eVpqIsKpjw3YUN0OY6Y/Tw==
etag: 0x8D9626512464AA9
content-type: image/svg+xml
x-ms-request-id: 1d10e572-001e-002c-4075-948209000000
cache-control: public, max-age=22232762
x-ms-version: 2009-09-19
content-length: 719

GET
H2 200 loading-white.svg
www.trustwave.com/img/utility/ 687 B
770 B 191ms
191ms Image
image/svg+xml 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/img/utility/loading-white.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/dist/css/styles.min.css?id=1031

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

4d84802c2cc3550892199289d28a046c4e1d011964c7c7f9d43bdeebecf107de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/dist/css/styles.min.css?id=1031
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Fri, 19 Nov 2021 15:32:18 GMT
x-aspnet-version
etag: "06ddea25addd71:0"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
date: Sat, 04 Dec 2021 19:13:37 GMT
accept-ranges: bytes
content-length: 687
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg
trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/
Redirect Chain

https://www.trustwave.com/media/15279/sl-blog-default-image.jpg?anchor=center&mode=crop&width=400&rnd=131897042940000000
https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg

9 KB
10 KB

539ms
135ms

Image
image/jpeg

52.239.171.228
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
Protocol: HTTP/1.1
Server: 52.239.171.228 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 9998a28912966aa8ae78c7bae4b70bce32095ac4cafb972428f96c60bf374a98

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 04 Dec 2021 19:13:37 GMT
Last-Modified: Thu, 28 Jan 2021 22:24:11 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: MsdJ7/i6e4BXG2Gh7eeTmQ==
ETag: 0x8D8C3DB6FA47557
x-ms-meta-ImageProcessedBy: ImageProcessor.Web/4.10.0.100
Content-Type: image/jpeg
x-ms-request-id: f481fd86-b01e-004b-2943-e992f5000000
Cache-Control: public, max-age=31536000
x-ms-version: 2009-09-19
Content-Length: 9529

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-aspnet-version
date: Sat, 04 Dec 2021 19:13:37 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
location: https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg
cache-control: no-cache
content-length: 219
x-xss-protection: 1; mode=block

GET
H2 200 KFOmCnqEu92Fr1Mu4mxP.ttf
fonts.gstatic.com/s/roboto/v27/ 107 KB
67 KB 142ms
76ms Font
font/ttf 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxP.ttf

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/dist/css/styles.min.css?id=1031

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2878849254354dd711a82ee3f253f448f38364385ba5ef51fd252a116f470068

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.trustwave.com/
Origin: https://www.trustwave.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 17:11:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 352929
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 68223
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 23:13:53 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 30 Nov 2022 17:11:28 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc9.ttf
fonts.gstatic.com/s/roboto/v27/ 35 KB
20 KB 123ms
59ms Font
font/ttf 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc9.ttf

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/dist/css/styles.min.css?id=1031

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

52dc362cae7e441a98741305a38b045859ac60e99377d9d88922ec32cb944cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.trustwave.com/
Origin: https://www.trustwave.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 17:56:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 436626
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20778
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:45 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 29 Nov 2022 17:56:31 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc9.ttf
fonts.gstatic.com/s/roboto/v27/ 36 KB
21 KB 114ms
50ms Font
font/ttf 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc9.ttf

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/dist/css/styles.min.css?id=1031

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7796600b2ee4c84552cb08fd79603c19b95cd21089e802f222320feceba74c45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.trustwave.com/
Origin: https://www.trustwave.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 04:28:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 139511
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20911
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 03 Dec 2022 04:28:26 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc9.ttf
fonts.gstatic.com/s/roboto/v27/ 35 KB
21 KB 95ms
32ms Font
font/ttf 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc9.ttf

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/dist/css/styles.min.css?id=1031

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc5011972e352363bd8f41e1a3b59c16cbc5e283cc119af9ddd098ec905b7415

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.trustwave.com/
Origin: https://www.trustwave.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 07:53:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 386429
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20814
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 30 Nov 2022 07:53:08 GMT

GET
H2 200 MaterialIcons-Regular.woff2
www.trustwave.com/fonts/material-icons/ 43 KB
43 KB 201ms
201ms Font
application/x-font-woff2 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/fonts/material-icons/MaterialIcons-Regular.woff2

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/dist/css/styles.min.css?id=1031

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trustwave.com/dist/css/styles.min.css?id=1031
Origin: https://www.trustwave.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Fri, 19 Nov 2021 15:30:50 GMT
x-aspnet-version
etag: "0b16a6e5addd71:0"
x-frame-options: SAMEORIGIN
content-type: application/x-font-woff2
date: Sat, 04 Dec 2021 19:13:37 GMT
accept-ranges: bytes
content-length: 44300
x-xss-protection: 1; mode=block

GET
H2 200 KFOkCnqEu92Fr1Mu51xIIzc.ttf
fonts.gstatic.com/s/roboto/v27/ 114 KB
76 KB 130ms
67ms Font
font/ttf 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzc.ttf

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/dist/css/styles.min.css?id=1031

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29bb42382d9e7e070c0908c26d5d887a2be5fd9b5f82f60a24753f444e3cba82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.trustwave.com/
Origin: https://www.trustwave.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 17:21:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 352324
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 77376
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 23:15:44 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 30 Nov 2022 17:21:33 GMT

GET
H2 200 Feather.ttf
www.trustwave.com/fonts/feather/ 64 KB
64 KB 220ms
219ms Font
application/octet-stream 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/fonts/feather/Feather.ttf?sdxovp

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/dist/css/feather.css?id=1031

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e103929dd758126ea4a090ff0e33b620f3ceb1b81ffad1345023c95661c84d8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trustwave.com/dist/css/feather.css?id=1031
Origin: https://www.trustwave.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Fri, 19 Nov 2021 15:30:50 GMT
x-aspnet-version
etag: "0b16a6e5addd71:0"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
date: Sat, 04 Dec 2021 19:13:37 GMT
accept-ranges: bytes
content-length: 65112
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 93ms
41ms Script
application/x-javascript 104.111.234.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: trustwave.azureedge.net
URL: https://trustwave.azureedge.net/dist/js/legacy.min.js?id=1031
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-234-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sat, 04 Dec 2021 19:13:37 GMT
Content-Encoding: gzip
Last-Modified: Fri, 29 Oct 2021 01:24:07 GMT
Server: AkamaiNetStorage
ETag: "461ce1cffaadfebf2e7659745618ba8e:1635470647.434977"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 753

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 134ms
38ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:37 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: D5503D14AA2F06AA
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=8466
accept-ranges: bytes
content-length: 948
x-amz-id-2: JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=

GET
H2 200 fpv2.min.js Show response
www.atmrum.net/client/v1/atm/ 3 KB
3 KB 50ms
50ms Script
application/javascript 204.79.197.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.atmrum.net/client/v1/atm/fpv2.min.js

Requested by

Host: www.atmrum.net
URL: https://www.atmrum.net/rum.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

32ea28e4cc9fb2662d406bc5e859f774b58f927861c31864c33cb81aa8263aac

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:37 GMT
x-content-type-options: nosniff
last-modified: Wed, 17 Nov 2021 17:02:34 GMT
x-msedge-ref: Ref A: 3DED70242D37442FAA9209CF76F78138 Ref B: LTSEDGE0911 Ref C: 2021-12-04T19:13:37Z
etag: 0x8D501F7AFB7338D
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: X-MSEdge-Ref
cache-control: no-store
accept-ranges: bytes
timing-allow-origin: *
content-length: 2983

GET
H2 200 d22d5d9f-dee9-4eea-bf38-6b6ef609199b.js Show response
cookie-cdn.cookiepro.com/consent/ 69 KB
16 KB 67ms
66ms Script
application/x-javascript 2606:4700::6812:678
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/d22d5d9f-dee9-4eea-bf38-6b6ef609199b.js

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/langswitch/5142c8f1-532c-427b-a545-0bcfe1f6f4ea.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:678 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c3bfab00f5e70133e4daafbd95aea46f572bbcf33335ee75b9f2240742c7982

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 04 Dec 2021 19:13:37 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: tokLCuVTsBOR85IgoPx1iA==
age: 252
x-ms-lease-status: unlocked
last-modified: Mon, 29 Apr 2019 14:20:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: de05c210-a01e-009d-4664-b2caf7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
cf-ray: 6b875a63eac13756-MXP

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-5286e9523a723348/ 166 B
325 B 402ms
395ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-5286e9523a723348/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
content-encoding: gzip
etag: 659743217
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=23, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 154

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 90 B
250 B 393ms
369ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=61abbde20559b46b&bkl=0&bl=1&pdt=1159&sid=61abbde20559b46b&pub=ra-5286e9523a723348&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.trustwave.com&fp=en-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&mk=Malware%2CRansomware%2CTools&colc=1638645218152&jsl=1&uvs=61abbde27a9f28c3000&skipb=1&callback=addthis.cbs.jsonp__399028311837126950
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: b749147da7c4a9a991dc8b16f937408f728d9350372c02ed9f6ca1db23239c10

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 19:13:38 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 90
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 736C 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame 0E90 71 KB
26 KB 62ms
62ms Document
text/html 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/

Response headers

server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Sat, 04 Dec 2021 19:13:37 GMT
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 97ms
29ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 751
date: Sat, 04 Dec 2021 19:01:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sat, 04 Dec 2021 21:01:07 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 202ms
53ms Script
application/x-javascript 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sat, 04 Dec 2021 19:13:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Sep 2021 19:17:49 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=54278
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 102ms
28ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
content-encoding: gzip
last-modified: Mon, 20 Sep 2021 23:58:10 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kiad7000052-IAD, cache-hhn11539-HHN

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 37 KB
14 KB 154ms
65ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

9f4922667f15ec47709504b75c4433e7145f96078261bc9a11e386ca52fa18bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14328
x-xss-protection: 0
server: cafe
etag: 12503521247758841375
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 04 Dec 2021 19:13:38 GMT

GET
H3

200

activityi;dc_pre=CNiijZHtyvQCFQXp5godnOUJrA;src=10419288;type=trust0;cat=trust0;ord=6466863853805;gtm=2wgc10;auiddc=1222576643.1638645218;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fbl... Show response
10419288.fls.doubleclick.net/ Frame 319D
Redirect Chain

https://10419288.fls.doubleclick.net/activityi;src=10419288;type=trust0;cat=trust0;ord=6466863853805;gtm=2wgc10;auiddc=1222576643.1638645218;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2...
https://10419288.fls.doubleclick.net/activityi;dc_pre=CNiijZHtyvQCFQXp5godnOUJrA;src=10419288;type=trust0;cat=trust0;ord=6466863853805;gtm=2wgc10;auiddc=1222576643.1638645218;u1=https%3A%2F%2Fwww.t...

710 B
470 B

81ms
42ms

Document
text/html

142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10419288.fls.doubleclick.net/activityi;dc_pre=CNiijZHtyvQCFQXp5godnOUJrA;src=10419288;type=trust0;cat=trust0;ord=6466863853805;gtm=2wgc10;auiddc=1222576643.1638645218;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

4ace5f154b9f75702779c2504e5f74c188a19b0ca038c5b7a54b30028a65467f

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 04 Dec 2021 19:13:38 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 445
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 04 Dec 2021 19:13:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://10419288.fls.doubleclick.net/activityi;dc_pre=CNiijZHtyvQCFQXp5godnOUJrA;src=10419288;type=trust0;cat=trust0;ord=6466863853805;gtm=2wgc10;auiddc=1222576643.1638645218;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

activityi;dc_pre=CJ-LjpHtyvQCFZgHBgAd8BMLEQ;src=9785483;type=siter0;cat=siter00;ord=4634200961307;gtm=2wgc10;auiddc=1222576643.1638645218;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresour... Show response
9785483.fls.doubleclick.net/ Frame 00FB
Redirect Chain

https://9785483.fls.doubleclick.net/activityi;src=9785483;type=siter0;cat=siter00;ord=4634200961307;gtm=2wgc10;auiddc=1222576643.1638645218;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Freso...
https://9785483.fls.doubleclick.net/activityi;dc_pre=CJ-LjpHtyvQCFZgHBgAd8BMLEQ;src=9785483;type=siter0;cat=siter00;ord=4634200961307;gtm=2wgc10;auiddc=1222576643.1638645218;ps=1;~oref=https%3A%2F%...

580 B
466 B

79ms
42ms

Document
text/html

142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9785483.fls.doubleclick.net/activityi;dc_pre=CJ-LjpHtyvQCFZgHBgAd8BMLEQ;src=9785483;type=siter0;cat=siter00;ord=4634200961307;gtm=2wgc10;auiddc=1222576643.1638645218;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

dbf42a9f976b65b69e1461d6adfb5a6300e12572cec82a1f9e351386963245cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 04 Dec 2021 19:13:38 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 441
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 04 Dec 2021 19:13:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://9785483.fls.doubleclick.net/activityi;dc_pre=CJ-LjpHtyvQCFZgHBgAd8BMLEQ;src=9785483;type=siter0;cat=siter00;ord=4634200961307;gtm=2wgc10;auiddc=1222576643.1638645218;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 t.js Show response
vidassets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/ 35 KB
12 KB 121ms
34ms Script
application/javascript 52.222.236.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://vidassets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/t.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.25 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-25.fra56.r.cloudfront.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

9178d19c46b5a36fc8d4de24aa7fef3b62e7f69c259f4e81ee3f2d5aba263216

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:04:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 521
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Wed, 03 Nov 2021 16:03:19 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript;charset=utf-8
via: 1.1 c813ed55721b9ee3209e2abab7207a01.cloudfront.net (CloudFront)
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control: public, s-maxage=2700
x-amz-cf-pop: FRA56-P4
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id: eSDvxWxlEhEyelo-wChXAlC9E6JRJb0GzWKABcvs9MxIfyqtp0rIww==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 96ms
29ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: R0i0/BBPuNQ6YopS+OEtQxXA4yMoKlbBw4jhjU76XV/ehGK53D5n9t9AjdaGGu7kn9py5mZtutzLbMdzwohlog==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Sat, 04 Dec 2021 19:13:38 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 activityi;register_conversion=1;src=10419288;type=trust0;cat=trust0;ord=6466863853805;gtm=2wgc10;auiddc=1222576643.1638645218;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspider...
10419288.fls.doubleclick.net/ 0
0 40ms
40ms Image
text/html 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://10419288.fls.doubleclick.net/activityi;register_conversion=1;src=10419288;type=trust0;cat=trust0;ord=6466863853805;gtm=2wgc10;auiddc=1222576643.1638645218;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F?
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 200 activityi;register_conversion=1;src=9785483;type=siter0;cat=siter00;ord=4634200961307;gtm=2wgc10;auiddc=1222576643.1638645218;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%...
9785483.fls.doubleclick.net/ 0
0 40ms
39ms Image
text/html 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://9785483.fls.doubleclick.net/activityi;register_conversion=1;src=9785483;type=siter0;cat=siter00;ord=4634200961307;gtm=2wgc10;auiddc=1222576643.1638645218;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F?
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H2 200 en-us.json Show response
www.trustwave.com/locale/en-us/LC_MESSAGES/ 1 KB
687 B 195ms
194ms XHR
application/json 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/locale/en-us/LC_MESSAGES/en-us.json

Requested by

Host: trustwave.azureedge.net
URL: https://trustwave.azureedge.net/dist/js/legacy.min.js?id=1031

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

21c3d65ef1a0105fb3114d843bd4c68e474e7571db6b0af5ca759fbfec9eca81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
X-Requested-With: XMLHttpRequest
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Nov 2021 15:32:20 GMT
x-aspnet-version
x-frame-options: SAMEORIGIN
etag: "09afa45addd71:0"
vary: Accept-Encoding
content-type: application/json
date: Sat, 04 Dec 2021 19:13:37 GMT
accept-ranges: bytes
content-length: 590
x-xss-protection: 1; mode=block

GET
H2 200 ja-jp.json Show response
www.trustwave.com/locale/ja-jp/LC_MESSAGES/ 1 KB
924 B 204ms
203ms XHR
application/json 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/locale/ja-jp/LC_MESSAGES/ja-jp.json

Requested by

Host: trustwave.azureedge.net
URL: https://trustwave.azureedge.net/dist/js/legacy.min.js?id=1031

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

7b0ef13b754c456f5621d74ca260e49b061f759bcaeb9223e0eaa78ff4359189

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
X-Requested-With: XMLHttpRequest
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Nov 2021 15:32:20 GMT
x-aspnet-version
x-frame-options: SAMEORIGIN
etag: "09afa45addd71:0"
vary: Accept-Encoding
content-type: application/json
date: Sat, 04 Dec 2021 19:13:37 GMT
accept-ranges: bytes
content-length: 877
x-xss-protection: 1; mode=block

GET
H2 200 de-de.json Show response
www.trustwave.com/locale/de-de/LC_MESSAGES/ 1 KB
611 B 215ms
215ms XHR
application/json 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/locale/de-de/LC_MESSAGES/de-de.json

Requested by

Host: trustwave.azureedge.net
URL: https://trustwave.azureedge.net/dist/js/legacy.min.js?id=1031

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

b5e5c5c8b9ebe9fb7f4a8cde7f2ff4f6652e6beb87585c18e99fb446fbb301a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
X-Requested-With: XMLHttpRequest
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Nov 2021 15:32:20 GMT
x-aspnet-version
x-frame-options: SAMEORIGIN
etag: "09afa45addd71:0"
vary: Accept-Encoding
content-type: application/json
date: Sat, 04 Dec 2021 19:13:37 GMT
accept-ranges: bytes
content-length: 564
x-xss-protection: 1; mode=block

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame C900 39 KB
20 KB 50ms
49ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&cb=712l7nkr2nx5

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f564e8fbd84506cc7c11b9c08b6437e827af1913ec60e574427f66f7db69fc78

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ErBOwp0VGT7mGORWWC3Q9w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 Dec 2021 19:13:38 GMT
content-security-policy: script-src 'report-sample' 'nonce-ErBOwp0VGT7mGORWWC3Q9w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 20419
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK visitWebPage Show response
815-rfm-693.mktoresp.com/webevents/ 2 B
311 B 626ms
110ms XHR
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://815-rfm-693.mktoresp.com/webevents/visitWebPage?_mchNc=1638645218304&_mchCn=&_mchId=815-RFM-693&_mchTk=_mch-trustwave.com-1638645218303-16740&_mchHo=www.trustwave.com&_mchPo=&_mchRu=%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F&_mchPc=https%3A&_mchVr=154&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/154/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Sat, 04 Dec 2021 19:13:38 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: e3026ec7-4379-417f-9f68-569ffe409084

GET
H2 200 fpconfig.min.json Show response
www.atmrum.net/conf/v1/atm/ 191 B
501 B 237ms
78ms XHR
text/plain 204.79.197.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.atmrum.net/conf/v1/atm/fpconfig.min.json

Requested by

Host: www.atmrum.net
URL: https://www.atmrum.net/client/v1/atm/fpv2.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

72766f736186eb5c7c6d08502f3bf28da0092e8ea85cf3b5413c9daf8dc2d94a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:37 GMT
x-content-type-options: nosniff
last-modified: Wed, 17 Nov 2021 17:02:34 GMT
x-msedge-ref: Ref A: B6360F6542984C72BA33B7DB4ED8FCBD Ref B: LTSEDGE0821 Ref C: 2021-12-04T19:13:38Z
etag: 0x8D501F7AFB7338D
x-cache: CONFIG_NOCACHE
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-MSEdge-Ref
cache-control: no-store
accept-ranges: bytes
timing-allow-origin: *
content-length: 191

GET
H2 200 optanon.css
cookie-cdn.cookiepro.com/skins/4.8.0/default_flat_bottom_two_button_black/v2/css/ 23 KB
6 KB 62ms
62ms Stylesheet
text/css 2606:4700::6812:678
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/skins/4.8.0/default_flat_bottom_two_button_black/v2/css/optanon.css

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/consent/d22d5d9f-dee9-4eea-bf38-6b6ef609199b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:678 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bd0bc4edd5e4b256b9c40ce082680ad16a78ac5faf4d3337d39cf9605518bfe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 04 Dec 2021 19:13:38 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: jzLE25vmrDR3ZmMxTSa8+w==
age: 253
x-ms-lease-status: unlocked
last-modified: Thu, 19 Sep 2019 18:59:46 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 6eb99bc3-201e-0005-7817-e8ea96000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
cf-ray: 6b875a653db73756-MXP
expires: Sat, 04 Dec 2021 23:13:38 GMT

GET
H2 200 EU Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/ 32 B
256 B 185ms
66ms Script
text/javascript 2606:4700:10::6814:b844
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/EU?callback=jQuery331045565249787297923_1638645217909&_=1638645217910

Requested by

Host: trustwave.azureedge.net
URL: https://trustwave.azureedge.net/dist/js/legacy.min.js?id=1031

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0817a0d6a87f2d42532035e42b20ea55cfaa5ca1092c761f5fc5e734790bdbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6b875a675c4e83ac-MXP
content-length: 32

GET
H3 200 js Show response
www.google-analytics.com/gtm/ 96 KB
36 KB 84ms
46ms Script
application/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-5B38B7F&t=gtm4&cid=1004728298.1638645218

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c2478cd64560fb787a1a9c68d33950b68c3809173323efe6da8e7dc5c2d629f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37076
x-xss-protection: 0
expires: Sat, 04 Dec 2021 19:13:38 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/ Frame C900 51 KB
24 KB 69ms
31ms Stylesheet
text/css 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&cb=712l7nkr2nx5

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

509bf9e83d3ca5add614196c02c8e0ce59731d3d1a10552c944b74d86019d866

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 11:48:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 113087
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24065
x-xss-protection: 0
last-modified: Mon, 15 Nov 2021 05:04:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
expires: Sat, 03 Dec 2022 11:48:51 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/ Frame C900 343 KB
134 KB 67ms
29ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7511f403bc5d8cdd240bbdb02c5848775e0f89f6dd952e70675d22fd434e1b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 01:17:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64582
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137335
x-xss-protection: 0
last-modified: Mon, 15 Nov 2021 05:04:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
expires: Sun, 04 Dec 2022 01:17:16 GMT

GET
H2 200 IsUserAusi Show response
www.trustwave.com/umbraco/surface/AJAX/ 5 B
196 B 392ms
392ms XHR
text/html 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/umbraco/surface/AJAX/IsUserAusi

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

60a33e6cf5151f2d52eddae9685cfa270426aa89d8dbc7dfb854606f1d1a40fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Request-Id: |tWMPN.ZnSs4
X-Requested-With: XMLHttpRequest
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
x-aspnet-version
date: Sat, 04 Dec 2021 19:13:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
cache-control: private
vary: Accept-Encoding
content-length: 123
x-xss-protection: 1; mode=block

GET
H2 200 IsUserAPAC Show response
www.trustwave.com/umbraco/surface/AJAX/ 5 B
164 B 399ms
398ms XHR
text/html 52.151.96.240
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/umbraco/surface/AJAX/IsUserAPAC

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

60a33e6cf5151f2d52eddae9685cfa270426aa89d8dbc7dfb854606f1d1a40fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Request-Id: |tWMPN.0C3uv
X-Requested-With: XMLHttpRequest
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
x-aspnet-version
date: Sat, 04 Dec 2021 19:13:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
cache-control: private
vary: Accept-Encoding
content-length: 123
x-xss-protection: 1; mode=block

GET
H2 200 dc_pre=CNiijZHtyvQCFQXp5godnOUJrA;src=10419288;type=trust0;cat=trust0;ord=6466863853805;gtm=2wgc10;auiddc=1222576643.1638645218;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspid... Show response
adservice.google.com/ddm/fls/i/ Frame 0328 712 B
517 B 137ms
67ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CNiijZHtyvQCFQXp5godnOUJrA;src=10419288;type=trust0;cat=trust0;ord=6466863853805;gtm=2wgc10;auiddc=1222576643.1638645218;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F

Requested by

Host: 10419288.fls.doubleclick.net
URL: https://10419288.fls.doubleclick.net/activityi;dc_pre=CNiijZHtyvQCFQXp5godnOUJrA;src=10419288;type=trust0;cat=trust0;ord=6466863853805;gtm=2wgc10;auiddc=1222576643.1638645218;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8998bf0d76b0220309c47f57dbe4b9f81a09b6c42a9765fd2e560a67a59840f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://10419288.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 04 Dec 2021 19:13:38 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 447
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame C900 2 KB
2 KB 30ms
29ms Image
image/png 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 03:05:30 GMT
x-content-type-options: nosniff
age: 317288
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
expires: Wed, 08 Dec 2021 03:05:30 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame C900 15 KB
15 KB 69ms
32ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 17:06:41 GMT
x-content-type-options: nosniff
age: 353217
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 30 Nov 2022 17:06:41 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame C900 15 KB
15 KB 65ms
29ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 14:17:54 GMT
x-content-type-options: nosniff
age: 363344
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 30 Nov 2022 14:17:54 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1638645218606&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-an...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D70652%26time%3D1638645218606%26url%3Dhttps%253A%252F%252Fwww.trustwave.com%252Fen...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1638645218606&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-an...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1638645218606&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-a...

0
156 B

384ms
153ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1638645218606&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F&liSync=true&e_ipv6=AQKMvC4kslOVrgAAAX2G3b_f23gDmbyOcxk0xgaZp4Ndr76fRQvaq0fVwULXuohGu-BjE-ss5g
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
Protocol: H2
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:39 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-proto: http/2
x-li-pop: prod-lva1
content-type: application/javascript
content-length: 0
x-li-uuid: xPYzNyWjvRbQQ08qLCsAAA==

Redirect headers

date: Sat, 04 Dec 2021 19:13:39 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1638645218606&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F&liSync=true&e_ipv6=AQKMvC4kslOVrgAAAX2G3b_f23gDmbyOcxk0xgaZp4Ndr76fRQvaq0fVwULXuohGu-BjE-ss5g
x-li-proto: http/2
x-li-pop: prod-ltx1
content-length: 0
x-li-uuid: AhhVICWjvRYwgU+JKysAAA==

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 36ms
36ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=90014777&t=pageview&_s=1&dl=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F&ul=en-us&de=UTF-8&dt=BlackByte%20Ransomware%20%E2%80%93%20Pt.%201%20In-depth%20Analysis%20%7C%20Trustwave&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAEADQAAAAC~&jid=1766993333&gjid=2008135869&cid=1004728298.1638645218&tid=UA-123880220-1&_gid=583419244.1638645218&_r=1&gtm=2wgc1054M2ZJN&z=643228313

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trustwave.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 19:13:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.trustwave.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CJ-LjpHtyvQCFZgHBgAd8BMLEQ;src=9785483;type=siter0;cat=siter00;ord=4634200961307;gtm=2wgc10;auiddc=1222576643.1638645218;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblog... Show response
adservice.google.com/ddm/fls/i/ Frame E04A 582 B
913 B 68ms
66ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CJ-LjpHtyvQCFZgHBgAd8BMLEQ;src=9785483;type=siter0;cat=siter00;ord=4634200961307;gtm=2wgc10;auiddc=1222576643.1638645218;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F

Requested by

Host: 9785483.fls.doubleclick.net
URL: https://9785483.fls.doubleclick.net/activityi;dc_pre=CJ-LjpHtyvQCFZgHBgAd8BMLEQ;src=9785483;type=siter0;cat=siter00;ord=4634200961307;gtm=2wgc10;auiddc=1222576643.1638645218;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45ac393f884d33b62ba91b3120ee830b7d6c78991425ddccf6e7d66642486f96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://9785483.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 04 Dec 2021 19:13:38 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 444
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
237 B 319ms
177ms Script
application/javascript 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o4ya5&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=63517e54-6ddf-4584-a2ea-c1afafa1a209&tw_document_href=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 110
pragma: no-cache
last-modified: Sat, 04 Dec 2021 19:13:38 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 98763ea4badb927820ed59df11638aa0fc7d400f6d851d8ac80323d2608ee782
x-transaction: a4f84ed3687ce498
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
673 B 318ms
177ms Script
application/javascript 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o4ya5&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=216a3929-293a-4f88-84cc-7732648225c2&tw_document_href=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 109
pragma: no-cache
last-modified: Sat, 04 Dec 2021 19:13:38 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 98763ea4badb927820ed59df11638aa0fc7d400f6d851d8ac80323d2608ee782
x-transaction: be680001456ee40e
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
471 B 324ms
175ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o4ya5&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=63517e54-6ddf-4584-a2ea-c1afafa1a209&tw_document_href=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 106
pragma: no-cache
last-modified: Sat, 04 Dec 2021 19:13:38 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: b7c652ff13de3593b2a1b708d4cb0b0f684b2bf4e7835dc49b4516947a4af692
x-transaction: ac485db7c121bf82
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
123 B 334ms
185ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o4ya5&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=216a3929-293a-4f88-84cc-7732648225c2&tw_document_href=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 116
pragma: no-cache
last-modified: Sat, 04 Dec 2021 19:13:38 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: b7c652ff13de3593b2a1b708d4cb0b0f684b2bf4e7835dc49b4516947a4af692
x-transaction: 63bf70c812f0ec1f
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame C900 102 B
134 B 39ms
38ms Other
text/javascript 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=_7Co1fh8iT2hcjvquYJ_3zSP

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4e836cc5611e71fad7ca8b19324773a34afbad72550c012e50b83698262d6c50

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&cb=712l7nkr2nx5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Sat, 04 Dec 2021 19:13:38 GMT

GET
H2 200 trans.gif
7fd22be8904968acc000469df13c58e1.azr.footprintdns.com/apc/ 43 B
243 B 367ms
105ms Image
image/gif 2603:1030:f00::1b6
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://7fd22be8904968acc000469df13c58e1.azr.footprintdns.com/apc/trans.gif?ff9a474798846cc6afe3b17e51060449

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1030:f00::1b6 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 04 Nov 2021 19:16:11 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: image/gif
date: Sat, 04 Dec 2021 19:13:38 GMT
accept-ranges: bytes
content-length: 43
etag: "1340f26db0d1d71:0"

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 7 B
447 B 75ms
24ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-123880220-1&cid=1004728298.1638645218&jid=1766993333&gjid=2008135869&_gid=583419244.1638645218&_u=aGDAAEACQAAAAC~&z=2143797441

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trustwave.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 04 Dec 2021 19:13:38 GMT
content-type: text/plain
access-control-allow-origin: https://www.trustwave.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/494613180/ 2 KB
2 KB 113ms
46ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/494613180/?random=1638645218724&cv=9&fst=1638645218724&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F&tiba=BlackByte%20Ransomware%20%E2%80%93%20Pt.%201%20In-depth%20Analysis%20%7C%20Trustwave&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

62ad840d3b928293f244942ffdefb29d82d8bdf7c5e08f7779d9e0272b7e58ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 19:13:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1087
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

s.gif
wec-assets-api.terminus.services/v1/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=id17evj&ttd_tpi=1&ttd_puid=af0d2044-417b-49dd-b4e9-25d4e62e0332|7bcd463c-916e-4d32-b587-44f1d30507e1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=id17evj&ttd_tpi=1&ttd_puid=af0d2044-417b-49dd-b4e9-25d4e62e0332|7bcd463c-916e-4d32-b587-44f1d30507e1
https://wec-assets.terminus.services/s.gif?d=af0d2044-417b-49dd-b4e9-25d4e62e0332|7bcd463c-916e-4d32-b587-44f1d30507e1&t=3af8aacf-dda8-4542-be81-148e7958401d
https://wec-assets-api.terminus.services/v1/s.gif

43 B
161 B

268ms
99ms

Image
image/gif

52.6.193.94
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wec-assets-api.terminus.services/v1/s.gif
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
Protocol: H2
Server: 52.6.193.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-6-193-94.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:39 GMT
x-envoy-upstream-service-time: 1
server: istio-envoy
content-length: 43
vary: Origin
content-type: image/gif

Redirect headers

date: Sat, 04 Dec 2021 19:01:47 GMT
via: 1.1 d13436be9e793d00b0273db3f7904817.cloudfront.net (CloudFront)
server: awselb/2.0
age: 711
x-cache: Hit from cloudfront
content-type: text/html
location: https://wec-assets-api.terminus.services:443/v1/s.gif
x-amz-cf-pop: FRA60-P2
content-length: 134
x-amz-cf-id: g6fWGP3yi7S-JqHrMJln81Y_JDBsdt5Zdr1GPesaOT6xc6oUMltXvw==

GET
H2

200

t.gif
wec-assets-api.terminus.services/v1/af0d2044-417b-49dd-b4e9-25d4e62e0332/
Redirect Chain

https://wec-assets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/t.gif?d=7bcd463c-916e-4d32-b587-44f1d30507e1&s=b3badaf4-e787-491b-b53b-93585f3d6097&p=https%3A%2F%2Fwww.trustwave.com%2Fen-...
https://wec-assets-api.terminus.services/v1/af0d2044-417b-49dd-b4e9-25d4e62e0332/t.gif

43 B
162 B

298ms
97ms

Image
image/gif

52.6.193.94
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wec-assets-api.terminus.services/v1/af0d2044-417b-49dd-b4e9-25d4e62e0332/t.gif
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
Protocol: H2
Server: 52.6.193.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-6-193-94.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:39 GMT
x-envoy-upstream-service-time: 1
server: istio-envoy
content-length: 43
vary: Origin
content-type: image/gif

Redirect headers

date: Sat, 04 Dec 2021 19:11:31 GMT
via: 1.1 d13436be9e793d00b0273db3f7904817.cloudfront.net (CloudFront)
server: awselb/2.0
age: 127
x-cache: Hit from cloudfront
content-type: text/html
location: https://wec-assets-api.terminus.services:443/v1/af0d2044-417b-49dd-b4e9-25d4e62e0332/t.gif
x-amz-cf-pop: FRA60-P2
content-length: 134
x-amz-cf-id: 6Ms9JNW71WC8F7mjL4HERrAbrgpN4D3wKzw_Ill4oB5Tf-kxbk0__A==

GET
H3 200 657537318161329 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 119ms
88ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/657537318161329?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

70a01560b16f5f4bf7afb02ad4c07faf773f9703146d192efcf742af50bcee8d

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: vMOAoI4xVM7H7KKU4XNF2KBoVNWDaBa+2r/Yqgxmc3d0wBaR3mtyXihTUQ9Z1lL1zDoBePDFCfdTtrRWAT8bhA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sat, 04 Dec 2021 19:13:38 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 dc_pre=CJ-LjpHtyvQCFZgHBgAd8BMLEQ;src=9785483;type=siter0;cat=siter00;ord=4634200961307;gtm=2wgc10;auiddc=1222576643.1638645218;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblog... Show response
adservice.google.co.uk/ddm/fls/i/ Frame 6B7D 194 B
870 B 149ms
66ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/ddm/fls/i/dc_pre=CJ-LjpHtyvQCFZgHBgAd8BMLEQ;src=9785483;type=siter0;cat=siter00;ord=4634200961307;gtm=2wgc10;auiddc=1222576643.1638645218;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CJ-LjpHtyvQCFZgHBgAd8BMLEQ;src=9785483;type=siter0;cat=siter00;ord=4634200961307;gtm=2wgc10;auiddc=1222576643.1638645218;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 04 Dec 2021 19:13:38 GMT
expires: Sat, 04 Dec 2021 19:13:38 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 dc_pre=CNiijZHtyvQCFQXp5godnOUJrA;src=10419288;type=trust0;cat=trust0;ord=6466863853805;gtm=2wgc10;auiddc=1222576643.1638645218;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspid... Show response
adservice.google.co.uk/ddm/fls/i/ Frame 850B 194 B
242 B 148ms
66ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/ddm/fls/i/dc_pre=CNiijZHtyvQCFQXp5godnOUJrA;src=10419288;type=trust0;cat=trust0;ord=6466863853805;gtm=2wgc10;auiddc=1222576643.1638645218;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CNiijZHtyvQCFQXp5godnOUJrA;src=10419288;type=trust0;cat=trust0;ord=6466863853805;gtm=2wgc10;auiddc=1222576643.1638645218;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F;ps=1;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 04 Dec 2021 19:13:38 GMT
expires: Sat, 04 Dec 2021 19:13:38 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 53ms
52ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-123880220-1&cid=1004728298.1638645218&jid=1766993333&_u=aGDAAEACQAAAAC~&z=1408964022

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 19:13:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.co.uk/ads/ 42 B
107 B 121ms
53ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-123880220-1&cid=1004728298.1638645218&jid=1766993333&_u=aGDAAEACQAAAAC~&z=1408964022

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 19:13:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/494613180/ 42 B
64 B 43ms
43ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/494613180/?random=1638645218724&cv=9&fst=1638644400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&frm=0&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F&tiba=BlackByte%20Ransomware%20%E2%80%93%20Pt.%201%20In-depth%20Analysis%20%7C%20Trustwave&async=1&fmt=3&is_vtc=1&random=1279043162&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 19:13:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.co.uk/pagead/1p-user-list/494613180/ 42 B
548 B 83ms
43ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-user-list/494613180/?random=1638645218724&cv=9&fst=1638644400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&frm=0&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F&tiba=BlackByte%20Ransomware%20%E2%80%93%20Pt.%201%20In-depth%20Analysis%20%7C%20Trustwave&async=1&fmt=3&is_vtc=1&random=1279043162&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Dec 2021 19:13:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 96ms
29ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=657537318161329&ev=PageView&dl=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F&rl=&if=false&ts=1638645218960&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1638645218958.424467166&it=1638645218742&coo=false&rqm=GET

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:38 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Sat, 04 Dec 2021 19:13:38 GMT

GET
H2 200 trans.gif
7fd22be8904968acc000469df13c58e1.azr.footprintdns.com/apc/ 43 B
81 B 105ms
104ms Image
image/gif 2603:1030:f00::1b6
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://7fd22be8904968acc000469df13c58e1.azr.footprintdns.com/apc/trans.gif?9aab9e53f140d71aa0a9dd7415d1a106

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1030:f00::1b6 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 04 Nov 2021 19:16:11 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: image/gif
date: Sat, 04 Dec 2021 19:13:38 GMT
accept-ranges: bytes
content-length: 43
etag: "1340f26db0d1d71:0"

GET
H2 200 trans.gif
a1a803264f8debfb4aca2cec04caea67.azr.footprintdns.com/apc/ 43 B
243 B 186ms
37ms Image
image/gif 2603:1020:a01:2::2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a1a803264f8debfb4aca2cec04caea67.azr.footprintdns.com/apc/trans.gif?aa591497986b1076f5fea5900343779f

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1020:a01:2::2 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 04 Nov 2021 19:16:11 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: image/gif
date: Sat, 04 Dec 2021 19:13:39 GMT
accept-ranges: bytes
content-length: 43
etag: "1340f26db0d1d71:0"

GET
H2 200 trans.gif
a1a803264f8debfb4aca2cec04caea67.azr.footprintdns.com/apc/ 43 B
81 B 35ms
35ms Image
image/gif 2603:1020:a01:2::2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a1a803264f8debfb4aca2cec04caea67.azr.footprintdns.com/apc/trans.gif?acf100369e057d15a42e76b761abf2d0

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1020:a01:2::2 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 04 Nov 2021 19:16:11 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: image/gif
date: Sat, 04 Dec 2021 19:13:39 GMT
accept-ranges: bytes
content-length: 43
etag: "1340f26db0d1d71:0"

GET
H2 200 trans.gif
25714641fd509e770e90ca5f90381062.azr.footprintdns.com/apc/ 43 B
81 B 72ms
35ms Image
image/gif 2603:1020:a01:2::2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://25714641fd509e770e90ca5f90381062.azr.footprintdns.com/apc/trans.gif?1f5bdd1a3c0635bf3c4e78b1cbe66ffc

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1020:a01:2::2 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 04 Nov 2021 19:16:11 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: image/gif
date: Sat, 04 Dec 2021 19:13:39 GMT
accept-ranges: bytes
content-length: 43
etag: "1340f26db0d1d71:0"

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 63ms
29ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=657537318161329&ev=Microdata&dl=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F&rl=&if=false&ts=1638645219469&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22BlackByte%20Ransomware%20%E2%80%93%20Pt.%201%20In-depth%20Analysis%20%7C%20Trustwave%22%2C%22meta%3Adescription%22%3A%22During%20a%20recent%20malware%20incident%20response%20case%2C%20we%20encountered%20an%20interesting%20piece%20of%20ransomware%20that%20goes%20by%20the%20name%20of%20BlackByte.%22%2C%22meta%3Akeywords%22%3A%22Malware%2C%20Ransomware%2C%20Tools%22%7D&cd[OpenGraph]=%7B%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Asite_name%22%3A%22Trustwave%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Ftrustwave.azureedge.net%2Fmedia%2F15279%2Fsl-blog-default-image.jpg%3Frnd%3D131897042940000000%22%2C%22og%3Atitle%22%3A%22BlackByte%20Ransomware%20%E2%80%93%20Pt.%201%20In-depth%20Analysis%22%2C%22og%3Adescription%22%3A%22During%20a%20recent%20malware%20incident%20response%20case%2C%20we%20encountered%20an%20interesting%20piece%20of%20ransomware%20that%20goes%20by%20the%20name%20of%20BlackByte.%22%7D&cd[Schema.org]=%5B%7B%22dimensions%22%3A%7B%22h%22%3A22244%2C%22w%22%3A945%7D%2C%22properties%22%3A%7B%22name%22%3A%22BlackByte%20Ransomware%20%E2%80%93%20Pt.%201%20In-depth%20Analysis%22%2C%22datePublished%22%3A%22October%2015%2C%202021%22%7D%2C%22subscopes%22%3A%5B%7B%22dimensions%22%3A%7B%22h%22%3A40%2C%22w%22%3A282%7D%2C%22properties%22%3A%7B%22name%22%3A%22Rodel%20Mendrez%2C%20Lloyd%20Macrohon%22%7D%2C%22subscopes%22%3A%5B%5D%2C%22type%22%3A%22http%3A%2F%2Fschema.org%2FPerson%22%7D%5D%2C%22type%22%3A%22http%3A%2F%2Fschema.org%2FBlog%22%7D%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1638645218958.424467166&it=1638645218742&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 04 Dec 2021 19:13:39 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Sat, 04 Dec 2021 19:13:39 GMT

GET
H2 200 trans.gif
25714641fd509e770e90ca5f90381062.azr.footprintdns.com/apc/ 43 B
81 B 36ms
35ms Image
image/gif 2603:1020:a01:2::2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://25714641fd509e770e90ca5f90381062.azr.footprintdns.com/apc/trans.gif?0215bdd651c2633d11e0b40135f1c7d9

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1020:a01:2::2 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 04 Nov 2021 19:16:11 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: image/gif
date: Sat, 04 Dec 2021 19:13:39 GMT
accept-ranges: bytes
content-length: 43
etag: "1340f26db0d1d71:0"

GET
H2 200 r.gif Show response
www.atmrum.net/report/v1/atm/ 7 B
159 B 54ms
53ms XHR
image/gif 204.79.197.234
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.atmrum.net/report/v1/atm/r.gif?MonitorID=atm&rid=33048a5ab87b622a10106dcf0fdbd7c2&w3c=true&prot=https:&v=2017061301&tag=602cc9bb0a513db2b327299487211347&DATA=[{%22RequestID%22:%227fd22be8904968acc000469df13c58e1%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:442},{%22RequestID%22:%227fd22be8904968acc000469df13c58e1%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:107},{%22RequestID%22:%22a1a803264f8debfb4aca2cec04caea67%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:187},{%22RequestID%22:%22a1a803264f8debfb4aca2cec04caea67%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:37},{%22RequestID%22:%2225714641fd509e770e90ca5f90381062%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:73},{%22RequestID%22:%2225714641fd509e770e90ca5f90381062%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:37}]
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: f82624464e9e95dfae29e0e54c360aff84dda3c419fc8c3bd10ef668bbe7df9e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.trustwave.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin: https://www.trustwave.com
date: Sat, 04 Dec 2021 19:13:38 GMT
cache-control: no-store
x-msedge-ref: Ref A: DC82347F41374C6C8CD94F0A20B9C1AA Ref B: LTSEDGE0821 Ref C: 2021-12-04T19:13:39Z
content-type: image/gif

OPTIONS
H2 200 track
dc.services.visualstudio.com/v2/ Frame 0
0 340ms
70ms Preflight 13.69.106.216
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.69.106.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,sdk-context
Origin: https://www.trustwave.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-methods: POST
access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
access-control-allow-origin: *
access-control-max-age: 3600
x-content-type-options: nosniff
date: Sat, 04 Dec 2021 19:13:39 GMT
content-length: 0

POST
H2 200 track Show response
dc.services.visualstudio.com/v2/ 96 B
281 B 348ms
346ms XHR
application/json 13.69.106.216
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.69.106.216 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

45fabc36d98badba9f9f445d845743c898452dc0341796b7c5189cf3527643c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trustwave.com/
Accept-Language: en-GB,en;q=0.9
Sdk-Context: appId
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type: application/json

Response headers

x-ms-session-id: 7446D6CC-87AE-422F-ADA0-455AC9D15616
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Sat, 04 Dec 2021 19:13:39 GMT
access-control-max-age: 3600
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Cache-Control, Sdk-Context
content-length: 96

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

176 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.trustwave.com/	1969-12-31 23:59:59	Name: ApplicationGatewayAffinity Value: bcc70b3e9d2a132e2376fddfd28702ba57725b0d585f7a92e016c74563f04890
.www.trustwave.com/	1969-12-31 23:59:59	Name: ApplicationGatewayAffinityCORS Value: bcc70b3e9d2a132e2376fddfd28702ba57725b0d585f7a92e016c74563f04890
.fonts.net/	1970-01-19 23:10:47	Name: __cf_bm Value: UCNKjEi6eJPnDwZbsZ5dAjWzq4S4k9rHc_5NACi5jPA-1638645217-0-AVETYw/cPjZOGQAMJYK0VNVmXIOZI5pVYBe2Ay9sO8yN/xEChS6nvp1GoVg9MvjhpJ/kuk0uc7bXK1RIP2oR1KQ=
www.trustwave.com/	1970-01-20 08:40:59	Name: __atuvc Value: 1%7C48
www.trustwave.com/	1970-01-19 23:10:47	Name: __atuvs Value: 61abbde27a9f28c3000
.trustwave.com/	1970-01-20 01:20:21	Name: _gcl_au Value: 1.1.1222576643.1638645218
.trustwave.com/	1970-01-20 16:41:57	Name: _mkto_trk Value: id:815-RFM-693&token:_mch-trustwave.com-1638645218303-16740
.trustwave.com/	1970-01-20 16:41:57	Name: _ga Value: GA1.2.1004728298.1638645218
.trustwave.com/	1970-01-19 23:12:11	Name: _gid Value: GA1.2.583419244.1638645218
.addthis.com/	1970-01-20 08:40:59	Name: uvc Value: 1%7C48
www.trustwave.com/	1970-01-20 07:56:21	Name: ai_user Value: fQCfZ\|2021-12-04T19:13:38.386Z
.doubleclick.net/	1970-01-20 08:32:21	Name: IDE Value: AHWqTUnFlxbd8NJbqlOVb9bP91L8FNOd-Qq6vjK7gca4ANaVxGMZP8JvS9UcIAMm
.trustwave.com/	1970-01-19 23:10:45	Name: _gat_UA-123880220-1 Value: 1
www.trustwave.com/	1970-01-19 23:10:47	Name: ai_session Value: +sdW4\|1638645218694.5\|1638645218694.5
.addthis.com/	1970-01-20 08:40:59	Name: loc Value: MDAwMDBFVUdCMDAyMzE1MTc3NDA0NzAwMDBDSA==
www.trustwave.com/	1970-01-20 07:56:21	Name: d-a8e6 Value: 7bcd463c-916e-4d32-b587-44f1d30507e1
www.trustwave.com/	1970-01-19 23:10:46	Name: s-9da4 Value: b3badaf4-e787-491b-b53b-93585f3d6097
.twitter.com/	1970-01-20 16:41:57	Name: personalization_id Value: "v1_c2gobYm1fYsTlWEsPmNcCw=="
.trustwave.com/	1970-01-20 01:20:21	Name: _fbp Value: fb.1.1638645218958.424467166
.adsrvr.org/	1970-01-20 07:56:21	Name: TDID Value: 3af8aacf-dda8-4542-be81-148e7958401d
.adsrvr.org/	1970-01-20 07:56:21	Name: TDCPM Value: CAEYBSABKAIyCwjIl52JndmbOhAFOAE.
.linkedin.com/	1970-01-19 23:53:57	Name: UserMatchHistory Value: AQJclDrcd32SPgAAAX2G3b3ATB1bm_VSKV-RFzdP_5LlCDPJCUGivNc6f4dthKIDwmwyPjmn-SL-dw
.linkedin.com/	1970-01-19 23:53:57	Name: AnalyticsSyncHistory Value: AQKqeYlbZukP6wAAAX2G3b3AXa-ndp8N7p0utI255dlMPsFvlY12sunYdkf8afPZcJUsgKQYfmALaFJuyzXiSQ
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 16:42:39	Name: bcookie Value: "v=2&f6763d63-167b-47cd-8dbf-74d952a0362b"
.linkedin.com/	1970-01-19 23:12:11	Name: lidc Value: "b=TGST03:s=T:r=T:a=T:p=T:g=2627:u=1:x=1:i=1638645218:t=1638731618:v=2:sig=AQFp8jHRbq_jlnBdgEvLEObeUXShdV2d"
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.www.linkedin.com/	1970-01-20 16:42:39	Name: bscookie Value: "v=1&202112041913392b4ea2de-a9c6-46f3-8f0a-0bceea188965AQHNhk1hRwBnwpcmnkCBbKkcF9V3-F9q"
.linkedin.com/	1970-01-20 16:39:57	Name: li_gc Value: MTswOzE2Mzg2NDUyMTk7MjswMjGwibB+LkCzGP74rcusGVY3qIk6aaH6xpRf3eJRD4bRDg==
.trustwave.com/	1970-01-20 07:56:21	Name: OptanonConsent Value: landingPath=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fblackbyte-ransomware-pt-1-in-depth-analysis%2F&datestamp=Sat+Dec+04+2021+19%3A13%3A40+GMT%2B0000+(GMT)&version=4.8.0&EU=true&groups=1%3A1%2C2%3A0%2C3%3A0%2C0_32924%3A1%2C4%3A0%2C0_32898%3A0%2C0_32899%3A0%2C0_32900%3A0%2C0_32901%3A0%2C0_32902%3A0%2C0_32903%3A0%2C0_32904%3A0%2C0_32905%3A0%2C0_32893%3A0%2C0_32894%3A0%2C0_32895%3A0%2C0_32896%3A0%2C0_32897%3A0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10419288.fls.doubleclick.net
25714641fd509e770e90ca5f90381062.azr.footprintdns.com
7fd22be8904968acc000469df13c58e1.azr.footprintdns.com
815-rfm-693.mktoresp.com
9785483.fls.doubleclick.net
a1.typepad.com
a1a803264f8debfb4aca2cec04caea67.azr.footprintdns.com
a6.typepad.com
adservice.google.co.uk
adservice.google.com
analytics.twitter.com
az416426.vo.msecnd.net
connect.facebook.net
cookie-cdn.cookiepro.com
dc.services.visualstudio.com
fast.fonts.net
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
m.addthis.com
match.adsrvr.org
munchkin.marketo.net
npercoco.typepad.com
player.vimeo.com
px.ads.linkedin.com
px4.ads.linkedin.com
s7.addthis.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
trustwave.azureedge.net
trustwave.blob.core.windows.net
v1.addthisedge.com
vidassets.terminus.services
wec-assets-api.terminus.services
wec-assets.terminus.services
www.atmrum.net
www.facebook.com
www.google-analytics.com
www.google.co.uk
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.trustwave.com
z.moatads.com
s7.addthis.com
104.111.234.67
104.18.136.190
104.18.138.190
104.18.140.190
104.244.42.195
104.244.42.197
104.75.88.126
108.174.10.14
13.69.106.216
142.250.186.162
142.250.186.166
15.197.193.217
151.101.192.217
18.66.122.59
192.28.144.124
199.232.136.157
2.18.235.40
204.79.197.234
2603:1020:a01:2::2
2603:1030:f00::1b6
2606:2800:11f:1cb7:261b:1f9c:2074:3c
2606:4700:10::6814:b844
2606:4700::6811:e14e
2606:4700::6812:678
2620:119:50e8:101::9002:f05
2620:1ec:21::14
2a00:1450:4001:802::2002
2a00:1450:4001:802::2003
2a00:1450:4001:803::2003
2a00:1450:4001:812::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2004
2a00:1450:4001:830::2008
2a00:1450:400c:c00::9c
2a02:26f0:64::210:6bc1
2a02:26f0:6c00::210:ba0a
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
52.151.96.240
52.222.236.25
52.239.171.228
52.6.193.94
00c8eb28301cf1a0c2ff74264a1b5c80e592fb25c15391b73516823156e06ec2
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
08529955a8d9e583dacd78d8ade75159e0869e25766fba0ac911d5fa3e3b234b
0bd0bc4edd5e4b256b9c40ce082680ad16a78ac5faf4d3337d39cf9605518bfe
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
16a8259d421207cee1fe5452b8233fe2e252a43fdbd33a98cdd6b7e5388ee4dd
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1c3bfab00f5e70133e4daafbd95aea46f572bbcf33335ee75b9f2240742c7982
21c3d65ef1a0105fb3114d843bd4c68e474e7571db6b0af5ca759fbfec9eca81
2878849254354dd711a82ee3f253f448f38364385ba5ef51fd252a116f470068
29bb42382d9e7e070c0908c26d5d887a2be5fd9b5f82f60a24753f444e3cba82
29de9ac75867ab379d82571a556d0efd645704a87bac6eb23a1a765ecbddc645
2aac204d22b7a0496acce69c7ef283b84c0e3a6e973d58c24ce57458128c3779
2ebec01c14f767ba4cd4ed57b608075be23aa3c001cc6a4926442c72f4268a9c
31cd32b0079a8fe3b5672ae37bc48e79cc179adf56f7a467ee2eee8377db0794
32ea28e4cc9fb2662d406bc5e859f774b58f927861c31864c33cb81aa8263aac
3c0d2b8b193b0ce8aaf68a6a23a81d518cabe0af3c2f9d3985b57850dd32e017
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
3dfbfcce286a8e3b0010ed25af6b321fbe655ead4bfbb525c750759e9a61ae01
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3f18aeab9b9baa3e61c4bc2cd0372e3946f494bd03bff3cad740e5ea817fce2b
4187de8985a13d8bb191744e12f3f83c244f725da3fa82d558883f5578c72bc2
4288144386d0cb3dc13662bc9670cb65fe8180e845a4f37af5c73ef09f841b88
42f2f65a52347bf6ed6c0633b5458c48ddc1b439923c92caec18c6d6f111afe3
45ac393f884d33b62ba91b3120ee830b7d6c78991425ddccf6e7d66642486f96
45fabc36d98badba9f9f445d845743c898452dc0341796b7c5189cf3527643c6
4ace5f154b9f75702779c2504e5f74c188a19b0ca038c5b7a54b30028a65467f
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08
4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028
4d84802c2cc3550892199289d28a046c4e1d011964c7c7f9d43bdeebecf107de
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4e5ab440329cd7d94538bc256cd00097682d6dcfb803cc0e9e64cfab683831dc
4e836cc5611e71fad7ca8b19324773a34afbad72550c012e50b83698262d6c50
509bf9e83d3ca5add614196c02c8e0ce59731d3d1a10552c944b74d86019d866
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e
52dc362cae7e441a98741305a38b045859ac60e99377d9d88922ec32cb944cfa
548306df504e8495bba38368a29dae35c8eaacd5c3148e6253b11cbe0af3d7ea
55b511fe23feb5f5398700013f10e4eec0a75a267c83fc646f479dd4a0b73b15
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
594348986e922bdb677b817c273a491bb41a9223d12eb1c2eb563e040c8566df
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
60a33e6cf5151f2d52eddae9685cfa270426aa89d8dbc7dfb854606f1d1a40fe
62ad840d3b928293f244942ffdefb29d82d8bdf7c5e08f7779d9e0272b7e58ba
6603122bf60f4b09cfab59cdc08d792c28773607d897ed680c7c0b607a44a879
69fe2f2ce12f0fa72a52f780c447703eeba393c04b3fc38e5db381dc4039b65e
7050ca2ee4b2c799d53a9f6095653af5b25e3d5b0fba1163e34f1d7d1acb598e
70a01560b16f5f4bf7afb02ad4c07faf773f9703146d192efcf742af50bcee8d
72766f736186eb5c7c6d08502f3bf28da0092e8ea85cf3b5413c9daf8dc2d94a
762a3064ed264b29dc4030e4fd1a71b5ea55759318489f63889ae955921c583d
7796600b2ee4c84552cb08fd79603c19b95cd21089e802f222320feceba74c45
7b0ef13b754c456f5621d74ca260e49b061f759bcaeb9223e0eaa78ff4359189
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
80afdcdab5af95e11f8edac404947668a91582b9799723a8d5272483a010f23d
81d1eeb980b09409744568d2ed3ca7ff1ee763d6aeb9dc6c66bc845dd3d3bb96
85617163a0d798f5865addd9cb026438b1096093b4cac1838630ad93ebfdf4b4
8998bf0d76b0220309c47f57dbe4b9f81a09b6c42a9765fd2e560a67a59840f0
9178d19c46b5a36fc8d4de24aa7fef3b62e7f69c259f4e81ee3f2d5aba263216
9298a280eda6b54290d3c69fda3ae7da0cec1a0169d01d4e5944af63d68939d5
947ea664b3989be7ce261d96ecac895ad4dc1e84246091bb75b0ea0eb4c3de5b
9545498791418ba2847374815a974cc5bad7368ffb1df4c44c67d25027dd219e
97f3935e542cf1c13933f0f7f326c4054041df4c85b40364646c97cab87d3281
9998a28912966aa8ae78c7bae4b70bce32095ac4cafb972428f96c60bf374a98
9a2b09b1bd7190df58b8462804537f71a64e447921a03e62dc16148f9c433511
9ec2be41883e1c3b9d2705e92c38e4d149da50844f86c27850485b038d1e0ecd
9f4922667f15ec47709504b75c4433e7145f96078261bc9a11e386ca52fa18bb
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a6843d5ffd9052e631f84994401389694fd86b7cff2f9910ec6a28814cbb6b03
a76b2bc12b0e3c9536c8c0c3af4170cc66c19ff44fb96326aa6b542ee272365f
a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
b016380c1e5281bf5629d39c1dd2d79d1d8eec45e77f69d7f101105b93e813e0
b0817a0d6a87f2d42532035e42b20ea55cfaa5ca1092c761f5fc5e734790bdbf
b0f35cc025dc27ea345536d4eafc13e52fe2b1c237fd6c4150d4dbf85c323c27
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b402e029964902c382b3f0ec4d5a8881eadcc2d464a62ede7b37493d493c5352
b5e5c5c8b9ebe9fb7f4a8cde7f2ff4f6652e6beb87585c18e99fb446fbb301a4
b749147da7c4a9a991dc8b16f937408f728d9350372c02ed9f6ca1db23239c10
b9833a558a67d159aa6139bb0b9168560a37f580ae04654ccc7b6b1ce0d75ea6
c2478cd64560fb787a1a9c68d33950b68c3809173323efe6da8e7dc5c2d629f0
cad52edc852c8799dc15d94859f4e1b844ee199d3f324d11ac372c55acc1db9d
cc5011972e352363bd8f41e1a3b59c16cbc5e283cc119af9ddd098ec905b7415
ccdfe54c69a6bb36cd65e7f2cc26a268e7beda0218f4e6d86ebf73c8689616c1
cce3de366eee70c8705fd57f741c79fe3fab41979092f74814fa3bb384fe0b0f
cf7008a1bb1e7dcffa096b3f0c782f3dd610f847413ae4861a5c03006f093553
cfa30470226024e19712128cc0a66bbcae0e332e129b68a305487901b3364d7d
d0fa483e2bb6a958feb8592376ce3f9dc7e03be8abfbc6a60c35a4345993daba
dbf42a9f976b65b69e1461d6adfb5a6300e12572cec82a1f9e351386963245cf
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e103929dd758126ea4a090ff0e33b620f3ceb1b81ffad1345023c95661c84d8c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eec92db3906701a283982a9ea481e806b6fd01fb2efb2c802cba1c376b19c2f5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f522bab0c16e2b2494ee2a1e99c1aa3f50db00099193df43cc1faaae72308170
f564e8fbd84506cc7c11b9c08b6437e827af1913ec60e574427f66f7db69fc78
f58d79562670c3158ce9a681f2a0f0a88fbcdf226281e199bd68089a85efdca7
f7511f403bc5d8cdd240bbdb02c5848775e0f89f6dd952e70675d22fd434e1b4
f82624464e9e95dfae29e0e54c360aff84dda3c419fc8c3bd10ef668bbe7df9e
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

www.trustwave.com Open in urlscan Pro 52.151.96.240 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

123 Requests

96 %HTTPS

51 %IPv6

34 Domains

49 Subdomains

42 IPs

8 Countries

3517 kBTransfer

5903 kBSize

30 Cookies

39 Outgoing links

Redirected requests

123 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.trustwave.com Open in urlscan Pro
52.151.96.240 Public Scan

Screenshot
Live screenshot

Full Image

123
Requests

96 %
HTTPS

51 %
IPv6

34
Domains

49
Subdomains

42
IPs

8
Countries

3517 kB
Transfer

5903 kB
Size

30
Cookies

123 HTTP transactions
0 data transactions