www.wilbursecurity.com Open in urlscan Pro
173.236.189.195 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/hHvqS63JX3
Effective URL:
https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Submission: On September 24 via api (September 24th 2020, 2:37:43 pm UTC) from US

Summary HTTP 108 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 19 IPs in 5 countries across 12 domains to perform 108 HTTP transactions. The main IP is 173.236.189.195, located in Brea, United States and belongs to DREAMHOST-AS, US. The main domain is www.wilbursecurity.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 12th 2020. Valid for: 3 months.

This is the only time www.wilbursecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
12	173.236.189.195 173.236.189.195	26347 (DREAMHOST-AS) (DREAMHOST-AS)
13	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:818::200a	15169 (GOOGLE) (GOOGLE)
37	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a00:1450:400... 2a00:1450:4001:821::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE)
4	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
7	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
6	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
4	2a00:1450:400... 2a00:1450:4001:81b::200a	15169 (GOOGLE) (GOOGLE)
1	151.101.36.84 151.101.36.84	54113 (FASTLY) (FASTLY)
1	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:400c:c0c::9c	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
11	2606:2800:134... 2606:2800:134:fa2:1627:1fe:edb:1665	15133 (EDGECAST) (EDGECAST)
2	2606:2800:233... 2606:2800:233:8173:898f:63b3:95c3:79d2	15133 (EDGECAST) (EDGECAST)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
108	19

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 173.236.189.195 (Brea, United States)

ASN26347 (DREAMHOST-AS, US)

www.wilbursecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 192.0.77.37 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.36.84 (Amsterdam, Netherlands)

ASN54113 (FASTLY, US)

api.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:2800:134:fa2:1627:1fe:edb:1665 (United States)

ASN15133 (EDGECAST, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:233:8173:898f:63b3:95c3:79d2 (United States)

ASN15133 (EDGECAST, US)

abs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
54	wp.com c0.wp.com i0.wp.com i2.wp.com i1.wp.com stats.wp.com pixel.wp.com	794 KB
13	twimg.com cdn.syndication.twimg.com abs.twimg.com pbs.twimg.com	60 KB
12	wilbursecurity.com www.wilbursecurity.com	156 KB
10	gstatic.com fonts.gstatic.com www.gstatic.com	69 KB
7	twitter.com platform.twitter.com syndication.twitter.com	109 KB
5	googleapis.com fonts.googleapis.com translate.googleapis.com	93 KB
2	google-analytics.com www.google-analytics.com	18 KB
1	doubleclick.net stats.g.doubleclick.net	89 B
1	facebook.com graph.facebook.com	626 B
1	pinterest.com api.pinterest.com	305 B
1	google.com translate.google.com	863 B
1	t.co t.co	407 B
108	12

	Domain	Requested by
14	i0.wp.com	www.wilbursecurity.com
13	i2.wp.com	www.wilbursecurity.com
13	c0.wp.com	www.wilbursecurity.com
12	www.wilbursecurity.com	t.co www.wilbursecurity.com c0.wp.com
10	pbs.twimg.com
10	i1.wp.com	www.wilbursecurity.com
7	fonts.gstatic.com	fonts.googleapis.com
6	platform.twitter.com	c0.wp.com platform.twitter.com
4	translate.googleapis.com	translate.google.com translate.googleapis.com srcdoc
3	www.gstatic.com	www.wilbursecurity.com translate.googleapis.com
3	pixel.wp.com	www.wilbursecurity.com
2	abs.twimg.com	www.wilbursecurity.com platform.twitter.com
2	www.google-analytics.com	www.wilbursecurity.com www.google-analytics.com
1	syndication.twitter.com
1	cdn.syndication.twimg.com	platform.twitter.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	graph.facebook.com	c0.wp.com
1	api.pinterest.com	c0.wp.com
1	stats.wp.com	www.wilbursecurity.com
1	translate.google.com	www.wilbursecurity.com
1	fonts.googleapis.com	www.wilbursecurity.com
1	t.co
108	22

This site contains links to these domains. Also see Links.

Domain
www.cobaltstrike.com
github.com
www.softperfect.com
app.any.run
www.bleepingcomputer.com
www.nextron-systems.com
blog.securityonion.net
isc.sans.edu
krebsonsecurity.com
grahamcluley.com
www.darkreading.com
threatpost.com
translate.google.com
wordpress.org
automattic.com

Subject Issuer	Validity	Valid
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
www.wilbursecurity.com Let's Encrypt Authority X3	`2020-09-12` - `2020-12-11`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2019-11-12` - `2020-11-18`	a year	crt.sh
*.pinterest.com DigiCert SHA2 High Assurance Server CA	`2020-07-16` - `2021-08-04`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-09-11` - `2020-12-10`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
syndication.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Frame ID: B5AA24A238C6517995663BDC4A7ED794
Requests: 94 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fwww.wilbursecurity.com
Frame ID: 986E0DF30B0B6B5FA12EA2488C352A64
Requests: 1 HTTP requests in this frame

Frame: https://translate.googleapis.com/translate_a/l?client=te&alpha=true&hl=en&cb=callback
Frame ID: 8506003139771F42BF530F2CCEEFB645
Requests: 1 HTTP requests in this frame

Frame: https://abs.twimg.com/emoji/v2/72x72/27a1.png
Frame ID: F15B9D37106E36DA72E3A8ED8C67F15A
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://t.co/hHvqS63JX3 Page URL
https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/ Page URL

Page Statistics

108
Requests

100 %
HTTPS

61 %
IPv6

12
Domains

22
Subdomains

19
IPs

5
Countries

1308 kB
Transfer

2143 kB
Size

5
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cobaltstrike.com/
Title: Cobalt

Search URL Search Domain Scan URL

URL: https://github.com/BloodHoundAD/BloodHound
Title: Bloodhound

Search URL Search Domain Scan URL

URL: https://github.com/PowerShellEmpire/PowerTools/blob/master/PowerView/powerview.ps1
Title: PowerView

Search URL Search Domain Scan URL

URL: https://www.softperfect.com/products/networkscanner/
Title: Network

Search URL Search Domain Scan URL

URL: https://app.any.run/tasks/523cb3cc-e142-4ab3-9d55-02b1e42065fb/
Title: Any.

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/ryuk-ransomware-uses-wake-on-lan-to-encrypt-offline-devices/
Title: BleepingComputer

Search URL Search Domain Scan URL

URL: https://www.nextron-systems.com/thor/
Title: THOR

Search URL Search Domain Scan URL

URL: https://blog.securityonion.net/2020/02/security-onion-hybrid-hunter-114-alpha.html
Title: Hybrid

Search URL Search Domain Scan URL

URL: https://isc.sans.edu/podcastdetail.html?id=7180
Title: ISC StormCast for Thursday, September 24th 2020

Search URL Search Domain Scan URL

URL: https://krebsonsecurity.com/2020/09/govt-services-firm-tyler-technologies-hit-in-apparent-ransomware-attack/
Title: Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Search URL Search Domain Scan URL

URL: https://grahamcluley.com/smashing-security-podcast-197/
Title: Smashing Security podcast #197: Greedy bosses, game cheats, and virtual beheadings

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/edge/theedge/gaming-industry-hit-with-10b+-attacks-in-past-two-years/b/d-id/1339002?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Title: Gaming Industry Hit With 10B+ Attacks In Past Two Years

Search URL Search Domain Scan URL

URL: https://threatpost.com/zerologon-patches-beyond-microsoft/159513/
Title: Zerologon Patches Roll Out Beyond Microsoft

Search URL Search Domain Scan URL

URL: https://translate.google.com/
Title: Translate

Search URL Search Domain Scan URL

URL: https://wordpress.org/
Title: Proudly powered by WordPress

Search URL Search Domain Scan URL

URL: https://automattic.com/cookies/
Title: Cookie Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/hHvqS63JX3 Page URL
https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

108 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 hHvqS63JX3
t.co/ 365 B
407 B 541ms
175ms Document
text/html 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/hHvqS63JX3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

:method: GET
:authority: t.co
:scheme: https
:path: /hHvqS63JX3
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
cache-control: private,max-age=300
content-encoding: gzip
content-length: 218
content-type: text/html; charset=utf-8
date: Thu, 24 Sep 2020 14:37:21 GMT
expires: Thu, 24 Sep 2020 14:42:21 GMT
server: tsa_o
set-cookie: muc=6a77ee36-cd49-4289-bbe7-4ed9fc3b7929; Max-Age=63072000; Expires=Sat, 24 Sep 2022 14:37:21 GMT; Domain=t.co; Secure; SameSite=None
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: c4c4ac41f03e8c07182c5b4629e47970
x-response-time: 141
x-xss-protection: 0

GET
H2 200 Primary Request / Show response
www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/ 63 KB
15 KB 630ms
139ms Document
text/html 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Requested by: Host: t.co
URL: https://t.co/hHvqS63JX3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
Software: Apache /
Resource Hash: 4f9aab5097e64a6100a599d10cb32ad2d2bf2178ba327b0304eb49688d302d9c

Request headers

:method: GET
:authority: www.wilbursecurity.com
:scheme: https
:path: /2020/03/trickbot-to-ryuk-in-two-hours/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://t.co/hHvqS63JX3
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://t.co/hHvqS63JX3

Response headers

status: 200
date: Thu, 24 Sep 2020 14:37:22 GMT
server: Apache
last-modified: Thu, 24 Sep 2020 09:58:35 GMT
accept-ranges: bytes
cache-control: max-age=0, no-cache, no-store, must-revalidate
expires: Mon, 29 Oct 1923 20:30:00 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
pragma: no-cache
content-length: 14828
content-type: text/html; charset=UTF-8

GET
H2 200 style.min.css
c0.wp.com/c/5.4.1/wp-includes/css/dist/block-library/ 52 KB
7 KB 352ms
42ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.4.1/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 2
date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: br
last-modified: Fri, 24 Apr 2020 15:32:14 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Fri, 24 Sep 2021 14:37:23 GMT

GET
H2 200 t206.css
www.wilbursecurity.com/wp-content/cache/wpfc-minified/7mnzed7t/ 221 B
270 B 346ms
135ms Stylesheet
text/css 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/wp-content/cache/wpfc-minified/7mnzed7t/t206.css
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
Software: Apache /
Resource Hash: 074d9505d547acdfced56ba7203b153958881abceb7a19326029f652acb75191

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: gzip
last-modified: Mon, 14 Oct 2019 21:51:52 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 152
expires: max-age=A10368000, public

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 225ms
15ms Stylesheet
text/css 2a00:1450:4001:818::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bce7e6ccc4f424a29134870522e46cdce28380e76c47f2e9be120420ffefc770

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 24 Sep 2020 14:37:23 GMT
server: ESF
date: Thu, 24 Sep 2020 14:37:23 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 24 Sep 2020 14:37:23 GMT

GET
H2 200 t206.css
www.wilbursecurity.com/wp-content/cache/wpfc-minified/11wcdpr8/ 178 KB
32 KB 425ms
236ms Stylesheet
text/css 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/wp-content/cache/wpfc-minified/11wcdpr8/t206.css
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
Software: Apache /
Resource Hash: 61ec18d12af867de75f52b44caa758df62f068d14e72d629aabc6abef47dc1a2

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: gzip
last-modified: Mon, 14 Oct 2019 21:51:52 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
expires: max-age=A10368000, public

GET
H2 200 social-logos.min.css
c0.wp.com/p/jetpack/8.9.1/_inc/social-logos/ 12 KB
8 KB 332ms
46ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.1/_inc/social-logos/social-logos.min.css

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b958e0f47861dde13a175cc69494bdb54f08e2b5e78cecf6abd16470d2085257

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 2
date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: br
last-modified: Tue, 30 Jun 2020 14:24:10 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Fri, 24 Sep 2021 14:37:23 GMT

GET
H2 200 jetpack.css
c0.wp.com/p/jetpack/8.9.1/css/ 75 KB
13 KB 325ms
54ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.1/css/jetpack.css

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7772a9cc35fc902c0cccb8871670ec3e45e4695e1bc6941aee1c24db3de8c544

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 2
date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: br
last-modified: Tue, 25 Aug 2020 15:45:57 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Fri, 24 Sep 2021 14:37:23 GMT

GET
H2 200 jquery.js Show response
c0.wp.com/c/5.4.1/wp-includes/js/jquery/ 95 KB
32 KB 326ms
55ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.4.1/wp-includes/js/jquery/jquery.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 2
date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: br
last-modified: Fri, 17 May 2019 04:25:54 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Fri, 24 Sep 2021 14:37:23 GMT

GET
H2 200 jquery-migrate.min.js Show response
c0.wp.com/c/5.4.1/wp-includes/js/jquery/ 10 KB
4 KB 326ms
56ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.4.1/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 2
date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: br
last-modified: Fri, 20 May 2016 06:11:28 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Fri, 24 Sep 2021 14:37:23 GMT

GET
H2 200 related-posts.min.js Show response
c0.wp.com/p/jetpack/8.9.1/_inc/build/related-posts/ 5 KB
2 KB 362ms
92ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.1/_inc/build/related-posts/related-posts.min.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

4ccbe8989c9dcf22fea4349de935ed95c990027c283043b11ebd695838c129ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 2
date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: br
last-modified: Tue, 16 Jun 2020 16:13:55 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Fri, 24 Sep 2021 14:37:23 GMT

GET
H2 200 a4vtg.js Show response
www.wilbursecurity.com/wp-content/cache/wpfc-minified/20jgfx18/ 33 KB
8 KB 307ms
136ms Script
application/javascript 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/wp-content/cache/wpfc-minified/20jgfx18/a4vtg.js
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
Software: Apache /
Resource Hash: b87a07305e3046dcd2d196cd48f602bbe094b1cd379c597ababa32ec1ba93933

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: gzip
last-modified: Thu, 13 Feb 2020 04:26:50 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 8180
expires: max-age=A10368000, public

GET
H2 200 e4tmg.js Show response
www.wilbursecurity.com/wp-content/cache/wpfc-minified/78k5eka2/ 16 KB
5 KB 302ms
136ms Script
application/javascript 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/wp-content/cache/wpfc-minified/78k5eka2/e4tmg.js
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
Software: Apache /
Resource Hash: 331e60bff1c713f97346dbbee71648a91279368336d790832117cae98aab2abd

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: gzip
last-modified: Thu, 19 Dec 2019 20:38:40 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 4551
expires: max-age=A10368000, public

GET
H2 200 image-80.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 11 KB
11 KB 212ms
53ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-80.png?w=789&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

add5eb59303fea3c3fb7d7a61af708a69a40970e9705638c435c209e05e6e4f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 5
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 3610
last-modified: Thu, 26 Mar 2020 13:06:30 GMT
server: nginx
etag: "a78338e25ac33d13"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-80.png>; rel="canonical"
content-length: 11316
expires: Sun, 27 Mar 2022 01:06:30 GMT

GET
H2 200 image-62.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 10 KB
11 KB 178ms
30ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-62.png?w=650&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

10f53841cf6e192e69ce2e40d3c0a135f9ac97a85694949dd55d6797eb1a564f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 7
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 06 Jul 2020 00:50:53 GMT
server: nginx
etag: "17197b06f04a13d1"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-62.png>; rel="canonical"
content-length: 10630
expires: Wed, 06 Jul 2022 12:50:53 GMT

GET
H2 200 image-63.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 23 KB
23 KB 200ms
51ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-63.png?w=628&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

187e39245a3c86e96970ba6171633923aa9d5638087911f343de048f01ab04dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 7
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 03:52:17 GMT
server: nginx
etag: "081cff9f28b0069e"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-63.png>; rel="canonical"
content-length: 23750
expires: Wed, 31 Aug 2022 15:52:17 GMT

GET
H2 200 image-53.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 15 KB
15 KB 209ms
62ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-53.png?w=590&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

e2c0c0d87243456dfdccd8f70bd58504ada2f6b0e9adcd6fc6a7253b9081f996

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 03:52:17 GMT
server: nginx
etag: "54340e0904b64ef2"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-53.png>; rel="canonical"
content-length: 14850
expires: Wed, 31 Aug 2022 15:52:17 GMT

GET
H2 200 image-54.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 21 KB
21 KB 199ms
52ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-54.png?w=695&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

c32d7b5d245ae2494611dac3b378b953701290ef1b76d6fc5b0de25ac21f9822

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 06 Jul 2020 00:50:53 GMT
server: nginx
etag: "39710489e6b58435"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-54.png>; rel="canonical"
content-length: 21052
expires: Wed, 06 Jul 2022 12:50:53 GMT

GET
H2 200 image-61.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 7 KB
7 KB 144ms
43ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-61.png?w=456&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

719e13467f05af042eda62369ba7ef833003f971b7debedb34fbd6a940f0f5d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 7
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 03:52:18 GMT
server: nginx
etag: "63299f2464750312"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-61.png>; rel="canonical"
content-length: 7240
expires: Wed, 31 Aug 2022 15:52:18 GMT

GET
H2 200 image-79.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 12 KB
12 KB 135ms
54ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-79.png?w=563&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

bf012c0d69f7eeba64c3397070d90ff114fd2c969a5bda2fbba9314407224513

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 03:52:18 GMT
server: nginx
etag: "06003a6e68d8d662"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-79.png>; rel="canonical"
content-length: 12254
expires: Wed, 31 Aug 2022 15:52:18 GMT

GET
H2 200 image-57.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 4 KB
4 KB 249ms
197ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-57.png?w=330&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

ab348136f89da31581fc5c3fc565e9ff2fe83e7028d2f200696e45433a03cb0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 05 Jul 2020 21:33:23 GMT
server: nginx
etag: "5293f1f1d7d8a448"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-57.png>; rel="canonical"
content-length: 3948
expires: Wed, 06 Jul 2022 09:33:23 GMT

GET
H2 200 image-65.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 21 KB
21 KB 184ms
133ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-65.png?resize=1024%2C225&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

0f58eb0040fcec56911194841b95add9d1e01fd1cef585094cbedf4fdaacd548

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 7
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 07:57:52 GMT
server: nginx
etag: "7cabcd82990fd87e"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-65.png>; rel="canonical"
content-length: 21756
expires: Wed, 31 Aug 2022 19:57:52 GMT

GET
H2 200 image-66.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 20 KB
20 KB 105ms
54ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-66.png?resize=1024%2C239&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

2eda83496dffe9e0fa726cfec4815eaecb3f9f33fbb32765a6562cd200b1338f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 7
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 07:57:52 GMT
server: nginx
etag: "413dfb2973890fcd"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-66.png>; rel="canonical"
content-length: 20206
expires: Wed, 31 Aug 2022 19:57:52 GMT

GET
H2 200 image-42.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 20 KB
20 KB 115ms
64ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-42.png?w=958&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

3dd1fe917f945fe363db54ae4b23e5ffa5c8d11db61cdfcea15adbae8456ca3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 7
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 06 Jul 2020 00:50:53 GMT
server: nginx
etag: "cf6cca6b70809c85"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-42.png>; rel="canonical"
content-length: 20528
expires: Wed, 06 Jul 2022 12:50:53 GMT

GET
H2 200 image-58.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 5 KB
5 KB 122ms
72ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-58.png?w=575&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

1cc0086d781a52a58ad99cf444aeed54d6ba81340bb10588c95219a686e971c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 03:52:18 GMT
server: nginx
etag: "b3014dd217885473"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-58.png>; rel="canonical"
content-length: 4744
expires: Wed, 31 Aug 2022 15:52:18 GMT

GET
H2 200 image-67.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 11 KB
11 KB 113ms
62ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-67.png?w=646&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

d6860b3cb9f75ac276b81d9623c79d534ba8a16f5cd5bcd6a81256a5d560a37f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 7
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 03:52:18 GMT
server: nginx
etag: "1649b5b7ed2af9ec"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-67.png>; rel="canonical"
content-length: 11132
expires: Wed, 31 Aug 2022 15:52:18 GMT

GET
H2 200 image-32.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 7 KB
7 KB 112ms
62ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-32.png?w=459&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

6b2226170d8e292cf76be29efed0dfc42555cfd811271f75762158d4b0d175f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 4
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 05 Jul 2020 21:33:23 GMT
server: nginx
etag: "b4cc08d279c58f71"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-32.png>; rel="canonical"
content-length: 7018
expires: Wed, 06 Jul 2022 09:33:23 GMT

GET
H2 200 image-74.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 17 KB
17 KB 296ms
246ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-74.png?w=469&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

756be0754e2fb03baa7557172087b0c9a44a3104c699f4f5ec3337d06cd797ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 03:52:18 GMT
server: nginx
etag: "45a6a427d755c683"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-74.png>; rel="canonical"
content-length: 17704
expires: Wed, 31 Aug 2022 15:52:18 GMT

GET
H2 200 image-25.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 52 KB
52 KB 108ms
59ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-25.png?w=960&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

c497ec0a19e8f62deaecdc2c66ba9c92441f6e9ee7e7ced334a51964cd846490

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 8
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 03:52:18 GMT
server: nginx
etag: "4b6932466dec6e84"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-25.png>; rel="canonical"
content-length: 52812
expires: Wed, 31 Aug 2022 15:52:18 GMT

GET
H2 200 image-59.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 9 KB
9 KB 161ms
112ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-59.png?w=632&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

499ed3388d2e613c4580a284caff1798e27afc1bd66b6d3c7786ea10aaf80e66

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 38304
last-modified: Thu, 02 Jul 2020 11:00:36 GMT
server: nginx
etag: "7217e2088f6142bf"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-59.png>; rel="canonical"
content-length: 9290
expires: Sat, 02 Jul 2022 23:00:36 GMT

GET
H2 200 image-33.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 16 KB
16 KB 141ms
92ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-33.png?resize=1024%2C286&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

c6949f127174417a8b084a4dda9beadd19bf9743bd6a74bc06427d826d0a44af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 4
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 07:57:52 GMT
server: nginx
etag: "f74c58f2c6028919"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-33.png>; rel="canonical"
content-length: 16666
expires: Wed, 31 Aug 2022 19:57:52 GMT

GET
H2 200 image-75.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 21 KB
21 KB 114ms
65ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-75.png?w=987&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

435f59b3220dca8b245fc1cf566facd7004a03899f94a6dd8aa23c1108f4a4da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 03:52:18 GMT
server: nginx
etag: "f67a286861a664d0"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-75.png>; rel="canonical"
content-length: 21456
expires: Wed, 31 Aug 2022 15:52:18 GMT

GET
H2 200 image-76.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 14 KB
14 KB 182ms
133ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-76.png?w=929&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

9dae7ccfcb056fae430801afdb39049ffd3c7785bd5fd185ef301b323074e60c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 03:52:18 GMT
server: nginx
etag: "e2fdff59df96bfeb"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-76.png>; rel="canonical"
content-length: 14440
expires: Wed, 31 Aug 2022 15:52:18 GMT

GET
H2 200 image-30.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 10 KB
10 KB 157ms
108ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-30.png?w=959&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

817f371f57f95d4b51c382a8e5d2936dcd1e1a9814f76484c36fd1f9b5aafd78

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 4
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 03:52:18 GMT
server: nginx
etag: "909924f833c1f4c8"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-30.png>; rel="canonical"
content-length: 10134
expires: Wed, 31 Aug 2022 15:52:18 GMT

GET
H2 200 image-36.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 33 KB
33 KB 295ms
247ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-36.png?w=961&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

b3b3ae1a7774783c0139859aaf462d13f9fd414c882992adf23d1784064e82b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 4
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 10049
last-modified: Thu, 02 Jul 2020 11:00:39 GMT
server: nginx
etag: "4b7ef01cf35e4d1f"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-36.png>; rel="canonical"
content-length: 33596
expires: Sat, 02 Jul 2022 23:00:39 GMT

GET
H2 200 image-78.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 59 KB
59 KB 109ms
61ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-78.png?resize=1024%2C518&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

96111f6970a401fb9f4a097432fe512662e6645bfda12ae2a10eb86ade3cebdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 07:57:52 GMT
server: nginx
etag: "67627c41bb2c8fbc"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-78.png>; rel="canonical"
content-length: 60416
expires: Wed, 31 Aug 2022 19:57:52 GMT

GET
H2 200 image-77.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 17 KB
17 KB 336ms
292ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-77.png?w=959&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

a6fef21fa8ce8ebe9fc9e3f5d85d59f12788b6429924501cce62b030114e0efe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 8335
last-modified: Thu, 02 Jul 2020 11:00:38 GMT
server: nginx
etag: "8746a4b9fef5c25e"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-77.png>; rel="canonical"
content-length: 17252
expires: Sat, 02 Jul 2022 23:00:38 GMT

GET
H2 200 image-71.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 21 KB
21 KB 161ms
117ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-71.png?w=546&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

bf25b1c0841d68cc55e738f52338cb8421a9dc23385bea5be5323b6132c32e0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 03:52:18 GMT
server: nginx
etag: "80082700c20aa319"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-71.png>; rel="canonical"
content-length: 21014
expires: Wed, 31 Aug 2022 15:52:18 GMT

GET
H2 200 image-37.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 31 KB
32 KB 165ms
122ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-37.png?w=969&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

3d31bf3ea6202a94a5ce4babcb3e3b62f0aab7ebd60c41e27e1d58d71bdcb22f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 4
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 03:52:19 GMT
server: nginx
etag: "8be02eb5950e252e"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-37.png>; rel="canonical"
content-length: 32214
expires: Wed, 31 Aug 2022 15:52:19 GMT

GET
H2 200 image-51.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 19 KB
19 KB 104ms
61ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-51.png?resize=1024%2C508&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

89a5dbccf9b44f6ae9155f1acd91c447c4436f213419904766f6fdf805304ef7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Fri, 28 Aug 2020 19:12:35 GMT
server: nginx
etag: "ffeca13d0a182936"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-51.png>; rel="canonical"
content-length: 19690
expires: Mon, 29 Aug 2022 07:12:35 GMT

GET
H2 200 image-52.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 16 KB
16 KB 286ms
243ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-52.png?w=686&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

35b197a1318a08df4387aaa6aea34c9bf20caf6277e0ecb99c674b1941689686

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 03:52:19 GMT
server: nginx
etag: "f96e9de9ab7f785d"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-52.png>; rel="canonical"
content-length: 16380
expires: Wed, 31 Aug 2022 15:52:19 GMT

GET
H2 200 image-49.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 6 KB
7 KB 112ms
69ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-49.png?w=790&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

b8b21d64cedfcc4b4fe329ffff14d84fe013c3e60c94bb0b207297eab92c3ec2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 7
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 03:52:19 GMT
server: nginx
etag: "1570a5dff7e2fcca"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-49.png>; rel="canonical"
content-length: 6644
expires: Wed, 31 Aug 2022 15:52:19 GMT

GET
H3-Q050 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 40ms
8ms Script
text/javascript 2a00:1450:4001:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 4903
date: Thu, 24 Sep 2020 13:15:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Thu, 24 Sep 2020 15:15:40 GMT

GET
H2 200 image-34.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 16 KB
17 KB 173ms
130ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-34.png?w=961&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

fdbaf94b01146585fb9ac33b74b5c0252e507bd764e2d4031adb5789ed9d3482

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 4
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 6348
last-modified: Thu, 02 Jul 2020 11:00:39 GMT
server: nginx
etag: "50a1f131b585b71f"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-34.png>; rel="canonical"
content-length: 16762
expires: Sat, 02 Jul 2022 23:00:39 GMT

GET
H2 200 image-27.png
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 44 KB
44 KB 170ms
127ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-27.png?w=794&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

a4f5a5499c3740d4c4e410f5dc3286df0619ee505d8948d152f125a1b207c1b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 8
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 03:52:19 GMT
server: nginx
etag: "602fc6a18eee1143"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-27.png>; rel="canonical"
content-length: 45064
expires: Wed, 31 Aug 2022 15:52:19 GMT

GET
H2 200 image-64.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 49 KB
49 KB 174ms
109ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-64.png?w=610&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

e6762756464b430b5beb4c09a68a42e86b46eeb12a6cc1bf317ff8d9c2f835fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 7
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 03:52:19 GMT
server: nginx
etag: "f34f65961617e435"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-64.png>; rel="canonical"
content-length: 50330
expires: Wed, 31 Aug 2022 15:52:19 GMT

GET
H2 200 image-72.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 25 KB
25 KB 230ms
166ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-72.png?w=748&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

bb43086ea481d9d9f90c3de6c07a9f783d68f949756de947f8d4d3858e896b44

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 Aug 2020 03:52:19 GMT
server: nginx
etag: "a2a167fe65d191f7"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-72.png>; rel="canonical"
content-length: 25196
expires: Wed, 31 Aug 2022 15:52:19 GMT

GET
H2 200 image-73.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/ 26 KB
27 KB 176ms
113ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/03/image-73.png?w=893&ssl=1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

c588d8b896350d2ae2c740ac622ee3b3a0b2e3093167765e5b0f5fd1f1919b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Thu, 24 Sep 2020 14:37:23 GMT
x-content-type-options: nosniff
last-modified: Thu, 02 Jul 2020 11:00:38 GMT
server: nginx
etag: "5c53dcd9fcdc432c"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/03/image-73.png>; rel="canonical"
content-length: 26962
expires: Sat, 02 Jul 2022 23:00:38 GMT

GET
H2 200 loading.gif
www.wilbursecurity.com/wp-content/plugins/jetpack/modules/sharedaddy/images/ 2 KB
3 KB 203ms
139ms Image
image/gif 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.wilbursecurity.com/wp-content/plugins/jetpack/modules/sharedaddy/images/loading.gif
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
Software: Apache /
Resource Hash: 3fa54e29f88aee644eaaac38e11681ea07858eb1ea76b1baae12597aae83fe82

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:23 GMT
last-modified: Wed, 16 Sep 2020 15:22:10 GMT
server: Apache
vary: User-Agent
content-type: image/gif
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 2530
expires: max-age=A10368000, public

GET
H2 200 t206.css
www.wilbursecurity.com/wp-content/cache/wpfc-minified/eiwwd4xx/ 7 KB
1 KB 130ms
129ms Stylesheet
text/css 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/wp-content/cache/wpfc-minified/eiwwd4xx/t206.css
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
Software: Apache /
Resource Hash: 1c191a205bd2db2da719f7ed027c511dcba9f678be912f2178b989cbaedafde8

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: gzip
last-modified: Mon, 14 Oct 2019 21:51:52 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 1410
expires: max-age=A10368000, public

GET
H2 200 photon.min.js Show response
c0.wp.com/p/jetpack/8.9.1/_inc/build/photon/ 758 B
422 B 40ms
39ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.1/_inc/build/photon/photon.min.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 2
date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: br
last-modified: Tue, 31 Mar 2020 17:26:38 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Fri, 24 Sep 2021 14:37:23 GMT

GET
H2 200 skip-link-focus-fix.js Show response
www.wilbursecurity.com/wp-content/themes/thesimplest/assets/js/ 1 KB
665 B 182ms
132ms Script
application/javascript 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/wp-content/themes/thesimplest/assets/js/skip-link-focus-fix.js?ver=1.0
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
Software: Apache /
Resource Hash: 0e73b6b648c5083d05a0fb212f636878a447987e1dc5c575dbba15c57d324fcc

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: gzip
last-modified: Sun, 13 Oct 2019 21:16:21 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 608
expires: max-age=A10368000, public

GET
H2 200 bootstrap.min.js Show response
www.wilbursecurity.com/wp-content/themes/thesimplest/assets/js/ 36 KB
10 KB 183ms
133ms Script
application/javascript 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/wp-content/themes/thesimplest/assets/js/bootstrap.min.js?ver=3.3.7
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
Software: Apache /
Resource Hash: 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: gzip
last-modified: Sun, 13 Oct 2019 21:16:21 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 9984
expires: max-age=A10368000, public

GET
H2 200 comment-reply.min.js Show response
c0.wp.com/c/5.4.1/wp-includes/js/ 2 KB
1 KB 93ms
43ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.4.1/wp-includes/js/comment-reply.min.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

a37ca4608218cccdfb8b6d4edbdfbf375d0e1368b46397e3b7049e0cbf5bc1f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 2
date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: br
last-modified: Mon, 11 Nov 2019 11:51:03 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Fri, 24 Sep 2021 14:37:23 GMT

GET
H2 200 main.js Show response
www.wilbursecurity.com/wp-content/themes/thesimplest/assets/js/ 10 KB
3 KB 182ms
132ms Script
application/javascript 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/wp-content/themes/thesimplest/assets/js/main.js?ver=1.0
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
Software: Apache /
Resource Hash: 608c34a8a593eb8567534306f313bece8e821a39c98b48347b6eefd94c46d54d

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: gzip
last-modified: Sun, 13 Oct 2019 21:16:21 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 2900
expires: max-age=A10368000, public

GET
H2 200 eu-cookie-law.min.js Show response
c0.wp.com/p/jetpack/8.9.1/_inc/build/widgets/eu-cookie-law/ 2 KB
664 B 93ms
44ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.1/_inc/build/widgets/eu-cookie-law/eu-cookie-law.min.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

a9fc4241b0f617049217dd892f1d15f430abf06aded7496bc415e99debdc0064

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 2
date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: br
last-modified: Tue, 25 Aug 2020 15:45:57 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Fri, 24 Sep 2021 14:37:23 GMT

GET
H2 200 twitter-timeline.min.js Show response
c0.wp.com/p/jetpack/8.9.1/_inc/build/ 331 B
392 B 93ms
44ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.1/_inc/build/twitter-timeline.min.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

291b553dee180f838e513bf2580c9af27f8312320581e3c91029a7c4d5eb2fbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 2
date: Thu, 24 Sep 2020 14:37:23 GMT
last-modified: Tue, 27 Aug 2019 13:22:22 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: application/javascript
status: 200
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 331
expires: Fri, 24 Sep 2021 14:37:23 GMT

GET
H2 200 wp-embed.min.js Show response
c0.wp.com/c/5.4.1/wp-includes/js/ 1 KB
721 B 94ms
45ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.4.1/wp-includes/js/wp-embed.min.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 2
date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: br
last-modified: Sat, 26 Oct 2019 00:17:07 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Fri, 24 Sep 2021 14:37:23 GMT

GET
H2 200 google-translate.min.js Show response
c0.wp.com/p/jetpack/8.9.1/_inc/build/widgets/google-translate/ 698 B
362 B 94ms
46ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.1/_inc/build/widgets/google-translate/google-translate.min.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7d77dc8356ba07b55aa9a004458bebc2e4b8d4a96f5dee404e796dfdb2d1c67f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 2
date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: br
last-modified: Wed, 01 May 2019 01:21:49 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Fri, 24 Sep 2021 14:37:23 GMT

GET
H2 200 element.js Show response
translate.google.com/translate_a/ 2 KB
863 B 63ms
14ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit&ver=5.4.1

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

bb7ce79486492d5a0c69d58dca52d2f163ee7b44fe9840ab49a61e7e50725e06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: HTTP server (unknown)
content-language: en
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 794
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sharing.min.js Show response
c0.wp.com/p/jetpack/8.9.1/_inc/build/sharedaddy/ 8 KB
2 KB 95ms
46ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.1/_inc/build/sharedaddy/sharing.min.js

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

1e99034e4b75a1fb7ba372a3a950fa19ff4688d8561479b1a34dfcbde83ff3d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 2
date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: br
last-modified: Tue, 27 Aug 2019 13:22:22 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
expires: Fri, 24 Sep 2021 14:37:23 GMT

GET
H2 200 e-202039.js Show response
stats.wp.com/ 9 KB
3 KB 474ms
0ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202039.js
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:23 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
expires: Sun, 19 Sep 2021 22:23:43 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFd2JQEk.woff2
fonts.gstatic.com/s/poppins/v13/ 8 KB
8 KB 62ms
12ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v13/pxiByp8kv8JHgFVrLGT9Z1xlFd2JQEk.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.wilbursecurity.com
Referer: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 22 Sep 2020 18:26:58 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:08:52 GMT
server: sffe
age: 159025
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7776
x-xss-protection: 0
expires: Wed, 22 Sep 2021 18:26:58 GMT

GET
H3-Q050 200 pxiByp8kv8JHgFVrLCz7Z1xlFd2JQEk.woff2
fonts.gstatic.com/s/poppins/v13/ 8 KB
8 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v13/pxiByp8kv8JHgFVrLCz7Z1xlFd2JQEk.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.wilbursecurity.com
Referer: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 22 Sep 2020 18:24:56 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:13 GMT
server: sffe
age: 159147
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7832
x-xss-protection: 0
expires: Wed, 22 Sep 2021 18:24:56 GMT

GET
H2 200 fontawesome-webfont.woff2
www.wilbursecurity.com/wp-content/themes/thesimplest/assets/fonts/ 75 KB
76 KB 156ms
155ms Font
application/font-woff2 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wilbursecurity.com/wp-content/themes/thesimplest/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/wp-content/cache/wpfc-minified/11wcdpr8/t206.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
Software: Apache /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Origin: https://www.wilbursecurity.com
Referer: https://www.wilbursecurity.com/wp-content/cache/wpfc-minified/11wcdpr8/t206.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:23 GMT
last-modified: Sun, 13 Oct 2019 21:16:21 GMT
server: Apache
vary: User-Agent,Accept-Encoding
content-type: application/font-woff2
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 77160
expires: max-age=A10368000, public

GET
H3-Q050 200 pxiByp8kv8JHgFVrLDD4Z1xlFd2JQEk.woff2
fonts.gstatic.com/s/poppins/v13/ 8 KB
8 KB 69ms
59ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v13/pxiByp8kv8JHgFVrLDD4Z1xlFd2JQEk.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e28d860a51754d183f6f97432fd94046cd31afb7ce65c8ea179b0ff63b3d84fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.wilbursecurity.com
Referer: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 22 Sep 2020 18:36:17 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:20 GMT
server: sffe
age: 158466
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7844
x-xss-protection: 0
expires: Wed, 22 Sep 2021 18:36:17 GMT

GET
H3-Q050 200 pxiByp8kv8JHgFVrLEj6Z1xlFd2JQEk.woff2
fonts.gstatic.com/s/poppins/v13/ 8 KB
8 KB 66ms
58ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v13/pxiByp8kv8JHgFVrLEj6Z1xlFd2JQEk.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.wilbursecurity.com
Referer: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 22 Sep 2020 18:28:46 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:00 GMT
server: sffe
age: 158917
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7988
x-xss-protection: 0
expires: Wed, 22 Sep 2021 18:28:46 GMT

GET
H3-Q050 200 EJRVQgYoZZY2vCFuvAFWzr-_dSb_.woff2
fonts.gstatic.com/s/ptserif/v12/ 13 KB
13 KB 244ms
34ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptserif/v12/EJRVQgYoZZY2vCFuvAFWzr-_dSb_.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d6cd55572e8be7aa03c122e0ef98bf72d91a2caa2dddfe3c7c5b50f67d2bd07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.wilbursecurity.com
Referer: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 17:33:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:05:28 GMT
server: sffe
age: 594255
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13280
x-xss-protection: 0
expires: Fri, 17 Sep 2021 17:33:08 GMT

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c

Request headers

Origin: https://www.wilbursecurity.com
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3-Q050 200 pxiEyp8kv8JHgFVrJJfecnFHGPc.woff2
fonts.gstatic.com/s/poppins/v13/ 8 KB
8 KB 271ms
60ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v13/pxiEyp8kv8JHgFVrJJfecnFHGPc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.wilbursecurity.com
Referer: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 22 Sep 2020 18:28:52 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:01 GMT
server: sffe
age: 158911
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7900
x-xss-protection: 0
expires: Wed, 22 Sep 2021 18:28:52 GMT

GET
H3-Q050 200 EJRSQgYoZZY2vCFuvAnt66qSVyvVp8NA.woff2
fonts.gstatic.com/s/ptserif/v12/ 13 KB
13 KB 273ms
44ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptserif/v12/EJRSQgYoZZY2vCFuvAnt66qSVyvVp8NA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a75a7bf10f415b7c91f0b959177f3f1779e78cbf735601e41fb982c2b1cf4be2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.wilbursecurity.com
Referer: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C800%7CPT+Serif%3A400%2C400i%2C700%2C700i&ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Sep 2020 17:30:52 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:06:26 GMT
server: sffe
age: 594391
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13372
x-xss-protection: 0
expires: Fri, 17 Sep 2021 17:30:52 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 10ms
8ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: c0.wp.com
URL: https://c0.wp.com/p/jetpack/8.9.1/_inc/build/twitter-timeline.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4189) /
Resource Hash: a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 24 Sep 2020 14:37:24 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Sep 2020 20:40:54 GMT
Server: ECS (fcn/4189)
Age: 1313
Etag: "a58136137a93f33c1d165df7d4d973f8+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28881

GET
H3-Q050 200 translateelement.css
translate.googleapis.com/translate_static/css/ 18 KB
4 KB 34ms
9ms Stylesheet
text/css 2a00:1450:4001:81b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_static/css/translateelement.css

Requested by

Host: translate.google.com
URL: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit&ver=5.4.1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6149f95c1ebdde5391898e22a79821a810336f6bd74318291b4f49f23fbf0fa8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:16:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1272
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3619
x-xss-protection: 0
last-modified: Wed, 12 Feb 2020 21:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 24 Sep 2020 15:16:12 GMT

GET
H3-Q050 200 main.js Show response
translate.googleapis.com/translate_static/js/element/ 3 KB
2 KB 34ms
9ms Script
text/javascript 2a00:1450:4001:81b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_static/js/element/main.js

Requested by

Host: translate.google.com
URL: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit&ver=5.4.1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4174af2a69329fd7bfbfb06dd5f2ea7b082b7d47ebb1bd6a36fe9035d2a41e92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 13:51:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2730
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1593
x-xss-protection: 0
last-modified: Thu, 14 May 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 24 Sep 2020 14:51:54 GMT

GET
H2 200 / Show response
www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/ 2 KB
3 KB 2280ms
2278ms XHR
application/json 173.236.189.195
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/?relatedposts=1

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/c/5.4.1/wp-includes/js/jquery/jquery.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

173.236.189.195 Brea, United States, ASN26347 (DREAMHOST-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

d4a0eb0c8e49f00f3dcdc781f799ced4ec731de1d3dfc095071dbf464b5b33cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:24 GMT
x-content-type-options: nosniff
server: Apache
x-pingback: https://www.wilbursecurity.com/xmlrpc.php
content-type: application/json; charset=utf-8
status: 200
cache-control: max-age=172800
vary: User-Agent
expires: Sat, 26 Sep 2020 14:37:24 GMT

GET
H2 200 count.json Show response
api.pinterest.com/v1/urls/ 126 B
305 B 155ms
134ms Script
application/javascript 151.101.36.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://api.pinterest.com/v1/urls/count.json?callback=WPCOMSharing.update_pinterest_count&url=https%3A%2F%2Fwww.wilbursecurity.com%2F2020%2F03%2Ftrickbot-to-ryuk-in-two-hours%2F&_=1600958243312

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/c/5.4.1/wp-includes/js/jquery/jquery.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.36.84 Amsterdam, Netherlands, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ca7cfd0b774e18387fc778c21187ebc681df4d3ae55efcf8dc094d593850b576

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:24 GMT
x-content-type-options: nosniff
x-cdn: fastly
age: 0
status: 200
content-type: application/javascript
access-control-allow-origin: *
cache-control: private
x-envoy-upstream-service-time: 1
x-pinterest-rid: 0265608583016891
content-length: 126
expires: Thu, 24 Sep 2020 14:52:24 GMT

GET
H2 200 / Show response
graph.facebook.com/ 244 B
626 B 64ms
34ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fwww.wilbursecurity.com%2F2020%2F03%2Ftrickbot-to-ryuk-in-two-hours%2F&_=1600958243313

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/c/5.4.1/wp-includes/js/jquery/jquery.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

472adfb5f891e4074d76959c498e6b0ff85bca498fce1351ed61b0875d0c741f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
status: 200
x-fb-rev: 1002717147
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 180
pragma: no-cache
x-fb-debug: fHmZUtJa2VOOh8p7op1FTyGUJLCCxmpA4aDiQvtxXCka7JUxX3XsBzd8fJOvYm4UL1WyG90SlRTXJ0tGv6VLqA==
x-fb-trace-id: H7XCmWnpAMk
date: Thu, 24 Sep 2020 14:37:24 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AplFguumlFuIqwElbQnEOyv
cache-control: no-store
facebook-api-version: v3.1
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
74 B 48ms
39ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=pinterest&r=0.09560861547725308
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Thu, 24 Sep 2020 14:37:24 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
115 B 46ms
38ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.27759304455374934
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Thu, 24 Sep 2020 14:37:24 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 4 B
49 B 19ms
19ms XHR
text/plain 2a00:1450:4001:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j86&a=453115046&t=pageview&_s=1&dl=https%3A%2F%2Fwww.wilbursecurity.com%2F2020%2F03%2Ftrickbot-to-ryuk-in-two-hours%2F&dr=https%3A%2F%2Ft.co%2FhHvqS63JX3&ul=en-us&de=UTF-8&dt=Trickbot%20to%20Ryuk%20in%20Two%20Hours&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABCAAAAC~&jid=1021894433&gjid=545253135&cid=1898736543.1600958245&tid=UA-81239643-1&_gid=957895657.1600958245&_r=1&_slc=1&z=1586930701

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:37:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://www.wilbursecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
97 B 75ms
48ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A8.9.1&blog=167988153&post=2308&tz=-4&srv=www.wilbursecurity.com&host=www.wilbursecurity.com&ref=https%3A%2F%2Ft.co%2FhHvqS63JX3&fcp=2584&rand=0.3591448457841284
Requested by: Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Thu, 24 Sep 2020 14:37:25 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
89 B 20ms
19ms XHR
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-81239643-1&cid=1898736543.1600958245&jid=1021894433&gjid=545253135&_gid=957895657.1600958245&_u=YEBAAUAACAAAAC~&z=1732138487

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 24 Sep 2020 14:37:25 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.wilbursecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html
platform.twitter.com/widgets/ Frame 986E 0
0 137ms
41ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fwww.wilbursecurity.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4187) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: personalization_id="v1_nsPrAQf0v/kxtTxGtpUgJQ=="; guest_id=v1%3A160095824468447055
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 751032
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 24 Sep 2020 14:37:25 GMT
Etag: "9fa476ae827f556d5b037fe43632370d+gzip"
Last-Modified: Tue, 01 Sep 2020 17:58:17 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/4187)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 5825

GET
H3-Q050 200 element_main.js Show response
translate.googleapis.com/element/TE_20200506_00/e/js/element/ 238 KB
85 KB 242ms
138ms Script
text/javascript 2a00:1450:4001:81b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/element/TE_20200506_00/e/js/element/element_main.js

Requested by

Host: translate.googleapis.com
URL: https://translate.googleapis.com/translate_static/js/element/main.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18b91aa55babf6a41b67ad376266712f9e07172f8ec8c6d06904f622f15527c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 10:16:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15659
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87186
x-xss-protection: 0
last-modified: Wed, 06 May 2020 18:47:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 24 Sep 2021 10:16:26 GMT

GET
H2 200 translate_24dp.png
www.gstatic.com/images/branding/product/1x/ 825 B
885 B 16ms
14ms Image
image/png 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/1x/translate_24dp.png

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 13:37:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 3613
vary: Origin
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 825
x-xss-protection: 0
expires: Fri, 24 Sep 2021 13:37:13 GMT

GET
H2 200 googlelogo_color_42x16dp.png
www.gstatic.com/images/branding/googlelogo/1x/ 910 B
972 B 14ms
13ms Image
image/png 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:20 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 279066
vary: Origin
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 910
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:20 GMT

GET
H3-Q050 200 translate_24dp.png
www.gstatic.com/images/branding/product/2x/ 2 KB
2 KB 35ms
15ms Image
image/png 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/2x/translate_24dp.png

Requested by

Host: translate.googleapis.com
URL: https://translate.googleapis.com/translate_static/css/translateelement.css

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://translate.googleapis.com/translate_static/css/translateelement.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 07:45:54 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 24692
vary: Origin
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1847
x-xss-protection: 0
expires: Fri, 24 Sep 2021 07:45:54 GMT

GET
H/1.1 200
OK moment~timeline~tweet.2e5232162202896d50461b242819754e.js Show response
platform.twitter.com/js/ 23 KB
8 KB 43ms
10ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/moment~timeline~tweet.2e5232162202896d50461b242819754e.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4186) /
Resource Hash: 357eac5a1ab8249b3fc4569040b13d64795f5aa945ae3570f782d979015bef56

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 24 Sep 2020 14:37:26 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Sep 2020 17:58:08 GMT
Server: ECS (fcn/4186)
Age: 751033
Etag: "cce4698c56d0a54ba3f908b953e403c1+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 7651

GET
H/1.1 200
OK timeline.610564c46865d0bb1eccdd42c0dc6ea7.js Show response
platform.twitter.com/js/ 21 KB
7 KB 70ms
8ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/timeline.610564c46865d0bb1eccdd42c0dc6ea7.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4189) /
Resource Hash: ca782cbdd8cee7ccccef6983f6566c9c29e1aa5da753a81e65250fad30bb6359

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 24 Sep 2020 14:37:26 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Sep 2020 17:58:08 GMT
Server: ECS (fcn/4189)
Age: 751031
Etag: "c556b2c56f55b3b2458cc2f84945663d+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 6647

GET
H2 200 l Show response
translate.googleapis.com/translate_a/ Frame 8506 3 KB
1 KB 26ms
19ms Script
application/javascript 2a00:1450:4001:81b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_a/l?client=te&alpha=true&hl=en&cb=callback

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

13b5eece5a7359f9c0de2b4b3c24eeed42fa547e5811238bc9434dcc975bb101

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Ng0v3hFpd9e+0GVkPo9FaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
x-frame-options: SAMEORIGIN
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: script-src 'report-sample' 'nonce-Ng0v3hFpd9e+0GVkPo9FaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 profile Show response
cdn.syndication.twimg.com/timeline/ 34 KB
5 KB 205ms
202ms Script
application/javascript 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/timeline/profile?callback=__twttr.callbacks.tl_i0_profile_wilbursecurity_old&dnt=false&domain=www.wilbursecurity.com&lang=en&screen_name=wilbursecurity&suppress_response_codes=true&t=1778842&tweet_limit=5&tz=GMT%2B0200&with_replies=false

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f /

Resource Hash

5ea4328fcc895d40ce918199bc6e94d0283e30ad86e11d0795ad90890992c9b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-disposition: attachment; filename=jsonp.jsonp
access-control-allow-methods: GET
content-length: 5085
x-xss-protection: 0
x-response-time: 176
last-modified: Thu, 24 Sep 2020 14:37:26 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: application/javascript;charset=utf-8
expires: Thu, 24 Sep 2020 14:42:26 GMT
cache-control: must-revalidate, max-age=300
x-connection-hash: 78635f1e93811ea885aae7e26626c8a7
timing-allow-origin: *
x-transaction: 00f0bfed005a5322
access-contol-allow-origin: platform.twitter.com

GET
H2 200 27a1.png
abs.twimg.com/emoji/v2/72x72/ Frame F15B 363 B
560 B 9ms
9ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/27a1.png

Requested by

Host: www.wilbursecurity.com
URL: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F84) /

Resource Hash

d5b7288f327425755badd771bd9807addb77d9a752890906f95eddfed131b627

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:26 GMT
x-content-type-options: nosniff
age: 11664613
x-ton-expected-size: 363
x-cache: HIT
status: 200
content-length: 363
x-response-time: 8
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:44 GMT
server: ECAcc (frc/8F84)
etag: "80IPnYtwZPbD8vd5/RBI8A=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 950dbf987d03071b75cda1289f1c6e87
accept-ranges: bytes
expires: Fri, 24 Sep 2021 14:37:26 GMT

GET
H/1.1 200
OK timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
platform.twitter.com/css/ Frame F15B 53 KB
12 KB 10ms
9ms Stylesheet
text/css 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/css/timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4195) /
Resource Hash: 8a322ede0b619b9051fccbe2a1a31f402f416d45f92c245aafcbe75e42f6f2b2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 24 Sep 2020 14:37:26 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Sep 2020 17:58:05 GMT
Server: ECS (fcn/4195)
Age: 751033
Etag: "fb5a989a2b36d6be5344baad6a1936fd+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: text/css; charset=utf-8
Content-Length: 12144

GET
H/1.1 200
OK timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
platform.twitter.com/css/ 53 KB
53 KB 16ms
16ms Image
text/css 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform.twitter.com/css/timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4195) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 24 Sep 2020 14:37:26 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Sep 2020 17:58:05 GMT
Server: ECS (fcn/4195)
Age: 751033
Etag: "fb5a989a2b36d6be5344baad6a1936fd+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: text/css; charset=utf-8
Content-Length: 12144

GET
H2 200 27a1.png
abs.twimg.com/emoji/v2/72x72/ Frame F15B 363 B
436 B 28ms
6ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/27a1.png

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline~tweet.2e5232162202896d50461b242819754e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F84) /

Resource Hash

d5b7288f327425755badd771bd9807addb77d9a752890906f95eddfed131b627

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:26 GMT
x-content-type-options: nosniff
age: 11664613
x-ton-expected-size: 363
x-cache: HIT
status: 200
content-length: 363
x-response-time: 8
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:44 GMT
server: ECAcc (frc/8F84)
etag: "80IPnYtwZPbD8vd5/RBI8A=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 950dbf987d03071b75cda1289f1c6e87
accept-ranges: bytes
expires: Fri, 24 Sep 2021 14:37:26 GMT

GET
H2 200 Csp2-ofI_normal.jpg
pbs.twimg.com/profile_images/827908828574470144/ Frame F15B 2 KB
2 KB 41ms
19ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/827908828574470144/Csp2-ofI_normal.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40D8) /

Resource Hash

a8b16530224ab6db50c2ab417f171752a84d8f1fb5e241057ab94c4c4f4bd0c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:26 GMT
x-content-type-options: nosniff
age: 435324
x-cache: HIT
status: 200
content-length: 2111
x-response-time: 122
surrogate-key: profile_images profile_images/bucket/2 profile_images/827908828574470144
last-modified: Sat, 04 Feb 2017 15:55:01 GMT
server: ECS (fcn/40D8)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 0d925bd1c7bb7c168c2908a74e3d7820
accept-ranges: bytes

GET
H2 200 98vNrAmS_normal.jpg
pbs.twimg.com/profile_images/1276178218198892544/ Frame F15B 2 KB
2 KB 43ms
21ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1276178218198892544/98vNrAmS_normal.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40B2) /

Resource Hash

9fefd76b6259b790fa9f3148a6fb12d98d85f189b961c5bdf29759e41eea95d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:26 GMT
x-content-type-options: nosniff
age: 600720
x-cache: HIT
status: 200
content-length: 2187
x-response-time: 115
surrogate-key: profile_images profile_images/bucket/1 profile_images/1276178218198892544
last-modified: Thu, 25 Jun 2020 15:37:32 GMT
server: ECS (fcn/40B2)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: e25ec65dc857c68adf5b6a78dfc3561b
accept-ranges: bytes

GET
H2 200 2AaKCNiy_normal.jpg
pbs.twimg.com/profile_images/1247257789660934144/ Frame F15B 2 KB
2 KB 44ms
23ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1247257789660934144/2AaKCNiy_normal.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41AB) /

Resource Hash

b75c1287766e97e4a466909eba400e839a51c6582180ed3b72cdd6f06dce6939

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:26 GMT
x-content-type-options: nosniff
age: 332856
x-cache: HIT
status: 200
content-length: 2263
x-response-time: 122
surrogate-key: profile_images profile_images/bucket/9 profile_images/1247257789660934144
last-modified: Mon, 06 Apr 2020 20:18:04 GMT
server: ECS (fcn/41AB)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 9d0351f503e43605cea4b94a561c52e4
accept-ranges: bytes

GET
H2 200 9qPu1_Ih_normal.jpg
pbs.twimg.com/profile_images/1183150202154340354/ Frame F15B 2 KB
2 KB 42ms
26ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1183150202154340354/9qPu1_Ih_normal.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40E5) /

Resource Hash

c3f944c27b9ba1aee0e9fc66d319fccc301c95211d4bc6480378db8d11e62628

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:26 GMT
x-content-type-options: nosniff
age: 266156
x-cache: HIT
status: 200
content-length: 2035
x-response-time: 153
surrogate-key: profile_images profile_images/bucket/0 profile_images/1183150202154340354
last-modified: Sat, 12 Oct 2019 22:37:24 GMT
server: ECS (fcn/40E5)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 44ae7f90c878476521704ed8e021e94b
accept-ranges: bytes

GET
H2 200 EAx22mxA_normal.jpg
pbs.twimg.com/profile_images/777584041050550272/ Frame F15B 2 KB
2 KB 44ms
29ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/777584041050550272/EAx22mxA_normal.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41A6) /

Resource Hash

437e5cc6f5f95a2601998bcb9f803ab3aab77830867e3fc63412225544c11192

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:26 GMT
x-content-type-options: nosniff
age: 285204
x-cache: HIT
status: 200
content-length: 2111
x-response-time: 128
surrogate-key: profile_images profile_images/bucket/1 profile_images/777584041050550272
last-modified: Sun, 18 Sep 2016 19:02:16 GMT
server: ECS (fcn/41A6)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: c4da405ab589eaa56ab68cd6de85d2dd
accept-ranges: bytes

GET
H2 200 Ehn4ujfXkAAJUiN
pbs.twimg.com/tweet_video_thumb/ Frame F15B 9 KB
9 KB 42ms
27ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/tweet_video_thumb/Ehn4ujfXkAAJUiN?format=jpg&name=360x360

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41D8) /

Resource Hash

05e0aef7a4a534b6d70424be1624d403a408741207295cb3e9ad77e78c413f9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:26 GMT
x-content-type-options: nosniff
age: 152815
x-cache: HIT
status: 200
content-length: 9255
x-response-time: 120
surrogate-key: tweet_video_thumb tweet_video_thumb/bucket/7 tweet_video_thumb/1304347045784948736
last-modified: Fri, 11 Sep 2020 09:10:23 GMT
server: ECS (fcn/41D8)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: ed6c0c7c998e5cd41b3909ec230a5acb
accept-ranges: bytes

GET
H2 200 EgtT-YCWAAApTaW
pbs.twimg.com/media/ Frame F15B 17 KB
17 KB 29ms
11ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EgtT-YCWAAApTaW?format=png&name=240x240

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4193) /

Resource Hash

c41d546811fbb8d8814a6baebe537bdca6839064d164b36783e69fa025510ccd

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:26 GMT
x-content-type-options: nosniff
age: 287752
x-cache: HIT
status: 200
content-length: 17228
x-response-time: 125
surrogate-key: media media/bucket/7 media/1300225248495796224
last-modified: Mon, 31 Aug 2020 00:11:50 GMT
server: ECS (fcn/4193)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: de8f8dc2cbf60d79b58fdd59ce5d748f
accept-ranges: bytes

GET
H2 200 EgtUB8sWsAAVBv4
pbs.twimg.com/media/ Frame F15B 3 KB
3 KB 29ms
12ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EgtUB8sWsAAVBv4?format=jpg&name=240x240

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41A8) /

Resource Hash

6dbb232375b69b4d94a41410724a797fe713f428180a9597d35e3a9351e653ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:26 GMT
x-content-type-options: nosniff
age: 287752
x-cache: HIT
status: 200
content-length: 2837
x-response-time: 124
surrogate-key: media media/bucket/0 media/1300225309875286016
last-modified: Mon, 31 Aug 2020 00:12:05 GMT
server: ECS (fcn/41A8)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 52851a3bbb189c065003f46d3ebdc89e
accept-ranges: bytes

GET
H2 200 EgtUEvZWkAA6-mP
pbs.twimg.com/media/ Frame F15B 9 KB
9 KB 30ms
13ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EgtUEvZWkAA6-mP?format=png&name=240x240

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/418A) /

Resource Hash

7b9e6e9afd2cae72e40566f06a492d7621e0861516b3f754f29f84a2bb7cf30a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:26 GMT
x-content-type-options: nosniff
age: 287752
x-cache: HIT
status: 200
content-length: 9039
x-response-time: 127
surrogate-key: media media/bucket/0 media/1300225357845532672
last-modified: Mon, 31 Aug 2020 00:12:16 GMT
server: ECS (fcn/418A)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 1f5e2983fde44d9b33b5452784f1ead1
accept-ranges: bytes

GET
H2 200 EgtUMriXsAINaP8
pbs.twimg.com/media/ Frame F15B 4 KB
4 KB 32ms
15ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EgtUMriXsAINaP8?format=jpg&name=240x240

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40B1) /

Resource Hash

5423706be2e661936e7de6b0f936a44577cbceee3c01ceec9a8839b5052b7824

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:26 GMT
x-content-type-options: nosniff
age: 287752
x-cache: HIT
status: 200
content-length: 3917
x-response-time: 125
surrogate-key: media media/bucket/6 media/1300225494248566786
last-modified: Mon, 31 Aug 2020 00:12:49 GMT
server: ECS (fcn/40B1)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 82c349679efb6524634f35ed0dc8c1fb
accept-ranges: bytes

GET
DATA 200
OK truncated
/ Frame F15B 825 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame F15B 739 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame F15B 572 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 42ecd6904f43af4e6cef62ddbeffa7b2b0b6c8ec5080a3e1deec4576f4294859

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame F15B 644 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 195e8e91bc727766f427243d4cfb79cdc873639991600bf99e9d2cab5cad77c8

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame F15B 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ded16b9cb72df85ea242aaef8878c716abb57c746f0bfda6eabd2b9ddb2a23b5

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame F15B 607 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 059d7f76a7662405100374530359da8f439f4b945864fafab45b834320a429e2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 image-56.png
i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/02/ 12 KB
12 KB 41ms
40ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/02/image-56.png?resize=350%2C200&ssl=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

fd206ccefbc20cf8c9a7b37623d88836f968ee1d4ec88e914df8f3da2b5e1692

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 6
date: Thu, 24 Sep 2020 14:37:27 GMT
x-content-type-options: nosniff
x-bytes-saved: 39370
last-modified: Thu, 02 Jul 2020 11:00:38 GMT
server: nginx
etag: "012b15e956bd439d"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/02/image-56.png>; rel="canonical"
content-length: 12434
expires: Sat, 02 Jul 2022 23:00:38 GMT

GET
H2 200 emotet-1.jpg
i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2019/10/ 5 KB
5 KB 55ms
54ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.wilbursecurity.com/wp-content/uploads/2019/10/emotet-1.jpg?fit=1184%2C648&ssl=1&resize=350%2C200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

bcff580d2882df0a48496b40b9e8a4a4c988ef3c7ba033fa24cef3ed8cbb1b69

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 7
date: Thu, 24 Sep 2020 14:37:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 02 Aug 2020 15:16:06 GMT
server: nginx
etag: "80eaea7a7461e061"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2019/10/emotet-1.jpg>; rel="canonical"
content-length: 5116
expires: Wed, 03 Aug 2022 03:16:06 GMT

GET
H2 200 image-6.png
i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/02/ 7 KB
8 KB 43ms
34ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.wilbursecurity.com/wp-content/uploads/2020/02/image-6.png?fit=1200%2C527&ssl=1&resize=350%2C200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

626b16998d43ad0f46c2a1239f88e1797c9d13850f7bdce1597db080d419adf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 7
date: Thu, 24 Sep 2020 14:37:27 GMT
x-content-type-options: nosniff
x-bytes-saved: 21817
last-modified: Sun, 12 Jul 2020 18:13:09 GMT
server: nginx
etag: "0f8e9dca35a1a24e"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.wilbursecurity.com/wp-content/uploads/2020/02/image-6.png>; rel="canonical"
content-length: 7590
expires: Wed, 13 Jul 2022 06:13:09 GMT

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
384 B 180ms
179ms Image
image/gif 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fwww.wilbursecurity.com%2F2020%2F03%2Ftrickbot-to-ryuk-in-two-hours%2F%22%2C%22widget_frame%22%3Afalse%2C%22widget_partner%22%3A%22jetpack%22%2C%22widget_data_source%22%3A%22profile%3Awilbursecurity%22%2C%22query%22%3Anull%2C%22profile_id%22%3Anull%2C%22item_ids%22%3A%5B%221307441378029375490%22%2C%221304347055364755457%22%2C%221300226594192097281%22%2C%221298427907958878208%22%2C%221288311769442779141%22%5D%2C%22item_details%22%3A%7B%221307441378029375490%22%3A%7B%22item_type%22%3A10%2C%22target_type%22%3A0%2C%22target_id%22%3A%221307451529578897408%22%7D%2C%221304347055364755457%22%3A%7B%22item_type%22%3A10%2C%22target_type%22%3A0%2C%22target_id%22%3A%221304381222609653766%22%7D%2C%221300226594192097281%22%3A%7B%22item_type%22%3A10%2C%22target_type%22%3A0%2C%22target_id%22%3A%221300414003873828865%22%7D%2C%221298427907958878208%22%3A%7B%22item_type%22%3A0%7D%2C%221288311769442779141%22%3A%7B%22item_type%22%3A10%2C%22target_type%22%3A0%2C%22target_id%22%3A%221288499928990449666%22%7D%7D%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1600958247407%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22219d021%3A1598982042171%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline%22%2C%22component%22%3A%22timeline%22%2C%22element%22%3A%22initial%22%2C%22action%22%3A%22results%22%7D%7D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:37:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 129
pragma: no-cache
last-modified: Thu, 24 Sep 2020 14:37:27 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: a2c28e75fc295cf7bef32d460a92a0d2
x-transaction: 00813381000fd637
expires: Tue, 31 Mar 1981 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.twitter.com/	1970-01-20 06:13:50	Name: guest_id Value: v1%3A160095824609682500
.twitter.com/	1970-01-20 06:13:50	Name: personalization_id Value: "v1_qGz2dye1oFNZ5CzbagAjnQ=="
.twitter.com/	1970-01-19 12:52:43	Name: external_referer Value: padhuUp37zjSWWdXFzX2FqZSBqlKoa%2BR\|0\|8e8t2xd8A2w%3D
.twitter.com/	1970-01-19 12:44:04	Name: _gid Value: GA1.2.404439736.1600958246
.twitter.com/	1970-01-20 06:13:50	Name: _ga Value: GA1.2.801794957.1600958246

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://c0.wp.com/c/5.4.1/wp-includes/js/jquery/jquery-migrate.min.js(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

abs.twimg.com
api.pinterest.com
c0.wp.com
cdn.syndication.twimg.com
fonts.googleapis.com
fonts.gstatic.com
graph.facebook.com
i0.wp.com
i1.wp.com
i2.wp.com
pbs.twimg.com
pixel.wp.com
platform.twitter.com
stats.g.doubleclick.net
stats.wp.com
syndication.twitter.com
t.co
translate.google.com
translate.googleapis.com
www.google-analytics.com
www.gstatic.com
www.wilbursecurity.com
104.244.42.197
104.244.42.8
151.101.36.84
173.236.189.195
192.0.76.3
192.0.77.2
192.0.77.37
2606:2800:134:fa2:1627:1fe:edb:1665
2606:2800:233:8173:898f:63b3:95c3:79d2
2606:2800:234:59:254c:406:2366:268c
2a00:1450:4001:800::2003
2a00:1450:4001:801::2003
2a00:1450:4001:816::200e
2a00:1450:4001:818::200a
2a00:1450:4001:81b::200a
2a00:1450:4001:821::200e
2a00:1450:400c:c0c::9c
2a03:2880:f01c:800e:face:b00c:0:2
059d7f76a7662405100374530359da8f439f4b945864fafab45b834320a429e2
05e0aef7a4a534b6d70424be1624d403a408741207295cb3e9ad77e78c413f9e
074d9505d547acdfced56ba7203b153958881abceb7a19326029f652acb75191
0e73b6b648c5083d05a0fb212f636878a447987e1dc5c575dbba15c57d324fcc
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0f58eb0040fcec56911194841b95add9d1e01fd1cef585094cbedf4fdaacd548
10f53841cf6e192e69ce2e40d3c0a135f9ac97a85694949dd55d6797eb1a564f
13b5eece5a7359f9c0de2b4b3c24eeed42fa547e5811238bc9434dcc975bb101
187e39245a3c86e96970ba6171633923aa9d5638087911f343de048f01ab04dd
18b91aa55babf6a41b67ad376266712f9e07172f8ec8c6d06904f622f15527c9
195e8e91bc727766f427243d4cfb79cdc873639991600bf99e9d2cab5cad77c8
1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213
1c191a205bd2db2da719f7ed027c511dcba9f678be912f2178b989cbaedafde8
1cc0086d781a52a58ad99cf444aeed54d6ba81340bb10588c95219a686e971c1
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1e99034e4b75a1fb7ba372a3a950fa19ff4688d8561479b1a34dfcbde83ff3d8
291b553dee180f838e513bf2580c9af27f8312320581e3c91029a7c4d5eb2fbc
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2eda83496dffe9e0fa726cfec4815eaecb3f9f33fbb32765a6562cd200b1338f
331e60bff1c713f97346dbbee71648a91279368336d790832117cae98aab2abd
357eac5a1ab8249b3fc4569040b13d64795f5aa945ae3570f782d979015bef56
35b197a1318a08df4387aaa6aea34c9bf20caf6277e0ecb99c674b1941689686
3d31bf3ea6202a94a5ce4babcb3e3b62f0aab7ebd60c41e27e1d58d71bdcb22f
3dd1fe917f945fe363db54ae4b23e5ffa5c8d11db61cdfcea15adbae8456ca3d
3fa54e29f88aee644eaaac38e11681ea07858eb1ea76b1baae12597aae83fe82
4174af2a69329fd7bfbfb06dd5f2ea7b082b7d47ebb1bd6a36fe9035d2a41e92
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
42ecd6904f43af4e6cef62ddbeffa7b2b0b6c8ec5080a3e1deec4576f4294859
435f59b3220dca8b245fc1cf566facd7004a03899f94a6dd8aa23c1108f4a4da
437e5cc6f5f95a2601998bcb9f803ab3aab77830867e3fc63412225544c11192
45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc
472adfb5f891e4074d76959c498e6b0ff85bca498fce1351ed61b0875d0c741f
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
499ed3388d2e613c4580a284caff1798e27afc1bd66b6d3c7786ea10aaf80e66
4ccbe8989c9dcf22fea4349de935ed95c990027c283043b11ebd695838c129ee
4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b
4f9aab5097e64a6100a599d10cb32ad2d2bf2178ba327b0304eb49688d302d9c
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5423706be2e661936e7de6b0f936a44577cbceee3c01ceec9a8839b5052b7824
5ea4328fcc895d40ce918199bc6e94d0283e30ad86e11d0795ad90890992c9b9
5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
608c34a8a593eb8567534306f313bece8e821a39c98b48347b6eefd94c46d54d
6149f95c1ebdde5391898e22a79821a810336f6bd74318291b4f49f23fbf0fa8
61ec18d12af867de75f52b44caa758df62f068d14e72d629aabc6abef47dc1a2
626b16998d43ad0f46c2a1239f88e1797c9d13850f7bdce1597db080d419adf3
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
6b2226170d8e292cf76be29efed0dfc42555cfd811271f75762158d4b0d175f7
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d6cd55572e8be7aa03c122e0ef98bf72d91a2caa2dddfe3c7c5b50f67d2bd07
6dbb232375b69b4d94a41410724a797fe713f428180a9597d35e3a9351e653ba
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
719e13467f05af042eda62369ba7ef833003f971b7debedb34fbd6a940f0f5d0
756be0754e2fb03baa7557172087b0c9a44a3104c699f4f5ec3337d06cd797ad
7772a9cc35fc902c0cccb8871670ec3e45e4695e1bc6941aee1c24db3de8c544
7b9e6e9afd2cae72e40566f06a492d7621e0861516b3f754f29f84a2bb7cf30a
7d77dc8356ba07b55aa9a004458bebc2e4b8d4a96f5dee404e796dfdb2d1c67f
817f371f57f95d4b51c382a8e5d2936dcd1e1a9814f76484c36fd1f9b5aafd78
89a5dbccf9b44f6ae9155f1acd91c447c4436f213419904766f6fdf805304ef7
8a322ede0b619b9051fccbe2a1a31f402f416d45f92c245aafcbe75e42f6f2b2
96111f6970a401fb9f4a097432fe512662e6645bfda12ae2a10eb86ade3cebdc
9dae7ccfcb056fae430801afdb39049ffd3c7785bd5fd185ef301b323074e60c
9fefd76b6259b790fa9f3148a6fb12d98d85f189b961c5bdf29759e41eea95d1
a37ca4608218cccdfb8b6d4edbdfbf375d0e1368b46397e3b7049e0cbf5bc1f6
a4f5a5499c3740d4c4e410f5dc3286df0619ee505d8948d152f125a1b207c1b7
a6fef21fa8ce8ebe9fc9e3f5d85d59f12788b6429924501cce62b030114e0efe
a75a7bf10f415b7c91f0b959177f3f1779e78cbf735601e41fb982c2b1cf4be2
a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9
a8b16530224ab6db50c2ab417f171752a84d8f1fb5e241057ab94c4c4f4bd0c3
a9fc4241b0f617049217dd892f1d15f430abf06aded7496bc415e99debdc0064
ab348136f89da31581fc5c3fc565e9ff2fe83e7028d2f200696e45433a03cb0b
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
add5eb59303fea3c3fb7d7a61af708a69a40970e9705638c435c209e05e6e4f4
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
b3b3ae1a7774783c0139859aaf462d13f9fd414c882992adf23d1784064e82b3
b75c1287766e97e4a466909eba400e839a51c6582180ed3b72cdd6f06dce6939
b87a07305e3046dcd2d196cd48f602bbe094b1cd379c597ababa32ec1ba93933
b8b21d64cedfcc4b4fe329ffff14d84fe013c3e60c94bb0b207297eab92c3ec2
b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b
b958e0f47861dde13a175cc69494bdb54f08e2b5e78cecf6abd16470d2085257
bb43086ea481d9d9f90c3de6c07a9f783d68f949756de947f8d4d3858e896b44
bb7ce79486492d5a0c69d58dca52d2f163ee7b44fe9840ab49a61e7e50725e06
bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d
bce7e6ccc4f424a29134870522e46cdce28380e76c47f2e9be120420ffefc770
bcff580d2882df0a48496b40b9e8a4a4c988ef3c7ba033fa24cef3ed8cbb1b69
bf012c0d69f7eeba64c3397070d90ff114fd2c969a5bda2fbba9314407224513
bf25b1c0841d68cc55e738f52338cb8421a9dc23385bea5be5323b6132c32e0c
c32d7b5d245ae2494611dac3b378b953701290ef1b76d6fc5b0de25ac21f9822
c3f944c27b9ba1aee0e9fc66d319fccc301c95211d4bc6480378db8d11e62628
c41d546811fbb8d8814a6baebe537bdca6839064d164b36783e69fa025510ccd
c497ec0a19e8f62deaecdc2c66ba9c92441f6e9ee7e7ced334a51964cd846490
c588d8b896350d2ae2c740ac622ee3b3a0b2e3093167765e5b0f5fd1f1919b40
c6949f127174417a8b084a4dda9beadd19bf9743bd6a74bc06427d826d0a44af
ca782cbdd8cee7ccccef6983f6566c9c29e1aa5da753a81e65250fad30bb6359
ca7cfd0b774e18387fc778c21187ebc681df4d3ae55efcf8dc094d593850b576
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c
d4a0eb0c8e49f00f3dcdc781f799ced4ec731de1d3dfc095071dbf464b5b33cf
d5b7288f327425755badd771bd9807addb77d9a752890906f95eddfed131b627
d6860b3cb9f75ac276b81d9623c79d534ba8a16f5cd5bcd6a81256a5d560a37f
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
ded16b9cb72df85ea242aaef8878c716abb57c746f0bfda6eabd2b9ddb2a23b5
e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e
e28d860a51754d183f6f97432fd94046cd31afb7ce65c8ea179b0ff63b3d84fa
e2c0c0d87243456dfdccd8f70bd58504ada2f6b0e9adcd6fc6a7253b9081f996
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6762756464b430b5beb4c09a68a42e86b46eeb12a6cc1bf317ff8d9c2f835fa
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
fd206ccefbc20cf8c9a7b37623d88836f968ee1d4ec88e914df8f3da2b5e1692
fdbaf94b01146585fb9ac33b74b5c0252e507bd764e2d4031adb5789ed9d3482

www.wilbursecurity.com Open in urlscan Pro 173.236.189.195 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

108 Requests

100 %HTTPS

61 %IPv6

12 Domains

22 Subdomains

19 IPs

5 Countries

1308 kBTransfer

2143 kBSize

5 Cookies

16 Outgoing links

Page URL History

Redirected requests

108 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.wilbursecurity.com Open in urlscan Pro
173.236.189.195 Public Scan

Screenshot
Live screenshot

Full Image

108
Requests

100 %
HTTPS

61 %
IPv6

12
Domains

22
Subdomains

19
IPs

5
Countries

1308 kB
Transfer

2143 kB
Size

5
Cookies

108 HTTP transactions
7 data transactions