www.wilbursecurity.com Open in urlscan Pro
173.236.189.195 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Submission: On September 25 via api (September 25th 2020, 2:50:22 pm UTC) from US

Summary HTTP 107 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 20 IPs in 5 countries across 11 domains to perform 107 HTTP transactions. The main IP is 173.236.189.195, located in Brea, United States and belongs to DREAMHOST-AS, US. The main domain is www.wilbursecurity.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 12th 2020. Valid for: 3 months.

This is the only time www.wilbursecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	173.236.189.195 173.236.189.195	26347 (DREAMHOST-AS) (DREAMHOST-AS)
13	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:818::200a	15169 (GOOGLE) (GOOGLE)
37	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:820::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE)
4	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
7	2a00:1450:400... 2a00:1450:4001:81b::2003	15169 (GOOGLE) (GOOGLE)
6	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY)
4	2a00:1450:400... 2a00:1450:4001:815::200a	15169 (GOOGLE) (GOOGLE)
1	151.101.36.84 151.101.36.84	54113 (FASTLY) (FASTLY)
1	2a03:2880:f02... 2a03:2880:f02d:e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:821::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9c	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:825::2003	15169 (GOOGLE) (GOOGLE)
1	2606:2800:134... 2606:2800:134:1a0d:1429:742:782:b6	15133 (EDGECAST) (EDGECAST)
2	2606:2800:233... 2606:2800:233:8173:898f:63b3:95c3:79d2	15133 (EDGECAST) (EDGECAST)
10	2600:1480:300... 2600:1480:3000:e5::	33905 (AKAMAI-AMS) (AKAMAI-AMS)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
107	20

12 173.236.189.195 (Brea, United States)

ASN26347 (DREAMHOST-AS, US)
PTR: apache2-echo.lightfoot.dreamhost.com

www.wilbursecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 192.0.77.37 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:81b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:815::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.36.84 (Amsterdam, Netherlands)

ASN54113 (FASTLY, US)

api.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f02d:e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:134:1a0d:1429:742:782:b6 (United States)

ASN15133 (EDGECAST, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:233:8173:898f:63b3:95c3:79d2 (United States)

ASN15133 (EDGECAST, US)

abs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2600:1480:3000:e5:: (United States)

ASN33905 (AKAMAI-AMS, EU)

pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
54	wp.com c0.wp.com i0.wp.com i2.wp.com i1.wp.com stats.wp.com pixel.wp.com	793 KB
13	twimg.com cdn.syndication.twimg.com abs.twimg.com pbs.twimg.com	61 KB
12	wilbursecurity.com www.wilbursecurity.com	156 KB
10	gstatic.com fonts.gstatic.com www.gstatic.com	69 KB
7	twitter.com platform.twitter.com syndication.twitter.com	108 KB
5	googleapis.com fonts.googleapis.com translate.googleapis.com	93 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	doubleclick.net stats.g.doubleclick.net	89 B
1	facebook.com graph.facebook.com	632 B
1	pinterest.com api.pinterest.com	353 B
1	google.com translate.google.com	1 KB
107	11

	Domain	Requested by
14	i0.wp.com	www.wilbursecurity.com
13	i2.wp.com	www.wilbursecurity.com
13	c0.wp.com	www.wilbursecurity.com
12	www.wilbursecurity.com	www.wilbursecurity.com c0.wp.com
10	pbs.twimg.com
10	i1.wp.com	www.wilbursecurity.com
7	fonts.gstatic.com	fonts.googleapis.com
6	platform.twitter.com	c0.wp.com platform.twitter.com
4	translate.googleapis.com	translate.google.com translate.googleapis.com srcdoc
3	www.gstatic.com	www.wilbursecurity.com translate.googleapis.com
3	pixel.wp.com	www.wilbursecurity.com
2	abs.twimg.com	www.wilbursecurity.com platform.twitter.com
2	www.google-analytics.com	www.wilbursecurity.com www.google-analytics.com
1	syndication.twitter.com
1	cdn.syndication.twimg.com	platform.twitter.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	graph.facebook.com	c0.wp.com
1	api.pinterest.com	c0.wp.com
1	stats.wp.com	www.wilbursecurity.com
1	translate.google.com	www.wilbursecurity.com
1	fonts.googleapis.com	www.wilbursecurity.com
107	21

This site contains links to these domains. Also see Links.

Domain
www.cobaltstrike.com
github.com
www.softperfect.com
app.any.run
www.bleepingcomputer.com
www.nextron-systems.com
blog.securityonion.net
isc.sans.edu
www.darkreading.com
threatpost.com
translate.google.com
wordpress.org
automattic.com

Subject Issuer	Validity	Valid
www.wilbursecurity.com Let's Encrypt Authority X3	`2020-09-12` - `2020-12-11`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
platform.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-13` - `2021-08-18`	a year	crt.sh
*.pinterest.com DigiCert SHA2 High Assurance Server CA	`2020-07-16` - `2021-08-04`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-09-11` - `2020-12-10`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2019-11-12` - `2020-11-18`	a year	crt.sh
pbs.twimg.com DigiCert SHA2 High Assurance Server CA	`2020-08-05` - `2021-08-10`	a year	crt.sh
syndication.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Frame ID: 7CFE4E99047C8F1EC4955350B61FAA7C
Requests: 93 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fwww.wilbursecurity.com
Frame ID: 56067B1250BA7CF249FFF2AC07C7D414
Requests: 1 HTTP requests in this frame

Frame: https://translate.googleapis.com/translate_a/l?client=te&alpha=true&hl=en&cb=callback
Frame ID: 6A79AA3E6CD954DAD6FED407666E0DFD
Requests: 1 HTTP requests in this frame

Frame: https://abs.twimg.com/emoji/v2/72x72/27a1.png
Frame ID: F19857542CAB0760653804B20DC40158
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

Page Statistics

107
Requests

100 %
HTTPS

63 %
IPv6

11
Domains

21
Subdomains

20
IPs

5
Countries

1308 kB
Transfer

2143 kB
Size

3
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cobaltstrike.com/
Title: Cobalt

Search URL Search Domain Scan URL

URL: https://github.com/BloodHoundAD/BloodHound
Title: Bloodhound

Search URL Search Domain Scan URL

URL: https://github.com/PowerShellEmpire/PowerTools/blob/master/PowerView/powerview.ps1
Title: PowerView

Search URL Search Domain Scan URL

URL: https://www.softperfect.com/products/networkscanner/
Title: Network

Search URL Search Domain Scan URL

URL: https://app.any.run/tasks/523cb3cc-e142-4ab3-9d55-02b1e42065fb/
Title: Any.

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/ryuk-ransomware-uses-wake-on-lan-to-encrypt-offline-devices/
Title: BleepingComputer

Search URL Search Domain Scan URL

URL: https://www.nextron-systems.com/thor/
Title: THOR

Search URL Search Domain Scan URL

URL: https://blog.securityonion.net/2020/02/security-onion-hybrid-hunter-114-alpha.html
Title: Hybrid

Search URL Search Domain Scan URL

URL: https://isc.sans.edu/podcastdetail.html?id=7182
Title: ISC StormCast for Friday, September 25th 2020

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/endpoint/malware-attacks-declined-but-became-more-evasive-in-q2/d/d-id/1339010?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Title: Malware Attacks Declined But Became More Evasive in Q2

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/endpoint/bluetooth-security-weaknesses-pile-up-while-patching-remains-problematic/d/d-id/1339009?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Title: Bluetooth Security Weaknesses Pile Up, While Patching Remains Problematic

Search URL Search Domain Scan URL

URL: https://threatpost.com/feds-cyberattack-data-stolen/159541/
Title: Feds Hit with Successful Cyberattack, Data Stolen

Search URL Search Domain Scan URL

URL: https://threatpost.com/cisco-patches-bugs/159537/
Title: Cisco Patch-Palooza Tackles 29 High-Severity Bugs

Search URL Search Domain Scan URL

URL: https://translate.google.com/
Title: Translate

Search URL Search Domain Scan URL

URL: https://wordpress.org/
Title: Proudly powered by WordPress

Search URL Search Domain Scan URL

URL: https://automattic.com/cookies/
Title: Cookie Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

107 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/ 63 KB
15 KB 512ms
106ms Document
text/html 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-echo.lightfoot.dreamhost.com
Software: Apache /
Resource Hash: 61dbda64b10c49048c77822b2d8a3889f37f04312bda955fb5790f217213dd20

Request headers

:method: GET
:authority: www.wilbursecurity.com
:scheme: https
:path: /2020/03/trickbot-to-ryuk-in-two-hours/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 25 Sep 2020 14:50:05 GMT
server: Apache
last-modified: Fri, 25 Sep 2020 09:49:44 GMT
accept-ranges: bytes
cache-control: max-age=0, no-cache, no-store, must-revalidate
expires: Mon, 29 Oct 1923 20:30:00 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
pragma: no-cache
content-length: 14794
content-type: text/html; charset=UTF-8

GET
H2 200 style.min.css
c0.wp.com/c/5.4.1/wp-includes/css/dist/block-library/ 52 KB
7 KB 55ms
16ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.4.1/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Fri, 25 Sep 2020 14:50:05 GMT
content-encoding: br
last-modified: Fri, 24 Apr 2020 15:32:14 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Sat, 25 Sep 2021 14:50:05 GMT

GET
H2 200 t206.css
www.wilbursecurity.com/wp-content/cache/wpfc-minified/7mnzed7t/ 221 B
215 B 115ms
111ms Stylesheet
text/css 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/wp-content/cache/wpfc-minified/7mnzed7t/t206.css
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-echo.lightfoot.dreamhost.com
Software: Apache /
Resource Hash: 074d9505d547acdfced56ba7203b153958881abceb7a19326029f652acb75191

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:05 GMT
content-encoding: gzip
last-modified: Mon, 14 Oct 2019 21:51:52 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 152
expires: max-age=A10368000, public

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 19ms
15ms Stylesheet
text/css 2a00:1450:4001:818::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bce7e6ccc4f424a29134870522e46cdce28380e76c47f2e9be120420ffefc770

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Sep 2020 14:50:05 GMT
server: ESF
date: Fri, 25 Sep 2020 14:50:05 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Sep 2020 14:50:05 GMT

GET
H2 200 t206.css
www.wilbursecurity.com/wp-content/cache/wpfc-minified/11wcdpr8/ 178 KB
32 KB 118ms
114ms Stylesheet
text/css 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/wp-content/cache/wpfc-minified/11wcdpr8/t206.css
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-echo.lightfoot.dreamhost.com
Software: Apache /
Resource Hash: 61ec18d12af867de75f52b44caa758df62f068d14e72d629aabc6abef47dc1a2

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:05 GMT
content-encoding: gzip
last-modified: Mon, 14 Oct 2019 21:51:52 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
expires: max-age=A10368000, public

GET
H2 200 social-logos.min.css
c0.wp.com/p/jetpack/8.9.1/_inc/social-logos/ 12 KB
8 KB 54ms
16ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.1/_inc/social-logos/social-logos.min.css

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b958e0f47861dde13a175cc69494bdb54f08e2b5e78cecf6abd16470d2085257

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Fri, 25 Sep 2020 14:50:05 GMT
content-encoding: br
last-modified: Tue, 30 Jun 2020 14:24:10 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Sat, 25 Sep 2021 14:50:05 GMT

GET
H2 200 jetpack.css
c0.wp.com/p/jetpack/8.9.1/css/ 75 KB
13 KB 54ms
16ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.1/css/jetpack.css

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7772a9cc35fc902c0cccb8871670ec3e45e4695e1bc6941aee1c24db3de8c544

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Fri, 25 Sep 2020 14:50:05 GMT
content-encoding: br
last-modified: Tue, 25 Aug 2020 15:45:57 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Sat, 25 Sep 2021 14:50:05 GMT

GET
H2 200 jquery.js Show response
c0.wp.com/c/5.4.1/wp-includes/js/jquery/ 95 KB
32 KB 54ms
17ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.4.1/wp-includes/js/jquery/jquery.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Fri, 25 Sep 2020 14:50:05 GMT
content-encoding: br
last-modified: Fri, 17 May 2019 04:25:54 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Sat, 25 Sep 2021 14:50:05 GMT

GET
H2 200 jquery-migrate.min.js Show response
c0.wp.com/c/5.4.1/wp-includes/js/jquery/ 10 KB
4 KB 81ms
44ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.4.1/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Fri, 25 Sep 2020 14:50:05 GMT
content-encoding: br
last-modified: Fri, 20 May 2016 06:11:28 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Sat, 25 Sep 2021 14:50:05 GMT

GET
H2 200 related-posts.min.js Show response
c0.wp.com/p/jetpack/8.9.1/_inc/build/related-posts/ 5 KB
2 KB 81ms
44ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.1/_inc/build/related-posts/related-posts.min.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

4ccbe8989c9dcf22fea4349de935ed95c990027c283043b11ebd695838c129ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Fri, 25 Sep 2020 14:50:05 GMT
content-encoding: br
last-modified: Tue, 16 Jun 2020 16:13:55 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Sat, 25 Sep 2021 14:50:05 GMT

GET
H2 200 a4vtg.js Show response
www.wilbursecurity.com/wp-content/cache/wpfc-minified/20jgfx18/ 33 KB
8 KB 113ms
111ms Script
application/javascript 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/wp-content/cache/wpfc-minified/20jgfx18/a4vtg.js
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-echo.lightfoot.dreamhost.com
Software: Apache /
Resource Hash: b87a07305e3046dcd2d196cd48f602bbe094b1cd379c597ababa32ec1ba93933

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:05 GMT
content-encoding: gzip
last-modified: Thu, 13 Feb 2020 04:26:50 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 8180
expires: max-age=A10368000, public

GET
H2 200 e4tmg.js Show response
www.wilbursecurity.com/wp-content/cache/wpfc-minified/78k5eka2/ 16 KB
5 KB 112ms
110ms Script
application/javascript 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/wp-content/cache/wpfc-minified/78k5eka2/e4tmg.js
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-echo.lightfoot.dreamhost.com
Software: Apache /
Resource Hash: 331e60bff1c713f97346dbbee71648a91279368336d790832117cae98aab2abd

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:05 GMT
content-encoding: gzip
last-modified: Thu, 19 Dec 2019 20:38:40 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 4551
expires: max-age=A10368000, public

GET
H2 200 image-80.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 11 KB
11 KB 69ms
17ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-80.png?w=789&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

add5eb59303fea3c3fb7d7a61af708a69a40970e9705638c435c209e05e6e4f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 8
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
x-bytes-saved: 3610
last-modified: Thu, 26 Mar 2020 13:06:30 GMT
server: nginx
etag: "a78338e25ac33d13"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-80.png>; rel="canonical"
content-length: 11316
expires: Sun, 27 Mar 2022 01:06:30 GMT

GET
H2 200 image-62.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 10 KB
11 KB 68ms
17ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-62.png?w=650&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

fa1c10d7420378cfedeb67e92691c69e931c9102d6c6d18397b6a819fac25ba9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 6
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:49:00 GMT
server: nginx
etag: "0970ae7bbf2e49f8"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-62.png>; rel="canonical"
content-length: 10634
expires: Fri, 26 Aug 2022 21:49:00 GMT

GET
H2 200 image-63.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 23 KB
23 KB 81ms
30ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-63.png?w=628&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

187e39245a3c86e96970ba6171633923aa9d5638087911f343de048f01ab04dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:48:59 GMT
server: nginx
etag: "a675ea37db33d00b"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-63.png>; rel="canonical"
content-length: 23750
expires: Fri, 26 Aug 2022 21:48:59 GMT

GET
H2 200 image-53.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 15 KB
15 KB 81ms
30ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-53.png?w=590&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

e2c0c0d87243456dfdccd8f70bd58504ada2f6b0e9adcd6fc6a7253b9081f996

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:48:59 GMT
server: nginx
etag: "51e9f2bb4073c7ef"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-53.png>; rel="canonical"
content-length: 14850
expires: Fri, 26 Aug 2022 21:48:59 GMT

GET
H2 200 image-54.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 21 KB
21 KB 70ms
19ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-54.png?w=695&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

c32d7b5d245ae2494611dac3b378b953701290ef1b76d6fc5b0de25ac21f9822

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 3
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Mon, 06 Jul 2020 00:50:53 GMT
server: nginx
etag: "39710489e6b58435"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-54.png>; rel="canonical"
content-length: 21052
expires: Wed, 06 Jul 2022 12:50:53 GMT

GET
H2 200 image-61.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 7 KB
7 KB 82ms
32ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-61.png?w=456&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

719e13467f05af042eda62369ba7ef833003f971b7debedb34fbd6a940f0f5d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 4
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:49:00 GMT
server: nginx
etag: "d01dff5fcd3b3644"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-61.png>; rel="canonical"
content-length: 7240
expires: Fri, 26 Aug 2022 21:49:00 GMT

GET
H2 200 image-79.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 12 KB
12 KB 86ms
36ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-79.png?w=563&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

bf012c0d69f7eeba64c3397070d90ff114fd2c969a5bda2fbba9314407224513

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 8
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 04:06:12 GMT
server: nginx
etag: "579da2e3d908e39f"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-79.png>; rel="canonical"
content-length: 12254
expires: Thu, 15 Sep 2022 16:06:12 GMT

GET
H2 200 image-57.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 4 KB
4 KB 81ms
31ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-57.png?w=330&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

ddbbbcfcf1dbb7576fa7ac53b790c2c19dae7b675e380447abbdf5080b3ac2cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 8
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 04:06:12 GMT
server: nginx
etag: "4a8164b02f9d0921"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-57.png>; rel="canonical"
content-length: 3948
expires: Thu, 15 Sep 2022 16:06:12 GMT

GET
H2 200 image-65.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 21 KB
21 KB 80ms
31ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-65.png?resize=1024%2C225&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

0f58eb0040fcec56911194841b95add9d1e01fd1cef585094cbedf4fdaacd548

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 8
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Sat, 19 Sep 2020 08:35:30 GMT
server: nginx
etag: "55df7cd49e90f663"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-65.png>; rel="canonical"
content-length: 21756
expires: Mon, 19 Sep 2022 20:35:30 GMT

GET
H2 200 image-66.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 20 KB
20 KB 39ms
35ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-66.png?resize=1024%2C239&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

2eda83496dffe9e0fa726cfec4815eaecb3f9f33fbb32765a6562cd200b1338f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 3
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Sat, 19 Sep 2020 08:35:30 GMT
server: nginx
etag: "9455cd71e12b2cf5"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-66.png>; rel="canonical"
content-length: 20206
expires: Mon, 19 Sep 2022 20:35:30 GMT

GET
H2 200 image-42.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 20 KB
20 KB 33ms
30ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-42.png?w=958&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

e192d4b4f756364d295e9b1dde091162bb9a941cec817e682f6cb4f91963707c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 4
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:48:59 GMT
server: nginx
etag: "0c4fba0c54a7f558"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-42.png>; rel="canonical"
content-length: 20494
expires: Fri, 26 Aug 2022 21:48:59 GMT

GET
H2 200 image-58.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 5 KB
5 KB 40ms
37ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-58.png?w=575&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

1cc0086d781a52a58ad99cf444aeed54d6ba81340bb10588c95219a686e971c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 4
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:48:59 GMT
server: nginx
etag: "9eb8517978f9216b"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-58.png>; rel="canonical"
content-length: 4744
expires: Fri, 26 Aug 2022 21:48:59 GMT

GET
H2 200 image-67.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 11 KB
11 KB 40ms
38ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-67.png?w=646&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

d6860b3cb9f75ac276b81d9623c79d534ba8a16f5cd5bcd6a81256a5d560a37f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 7
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 04:06:12 GMT
server: nginx
etag: "5efe816b54d7bb6a"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-67.png>; rel="canonical"
content-length: 11132
expires: Thu, 15 Sep 2022 16:06:12 GMT

GET
H2 200 image-32.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 7 KB
7 KB 36ms
34ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-32.png?w=459&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

66fb44be51b1166c0186fddff51ba962fb08b6204132cfc93c53f1eac4e487ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 7
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 04:06:12 GMT
server: nginx
etag: "79cd8b06e63b3f4a"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-32.png>; rel="canonical"
content-length: 7032
expires: Thu, 15 Sep 2022 16:06:12 GMT

GET
H2 200 image-74.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 17 KB
17 KB 47ms
44ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-74.png?w=469&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

756be0754e2fb03baa7557172087b0c9a44a3104c699f4f5ec3337d06cd797ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 6
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:48:59 GMT
server: nginx
etag: "dd1bdd6816517320"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-74.png>; rel="canonical"
content-length: 17704
expires: Fri, 26 Aug 2022 21:48:59 GMT

GET
H2 200 image-25.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 52 KB
52 KB 48ms
45ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-25.png?w=960&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

c497ec0a19e8f62deaecdc2c66ba9c92441f6e9ee7e7ced334a51964cd846490

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 4
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:48:59 GMT
server: nginx
etag: "f24ec69378a51f00"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-25.png>; rel="canonical"
content-length: 52812
expires: Fri, 26 Aug 2022 21:48:59 GMT

GET
H2 200 image-59.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 9 KB
9 KB 43ms
40ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-59.png?w=632&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

499ed3388d2e613c4580a284caff1798e27afc1bd66b6d3c7786ea10aaf80e66

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 4
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:48:59 GMT
server: nginx
etag: "7b1d88fa6f919244"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-59.png>; rel="canonical"
content-length: 9290
expires: Fri, 26 Aug 2022 21:48:59 GMT

GET
H2 200 image-33.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 16 KB
16 KB 42ms
40ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-33.png?resize=1024%2C286&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

c6949f127174417a8b084a4dda9beadd19bf9743bd6a74bc06427d826d0a44af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 5
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Sat, 19 Sep 2020 08:35:30 GMT
server: nginx
etag: "15e1d051ab9bbc82"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-33.png>; rel="canonical"
content-length: 16666
expires: Mon, 19 Sep 2022 20:35:30 GMT

GET
H2 200 image-75.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 21 KB
21 KB 43ms
40ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-75.png?w=987&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

435f59b3220dca8b245fc1cf566facd7004a03899f94a6dd8aa23c1108f4a4da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 5
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:48:59 GMT
server: nginx
etag: "1a073bb0f90c0324"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-75.png>; rel="canonical"
content-length: 21456
expires: Fri, 26 Aug 2022 21:48:59 GMT

GET
H2 200 image-76.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 14 KB
14 KB 50ms
47ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-76.png?w=929&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

9dae7ccfcb056fae430801afdb39049ffd3c7785bd5fd185ef301b323074e60c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 4
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:48:59 GMT
server: nginx
etag: "9f8628c60b088a4c"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-76.png>; rel="canonical"
content-length: 14440
expires: Fri, 26 Aug 2022 21:48:59 GMT

GET
H2 200 image-30.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 10 KB
10 KB 47ms
45ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-30.png?w=959&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

817f371f57f95d4b51c382a8e5d2936dcd1e1a9814f76484c36fd1f9b5aafd78

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:48:59 GMT
server: nginx
etag: "54b93279ac430a8d"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-30.png>; rel="canonical"
content-length: 10134
expires: Fri, 26 Aug 2022 21:48:59 GMT

GET
H2 200 image-36.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 33 KB
33 KB 54ms
51ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-36.png?w=961&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

b3b3ae1a7774783c0139859aaf462d13f9fd414c882992adf23d1784064e82b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 6
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:48:59 GMT
server: nginx
etag: "27c16e4cc9cdc0ef"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-36.png>; rel="canonical"
content-length: 33596
expires: Fri, 26 Aug 2022 21:48:59 GMT

GET
H2 200 image-78.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 59 KB
59 KB 48ms
45ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-78.png?resize=1024%2C518&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

96111f6970a401fb9f4a097432fe512662e6645bfda12ae2a10eb86ade3cebdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 4
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Sat, 19 Sep 2020 08:35:31 GMT
server: nginx
etag: "d50680b8e6f0d1ba"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-78.png>; rel="canonical"
content-length: 60416
expires: Mon, 19 Sep 2022 20:35:31 GMT

GET
H2 200 image-77.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 17 KB
17 KB 58ms
56ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-77.png?w=959&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

a6fef21fa8ce8ebe9fc9e3f5d85d59f12788b6429924501cce62b030114e0efe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 4
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:48:59 GMT
server: nginx
etag: "b5559af2725a0ca2"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-77.png>; rel="canonical"
content-length: 17252
expires: Fri, 26 Aug 2022 21:48:59 GMT

GET
H2 200 image-71.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 21 KB
21 KB 55ms
53ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-71.png?w=546&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

bf25b1c0841d68cc55e738f52338cb8421a9dc23385bea5be5323b6132c32e0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 3
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:48:59 GMT
server: nginx
etag: "ff5f88dc02642518"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-71.png>; rel="canonical"
content-length: 21014
expires: Fri, 26 Aug 2022 21:48:59 GMT

GET
H2 200 image-37.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 31 KB
32 KB 55ms
53ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-37.png?w=969&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

3d31bf3ea6202a94a5ce4babcb3e3b62f0aab7ebd60c41e27e1d58d71bdcb22f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 3
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:48:59 GMT
server: nginx
etag: "3ffa4923757e4420"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-37.png>; rel="canonical"
content-length: 32214
expires: Fri, 26 Aug 2022 21:48:59 GMT

GET
H2 200 image-51.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 19 KB
19 KB 63ms
61ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-51.png?resize=1024%2C508&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

89a5dbccf9b44f6ae9155f1acd91c447c4436f213419904766f6fdf805304ef7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 6
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 21:52:17 GMT
server: nginx
etag: "ba067e4e0d81632f"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-51.png>; rel="canonical"
content-length: 19690
expires: Fri, 16 Sep 2022 09:52:17 GMT

GET
H2 200 image-52.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 16 KB
16 KB 56ms
53ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-52.png?w=686&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

35b197a1318a08df4387aaa6aea34c9bf20caf6277e0ecb99c674b1941689686

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:49:00 GMT
server: nginx
etag: "35ae3a0ad5cd0857"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-52.png>; rel="canonical"
content-length: 16380
expires: Fri, 26 Aug 2022 21:49:00 GMT

GET
H2 200 image-49.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 6 KB
7 KB 64ms
62ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-49.png?w=790&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

b8b21d64cedfcc4b4fe329ffff14d84fe013c3e60c94bb0b207297eab92c3ec2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:48:59 GMT
server: nginx
etag: "fb9caf460507a33e"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-49.png>; rel="canonical"
content-length: 6644
expires: Fri, 26 Aug 2022 21:48:59 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 8ms
5ms Script
text/javascript 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 985
date: Fri, 25 Sep 2020 14:33:41 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Fri, 25 Sep 2020 16:33:41 GMT

GET
H2 200 image-34.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 16 KB
17 KB 44ms
41ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-34.png?w=961&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

fdbaf94b01146585fb9ac33b74b5c0252e507bd764e2d4031adb5789ed9d3482

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 8
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 04:06:12 GMT
server: nginx
etag: "9041076be5761558"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-34.png>; rel="canonical"
content-length: 16762
expires: Thu, 15 Sep 2022 16:06:12 GMT

GET
H2 200 image-27.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 44 KB
44 KB 45ms
43ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-27.png?w=794&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

a4f5a5499c3740d4c4e410f5dc3286df0619ee505d8948d152f125a1b207c1b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:48:59 GMT
server: nginx
etag: "bae278c98ef061af"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-27.png>; rel="canonical"
content-length: 45064
expires: Fri, 26 Aug 2022 21:48:59 GMT

GET
H2 200 image-64.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 49 KB
49 KB 46ms
44ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-64.png?w=610&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

e6762756464b430b5beb4c09a68a42e86b46eeb12a6cc1bf317ff8d9c2f835fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 4
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:48:59 GMT
server: nginx
etag: "2762fcb80ed65a76"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-64.png>; rel="canonical"
content-length: 50330
expires: Fri, 26 Aug 2022 21:48:59 GMT

GET
H2 200 image-72.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 25 KB
25 KB 47ms
44ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-72.png?w=748&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

bb43086ea481d9d9f90c3de6c07a9f783d68f949756de947f8d4d3858e896b44

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 5
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:49:00 GMT
server: nginx
etag: "bcf97a91e0873f5c"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-72.png>; rel="canonical"
content-length: 25196
expires: Fri, 26 Aug 2022 21:49:00 GMT

GET
H2 200 image-73.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 26 KB
26 KB 40ms
38ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-73.png?w=893&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

c588d8b896350d2ae2c740ac622ee3b3a0b2e3093167765e5b0f5fd1f1919b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 4
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:48:59 GMT
server: nginx
etag: "411d88679114cef0"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-73.png>; rel="canonical"
content-length: 26962
expires: Fri, 26 Aug 2022 21:48:59 GMT

GET
H2 200 loading.gif
www.wilbursecurity.com/wp-content/plugins/jetpack/modules/sharedaddy/images/ 2 KB
3 KB 114ms
111ms Image
image/gif 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.wilbursecurity.com/wp-content/plugins/jetpack/modules/sharedaddy/images/loading.gif
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-echo.lightfoot.dreamhost.com
Software: Apache /
Resource Hash: 3fa54e29f88aee644eaaac38e11681ea07858eb1ea76b1baae12597aae83fe82

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:06 GMT
last-modified: Wed, 16 Sep 2020 15:22:10 GMT
server: Apache
vary: User-Agent
content-type: image/gif
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 2530
expires: max-age=A10368000, public

GET
H2 200 t206.css
www.wilbursecurity.com/wp-content/cache/wpfc-minified/eiwwd4xx/ 7 KB
1 KB 104ms
104ms Stylesheet
text/css 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/wp-content/cache/wpfc-minified/eiwwd4xx/t206.css
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-echo.lightfoot.dreamhost.com
Software: Apache /
Resource Hash: 1c191a205bd2db2da719f7ed027c511dcba9f678be912f2178b989cbaedafde8

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:06 GMT
content-encoding: gzip
last-modified: Mon, 14 Oct 2019 21:51:52 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 1410
expires: max-age=A10368000, public

GET
H2 200 photon.min.js Show response
c0.wp.com/p/jetpack/8.9.1/_inc/build/photon/ 758 B
468 B 16ms
16ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.1/_inc/build/photon/photon.min.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Fri, 25 Sep 2020 14:50:06 GMT
content-encoding: br
last-modified: Tue, 31 Mar 2020 17:26:38 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Sat, 25 Sep 2021 14:50:06 GMT

GET
H2 200 skip-link-focus-fix.js Show response
www.wilbursecurity.com/wp-content/themes/thesimplest/assets/js/ 1 KB
642 B 123ms
111ms Script
application/javascript 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/wp-content/themes/thesimplest/assets/js/skip-link-focus-fix.js?ver=1.0
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-echo.lightfoot.dreamhost.com
Software: Apache /
Resource Hash: 0e73b6b648c5083d05a0fb212f636878a447987e1dc5c575dbba15c57d324fcc

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:06 GMT
content-encoding: gzip
last-modified: Sun, 13 Oct 2019 21:16:21 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 608
expires: max-age=A10368000, public

GET
H2 200 bootstrap.min.js Show response
www.wilbursecurity.com/wp-content/themes/thesimplest/assets/js/ 36 KB
10 KB 118ms
107ms Script
application/javascript 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/wp-content/themes/thesimplest/assets/js/bootstrap.min.js?ver=3.3.7
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-echo.lightfoot.dreamhost.com
Software: Apache /
Resource Hash: 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:06 GMT
content-encoding: gzip
last-modified: Sun, 13 Oct 2019 21:16:21 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 9984
expires: max-age=A10368000, public

GET
H2 200 comment-reply.min.js Show response
c0.wp.com/c/5.4.1/wp-includes/js/ 2 KB
1 KB 28ms
17ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.4.1/wp-includes/js/comment-reply.min.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

a37ca4608218cccdfb8b6d4edbdfbf375d0e1368b46397e3b7049e0cbf5bc1f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Fri, 25 Sep 2020 14:50:06 GMT
content-encoding: br
last-modified: Mon, 11 Nov 2019 11:51:03 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Sat, 25 Sep 2021 14:50:06 GMT

GET
H2 200 main.js Show response
www.wilbursecurity.com/wp-content/themes/thesimplest/assets/js/ 10 KB
3 KB 121ms
109ms Script
application/javascript 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/wp-content/themes/thesimplest/assets/js/main.js?ver=1.0
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-echo.lightfoot.dreamhost.com
Software: Apache /
Resource Hash: 608c34a8a593eb8567534306f313bece8e821a39c98b48347b6eefd94c46d54d

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:06 GMT
content-encoding: gzip
last-modified: Sun, 13 Oct 2019 21:16:21 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 2900
expires: max-age=A10368000, public

GET
H2 200 eu-cookie-law.min.js Show response
c0.wp.com/p/jetpack/8.9.1/_inc/build/widgets/eu-cookie-law/ 2 KB
664 B 28ms
18ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.1/_inc/build/widgets/eu-cookie-law/eu-cookie-law.min.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

a9fc4241b0f617049217dd892f1d15f430abf06aded7496bc415e99debdc0064

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Fri, 25 Sep 2020 14:50:06 GMT
content-encoding: br
last-modified: Tue, 25 Aug 2020 15:45:57 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Sat, 25 Sep 2021 14:50:06 GMT

GET
H2 200 twitter-timeline.min.js Show response
c0.wp.com/p/jetpack/8.9.1/_inc/build/ 331 B
392 B 28ms
18ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.1/_inc/build/twitter-timeline.min.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

291b553dee180f838e513bf2580c9af27f8312320581e3c91029a7c4d5eb2fbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Fri, 25 Sep 2020 14:50:06 GMT
last-modified: Tue, 27 Aug 2019 13:22:22 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: application/javascript
status: 200
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 331
expires: Sat, 25 Sep 2021 14:50:06 GMT

GET
H2 200 wp-embed.min.js Show response
c0.wp.com/c/5.4.1/wp-includes/js/ 1 KB
721 B 28ms
18ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.4.1/wp-includes/js/wp-embed.min.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Fri, 25 Sep 2020 14:50:06 GMT
content-encoding: br
last-modified: Sat, 26 Oct 2019 00:17:07 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Sat, 25 Sep 2021 14:50:06 GMT

GET
H2 200 google-translate.min.js Show response
c0.wp.com/p/jetpack/8.9.1/_inc/build/widgets/google-translate/ 698 B
362 B 29ms
19ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.1/_inc/build/widgets/google-translate/google-translate.min.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7d77dc8356ba07b55aa9a004458bebc2e4b8d4a96f5dee404e796dfdb2d1c67f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Fri, 25 Sep 2020 14:50:06 GMT
content-encoding: br
last-modified: Wed, 01 May 2019 01:21:49 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Sat, 25 Sep 2021 14:50:06 GMT

GET
H2 200 element.js Show response
translate.google.com/translate_a/ 2 KB
1 KB 48ms
15ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit&ver=5.4.1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

07e529a43c0807feb2a4a21695b60f985d7b0d90a4f5147d15918b7136215117

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 14:50:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: HTTP server (unknown)
content-language: en
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 797
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sharing.min.js Show response
c0.wp.com/p/jetpack/8.9.1/_inc/build/sharedaddy/ 8 KB
2 KB 28ms
19ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.1/_inc/build/sharedaddy/sharing.min.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

1e99034e4b75a1fb7ba372a3a950fa19ff4688d8561479b1a34dfcbde83ff3d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Fri, 25 Sep 2020 14:50:06 GMT
content-encoding: br
last-modified: Tue, 27 Aug 2019 13:22:22 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Sat, 25 Sep 2021 14:50:06 GMT

GET
H2 200 e-202039.js Show response
stats.wp.com/ 9 KB
3 KB 50ms
16ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202039.js
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:06 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
expires: Sun, 19 Sep 2021 23:22:39 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFd2JQEk.woff2
fonts.gstatic.com/s/poppins/v13/ 8 KB
8 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v13/pxiByp8kv8JHgFVrLGT9Z1xlFd2JQEk.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.wilbursecurity.com
Referer: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 22 Sep 2020 18:26:06 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:08:52 GMT
server: sffe
age: 246240
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7776
x-xss-protection: 0
expires: Wed, 22 Sep 2021 18:26:06 GMT

GET
H3-Q050 200 pxiByp8kv8JHgFVrLCz7Z1xlFd2JQEk.woff2
fonts.gstatic.com/s/poppins/v13/ 8 KB
8 KB 13ms
6ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v13/pxiByp8kv8JHgFVrLCz7Z1xlFd2JQEk.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.wilbursecurity.com
Referer: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 22 Sep 2020 18:26:06 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:13 GMT
server: sffe
age: 246240
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7832
x-xss-protection: 0
expires: Wed, 22 Sep 2021 18:26:06 GMT

GET
H2 200 fontawesome-webfont.woff2
www.wilbursecurity.com/wp-content/themes/thesimplest/assets/fonts/ 75 KB
76 KB 110ms
102ms Font
application/font-woff2 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/wp-content/themes/thesimplest/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/wp-content/cache/wpfc-minified/11wcdpr8/t206.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-echo.lightfoot.dreamhost.com
Software: Apache /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Origin: https://www.wilbursecurity.com
Referer: https://www.wilbursecurity.com/wp-content/cache/wpfc-minified/11wcdpr8/t206.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:06 GMT
last-modified: Sun, 13 Oct 2019 21:16:21 GMT
server: Apache
vary: User-Agent,Accept-Encoding
content-type: application/font-woff2
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 77160
expires: max-age=A10368000, public

GET
H3-Q050 200 pxiByp8kv8JHgFVrLDD4Z1xlFd2JQEk.woff2
fonts.gstatic.com/s/poppins/v13/ 8 KB
8 KB 13ms
7ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v13/pxiByp8kv8JHgFVrLDD4Z1xlFd2JQEk.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e28d860a51754d183f6f97432fd94046cd31afb7ce65c8ea179b0ff63b3d84fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.wilbursecurity.com
Referer: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 22 Sep 2020 18:39:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:20 GMT
server: sffe
age: 245415
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7844
x-xss-protection: 0
expires: Wed, 22 Sep 2021 18:39:51 GMT

GET
H3-Q050 200 pxiByp8kv8JHgFVrLEj6Z1xlFd2JQEk.woff2
fonts.gstatic.com/s/poppins/v13/ 8 KB
8 KB 16ms
9ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v13/pxiByp8kv8JHgFVrLEj6Z1xlFd2JQEk.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.wilbursecurity.com
Referer: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 22 Sep 2020 18:34:59 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:00 GMT
server: sffe
age: 245707
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7988
x-xss-protection: 0
expires: Wed, 22 Sep 2021 18:34:59 GMT

GET
H3-Q050 200 EJRVQgYoZZY2vCFuvAFWzr-_dSb_.woff2
fonts.gstatic.com/s/ptserif/v12/ 13 KB
13 KB 13ms
10ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptserif/v12/EJRVQgYoZZY2vCFuvAFWzr-_dSb_.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d6cd55572e8be7aa03c122e0ef98bf72d91a2caa2dddfe3c7c5b50f67d2bd07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.wilbursecurity.com
Referer: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 17:30:10 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:05:28 GMT
server: sffe
age: 76796
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13280
x-xss-protection: 0
expires: Fri, 24 Sep 2021 17:30:10 GMT

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c

Request headers

Origin: https://www.wilbursecurity.com
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3-Q050 200 pxiEyp8kv8JHgFVrJJfecnFHGPc.woff2
fonts.gstatic.com/s/poppins/v13/ 8 KB
8 KB 16ms
13ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v13/pxiEyp8kv8JHgFVrJJfecnFHGPc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.wilbursecurity.com
Referer: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 22 Sep 2020 18:24:36 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:01 GMT
server: sffe
age: 246330
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7900
x-xss-protection: 0
expires: Wed, 22 Sep 2021 18:24:36 GMT

GET
H3-Q050 200 EJRSQgYoZZY2vCFuvAnt66qSVyvVp8NA.woff2
fonts.gstatic.com/s/ptserif/v12/ 13 KB
13 KB 16ms
13ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptserif/v12/EJRSQgYoZZY2vCFuvAnt66qSVyvVp8NA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a75a7bf10f415b7c91f0b959177f3f1779e78cbf735601e41fb982c2b1cf4be2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.wilbursecurity.com
Referer: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 17:30:10 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:06:26 GMT
server: sffe
age: 76796
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13372
x-xss-protection: 0
expires: Fri, 24 Sep 2021 17:30:10 GMT

GET
H2 200 widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 72ms
23ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: c0.wp.com
URL: https://c0.wp.com/p/jetpack/8.9.1/_inc/build/twitter-timeline.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:06 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 28881
x-served-by: cache-bwi5146-BWI, cache-hhn4031-HHN
last-modified: Tue, 01 Sep 2020 20:40:54 GMT
etag: "a58136137a93f33c1d165df7d4d973f8+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1800
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 translateelement.css
translate.googleapis.com/translate_static/css/ 18 KB
4 KB 26ms
5ms Stylesheet
text/css 2a00:1450:4001:815::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_static/css/translateelement.css

Requested by

Host: translate.google.com
URL: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit&ver=5.4.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6149f95c1ebdde5391898e22a79821a810336f6bd74318291b4f49f23fbf0fa8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:44:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 360
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3619
x-xss-protection: 0
last-modified: Wed, 12 Feb 2020 21:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Fri, 25 Sep 2020 15:44:06 GMT

GET
H2 200 main.js Show response
translate.googleapis.com/translate_static/js/element/ 3 KB
2 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:815::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_static/js/element/main.js

Requested by

Host: translate.google.com
URL: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit&ver=5.4.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4174af2a69329fd7bfbfb06dd5f2ea7b082b7d47ebb1bd6a36fe9035d2a41e92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:52:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3469
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1593
x-xss-protection: 0
last-modified: Thu, 14 May 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Fri, 25 Sep 2020 14:52:17 GMT

GET
H2 200 / Show response
www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/ 2 KB
2 KB 2677ms
2676ms XHR
application/json 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/?relatedposts=1

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/c/5.4.1/wp-includes/js/jquery/jquery.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),

Reverse DNS

apache2-echo.lightfoot.dreamhost.com

Software

Apache /

Resource Hash

d4a0eb0c8e49f00f3dcdc781f799ced4ec731de1d3dfc095071dbf464b5b33cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
server: Apache
x-pingback: https://www.wilbursecurity.com/xmlrpc.php
content-type: application/json; charset=utf-8
status: 200
cache-control: max-age=172800
vary: User-Agent
expires: Sun, 27 Sep 2020 14:50:06 GMT

GET
H2 200 count.json Show response
api.pinterest.com/v1/urls/ 126 B
353 B 143ms
106ms Script
application/javascript 151.101.36.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://api.pinterest.com/v1/urls/count.json?callback=WPCOMSharing.update_pinterest_count&url=https%3A%2F%2Fwww.wilbursecurity.com%2F2020%2F03%2Ftrickbot-to-ryuk-in-two-hours%2F&_=1601045406132

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/c/5.4.1/wp-includes/js/jquery/jquery.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.36.84 Amsterdam, Netherlands, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ca7cfd0b774e18387fc778c21187ebc681df4d3ae55efcf8dc094d593850b576

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
x-cdn: fastly
age: 0
status: 200
content-type: application/javascript
access-control-allow-origin: *
cache-control: private
x-envoy-upstream-service-time: 1
x-pinterest-rid: 5748656643445311
content-length: 126
expires: Fri, 25 Sep 2020 15:05:06 GMT

GET
H2 200 / Show response
graph.facebook.com/ 244 B
632 B 42ms
28ms Script
text/javascript 2a03:2880:f02d:e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fwww.wilbursecurity.com%2F2020%2F03%2Ftrickbot-to-ryuk-in-two-hours%2F&_=1601045406133

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/c/5.4.1/wp-includes/js/jquery/jquery.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b2e9f3a0a564fb015e791b2d56d08b6f8133984b78c88e1cfac72f071957e49f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
status: 200
x-fb-rev: 1002724411
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 185
pragma: no-cache
x-fb-debug: dDIHU5XYLM9zR4LraoFP1uNTRIkVZOJEf287OTo0qpZzlhDcAH5F4Saua/jncTCkRSBV3N+OlwIwIu9NpfDuOA==
x-fb-trace-id: CUrX0IyMP9g
date: Fri, 25 Sep 2020 14:50:06 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AZTk29G0kLhAggu_VzVzSQ6
cache-control: no-store
facebook-api-version: v3.1
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
92 B 19ms
17ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=pinterest&r=0.022058325449768823
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 25 Sep 2020 14:50:06 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
74 B 19ms
18ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.7996912079621701
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 25 Sep 2020 14:50:06 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 4 B
403 B 40ms
13ms XHR
text/plain 2a00:1450:4001:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j86&a=1892167491&t=pageview&_s=1&dl=https%3A%2F%2Fwww.wilbursecurity.com%2F2020%2F03%2Ftrickbot-to-ryuk-in-two-hours%2F&ul=en-us&de=UTF-8&dt=Trickbot%20to%20Ryuk%20in%20Two%20Hours&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABCAAAAC~&jid=364913641&gjid=2099402543&cid=1324369399.1601045406&tid=UA-81239643-1&_gid=534108624.1601045406&_r=1&_slc=1&z=804607942

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://www.wilbursecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
74 B 16ms
16ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A8.9.1&blog=167988153&post=2308&tz=-4&srv=www.wilbursecurity.com&host=www.wilbursecurity.com&ref=&fcp=909&rand=0.8874520736890479
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 25 Sep 2020 14:50:06 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H3-Q050 200 element_main.js Show response
translate.googleapis.com/element/TE_20200506_00/e/js/element/ 238 KB
86 KB 27ms
13ms Script
text/javascript 2a00:1450:4001:815::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/element/TE_20200506_00/e/js/element/element_main.js

Requested by

Host: translate.googleapis.com
URL: https://translate.googleapis.com/translate_static/js/element/main.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18b91aa55babf6a41b67ad376266712f9e07172f8ec8c6d06904f622f15527c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:44:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3959
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87186
x-xss-protection: 0
last-modified: Wed, 06 May 2020 18:47:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 25 Sep 2021 13:44:07 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
89 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-81239643-1&cid=1324369399.1601045406&jid=364913641&gjid=2099402543&_gid=534108624.1601045406&_u=YEBAAUAACAAAAC~&z=369406718

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 25 Sep 2020 14:50:06 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.wilbursecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 translate_24dp.png
www.gstatic.com/images/branding/product/1x/ 825 B
969 B 6ms
5ms Image
image/png 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/1x/translate_24dp.png

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 13:37:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 90773
vary: Origin
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 825
x-xss-protection: 0
expires: Fri, 24 Sep 2021 13:37:13 GMT

GET
H2 200 googlelogo_color_42x16dp.png
www.gstatic.com/images/branding/googlelogo/1x/ 910 B
998 B 6ms
6ms Image
image/png 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:20 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 366226
vary: Origin
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 910
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:20 GMT

GET
H2 200 translate_24dp.png
www.gstatic.com/images/branding/product/2x/ 2 KB
2 KB 5ms
5ms Image
image/png 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/2x/translate_24dp.png

Requested by

Host: translate.googleapis.com
URL: https://translate.googleapis.com/translate_static/css/translateelement.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://translate.googleapis.com/translate_static/css/translateelement.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 07:45:54 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 111852
vary: Origin
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1847
x-xss-protection: 0
expires: Fri, 24 Sep 2021 07:45:54 GMT

GET
H2 200 widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html
platform.twitter.com/widgets/ Frame 5606 0
0 23ms
23ms Document
text/html 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fwww.wilbursecurity.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: platform.twitter.com
:scheme: https
:path: /widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fwww.wilbursecurity.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Response headers

status: 200
last-modified: Tue, 01 Sep 2020 17:58:17 GMT
cache-control: public, max-age=315360000
content-type: text/html; charset=utf-8
etag: "9fa476ae827f556d5b037fe43632370d+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Fri, 25 Sep 2020 14:50:06 GMT
x-served-by: cache-bwi5147-BWI, cache-hhn4031-HHN
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 5825

GET
H3-Q050 200 l Show response
translate.googleapis.com/translate_a/ Frame 6A79 3 KB
1 KB 23ms
22ms Script
application/javascript 2a00:1450:4001:815::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_a/l?client=te&alpha=true&hl=en&cb=callback

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

13b5eece5a7359f9c0de2b4b3c24eeed42fa547e5811238bc9434dcc975bb101

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-kgdsR4E52Jstn/RB/iipfw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
x-frame-options: SAMEORIGIN
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: script-src 'report-sample' 'nonce-kgdsR4E52Jstn/RB/iipfw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 moment~timeline~tweet.2e5232162202896d50461b242819754e.js Show response
platform.twitter.com/js/ 23 KB
8 KB 25ms
24ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/moment~timeline~tweet.2e5232162202896d50461b242819754e.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 357eac5a1ab8249b3fc4569040b13d64795f5aa945ae3570f782d979015bef56

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:06 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 7651
x-served-by: cache-bwi5133-BWI, cache-hhn4031-HHN
last-modified: Tue, 01 Sep 2020 17:58:08 GMT
etag: "cce4698c56d0a54ba3f908b953e403c1+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 timeline.610564c46865d0bb1eccdd42c0dc6ea7.js Show response
platform.twitter.com/js/ 21 KB
7 KB 26ms
26ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/timeline.610564c46865d0bb1eccdd42c0dc6ea7.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca782cbdd8cee7ccccef6983f6566c9c29e1aa5da753a81e65250fad30bb6359

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:06 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 6647
x-served-by: cache-bwi5137-BWI, cache-hhn4031-HHN
last-modified: Tue, 01 Sep 2020 17:58:08 GMT
etag: "c556b2c56f55b3b2458cc2f84945663d+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 profile Show response
cdn.syndication.twimg.com/timeline/ 34 KB
5 KB 205ms
183ms Script
application/javascript 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/timeline/profile?callback=__twttr.callbacks.tl_i0_profile_wilbursecurity_old&dnt=false&domain=www.wilbursecurity.com&lang=en&screen_name=wilbursecurity&suppress_response_codes=true&t=1778939&tweet_limit=5&tz=GMT%2B0200&with_replies=false

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f /

Resource Hash

84b2194f9bb753a2d7f115edae564d2813d2816f13ea40a512ad4644e5ecdc3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-disposition: attachment; filename=jsonp.jsonp
access-control-allow-methods: GET
content-length: 5085
x-xss-protection: 0
x-response-time: 160
last-modified: Fri, 25 Sep 2020 14:50:06 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: application/javascript;charset=utf-8
expires: Fri, 25 Sep 2020 14:55:06 GMT
cache-control: must-revalidate, max-age=300
x-connection-hash: 4d74902188ca853579263c88f171403b
timing-allow-origin: *
x-transaction: 0075abd800dff5d1
access-contol-allow-origin: platform.twitter.com

GET
H2 200 27a1.png
abs.twimg.com/emoji/v2/72x72/ Frame F198 363 B
676 B 27ms
7ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/27a1.png

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F84) /

Resource Hash

d5b7288f327425755badd771bd9807addb77d9a752890906f95eddfed131b627

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
age: 11751773
x-ton-expected-size: 363
x-cache: HIT
status: 200
content-length: 363
x-response-time: 8
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:44 GMT
server: ECAcc (frc/8F84)
etag: "80IPnYtwZPbD8vd5/RBI8A=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 950dbf987d03071b75cda1289f1c6e87
accept-ranges: bytes
expires: Sat, 25 Sep 2021 14:50:06 GMT

GET
H2 200 timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
platform.twitter.com/css/ Frame F198 53 KB
12 KB 24ms
23ms Stylesheet
text/css 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/css/timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8a322ede0b619b9051fccbe2a1a31f402f416d45f92c245aafcbe75e42f6f2b2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:06 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 12144
x-served-by: cache-bwi5122-BWI, cache-hhn4031-HHN
last-modified: Tue, 01 Sep 2020 17:58:05 GMT
etag: "fb5a989a2b36d6be5344baad6a1936fd+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
platform.twitter.com/css/ 53 KB
53 KB 26ms
25ms Image
text/css 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform.twitter.com/css/timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:06 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 12144
x-served-by: cache-bwi5122-BWI, cache-hhn4031-HHN
last-modified: Tue, 01 Sep 2020 17:58:05 GMT
etag: "fb5a989a2b36d6be5344baad6a1936fd+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 27a1.png
abs.twimg.com/emoji/v2/72x72/ Frame F198 363 B
436 B 7ms
6ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/27a1.png

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline~tweet.2e5232162202896d50461b242819754e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F84) /

Resource Hash

d5b7288f327425755badd771bd9807addb77d9a752890906f95eddfed131b627

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:06 GMT
x-content-type-options: nosniff
age: 11751773
x-ton-expected-size: 363
x-cache: HIT
status: 200
content-length: 363
x-response-time: 8
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:44 GMT
server: ECAcc (frc/8F84)
etag: "80IPnYtwZPbD8vd5/RBI8A=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 950dbf987d03071b75cda1289f1c6e87
accept-ranges: bytes
expires: Sat, 25 Sep 2021 14:50:06 GMT

GET
H2 200 Csp2-ofI_normal.jpg
pbs.twimg.com/profile_images/827908828574470144/ Frame F198 2 KB
2 KB 28ms
9ms Image
image/jpeg 2600:1480:3000:e5::
AKAMAI-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/827908828574470144/Csp2-ofI_normal.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1480:3000:e5:: , United States, ASN33905 (AKAMAI-AMS, EU),

Reverse DNS

Software

tsa_b /

Resource Hash

a8b16530224ab6db50c2ab417f171752a84d8f1fb5e241057ab94c4c4f4bd0c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
x-client-network: EIP
x-cache: HIT
status: 200
content-length: 2111
x-response-time: 17
last-modified: Sat, 04 Feb 2017 15:55:01 GMT
server: tsa_b
date: Fri, 25 Sep 2020 14:50:06 GMT
x-tw-cdn: ak
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 7d8532710c76c1ffac4debbe98fa7348

GET
H2 200 98vNrAmS_normal.jpg
pbs.twimg.com/profile_images/1276178218198892544/ Frame F198 2 KB
2 KB 29ms
9ms Image
image/jpeg 2600:1480:3000:e5::
AKAMAI-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1276178218198892544/98vNrAmS_normal.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1480:3000:e5:: , United States, ASN33905 (AKAMAI-AMS, EU),

Reverse DNS

Software

tsa_a /

Resource Hash

9fefd76b6259b790fa9f3148a6fb12d98d85f189b961c5bdf29759e41eea95d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
x-client-network: EIP
x-cache: HIT
status: 200
content-length: 2187
x-response-time: 17
last-modified: Thu, 25 Jun 2020 15:37:32 GMT
server: tsa_a
date: Fri, 25 Sep 2020 14:50:06 GMT
x-tw-cdn: ak
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: ba9c47fd640db726ca6f0e1642a8648b

GET
H2 200 2AaKCNiy_normal.jpg
pbs.twimg.com/profile_images/1247257789660934144/ Frame F198 2 KB
3 KB 29ms
10ms Image
image/jpeg 2600:1480:3000:e5::
AKAMAI-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1247257789660934144/2AaKCNiy_normal.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1480:3000:e5:: , United States, ASN33905 (AKAMAI-AMS, EU),

Reverse DNS

Software

tsa_a /

Resource Hash

b75c1287766e97e4a466909eba400e839a51c6582180ed3b72cdd6f06dce6939

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
x-client-network: EIP
x-cache: MISS
status: 200
content-length: 2263
x-response-time: 19
last-modified: Mon, 06 Apr 2020 20:18:04 GMT
server: tsa_a
date: Fri, 25 Sep 2020 14:50:06 GMT
x-tw-cdn: ak
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: ab7ec29c05023b832405bc72f666ba28

GET
H2 200 9qPu1_Ih_normal.jpg
pbs.twimg.com/profile_images/1183150202154340354/ Frame F198 2 KB
2 KB 58ms
39ms Image
image/jpeg 2600:1480:3000:e5::
AKAMAI-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1183150202154340354/9qPu1_Ih_normal.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1480:3000:e5:: , United States, ASN33905 (AKAMAI-AMS, EU),

Reverse DNS

Software

tsa_a /

Resource Hash

c3f944c27b9ba1aee0e9fc66d319fccc301c95211d4bc6480378db8d11e62628

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
x-client-network: EIP
x-cache: HIT
status: 200
content-length: 2035
x-response-time: 17
last-modified: Sat, 12 Oct 2019 22:37:24 GMT
server: tsa_a
date: Fri, 25 Sep 2020 14:50:06 GMT
x-tw-cdn: ak
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 1aceac4d28e6df3fed50edb56e81423e

GET
H2 200 EAx22mxA_normal.jpg
pbs.twimg.com/profile_images/777584041050550272/ Frame F198 2 KB
2 KB 30ms
12ms Image
image/jpeg 2600:1480:3000:e5::
AKAMAI-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/777584041050550272/EAx22mxA_normal.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1480:3000:e5:: , United States, ASN33905 (AKAMAI-AMS, EU),

Reverse DNS

Software

tsa_a /

Resource Hash

437e5cc6f5f95a2601998bcb9f803ab3aab77830867e3fc63412225544c11192

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
x-client-network: EIP
x-cache: MISS
status: 200
content-length: 2111
x-response-time: 20
last-modified: Sun, 18 Sep 2016 19:02:16 GMT
server: tsa_a
date: Fri, 25 Sep 2020 14:50:06 GMT
x-tw-cdn: ak
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 5dc69962480d0d7ab79e80e19a383ab1

GET
H2 200 Ehn4ujfXkAAJUiN
pbs.twimg.com/tweet_video_thumb/ Frame F198 9 KB
9 KB 30ms
11ms Image
image/jpeg 2600:1480:3000:e5::
AKAMAI-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/tweet_video_thumb/Ehn4ujfXkAAJUiN?format=jpg&name=360x360

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1480:3000:e5:: , United States, ASN33905 (AKAMAI-AMS, EU),

Reverse DNS

Software

tsa_b /

Resource Hash

05e0aef7a4a534b6d70424be1624d403a408741207295cb3e9ad77e78c413f9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
x-client-network: EIP
x-cache: HIT
status: 200
content-length: 9255
x-response-time: 28
last-modified: Fri, 11 Sep 2020 09:10:23 GMT
server: tsa_b
date: Fri, 25 Sep 2020 14:50:06 GMT
x-tw-cdn: ak
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: a7bbed63e90df05112eb78bbd7325a71

GET
H2 200 EgtT-YCWAAApTaW
pbs.twimg.com/media/ Frame F198 17 KB
17 KB 11ms
9ms Image
image/png 2600:1480:3000:e5::
AKAMAI-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EgtT-YCWAAApTaW?format=png&name=240x240

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1480:3000:e5:: , United States, ASN33905 (AKAMAI-AMS, EU),

Reverse DNS

Software

tsa_a /

Resource Hash

c41d546811fbb8d8814a6baebe537bdca6839064d164b36783e69fa025510ccd

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
x-client-network: EIP
x-cache: MISS
status: 200
content-length: 17228
x-response-time: 37
last-modified: Mon, 31 Aug 2020 00:11:50 GMT
server: tsa_a
date: Fri, 25 Sep 2020 14:50:06 GMT
x-tw-cdn: ak
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: a5a0e1a72d90a30dd8824c6c85cf4d87

GET
H2 200 EgtUB8sWsAAVBv4
pbs.twimg.com/media/ Frame F198 3 KB
3 KB 11ms
9ms Image
image/jpeg 2600:1480:3000:e5::
AKAMAI-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EgtUB8sWsAAVBv4?format=jpg&name=240x240

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1480:3000:e5:: , United States, ASN33905 (AKAMAI-AMS, EU),

Reverse DNS

Software

tsa_a /

Resource Hash

6dbb232375b69b4d94a41410724a797fe713f428180a9597d35e3a9351e653ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
x-client-network: EIP
x-cache: HIT
status: 200
content-length: 2837
x-response-time: 30
last-modified: Mon, 31 Aug 2020 00:12:05 GMT
server: tsa_a
date: Fri, 25 Sep 2020 14:50:06 GMT
x-tw-cdn: ak
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 01d79c4e93e9c08b3c182d24f8e1bbc7

GET
H2 200 EgtUEvZWkAA6-mP
pbs.twimg.com/media/ Frame F198 9 KB
9 KB 12ms
9ms Image
image/png 2600:1480:3000:e5::
AKAMAI-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EgtUEvZWkAA6-mP?format=png&name=240x240

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1480:3000:e5:: , United States, ASN33905 (AKAMAI-AMS, EU),

Reverse DNS

Software

tsa_a /

Resource Hash

7b9e6e9afd2cae72e40566f06a492d7621e0861516b3f754f29f84a2bb7cf30a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
x-client-network: EIP
x-cache: MISS
status: 200
content-length: 9039
x-response-time: 33
last-modified: Mon, 31 Aug 2020 00:12:16 GMT
server: tsa_a
date: Fri, 25 Sep 2020 14:50:06 GMT
x-tw-cdn: ak
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 249a516d91db5c622df7d95ad7fdab3f

GET
H2 200 EgtUMriXsAINaP8
pbs.twimg.com/media/ Frame F198 4 KB
4 KB 13ms
10ms Image
image/jpeg 2600:1480:3000:e5::
AKAMAI-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EgtUMriXsAINaP8?format=jpg&name=240x240

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1480:3000:e5:: , United States, ASN33905 (AKAMAI-AMS, EU),

Reverse DNS

Software

tsa_b /

Resource Hash

5423706be2e661936e7de6b0f936a44577cbceee3c01ceec9a8839b5052b7824

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
x-client-network: EIP
x-cache: MISS
status: 200
content-length: 3917
x-response-time: 31
last-modified: Mon, 31 Aug 2020 00:12:49 GMT
server: tsa_b
date: Fri, 25 Sep 2020 14:50:06 GMT
x-tw-cdn: ak
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: b2f08932887b6d1aa3b9fa2b7071fee1

GET
DATA 200
OK truncated
/ Frame F198 825 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame F198 739 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame F198 572 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 42ecd6904f43af4e6cef62ddbeffa7b2b0b6c8ec5080a3e1deec4576f4294859

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame F198 644 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 195e8e91bc727766f427243d4cfb79cdc873639991600bf99e9d2cab5cad77c8

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame F198 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ded16b9cb72df85ea242aaef8878c716abb57c746f0bfda6eabd2b9ddb2a23b5

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame F198 607 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 059d7f76a7662405100374530359da8f439f4b945864fafab45b834320a429e2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
383 B 151ms
150ms Image
image/gif 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fwww.wilbursecurity.com%2F2020%2F03%2Ftrickbot-to-ryuk-in-two-hours%2F%22%2C%22widget_frame%22%3Afalse%2C%22widget_partner%22%3A%22jetpack%22%2C%22widget_data_source%22%3A%22profile%3Awilbursecurity%22%2C%22query%22%3Anull%2C%22profile_id%22%3Anull%2C%22item_ids%22%3A%5B%221307441378029375490%22%2C%221304347055364755457%22%2C%221300226594192097281%22%2C%221298427907958878208%22%2C%221288311769442779141%22%5D%2C%22item_details%22%3A%7B%221307441378029375490%22%3A%7B%22item_type%22%3A10%2C%22target_type%22%3A0%2C%22target_id%22%3A%221307451529578897408%22%7D%2C%221304347055364755457%22%3A%7B%22item_type%22%3A10%2C%22target_type%22%3A0%2C%22target_id%22%3A%221304381222609653766%22%7D%2C%221300226594192097281%22%3A%7B%22item_type%22%3A10%2C%22target_type%22%3A0%2C%22target_id%22%3A%221300414003873828865%22%7D%2C%221298427907958878208%22%3A%7B%22item_type%22%3A0%7D%2C%221288311769442779141%22%3A%7B%22item_type%22%3A10%2C%22target_type%22%3A0%2C%22target_id%22%3A%221288499928990449666%22%7D%7D%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1601045407152%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22219d021%3A1598982042171%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline%22%2C%22component%22%3A%22timeline%22%2C%22element%22%3A%22initial%22%2C%22action%22%3A%22results%22%7D%7D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:50:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 126
pragma: no-cache
last-modified: Fri, 25 Sep 2020 14:50:07 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 436cfff894296e12706575f1c653226c
x-transaction: 00cf3f62008cd7bc
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 image-56.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/02/ 12 KB
12 KB 17ms
17ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/02/image-56.png?resize=350%2C200&ssl=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

fd206ccefbc20cf8c9a7b37623d88836f968ee1d4ec88e914df8f3da2b5e1692

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 3
date: Fri, 25 Sep 2020 14:50:09 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:49:01 GMT
server: nginx
etag: "b8d998cdb1cd5768"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/02/image-56.png>; rel="canonical"
content-length: 12434
expires: Fri, 26 Aug 2022 21:49:01 GMT

GET
H2 200 emotet-1.jpg
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2019/10/ 5 KB
5 KB 18ms
17ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2019/10/emotet-1.jpg?fit=1184%2C648&ssl=1&resize=350%2C200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

bcff580d2882df0a48496b40b9e8a4a4c988ef3c7ba033fa24cef3ed8cbb1b69

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 3
date: Fri, 25 Sep 2020 14:50:09 GMT
x-content-type-options: nosniff
last-modified: Tue, 28 Jul 2020 19:17:20 GMT
server: nginx
etag: "9f99bf9fef486a47"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2019/10/emotet-1.jpg>; rel="canonical"
content-length: 5116
expires: Fri, 29 Jul 2022 07:17:20 GMT

GET
H2 200 image-6.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/02/ 7 KB
8 KB 18ms
18ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/02/image-6.png?fit=1200%2C527&ssl=1&resize=350%2C200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

626b16998d43ad0f46c2a1239f88e1797c9d13850f7bdce1597db080d419adf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 3
date: Fri, 25 Sep 2020 14:50:09 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 09:49:01 GMT
server: nginx
etag: "8b560b76006711d1"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/02/image-6.png>; rel="canonical"
content-length: 7590
expires: Fri, 26 Aug 2022 21:49:01 GMT

Verdicts & Comments Add Verdict or Comment

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.wilbursecurity.com/	1970-01-19 12:45:31	Name: _gid Value: GA1.2.534108624.1601045406
.wilbursecurity.com/	1970-01-19 12:44:05	Name: _gat Value: 1
.wilbursecurity.com/	1970-01-20 06:15:17	Name: _ga Value: GA1.2.1324369399.1601045406

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://c0.wp.com/c/5.4.1/wp-includes/js/jquery/jquery-migrate.min.js(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

abs.twimg.com
api.pinterest.com
c0.wp.com
cdn.syndication.twimg.com
fonts.googleapis.com
fonts.gstatic.com
graph.facebook.com
i0.wp.com
i1.wp.com
i2.wp.com
pbs.twimg.com
pixel.wp.com
platform.twitter.com
stats.g.doubleclick.net
stats.wp.com
syndication.twitter.com
translate.google.com
translate.googleapis.com
www.google-analytics.com
www.gstatic.com
www.wilbursecurity.com
104.244.42.8
151.101.112.157
151.101.36.84
173.236.189.195
192.0.76.3
192.0.77.2
192.0.77.37
2600:1480:3000:e5::
2606:2800:134:1a0d:1429:742:782:b6
2606:2800:233:8173:898f:63b3:95c3:79d2
2a00:1450:4001:815::200a
2a00:1450:4001:816::200e
2a00:1450:4001:818::200a
2a00:1450:4001:81b::2003
2a00:1450:4001:820::200e
2a00:1450:4001:821::200e
2a00:1450:4001:825::2003
2a00:1450:400c:c0c::9c
2a03:2880:f02d:e:face:b00c:0:2
059d7f76a7662405100374530359da8f439f4b945864fafab45b834320a429e2
05e0aef7a4a534b6d70424be1624d403a408741207295cb3e9ad77e78c413f9e
074d9505d547acdfced56ba7203b153958881abceb7a19326029f652acb75191
07e529a43c0807feb2a4a21695b60f985d7b0d90a4f5147d15918b7136215117
0e73b6b648c5083d05a0fb212f636878a447987e1dc5c575dbba15c57d324fcc
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0f58eb0040fcec56911194841b95add9d1e01fd1cef585094cbedf4fdaacd548
13b5eece5a7359f9c0de2b4b3c24eeed42fa547e5811238bc9434dcc975bb101
187e39245a3c86e96970ba6171633923aa9d5638087911f343de048f01ab04dd
18b91aa55babf6a41b67ad376266712f9e07172f8ec8c6d06904f622f15527c9
195e8e91bc727766f427243d4cfb79cdc873639991600bf99e9d2cab5cad77c8
1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213
1c191a205bd2db2da719f7ed027c511dcba9f678be912f2178b989cbaedafde8
1cc0086d781a52a58ad99cf444aeed54d6ba81340bb10588c95219a686e971c1
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1e99034e4b75a1fb7ba372a3a950fa19ff4688d8561479b1a34dfcbde83ff3d8
291b553dee180f838e513bf2580c9af27f8312320581e3c91029a7c4d5eb2fbc
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2eda83496dffe9e0fa726cfec4815eaecb3f9f33fbb32765a6562cd200b1338f
331e60bff1c713f97346dbbee71648a91279368336d790832117cae98aab2abd
357eac5a1ab8249b3fc4569040b13d64795f5aa945ae3570f782d979015bef56
35b197a1318a08df4387aaa6aea34c9bf20caf6277e0ecb99c674b1941689686
3d31bf3ea6202a94a5ce4babcb3e3b62f0aab7ebd60c41e27e1d58d71bdcb22f
3fa54e29f88aee644eaaac38e11681ea07858eb1ea76b1baae12597aae83fe82
4174af2a69329fd7bfbfb06dd5f2ea7b082b7d47ebb1bd6a36fe9035d2a41e92
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
42ecd6904f43af4e6cef62ddbeffa7b2b0b6c8ec5080a3e1deec4576f4294859
435f59b3220dca8b245fc1cf566facd7004a03899f94a6dd8aa23c1108f4a4da
437e5cc6f5f95a2601998bcb9f803ab3aab77830867e3fc63412225544c11192
45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
499ed3388d2e613c4580a284caff1798e27afc1bd66b6d3c7786ea10aaf80e66
4ccbe8989c9dcf22fea4349de935ed95c990027c283043b11ebd695838c129ee
4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5423706be2e661936e7de6b0f936a44577cbceee3c01ceec9a8839b5052b7824
5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
608c34a8a593eb8567534306f313bece8e821a39c98b48347b6eefd94c46d54d
6149f95c1ebdde5391898e22a79821a810336f6bd74318291b4f49f23fbf0fa8
61dbda64b10c49048c77822b2d8a3889f37f04312bda955fb5790f217213dd20
61ec18d12af867de75f52b44caa758df62f068d14e72d629aabc6abef47dc1a2
626b16998d43ad0f46c2a1239f88e1797c9d13850f7bdce1597db080d419adf3
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
66fb44be51b1166c0186fddff51ba962fb08b6204132cfc93c53f1eac4e487ff
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d6cd55572e8be7aa03c122e0ef98bf72d91a2caa2dddfe3c7c5b50f67d2bd07
6dbb232375b69b4d94a41410724a797fe713f428180a9597d35e3a9351e653ba
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
719e13467f05af042eda62369ba7ef833003f971b7debedb34fbd6a940f0f5d0
756be0754e2fb03baa7557172087b0c9a44a3104c699f4f5ec3337d06cd797ad
7772a9cc35fc902c0cccb8871670ec3e45e4695e1bc6941aee1c24db3de8c544
7b9e6e9afd2cae72e40566f06a492d7621e0861516b3f754f29f84a2bb7cf30a
7d77dc8356ba07b55aa9a004458bebc2e4b8d4a96f5dee404e796dfdb2d1c67f
817f371f57f95d4b51c382a8e5d2936dcd1e1a9814f76484c36fd1f9b5aafd78
84b2194f9bb753a2d7f115edae564d2813d2816f13ea40a512ad4644e5ecdc3f
89a5dbccf9b44f6ae9155f1acd91c447c4436f213419904766f6fdf805304ef7
8a322ede0b619b9051fccbe2a1a31f402f416d45f92c245aafcbe75e42f6f2b2
96111f6970a401fb9f4a097432fe512662e6645bfda12ae2a10eb86ade3cebdc
9dae7ccfcb056fae430801afdb39049ffd3c7785bd5fd185ef301b323074e60c
9fefd76b6259b790fa9f3148a6fb12d98d85f189b961c5bdf29759e41eea95d1
a37ca4608218cccdfb8b6d4edbdfbf375d0e1368b46397e3b7049e0cbf5bc1f6
a4f5a5499c3740d4c4e410f5dc3286df0619ee505d8948d152f125a1b207c1b7
a6fef21fa8ce8ebe9fc9e3f5d85d59f12788b6429924501cce62b030114e0efe
a75a7bf10f415b7c91f0b959177f3f1779e78cbf735601e41fb982c2b1cf4be2
a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9
a8b16530224ab6db50c2ab417f171752a84d8f1fb5e241057ab94c4c4f4bd0c3
a9fc4241b0f617049217dd892f1d15f430abf06aded7496bc415e99debdc0064
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
add5eb59303fea3c3fb7d7a61af708a69a40970e9705638c435c209e05e6e4f4
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
b2e9f3a0a564fb015e791b2d56d08b6f8133984b78c88e1cfac72f071957e49f
b3b3ae1a7774783c0139859aaf462d13f9fd414c882992adf23d1784064e82b3
b75c1287766e97e4a466909eba400e839a51c6582180ed3b72cdd6f06dce6939
b87a07305e3046dcd2d196cd48f602bbe094b1cd379c597ababa32ec1ba93933
b8b21d64cedfcc4b4fe329ffff14d84fe013c3e60c94bb0b207297eab92c3ec2
b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b
b958e0f47861dde13a175cc69494bdb54f08e2b5e78cecf6abd16470d2085257
bb43086ea481d9d9f90c3de6c07a9f783d68f949756de947f8d4d3858e896b44
bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d
bce7e6ccc4f424a29134870522e46cdce28380e76c47f2e9be120420ffefc770
bcff580d2882df0a48496b40b9e8a4a4c988ef3c7ba033fa24cef3ed8cbb1b69
bf012c0d69f7eeba64c3397070d90ff114fd2c969a5bda2fbba9314407224513
bf25b1c0841d68cc55e738f52338cb8421a9dc23385bea5be5323b6132c32e0c
c32d7b5d245ae2494611dac3b378b953701290ef1b76d6fc5b0de25ac21f9822
c3f944c27b9ba1aee0e9fc66d319fccc301c95211d4bc6480378db8d11e62628
c41d546811fbb8d8814a6baebe537bdca6839064d164b36783e69fa025510ccd
c497ec0a19e8f62deaecdc2c66ba9c92441f6e9ee7e7ced334a51964cd846490
c588d8b896350d2ae2c740ac622ee3b3a0b2e3093167765e5b0f5fd1f1919b40
c6949f127174417a8b084a4dda9beadd19bf9743bd6a74bc06427d826d0a44af
ca782cbdd8cee7ccccef6983f6566c9c29e1aa5da753a81e65250fad30bb6359
ca7cfd0b774e18387fc778c21187ebc681df4d3ae55efcf8dc094d593850b576
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c
d4a0eb0c8e49f00f3dcdc781f799ced4ec731de1d3dfc095071dbf464b5b33cf
d5b7288f327425755badd771bd9807addb77d9a752890906f95eddfed131b627
d6860b3cb9f75ac276b81d9623c79d534ba8a16f5cd5bcd6a81256a5d560a37f
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
ddbbbcfcf1dbb7576fa7ac53b790c2c19dae7b675e380447abbdf5080b3ac2cc
ded16b9cb72df85ea242aaef8878c716abb57c746f0bfda6eabd2b9ddb2a23b5
e192d4b4f756364d295e9b1dde091162bb9a941cec817e682f6cb4f91963707c
e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e
e28d860a51754d183f6f97432fd94046cd31afb7ce65c8ea179b0ff63b3d84fa
e2c0c0d87243456dfdccd8f70bd58504ada2f6b0e9adcd6fc6a7253b9081f996
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6762756464b430b5beb4c09a68a42e86b46eeb12a6cc1bf317ff8d9c2f835fa
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
fa1c10d7420378cfedeb67e92691c69e931c9102d6c6d18397b6a819fac25ba9
fd206ccefbc20cf8c9a7b37623d88836f968ee1d4ec88e914df8f3da2b5e1692
fdbaf94b01146585fb9ac33b74b5c0252e507bd764e2d4031adb5789ed9d3482

www.wilbursecurity.com Open in urlscan Pro 173.236.189.195 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

107 Requests

100 %HTTPS

63 %IPv6

11 Domains

21 Subdomains

20 IPs

5 Countries

1308 kBTransfer

2143 kBSize

3 Cookies

16 Outgoing links

Redirected requests

107 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.wilbursecurity.com Open in urlscan Pro
173.236.189.195 Public Scan

Screenshot
Live screenshot

Full Image

107
Requests

100 %
HTTPS

63 %
IPv6

11
Domains

21
Subdomains

20
IPs

5
Countries

1308 kB
Transfer

2143 kB
Size

3
Cookies

107 HTTP transactions
7 data transactions