littlefield.co Open in urlscan Pro
52.5.181.79 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Effective URL:
https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
Submission: On March 23 via manual (March 23rd 2020, 3:15:17 pm UTC) from US

Summary HTTP 83 Redirects Links 33 Behaviour Indicators

Summary

This website contacted 13 IPs in 3 countries across 10 domains to perform 83 HTTP transactions. The main IP is 52.5.181.79, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is littlefield.co.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 30th 2019. Valid for: a year.

This is the only time littlefield.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 8	52.5.181.79 52.5.181.79	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2606:4700::68... 2606:4700::6810:7a7f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:6c0... 2a02:26f0:6c00:183::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
52	2606:4700::68... 2606:4700::6810:7991	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
1	143.204.208.18 143.204.208.18	16509 (AMAZON-02) (AMAZON-02)
1	99.86.3.84 99.86.3.84	16509 (AMAZON-02) (AMAZON-02)
2	52.20.81.85 52.20.81.85	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:214... 2600:9000:214f:b200:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:205... 2600:9000:2057:2e00:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
2	34.227.153.53 34.227.153.53	14618 (AMAZON-AES) (AMAZON-AES)
2	2600:1f18:24e... 2600:1f18:24e6:b900:df42:1c57:6342:57f9	14618 (AMAZON-AES) (AMAZON-AES)
10	34.194.182.13 34.194.182.13	14618 (AMAZON-AES) (AMAZON-AES)
83	13

8 52.5.181.79 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-5-181-79.compute-1.amazonaws.com

littlefield.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7a7f (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:183::13b8 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

52 2606:4700::6810:7991 (United States)

ASN13335 (CLOUDFLARENET, US)

glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.208.18 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-208-18.fra53.r.cloudfront.net

d1z2jf7jlzjs58.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.3.84 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-3-84.fra6.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.20.81.85 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-81-85.compute-1.amazonaws.com

srv-2020-03-23-15.pixel.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:b200:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2057:2e00:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.227.153.53 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-227-153-53.compute-1.amazonaws.com

errors.client.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:24e6:b900:df42:1c57:6342:57f9 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

browser-http-intake.logs.datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 34.194.182.13 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-194-182-13.compute-1.amazonaws.com

collector-medium.lightstep.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
53	medium.com 1 redirects medium.com glyph.medium.com miro.medium.com cdn-client.medium.com	1 MB
10	lightstep.com collector-medium.lightstep.com	2 KB
8	littlefield.co 1 redirects littlefield.co	44 KB
3	branch.io cdn.branch.io api2.branch.io	24 KB
3	optimizely.com cdn.optimizely.com errors.client.optimizely.com	89 KB
2	datadoghq.com browser-http-intake.logs.datadoghq.com	270 B
2	parsely.com srv-2020-03-23-15.pixel.parsely.com	765 B
2	google-analytics.com www.google-analytics.com	18 KB
1	app.link app.link	731 B
1	cloudfront.net d1z2jf7jlzjs58.cloudfront.net	17 KB
83	10

	Domain	Requested by
37	miro.medium.com	littlefield.co
10	collector-medium.lightstep.com	cdn-client.medium.com
10	cdn-client.medium.com	littlefield.co cdn-client.medium.com
8	littlefield.co	1 redirects cdn-client.medium.com
5	glyph.medium.com	littlefield.co
2	browser-http-intake.logs.datadoghq.com	cdn-client.medium.com
2	errors.client.optimizely.com	cdn-client.medium.com
2	api2.branch.io	cdn-client.medium.com
2	srv-2020-03-23-15.pixel.parsely.com	d1z2jf7jlzjs58.cloudfront.net
2	www.google-analytics.com	littlefield.co
1	app.link	cdn.branch.io
1	cdn.branch.io	littlefield.co
1	d1z2jf7jlzjs58.cloudfront.net	cdn-client.medium.com
1	cdn.optimizely.com	littlefield.co
1	medium.com	1 redirects
83	15

This site contains links to these domains. Also see Links.

Domain
medium.com
relianceacsn.co.uk
docs.microsoft.com
help.medium.com

Subject Issuer	Validity	Valid
littlefield.co Sectigo RSA Domain Validation Secure Server CA	`2019-10-30` - `2020-10-29`	a year	crt.sh
cdn.optimizely.com DigiCert SHA2 Secure Server CA	`2020-01-20` - `2021-03-20`	a year	crt.sh
*.medium.com DigiCert SHA2 Secure Server CA	`2018-07-31` - `2020-09-09`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2019-07-17` - `2020-07-05`	a year	crt.sh
*.branch.io DigiCert SHA2 Secure Server CA	`2018-12-05` - `2020-12-08`	2 years	crt.sh
*.pixel.parsely.com Let's Encrypt Authority X3	`2020-01-31` - `2020-04-30`	3 months	crt.sh
appipv4.link Amazon	`2019-08-19` - `2020-09-19`	a year	crt.sh
errors.client.optimizely.com DigiCert SHA2 High Assurance Server CA	`2018-09-24` - `2020-09-28`	2 years	crt.sh
*.logs.datadoghq.com COMODO RSA Domain Validation Secure Server CA	`2018-08-30` - `2020-08-29`	2 years	crt.sh
*.lightstep.com Let's Encrypt Authority X3	`2020-02-16` - `2020-05-16`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
Frame ID: 3C8EC061BEEAEC1013B5E9598580AA81
Requests: 87 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4 HTTP 302
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-... HTTP 302
https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936 Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

83
Requests

100 %
HTTPS

54 %
IPv6

10
Domains

15
Subdomains

13
IPs

3
Countries

1347 kB
Transfer

3229 kB
Size

10
Cookies

33 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&source=-----16d1e25f72f4---------------------smart_meter-
Title: create a free Medium account.

Search URL Search Domain Scan URL

URL: https://medium.com/?source=post_page-----16d1e25f72f4----------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&source=post_page-----16d1e25f72f4---------------------nav_reg-
Title: Sign in

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&source=post_page-----16d1e25f72f4---------------------nav_reg-
Title: Get started

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&source=-270d5850e432-------------------------follow_byline-
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/p/16d1e25f72f4/share/twitter?source=post_actions_header---------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/p/16d1e25f72f4/share/facebook?source=post_actions_header---------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&source=post_actions_header--------------------------bookmark_sidebar-

Search URL Search Domain Scan URL

URL: https://relianceacsn.co.uk/
Title: website

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010
Title: EternalBlue

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&source=post_sidebar--------------------------follow_sidebar-
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&source=post_sidebar-----16d1e25f72f4---------------------clap_sidebar-

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&source=post_sidebar--------------------------bookmark_sidebar-

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&source=post_actions_footer-----16d1e25f72f4---------------------clap_footer-

Search URL Search Domain Scan URL

URL: https://medium.com/p/16d1e25f72f4/share/twitter?source=post_actions_footer---------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/p/16d1e25f72f4/share/facebook?source=post_actions_footer---------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&source=post_actions_footer--------------------------bookmark_sidebar-

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&source=follow_footer-270d5850e432-------------------------follow_footer-
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&source=follow_footer--------------------------follow_footer-
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/p/16d1e25f72f4/responses/show?source=follow_footer--------------------------follow_footer-
Title: Write the first response

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&source=post_recirc-----b83da45779cd----0-----------------clap_preview-

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&source=post_recirc---------0-----------------bookmark_sidebar-

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&source=post_recirc-----299762164671----1-----------------clap_preview-

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&source=post_recirc---------1-----------------bookmark_sidebar-

Search URL Search Domain Scan URL

URL: https://medium.com/swlh/the-ncsc-are-giving-away-free-malware-simulators-41ce59738731?source=post_recirc---------2------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&source=post_recirc-----41ce59738731----2-----------------clap_preview-

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&source=post_recirc---------2-----------------bookmark_sidebar-

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=post_page-----16d1e25f72f4----------------------
Title: Discover Medium

Search URL Search Domain Scan URL

URL: https://medium.com/topics?source=post_page-----16d1e25f72f4----------------------
Title: Make Medium yours

Search URL Search Domain Scan URL

URL: https://medium.com/membership?source=post_page-----16d1e25f72f4----------------------
Title: Become a member

Search URL Search Domain Scan URL

URL: https://help.medium.com/?source=post_page-----16d1e25f72f4----------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://medium.com/policy/9db0094a1e0f?source=post_page-----16d1e25f72f4----------------------
Title: Legal

Search URL Search Domain Scan URL

URL: https://medium.com/policy/f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4 HTTP 302
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4 HTTP 302
https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

83 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4 Show response
littlefield.co/
Redirect Chain

https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

227 KB
44 KB

614ms
614ms

Document
text/html

52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

d9cf449df847d07405d9fd7866f876e9672e59d7a7cccdab7d64b559ffe89b98

Security Headers

Name	Value
X-Frame-Options	allow-from medium.com

Request headers

:method: GET
:authority: littlefield.co
:scheme: https
:path: /threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: document
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

status: 200
server: nginx
date: Mon, 23 Mar 2020 15:14:54 GMT
content-type: text/html; charset=utf-8
set-cookie: uid=lo_hpiyrL0FAfl3; path=/; expires=Tue, 23 Mar 2021 15:14:53 GMT; samesite=none; secure; httponly sid=1:/dQ0+C9FiuXjOyl2VtNfZmPVpizA5CYRQ9Pwy/N/4GWaQMhFEOdlRh0nSZ8GIkoK; path=/; expires=Tue, 23 Mar 2021 15:14:53 GMT; samesite=none; secure; httponly optimizelyEndUserId=lo_hpiyrL0FAfl3; path=/; expires=Tue, 23 Mar 2021 15:14:53 GMT; samesite=none; secure
sepia-upstream: production
x-frame-options: allow-from medium.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
medium-fulfilled-by: lite/master-20200320-224727-5e15de01d1, rito/master-20200320-232532-bbc05310ae, tutu/medium-40402
etag: W/"38ad1-Z03srF0TqUmJCm/EiE5Gg/6MxHo"
vary: Accept-Encoding
content-encoding: gzip
x-envoy-upstream-service-time: 448

Redirect headers

status: 302
date: Mon, 23 Mar 2020 15:14:53 GMT
content-type: application/octet-stream
set-cookie: __cfduid=d30f1b882ccc1f1b3d62348d5641796921584976493; expires=Wed, 22-Apr-20 15:14:53 GMT; path=/; domain=.medium.com; HttpOnly; SameSite=Lax uid=lo_hpiyrL0FAfl3; Expires=Tue, 23-Mar-21 15:14:53 GMT; Domain=.medium.com; Path=/; Secure; HttpOnly sid=1:uj06ipJ0uzhVnPGxMjH5TSknc0kpvL5czOownvi+MsG8E8FA7vJ/cbg54XR3iW3i; path=/; expires=Tue, 23 Mar 2021 15:14:53 GMT; domain=.medium.com; samesite=none; secure; httponly optimizelyEndUserId=lo_hpiyrL0FAfl3; path=/; expires=Tue, 23 Mar 2021 15:14:53 GMT; domain=.medium.com; samesite=none; secure __cfruid=65b2a47d6a24bab8068f0422647a72afe27f5f03-1584976493; path=/; domain=.medium.com; HttpOnly; Secure; SameSite=None
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
x-powered-by: Medium
x-obvious-tid: 1584976493722:48355cad368d
x-obvious-info: 40405-e7ccf67,e7ccf672b2f
link: <https://medium.com/humans.txt>; rel="humans"
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Thu, 09 Sep 1999 09:09:09 GMT
pragma: no-cache
location: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 57891acd4d016401-FRA
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400

GET
H2 200 16180790160.js Show response
cdn.optimizely.com/js/ 293 KB
88 KB 22ms
11ms Script
text/javascript 2a02:26f0:6c00:183::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/js/16180790160.js

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:183::13b8 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4e3e25cbf845d084cdb8cc1b96c34047fda2a038e3573b862dfb259515064057

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-meta-pci_enabled: False
x-amz-version-id: dMwZGddTTU5ZauosVGd1Tcy3iLbl07IZ
content-encoding: gzip
x-amz-request-id: 51E15DBCF22606C0
status: 200
access-control-max-age: 86400
date: Mon, 23 Mar 2020 15:14:54 GMT
x-amz-replication-status: COMPLETED
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="4";dur=0,cdnip;desc="2a02:26f0:6c00:183::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security: max-age=15768000
content-length: 89696
x-amz-id-2: 5gywFSrsPajOou5AH8d0b1vKUwAbaW2w2LiUfKDfyixw05JcPRGrDopimeU9MZ6bQspGY9sQFG4=
last-modified: Fri, 20 Mar 2020 21:13:13 GMT
server: AmazonS3
etag: "742066dbb48f8b80b6b6f84830fef8b2"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: x-amz-meta-revision
cache-control: max-age=120
x-amz-meta-revision: 1390
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 m2.css
glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/ 44 KB
29 KB 61ms
38ms Stylesheet
text/css 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

087a4c7aa118304c5ce85d5917d95a49b3c93204ef3500752dfde52595e4eac6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1047
status: 200
access-control-max-age: 86400
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-ray: 57891ad27b3c16f2-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Mon, 23 Mar 2020 19:14:54 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 5ms
5ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 2179
date: Mon, 23 Mar 2020 14:38:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 18174
expires: Mon, 23 Mar 2020 16:38:35 GMT

GET
DATA 200
OK truncated
/ 9 KB
9 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 99c5448d6c84fc71d6805e2485727db250113edcaea123a064f8c26ce95947d8

Request headers

Origin: https://littlefield.co
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: font/opentype

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
101 B 13ms
13ms Image
image/gif 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=681465241&t=pageview&_s=1&dl=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4%3Fgi%3D1c7e76bec936&ul=en-us&de=UTF-8&dt=Three%E2%80%99s%20a%20crowd%3A%20New%20Trickbot%2C%20Emotet%20%26%20Ryuk%20Ransomware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=1204692089&gjid=590146201&cid=965592399.1584976495&tid=UA-24232453-2&_gid=1568502256.1584976495&_r=1&z=844674256

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1*EXwI4t-1fjjlzaMTFtKSHA.gif
miro.medium.com/freeze/max/72/ 2 KB
2 KB 50ms
48ms Image
image/jpeg 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/freeze/max/72/1*EXwI4t-1fjjlzaMTFtKSHA.gif

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

d3e0198833e6c6d2081150728be187f64c8d2364c741ebd2aa50ab372213b1e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1543690
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3203-7aaf868
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 2367
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad2ec9a16f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 2*3qlsgWy6usf979IqEvjy-g.jpeg
miro.medium.com/fit/c/96/96/ 6 KB
6 KB 46ms
43ms Image
image/jpeg 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/96/96/2*3qlsgWy6usf979IqEvjy-g.jpeg

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1f1dc3e5d44b470f527725e1d6b26b8edfd787c00e0440052de2673e3f0755e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 881799
status: 200
x-envoy-upstream-service-time: 41
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 5862
pragma: public
sepia-upstream: production
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/master-20200306-212236-0265c6057d
accept-ranges: bytes
cf-ray: 57891ad2ec9c16f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*jcebPtknjotpAMvZhPSSwQ.png
miro.medium.com/max/60/ 832 B
968 B 122ms
119ms Image
image/jpeg 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*jcebPtknjotpAMvZhPSSwQ.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

b3986390b8cc1d94f35926722bdc434fc12571434662e5e5902a9ccb67c34733

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3196-7da812a
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 832
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad2ec9216f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*5yfWsFL3iRqAfXjpI8N1IQ.png
miro.medium.com/max/60/ 2 KB
2 KB 35ms
32ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*5yfWsFL3iRqAfXjpI8N1IQ.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd73917d3ea9303fcd26ca018b4e0a688516e534d1439951ed8dc4f5e1f38f4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13953
status: 200
x-envoy-upstream-service-time: 37
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 1935
pragma: public
sepia-upstream: production
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/master-20200213-205445-4ba1a2a3c1
accept-ranges: bytes
cf-ray: 57891ad2ec9516f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*rzB-CxV4YVB6DUOmoN4sTg.png
miro.medium.com/max/60/ 2 KB
2 KB 142ms
140ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*rzB-CxV4YVB6DUOmoN4sTg.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d15ba251dd1484d21a4c1046bce18e0c6410f1ffba76c74e65d2eb1e006cab34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
x-envoy-upstream-service-time: 27
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 2385
pragma: public
sepia-upstream: production
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/master-20200317-212921-e02ba911e3
accept-ranges: bytes
cf-ray: 57891ad2ec9716f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*v6SGIUCA8qN0S-x8GIVtRA.png
miro.medium.com/max/60/ 3 KB
3 KB 36ms
34ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*v6SGIUCA8qN0S-x8GIVtRA.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

0334d48bbe13eaa107c6a9044247b0185e8a24957bbd2735ade4edcde9282219

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13953
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 3124
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad2ec8f16f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*4rNjNwKzHZCSxGchGpmWnw.png
miro.medium.com/max/60/ 3 KB
3 KB 26ms
26ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*4rNjNwKzHZCSxGchGpmWnw.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

86b22b2ae4234f87d2fa8996a23553e5e42cb390ac62b8a0ed328fc7dd5b67d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13952
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3196-7da812a
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 2694
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad31d2b16f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*n2uSrxIFvZNAwqwBKZkKOg.png
miro.medium.com/max/60/ 3 KB
4 KB 142ms
141ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*n2uSrxIFvZNAwqwBKZkKOg.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ea437c9f867fe257a03740cba0ca6521d8b2f0e7698499b8cd27434d8297298

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
x-envoy-upstream-service-time: 31
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 3516
pragma: public
sepia-upstream: production
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/master-20200226-233148-f8c889d0ca
accept-ranges: bytes
cf-ray: 57891ad31d3516f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*HKKAIoLrmLlcYp39WRDEMQ.png
miro.medium.com/max/60/ 2 KB
2 KB 120ms
119ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*HKKAIoLrmLlcYp39WRDEMQ.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

c1a57f0b61edd6127a7e5d6b9585cd365319c28e601dfffc7476b1c52c584420

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3203-7aaf868
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 2342
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad32d6f16f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*RvnmHsOCQaag7jplRz8JaQ.png
miro.medium.com/max/60/ 2 KB
2 KB 27ms
26ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*RvnmHsOCQaag7jplRz8JaQ.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

f366013224aa25b220a49ac4ffb5de57e9b1bbf86ff039dfa344f66f9e0593e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13952
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3196-7da812a
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 1670
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad33d8d16f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*U9vmO5unTyHatOOvaZBjXA.png
miro.medium.com/max/60/ 3 KB
3 KB 122ms
122ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*U9vmO5unTyHatOOvaZBjXA.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f04b1c52c7ca82a31618955d49104f11fb6cdccff96f1062848bd3e88094a96

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
x-envoy-upstream-service-time: 37
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 2614
pragma: public
sepia-upstream: production
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/master-20200306-212236-0265c6057d
accept-ranges: bytes
cf-ray: 57891ad34dd716f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*WkWKre9n5ObNSH9osAOqAA.png
miro.medium.com/max/60/ 2 KB
2 KB 29ms
29ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*WkWKre9n5ObNSH9osAOqAA.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

119c1d01aab9911cd2edaec947604ee5b07675e996e8020b37fb6414b2b6555f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13952
status: 200
x-envoy-upstream-service-time: 21
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
pragma: public
sepia-upstream: production
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/master-20200213-205445-4ba1a2a3c1
cf-ray: 57891ad35e1616f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*pUIk4mUzKZX8pS11ik6MGQ.png
miro.medium.com/max/60/ 1 KB
2 KB 34ms
33ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*pUIk4mUzKZX8pS11ik6MGQ.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

fc3c4e87b1887524ae0946b562e72ab2da4e09e4540132c67a03aebd45d2be5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13952
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3203-7aaf868
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 1443
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad38eaf16f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*bRp2gW0V2xeYsn2aIUHRtw.png
miro.medium.com/max/48/ 4 KB
4 KB 24ms
23ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/48/1*bRp2gW0V2xeYsn2aIUHRtw.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

7d23e5262a00120077da3d01613ccff2035f072c3e47dcb00c045e7385fb7d8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13952
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3196-7da812a
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 4492
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad3cf4116f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*NbdgkDwjxxcmkuzDR-cQGg.png
miro.medium.com/max/60/ 1 KB
1 KB 31ms
30ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*NbdgkDwjxxcmkuzDR-cQGg.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9181e08df77a7ebddd47bffe42d36e5a7d3504b321baad2581ba2887cbac5e13

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13952
status: 200
x-envoy-upstream-service-time: 39
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 1355
pragma: public
sepia-upstream: production
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/master-20200306-212236-0265c6057d
accept-ranges: bytes
cf-ray: 57891ad3cf4216f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*tpz8nlqmuWNpOEZoov-7Og.png
miro.medium.com/max/60/ 2 KB
2 KB 38ms
38ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*tpz8nlqmuWNpOEZoov-7Og.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45d498a1a3af7c5ccdc6491b3fa67ef434ceb4b9daa2b6ca1edd42b6eb9655f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13951
status: 200
x-envoy-upstream-service-time: 35
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 1601
pragma: public
sepia-upstream: production
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/master-20200306-212236-0265c6057d
accept-ranges: bytes
cf-ray: 57891ad3cf4416f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*QB9KIf-SGdQww48p5IYLCw.png
miro.medium.com/max/60/ 1 KB
1 KB 28ms
26ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*QB9KIf-SGdQww48p5IYLCw.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

be843c4550d2c3d689a3c50ebecc7a57a4ecc50faa804936b4e04660ba6654fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13951
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 1155
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad3efa316f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*47y-_nDOjCoQonS1sSSrRg.png
miro.medium.com/max/60/ 2 KB
2 KB 47ms
46ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*47y-_nDOjCoQonS1sSSrRg.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47285c1fd5c68a5ba634d82375d46948b31b6792b77ec7b01b65fb5c81eb4894

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13951
status: 200
x-envoy-upstream-service-time: 52
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 2184
pragma: public
sepia-upstream: production
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/master-20200318-221412-0f074c9912
accept-ranges: bytes
cf-ray: 57891ad3efa616f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*0R37Tferk_cvhW3PzVB_Dw.png
miro.medium.com/max/60/ 4 KB
4 KB 125ms
121ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*0R37Tferk_cvhW3PzVB_Dw.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6a8ed50e2a1f562651d85cf55481b4d2178e9e88a85ee866bf677bf745e185b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
x-envoy-upstream-service-time: 47
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 3779
pragma: public
sepia-upstream: production
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/master-20200306-212236-0265c6057d
accept-ranges: bytes
cf-ray: 57891ad40fee16f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*vfxllow-tOJKAyIHFSSXJg.png
miro.medium.com/max/60/ 2 KB
3 KB 36ms
34ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*vfxllow-tOJKAyIHFSSXJg.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

980f8fe7d702700311530e692fc4f62851dc4dad59da7337ac7b40dd837c74ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13950
status: 200
x-envoy-upstream-service-time: 98
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 2374
pragma: public
sepia-upstream: production
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/master-20200306-212236-0265c6057d
accept-ranges: bytes
cf-ray: 57891ad40ff216f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*RKrbjABTXIAl0MelP5RNYA.png
miro.medium.com/max/60/ 1 KB
2 KB 21ms
21ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*RKrbjABTXIAl0MelP5RNYA.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

5b860c65f7f44e8eb5fa75ebec3944e86dec91edc3437cf9b7a423e689d54b6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13950
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3218-3214b4d
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 1527
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad40ffd16f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*KRwOoPqpeUvwOagJjkwGOg.png
miro.medium.com/max/60/ 961 B
1 KB 129ms
129ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*KRwOoPqpeUvwOagJjkwGOg.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de19520c7f0c45668cbdf93004bf946ce1e06d9dec7ddeb691e7e36d71b4990d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
x-envoy-upstream-service-time: 35
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 961
pragma: public
sepia-upstream: production
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/master-20200306-212236-0265c6057d
accept-ranges: bytes
cf-ray: 57891ad4081716f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*YZXZI5OefmXV_bLXWI9URA.png
miro.medium.com/max/52/ 5 KB
5 KB 40ms
40ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/52/1*YZXZI5OefmXV_bLXWI9URA.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

ba264612d493a184210158fb8070f92ee3a016c3cac0ee8ed32ac4158499abf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13950
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3196-7da812a
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 4830
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad4184516f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*_wjnQ2j1BMWcc88Ca8xOlw.png
miro.medium.com/max/60/ 1 KB
1 KB 30ms
30ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*_wjnQ2j1BMWcc88Ca8xOlw.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

2043b3ea38eca4f7f7e3e921e40a9200974e1fe04e1eee37cf898a79d7e89f57

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13950
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3196-7da812a
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 1361
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad4287416f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*9FD996lMdO4--RKwvog_Pw.png
miro.medium.com/max/60/ 2 KB
2 KB 181ms
181ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*9FD996lMdO4--RKwvog_Pw.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3a0305d68f71b4fa81a04180b7c690f50214d62d9e6aba933229ac1a51d3c1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
x-envoy-upstream-service-time: 49
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 1931
pragma: public
sepia-upstream: production
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/master-20200320-215627-59dcb187a4
accept-ranges: bytes
cf-ray: 57891ad4389116f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*tI7SBg2xTwDXTDunGL1K0g.png
miro.medium.com/max/60/ 3 KB
3 KB 24ms
23ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*tI7SBg2xTwDXTDunGL1K0g.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

098090a5b77ebc2706425c14f6c800857e86f41e70fa5ec6293a256e0248b8f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13949
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3210-6a9380d
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 2590
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad4389716f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*Et1BpjlD-fNsyLBfflVZzA.png
miro.medium.com/max/60/ 2 KB
3 KB 129ms
129ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*Et1BpjlD-fNsyLBfflVZzA.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

faf9dbef29ddc3d9150322f67e6a0ee2756ffeeaad362c856215b7e251f3b21f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3197-fb89d63
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 2517
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad458dd16f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*-1MPQorOSBWWNWXKLYqozA.png
miro.medium.com/max/60/ 1 KB
1 KB 158ms
158ms Image
image/jpeg 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*-1MPQorOSBWWNWXKLYqozA.png?q=20

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39d1d684ea29a9fc9deb35c90bdbb8657f838db7be40229e55edabd4115c69ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
x-envoy-upstream-service-time: 35
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 1061
pragma: public
sepia-upstream: production
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/master-20200213-205445-4ba1a2a3c1
accept-ranges: bytes
cf-ray: 57891ad458e216f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 2*3qlsgWy6usf979IqEvjy-g.jpeg
miro.medium.com/fit/c/160/160/ 12 KB
12 KB 21ms
21ms Image
image/jpeg 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/160/160/2*3qlsgWy6usf979IqEvjy-g.jpeg

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

ce7fd479f9b79ae6e18dad599f2d3e76f4e3d6f5c361ac2b86ebbed6ebf8da84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 881799
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 12295
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad468ea16f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*EXwI4t-1fjjlzaMTFtKSHA.gif
miro.medium.com/freeze/fit/c/160/160/ 6 KB
7 KB 37ms
37ms Image
image/jpeg 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/freeze/fit/c/160/160/1*EXwI4t-1fjjlzaMTFtKSHA.gif

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

ba0782ca15d607ab8a033d108ac94cb0a773d7fc20c5bd699cdc05015d7a0225

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 412624
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3202-b3dbcc5
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 6495
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad4894516f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 2*3qlsgWy6usf979IqEvjy-g.jpeg
miro.medium.com/fit/c/80/80/ 4 KB
4 KB 26ms
25ms Image
image/jpeg 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/2*3qlsgWy6usf979IqEvjy-g.jpeg

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

ac2eecdd14ab27e28375012cec6828a90ac6050d6cb14f61829d569a4f848764

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1310977
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3197-fb89d63
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 4425
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad4c9f916f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 2*DgOjFQzyxCP-IVRbf_-xaQ.jpeg
miro.medium.com/fit/c/80/80/ 3 KB
3 KB 24ms
23ms Image
image/jpeg 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/2*DgOjFQzyxCP-IVRbf_-xaQ.jpeg

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

35e1b71340a5cdf107fe8584465d8aa0a69060d44751a1d20d8af6ef94cb5a30

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 618055
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3203-7aaf868
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 3337
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad4ca0216f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
DATA 200
OK truncated
/ 156 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4c0cc04185396c9a83cfda3644c23327d7d8ff9247157c438575b83713894173

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 1*-wHa7HeiH4dMVNgyqzQGig.png
miro.medium.com/max/656/ 91 KB
91 KB 24ms
24ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/656/1*-wHa7HeiH4dMVNgyqzQGig.png

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

a372d28be3865d8e171c5007439e4b7c2634a3f639afc6fd6f5c66794ef47182

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 881773
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3203-7aaf868
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 92826
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad4da4016f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 0*-YruL48rd3NSBMeV.png
miro.medium.com/max/656/ 43 KB
44 KB 41ms
41ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/656/0*-YruL48rd3NSBMeV.png

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

6eb2c00c2f1b0e850d7c204f22567b7f53001829f0bba952f840f91d33ca5238

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1208323
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3218-3214b4d
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 44522
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad4fa7e16f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
H2 200 1*1BQDVRR55AQViThozlMEWA.png
miro.medium.com/max/656/ 40 KB
40 KB 32ms
32ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/656/1*1BQDVRR55AQViThozlMEWA.png

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

b3d54a00a66bc07e8b29b40646cac7052b9d37d0e8cdf61d92d68600e9cb7070

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2006342
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3203-7aaf868
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 40475
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891ad4fa8216f2-FRA
expires: Wed, 22 Apr 2020 15:14:54 GMT

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1ed6a034a5055a869c7c25765ee1f2844a27a54e83e8a857d77b3f1cd83dd3

Request headers

Origin: https://littlefield.co
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: font/opentype

GET
H2 200 fell-400-normal.woff
glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 14 KB
14 KB 59ms
46ms Font
application/font-woff 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/fell-400-normal.woff

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f57137897a4e676f0d2199b79def1a95b253a1a938dff9d8ba10519f3beb2b08

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css
Origin: https://littlefield.co
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 682590
status: 200
access-control-max-age: 86400
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 57891ad31c3dc2d6-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 23 Mar 2021 15:14:54 GMT

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a3d669b687929b3aa777fdd2c400c2b8c6b794978536a64d7e1f71edcf8037e8

Request headers

Origin: https://littlefield.co
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: font/opentype

GET
H2 200 charter-400-italic.woff
glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 10 KB
11 KB 47ms
34ms Font
application/font-woff 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-italic.woff

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0b9a9e4ea994c106a4fc595828ca1332b2cd0435d5d159d26d1773344d97367

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css
Origin: https://littlefield.co
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 399977
status: 200
access-control-max-age: 86400
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 57891ad31c40c2d6-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 23 Mar 2021 15:14:54 GMT

GET
H2 200 marat-sans-400-normal.woff
glyph.medium.com/font/d8659c9/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 14 KB
14 KB 49ms
42ms Font
application/font-woff 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/d8659c9/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/marat-sans-400-normal.woff

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12fe85ec038af8c41ba830412520589dbd125d417913c10a57838ac92ab96192

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css
Origin: https://littlefield.co
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 886092
status: 200
access-control-max-age: 86400
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 57891ad31c42c2d6-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 23 Mar 2021 15:14:54 GMT

GET
H2 200 charter-400-normal.woff
glyph.medium.com/font/be78681/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 19 KB
19 KB 33ms
33ms Font
application/font-woff 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/be78681/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/charter-400-normal.woff

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc72a2ca45067a3d17fed4cd8776fec5dca3b9ecd7300e107f9256a86a0c8b2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css
Origin: https://littlefield.co
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 682590
status: 200
access-control-max-age: 86400
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 57891ad32c5bc2d6-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 23 Mar 2021 15:14:54 GMT

GET
H2 200 manifest.b60ca999.js Show response
cdn-client.medium.com/lite/static/js/ 4 KB
2 KB 24ms
22ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.b60ca999.js

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53b064007b84cb890ed2b5b9d7ebdbdd0cdcb82ed287aec13f7f3f11854be13c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 230734
cf-ray: 57891ad37e4d16f2-FRA
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-amz-request-id: FC8C5B559F5CF123
x-amz-id-2: GWqg14LM/crXx37n6gzY4Py52VqD1bI15QDDrZ73Sgr97ya7HymLDw/rQsTKLHyWz6hiz0Vk390=
last-modified: Fri, 20 Mar 2020 22:53:49 GMT
server: cloudflare
etag: W/"247ee710663ea9b2d6ffd294b948d6ec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: FFx3UzeqJtwirOYZL6t.rqWhZ8KjIcQ2
vary: Accept-Encoding
cache-control: public, max-age=31536000
content-type: application/javascript
expires: Tue, 23 Mar 2021 15:14:54 GMT

GET
H2 200 vendors~main.504f36d6.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 754 KB
197 KB 25ms
23ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/vendors~main.504f36d6.chunk.js

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98eed91bc76d46dae3740cc82ad249e686a59cf83add22875a3800b93b45bab1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 609081
cf-ray: 57891ad36e4a16f2-FRA
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-amz-request-id: FF180C9D1A70E580
x-amz-id-2: gQ7ZSm7/L6Aaz9JzH9qO4wSUlScHnM4jdqzP02psDZxGtZfswn5CfO+vTqvQQCXCtrNM9Qh+BHY=
last-modified: Fri, 13 Mar 2020 23:27:39 GMT
server: cloudflare
etag: W/"ddac7af7a5db43780c240267ddc6d0ca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: vljQmwwS7g5RAFw63vfDbIZwyukm0fPy
vary: Accept-Encoding
cache-control: public, max-age=31536000
content-type: application/javascript
expires: Tue, 23 Mar 2021 15:14:54 GMT

GET
H2 200 main.a60690d5.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 467 KB
107 KB 83ms
81ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.a60690d5.chunk.js

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b36da70234ce6fea51fd95adfeca6f167ed6e509e3282cc90480227730b4914

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 243047
cf-ray: 57891ad37e5316f2-FRA
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-amz-request-id: 99784935A21A953E
x-amz-id-2: d9BZMNcWOnwfWFjdYw/85njeCASiGgSuqb8yUOazNldZfdZfJLTil9RLZdf2jSLr8NZKKsiF+7I=
last-modified: Fri, 20 Mar 2020 19:42:11 GMT
server: cloudflare
etag: W/"b0001c05cbf65c742ae741cbfa301cbe"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: vudTJ2Sc4Bp_G49nYtFW1bT8KYNngtLY
vary: Accept-Encoding
cache-control: public, max-age=31536000
content-type: application/javascript
expires: Tue, 23 Mar 2021 15:14:54 GMT

GET
H2 200 vendors~screen.collection.packageBuilder~screen.collection.styleEditor~screen.debug.cachedPost~scree~21f3676b.7d5798ea.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 36 KB
15 KB 32ms
30ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/vendors~screen.collection.packageBuilder~screen.collection.styleEditor~screen.debug.cachedPost~scree~21f3676b.7d5798ea.chunk.js

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f2a3a2921ac407ec2b0fb9b700775f84b5650d31818d80c34686d70426c6e16

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 491675
cf-ray: 57891ad37e5716f2-FRA
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-amz-request-id: EEA87D1BBFCB103B
x-amz-id-2: F2cpWT1zLWgs2ct9G40txK7eIwR6h0sPwv6//jBT2e0SVywxMcwTvrY7wXUgJR3GSAg6y0qRr9A=
last-modified: Tue, 17 Mar 2020 22:29:15 GMT
server: cloudflare
etag: W/"a7997d09c0d28bd399889679cbb44a6f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: zlosWmpR0XsB9mUlETwFzobyBss92VQ8
vary: Accept-Encoding
cache-control: public, max-age=31536000
content-type: application/javascript
expires: Tue, 23 Mar 2021 15:14:54 GMT

GET
H2 200 screen.collection.packageBuilder~screen.collection.styleEditor~screen.debug.cachedPost~screen.landin~fb9a2ae7.756408b4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 155 KB
40 KB 89ms
88ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/screen.collection.packageBuilder~screen.collection.styleEditor~screen.debug.cachedPost~screen.landin~fb9a2ae7.756408b4.chunk.js

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7fb63491617dcb725696cb640597c6532670d3ad43e93f84a71ebae58098aa80

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 231660
cf-ray: 57891ad37e5016f2-FRA
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-amz-request-id: D5C5C5207057A7F9
x-amz-id-2: vktHpWWmQQVBTpf4U/K7aPOluQPVFJGUz18pNVa48oFF1FhgGUvQF3aKBGGrx1nPxXy+YD2x/vA=
last-modified: Fri, 20 Mar 2020 22:46:25 GMT
server: cloudflare
etag: W/"2ed8f42e220e752829e6e63b3fe29342"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: BHIiBkEUqsTxxZk.e1siTnU_7YrSnTv2
vary: Accept-Encoding
cache-control: public, max-age=31536000
content-type: application/javascript
expires: Tue, 23 Mar 2021 15:14:54 GMT

GET
H2 200 screen.collection.styleEditor~screen.debug.cachedPost~screen.landingpages.tribute~screen.post~screen~fecfa2ed.e3a1e6b5.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 48 KB
14 KB 24ms
23ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/screen.collection.styleEditor~screen.debug.cachedPost~screen.landingpages.tribute~screen.post~screen~fecfa2ed.e3a1e6b5.chunk.js

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

becdcb1f03731e6c559e13b1f358ecd96e91ca30454cf7454301ec9307250dca

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 402452
cf-ray: 57891ad38eae16f2-FRA
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-amz-request-id: C8DBBF1BFCC130D7
x-amz-id-2: k/i2SamIUNpWqxIG4w7pIjLEX8ozs3RBv9F/+Mm/zYtfB02pvzPl3ZrPRCqPBEUtsnWPdpgKL1c=
last-modified: Wed, 18 Mar 2020 23:14:25 GMT
server: cloudflare
etag: W/"c936602d740d79bad31c97602888287d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: .l_svUE_hf1KIlfuMnARwb1kMH3Y0Oku
vary: Accept-Encoding
cache-control: public, max-age=31536000
content-type: application/javascript
expires: Tue, 23 Mar 2021 15:14:54 GMT

GET
H2 200 screen.debug.cachedPost~screen.landingpages.tribute~screen.muted.settings~screen.post~screen.post.am~d3a2d9f2.fb4ffbda.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 53 KB
14 KB 25ms
25ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/screen.debug.cachedPost~screen.landingpages.tribute~screen.muted.settings~screen.post~screen.post.am~d3a2d9f2.fb4ffbda.chunk.js

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be2687a478f013a2126ab1ae432159621a02a80ffbd0fa1b651a75791fcd044e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 402452
cf-ray: 57891ad3aed416f2-FRA
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-amz-request-id: FDDFE40E134ED141
x-amz-id-2: WNNDq8AyYtBawyKaphOtv1OtrpgohDacgq6HcHU5PvuATRjYIJOeEhWg6MmkkFohQ+1NvXh/DXY=
last-modified: Wed, 18 Mar 2020 23:14:25 GMT
server: cloudflare
etag: W/"567ec26f6d4b5495bdfdf57a06e822fd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: SYffSz8acxe1hyA1wiRv.tLXPzYS8En4
vary: Accept-Encoding
cache-control: public, max-age=31536000
content-type: application/javascript
expires: Tue, 23 Mar 2021 15:14:54 GMT

GET
H2 200 screen.post.b3ab6cf8.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 264 KB
61 KB 30ms
29ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/screen.post.b3ab6cf8.chunk.js

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41e9f9b800bd393d62f8f829869da3a539cd0c4125825d000e8aa09ce9b39215

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 23 Mar 2020 15:14:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 230734
cf-ray: 57891ad3bf1416f2-FRA
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-amz-request-id: D63C9ACFD0A2F0BF
x-amz-id-2: bZDV4rtbb5spu8I9SK5Ns+VT6wWBfYLk0AP+7oZEdtUbv2YQhPPC/mceNpnseKw1QeSB1VhG5P4=
last-modified: Fri, 20 Mar 2020 22:53:54 GMT
server: cloudflare
etag: W/"f1ab7577a5540529dcf756992bad6426"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: TdEVJqfLQBOj7pI5e.V1LomLH7JWBdy3
vary: Accept-Encoding
cache-control: public, max-age=31536000
content-type: application/javascript
expires: Tue, 23 Mar 2021 15:14:54 GMT

POST
H2 200 graphql Show response
littlefield.co/_/ 94 B
360 B 214ms
214ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://littlefield.co/_/graphql
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.504f36d6.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-5-181-79.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f56aa23c362a922e9d232e57749295f17eee7503bad0b76d1613649718881b98

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
Origin: https://littlefield.co
ot-tracer-sampled: true
ot-tracer-traceid: 35b352d0322f23fc
Graphql-Operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
Sec-Fetch-Dest: empty
Medium-Frontend-App: lite/master-20200320-224727-5e15de01d1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
apollographql-client-version: master-20200320-224727-5e15de01d1
ot-tracer-spanid: 3d9fe1701cee88ee

Response headers

date: Mon, 23 Mar 2020 15:14:55 GMT
sepia-upstream: production
server: nginx
etag: W/"5e-6N63FsyyUB5+eM38Zlop+2dnP8k"
status: 200
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: rito/master-20200320-232532-bbc05310ae, tutu/medium-40402
x-envoy-upstream-service-time: 104
content-length: 94
x-request-received-at: 1584976495323

GET
H/1.1 200
OK p.js Show response
d1z2jf7jlzjs58.cloudfront.net/keys/medium.com/ 41 KB
17 KB 65ms
22ms Script
application/x-javascript 143.204.208.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1z2jf7jlzjs58.cloudfront.net/keys/medium.com/p.js
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.a60690d5.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.208.18 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-208-18.fra53.r.cloudfront.net
Software: nginx /
Resource Hash: 58711bafae315df048e1bc0c36ae1dfd017810b34fd9b4b021f774694397baad

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Mon, 23 Mar 2020 11:00:42 GMT
Content-Encoding: gzip
Age: 15249
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Pragma: public
Last-Modified: Mon, 07 Oct 2019 18:17:48 GMT
Server: nginx
ETag: W/"5d9b814c-a469"
Content-Type: application/x-javascript
Via: 1.1 269bfdd288bfea5423a4e9e701777da6.cloudfront.net (CloudFront)
Cache-Control: max-age=86400, public
X-Amz-Cf-Pop: FRA53-C1
X-Amz-Cf-Id: BUZP5Y5cEn-LCOLcRHSrKcwT4kgDOLAG4Nfvxw4jjSbJp-1NC3coOQ==
Expires: Tue, 24 Mar 2020 11:00:42 GMT

POST
H2 200 client-ready
littlefield.co/_/lite/performance/ 2 B
0 115ms
115ms Fetch
text/plain 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://littlefield.co/_/lite/performance/client-ready

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.a60690d5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	allow-from medium.com

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Origin: https://littlefield.co
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 23 Mar 2020 15:14:55 GMT
sepia-upstream: production
server: nginx
x-frame-options: allow-from medium.com
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
status: 200
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-envoy-upstream-service-time: 3
medium-fulfilled-by: lite/master-20200320-224727-5e15de01d1
content-length: 2

GET
H2 200 vendors~tracing.ab0c8237.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 62 KB
16 KB 24ms
24ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/vendors~tracing.ab0c8237.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.b60ca999.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c052c8b059a31f98e839da5f71dd3e45f6cff5973be79a2a11ebc335019e96bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 23 Mar 2020 15:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 863119
cf-ray: 57891ad9a9de16f2-FRA
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-amz-request-id: 83B996F00F51E8C8
x-amz-id-2: zp4uaqrRwasSYh0ADTKaOMLNpev0Tk3ufKK5yQP2FmigTOzp5udtUlolDfnACgNUzEBZciTNAh4=
last-modified: Fri, 13 Mar 2020 15:23:56 GMT
server: cloudflare
etag: W/"64fde49c60702a6a96d37c6a9ebb08cb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: RXnAn2gYGLhqoifqRoIp8Rx.iaJpgnN.
vary: Accept-Encoding
cache-control: public, max-age=31536000
content-type: application/javascript
expires: Tue, 23 Mar 2021 15:14:55 GMT

GET
H2 200 tracing.515ee371.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
1 KB 28ms
28ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/tracing.515ee371.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.b60ca999.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cce0732c8c391f14bd77a04b6fd1e6da8d2559fd088c802c8cda3ca17ba1d405

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 23 Mar 2020 15:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 834073
cf-ray: 57891ad9a9e016f2-FRA
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-amz-request-id: B82CEFF43570A381
x-amz-id-2: IcpZIbaPqFxmOVrmEllgNM6oVJPg0aur0XnUwq8caBdKL+KfrSYu0yFQsbkRaus9rAFtKREknD8=
last-modified: Fri, 13 Mar 2020 23:27:39 GMT
server: cloudflare
etag: W/"84808c3d4a85c8327bf88e6fb6e3b0d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Eu9uuEPZbYTgHQOWLCHlkOILdrKaIHtP
vary: Accept-Encoding
cache-control: public, max-age=31536000
content-type: application/javascript
expires: Tue, 23 Mar 2021 15:14:55 GMT

GET
H/1.1 200
OK branch-latest.min.js Show response
cdn.branch.io/ 75 KB
23 KB 75ms
34ms Script
text/javascript 99.86.3.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4?gi=1c7e76bec936
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.3.84 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-3-84.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5195d160b2cedd371c62cbaf0ce26b99e9aef6a5806f058ee70bdda0df2411e6

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: 5NEyz9ePT.A.Hfn17SKcv6g53e3taZh3
Content-Encoding: gzip
Last-Modified: Thu, 12 Mar 2020 19:32:20 GMT
Server: AmazonS3
Age: 88
ETag: "67a51b90fbb116852bdaf4b663e4c5bc"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Via: 1.1 c05282a87474a55ae2a8dd2aa77d1233.cloudfront.net (CloudFront)
Cache-Control: max-age=300
Date: Mon, 23 Mar 2020 15:13:30 GMT
X-Amz-Cf-Pop: FRA6-C1
Connection: keep-alive
Content-Length: 22645
X-Amz-Cf-Id: PepNnXs8L4zli6SR-RA_H4T6L5MEZDDOIo5t_p648ZhuiFhBijim0g==

GET
H2 200 1*jcebPtknjotpAMvZhPSSwQ.png
miro.medium.com/max/2000/ 208 KB
208 KB 36ms
35ms Image
image/jpeg 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/2000/1*jcebPtknjotpAMvZhPSSwQ.png

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

94f4d1c424f59a8c4e2d9a85e132c800c60f41a57703c695119deb1a38982c90

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 23974
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3209-f49543a
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 212573
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 57891adb5f4116f2-FRA
expires: Wed, 22 Apr 2020 15:14:55 GMT

GET
H2 200 1*5yfWsFL3iRqAfXjpI8N1IQ.png
miro.medium.com/max/956/ 89 KB
89 KB 31ms
30ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/956/1*5yfWsFL3iRqAfXjpI8N1IQ.png

Requested by

Host: littlefield.co
URL: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

992222e9b1cd44f241622547bb93ff51a6ef2f667355c2667309f3c0e2fc932a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 23 Mar 2020 15:14:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13945
status: 200
x-envoy-upstream-service-time: 69
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 91047
pragma: public
sepia-upstream: production
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/master-20200306-212236-0265c6057d
accept-ranges: bytes
cf-ray: 57891adb5f4816f2-FRA
expires: Wed, 22 Apr 2020 15:14:55 GMT

GET
H/1.1 200
OK / Show response
srv-2020-03-23-15.pixel.parsely.com/start/ 77 B
380 B 418ms
105ms Script
application/json 52.20.81.85
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://srv-2020-03-23-15.pixel.parsely.com/start/?rand=1584976496032&plid=91122839&idsite=medium.com&url=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22viewerStatus%22%3A%22visitor%22%7D&sid=1&surl=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&sref=&sts=1584976496013&slts=0&title=Three%E2%80%99s+a+crowd%3A+New+Trickbot%2C+Emotet+%26+Ryuk+Ransomware&date=Mon+Mar+23+2020+16%3A14%3A56+GMT%2B0100+(Central+European+Standard+Time)&action=pageview&js=1&pvid=1705463&callback=parselyStartCallback
Requested by: Host: d1z2jf7jlzjs58.cloudfront.net
URL: https://d1z2jf7jlzjs58.cloudfront.net/keys/medium.com/p.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.20.81.85 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-20-81-85.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 66a72ac27426a5e9a6da0a8bb35682e3aea052f8b722f1232dac6cddd6e15513

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Mon, 23 Mar 2020 15:14:56 GMT
Server: nginx
Connection: keep-alive
Content-Type: application/json
Content-Length: 77
P3P: CP="CUR ADM OUR NOR STA NID"

GET
H/1.1 200
OK _r Show response
app.link/ 90 B
731 B 184ms
171ms Script
text/javascript 2600:9000:214f:b200:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.52.7&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:214f:b200:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty/1.13.6.2 / Express

Resource Hash

affbbd2ba7c52e044dab8cc1d56493938821a5f07557ad1df9870f84e1f2cffc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Mon, 23 Mar 2020 15:14:56 GMT
Via: 1.1 15d3b4db3728feaae1780610a1bac86e.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
Server: openresty/1.13.6.2
X-Amz-Cf-Pop: FRA53-C1
X-Powered-By: Express
X-Cache: Miss from cloudfront
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
Content-Length: 90
ETag: W/"5a-DnPQ0rAgQRptJ/nxVXfY1IYqiOk"
X-Amz-Cf-Id: OSlDQ5DsltB33o2E6RwqZ1tunT7cY7yoVNwdP2PVF4oSwjF8QGDE3Q==

POST
H2 200 open Show response
api2.branch.io/v1/ 312 B
598 B 170ms
159ms XHR
application/json 2600:9000:2057:2e00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/open
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.504f36d6.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2057:2e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.13.6.2 /
Resource Hash: cba6f513920a72a01cdc548dbf7550176b7c36b37ca66edb935127ccd61fc34a

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Origin: https://littlefield.co
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 23 Mar 2020 15:14:56 GMT
via: 1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront)
server: openresty/1.13.6.2
x-amz-cf-pop: FRA6-C1
status: 200
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
content-length: 312
x-amz-cf-id: hB7pToH9s06iHSSRi-w8kR9StdD17xk-4m4Q05VGLuutvFOYorS6ng==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
361 B 187ms
187ms XHR
application/json 2600:9000:2057:2e00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.504f36d6.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2057:2e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.13.6.2 / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Origin: https://littlefield.co
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 23 Mar 2020 15:14:56 GMT
via: 1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront)
server: openresty/1.13.6.2
x-amz-cf-pop: FRA6-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
status: 200
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
content-length: 28
x-amz-cf-id: KEmil-KCGjm7uJNmik9RNXSQG4ZmuhBhHbrn23VWra6Aks89UHaYgw==

OPTIONS
H/1.1 200
OK log Show response
errors.client.optimizely.com/ 13 B
406 B 410ms
103ms XHR
text/plain 34.227.153.53
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://errors.client.optimizely.com/log
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.504f36d6.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.153.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-153-53.compute-1.amazonaws.com
Software: /
Resource Hash: 16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12

Request headers

Access-Control-Request-Method: POST
Origin: https://littlefield.co
Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

Date: Mon, 23 Mar 2020 15:14:56 GMT
Allow: POST,OPTIONS
Access-Control-Allow-Methods: GET,POST,OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: https://littlefield.co
Access-Control-Max-Age: 1800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Content-Length: 13

OPTIONS
H2 200 pub853ea8d17ad6821d9f8f11861d23dfed Show response
browser-http-intake.logs.datadoghq.com/v1/input/ 0
177 B 269ms
89ms Fetch 2600:1f18:24e6:b900:df42:1c57:6342:57f9
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://browser-http-intake.logs.datadoghq.com/v1/input/pub853ea8d17ad6821d9f8f11861d23dfed
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.a60690d5.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b900:df42:1c57:6342:57f9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://littlefield.co
Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

status: 200
date: Mon, 23 Mar 2020 15:14:56 GMT
access-control-allow-origin: *
access-control-allow-headers: x-logmatic-add-useragent,x-logmatic-add-ip,content-type
content-length: 0
access-control-max-age: 0
access-control-allow-methods: POST

POST
H2 200 render
littlefield.co/_/lite/performance/ 2 B
0 111ms
111ms Fetch
text/plain 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://littlefield.co/_/lite/performance/render

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.a60690d5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	allow-from medium.com

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Origin: https://littlefield.co
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 23 Mar 2020 15:14:56 GMT
sepia-upstream: production
server: nginx
x-frame-options: allow-from medium.com
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
status: 200
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-envoy-upstream-service-time: 1
medium-fulfilled-by: lite/master-20200320-224727-5e15de01d1
content-length: 2

POST
H2 200 fcp
littlefield.co/_/lite/performance/ 2 B
0 111ms
111ms Fetch
text/plain 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://littlefield.co/_/lite/performance/fcp

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.a60690d5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	allow-from medium.com

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Origin: https://littlefield.co
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 23 Mar 2020 15:14:56 GMT
sepia-upstream: production
server: nginx
x-frame-options: allow-from medium.com
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
status: 200
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-envoy-upstream-service-time: 1
medium-fulfilled-by: lite/master-20200320-224727-5e15de01d1
content-length: 2

POST
H2 200 lcp
littlefield.co/_/lite/performance/ 2 B
0 110ms
110ms Fetch
text/plain 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://littlefield.co/_/lite/performance/lcp

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.a60690d5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	allow-from medium.com

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Origin: https://littlefield.co
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 23 Mar 2020 15:14:56 GMT
sepia-upstream: production
server: nginx
x-frame-options: allow-from medium.com
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
status: 200
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-envoy-upstream-service-time: 1
medium-fulfilled-by: lite/master-20200320-224727-5e15de01d1
content-length: 2

OPTIONS
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 0
174 B 321ms
104ms XHR
text/plain 34.194.182.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.504f36d6.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.194.182.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-194-182-13.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://littlefield.co
Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type,lightstep-access-token

Response headers

status: 200
date: Mon, 23 Mar 2020 15:14:56 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 0
access-control-allow-methods: POST

POST
H2 200 pub853ea8d17ad6821d9f8f11861d23dfed Show response
browser-http-intake.logs.datadoghq.com/v1/input/ 2 B
93 B 134ms
134ms Fetch
application/json 2600:1f18:24e6:b900:df42:1c57:6342:57f9
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://browser-http-intake.logs.datadoghq.com/v1/input/pub853ea8d17ad6821d9f8f11861d23dfed
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b900:df42:1c57:6342:57f9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Origin: https://littlefield.co
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

status: 200
date: Mon, 23 Mar 2020 15:14:56 GMT
access-control-allow-origin: *
content-length: 2
content-type: application/json

POST
H/1.1 204
No Content log Show response
errors.client.optimizely.com/ 0
240 B 103ms
103ms XHR
text/plain 34.227.153.53
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://errors.client.optimizely.com/log
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.153.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-153-53.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Origin: https://littlefield.co
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

Access-Control-Allow-Origin: https://littlefield.co
Access-Control-Expose-Headers
Access-Control-Allow-Credentials: true
Connection: keep-alive
Date: Mon, 23 Mar 2020 15:14:56 GMT
Content-Type: text/plain

POST
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 96 B
293 B 105ms
105ms XHR
application/json 34.194.182.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.194.182.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-194-182-13.compute-1.amazonaws.com
Software: /
Resource Hash: 610faeeb6b6e045b4e581fda844ad5cd9856f11f6ea027fb1f2fb45c5de66280

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Origin: https://littlefield.co
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 23 Mar 2020 15:14:57 GMT
status: 200
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 96

OPTIONS
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 0
174 B 105ms
105ms XHR
text/plain 34.194.182.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.504f36d6.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.194.182.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-194-182-13.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://littlefield.co
Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type,lightstep-access-token

Response headers

status: 200
date: Mon, 23 Mar 2020 15:14:57 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 0
access-control-allow-methods: POST

POST
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 96 B
293 B 108ms
108ms XHR
application/json 34.194.182.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.194.182.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-194-182-13.compute-1.amazonaws.com
Software: /
Resource Hash: 198313984861d871dbd396ea4e714e26aac663f2f3c7ae0479cde83b5736f2e5

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Origin: https://littlefield.co
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 23 Mar 2020 15:14:57 GMT
status: 200
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 96

OPTIONS
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 0
174 B 172ms
172ms XHR
text/plain 34.194.182.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.504f36d6.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.194.182.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-194-182-13.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://littlefield.co
Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type,lightstep-access-token

Response headers

status: 200
date: Mon, 23 Mar 2020 15:14:58 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 0
access-control-allow-methods: POST

POST
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 96 B
293 B 105ms
105ms XHR
application/json 34.194.182.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.194.182.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-194-182-13.compute-1.amazonaws.com
Software: /
Resource Hash: df6365d94c4e9e419beae10b9027eecae933345a68cde5e1d7a5c788027ef82a

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Origin: https://littlefield.co
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 23 Mar 2020 15:14:58 GMT
status: 200
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 96

OPTIONS
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 0
174 B 105ms
104ms XHR
text/plain 34.194.182.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.504f36d6.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.194.182.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-194-182-13.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://littlefield.co
Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type,lightstep-access-token

Response headers

status: 200
date: Mon, 23 Mar 2020 15:14:58 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 0
access-control-allow-methods: POST

POST
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 96 B
293 B 126ms
126ms XHR
application/json 34.194.182.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.194.182.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-194-182-13.compute-1.amazonaws.com
Software: /
Resource Hash: d690868bfd75c1e67fdc61ab4861261d5217814bf990699860ef3e681c84458e

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Origin: https://littlefield.co
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 23 Mar 2020 15:14:58 GMT
status: 200
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 96

POST
H2 409 batch
littlefield.co/_/ 10 KB
0 132ms
132ms Fetch
text/html 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://littlefield.co/_/batch

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.a60690d5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx / Medium

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://glyph.medium.com https://.paypal.com https://getpocket.com https://littlefield.co https://.littlefield.co https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
X-Content-Type-Options	nosniff
X-Frame-Options
X-Xss-Protection	1; mode=block

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Origin: https://littlefield.co
x-xsrf-token: 1
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
content-type: application/json

Response headers

content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://littlefield.co https://*.littlefield.co https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 40405-e7ccf67,e7ccf672b2f
status: 409
content-length: 10151
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
pragma: no-cache
x-obvious-tid: 1584976500611:e5b1332d2d89
server: nginx
date: Mon, 23 Mar 2020 15:15:00 GMT
x-frame-options
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
link: <https://medium.com/humans.txt>; rel="humans"
expires: Thu, 09 Sep 1999 09:09:09 GMT

OPTIONS
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 0
174 B 105ms
105ms XHR
text/plain 34.194.182.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/vendors~main.504f36d6.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.194.182.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-194-182-13.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://littlefield.co
Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type,lightstep-access-token

Response headers

status: 200
date: Mon, 23 Mar 2020 15:15:01 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 0
access-control-allow-methods: POST

POST
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 96 B
293 B 105ms
105ms XHR
application/json 34.194.182.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.194.182.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-194-182-13.compute-1.amazonaws.com
Software: /
Resource Hash: 6ba86025bdb8bd7184e4369c53fed4d3b0fe5017942e5762c0c7f4e79d0687ff

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
Origin: https://littlefield.co
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 23 Mar 2020 15:15:01 GMT
status: 200
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 96

GET
H/1.1 200
OK /
srv-2020-03-23-15.pixel.parsely.com/event/ 43 B
385 B 104ms
104ms Image
image/gif 52.20.81.85
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://srv-2020-03-23-15.pixel.parsely.com/event/?rand=1584976506515&plid=91122839&idsite=medium.com&url=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Flittlefield.co%2Fthrees-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4&sref=&sts=1584976506515&slts=0&date=Mon+Mar+23+2020+16%3A15%3A06+GMT%2B0100+(Central+European+Standard+Time)&action=heartbeat&inc=5&tt=4900&pvid=1705463&u=pid%3D45a6ada594431ac763c2f59ec4fe951c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.20.81.85 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-20-81-85.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Mon, 23 Mar 2020 15:15:12 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
P3P: CP="CUR ADM OUR NOR STA NID"

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.littlefield.co/	1970-01-19 17:45:40	Name: _parsely_visitor Value: {%22id%22:%22pid=45a6ada594431ac763c2f59ec4fe951c%22%2C%22session_count%22:1%2C%22last_session_ts%22:1584976496013}
littlefield.co/	1970-01-19 08:26:21	Name: lightstep_session_id Value: 203819627e04b8b8
littlefield.co/	1970-01-19 08:26:21	Name: lightstep_guid/lite-web Value: 6c46e7d20295fd58
.littlefield.co/	1970-01-19 08:16:18	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://littlefield.co/threes-a-crowd-new-trickbot-emotet-ryuk-ransomware-16d1e25f72f4%22%2C%22sref%22:%22%22%2C%22sts%22:1584976496013%2C%22slts%22:0}
littlefield.co/	1970-01-19 17:01:52	Name: sid Value: 1:/dQ0+C9FiuXjOyl2VtNfZmPVpizA5CYRQ9Pwy/N/4GWaQMhFEOdlRh0nSZ8GIkoK
.littlefield.co/	1970-01-20 01:47:28	Name: _ga Value: GA1.2.965592399.1584976495
.littlefield.co/	1970-01-19 08:17:42	Name: _gid Value: GA1.2.1568502256.1584976495
.littlefield.co/	1970-01-19 08:16:16	Name: _gat Value: 1
littlefield.co/	1970-01-19 17:01:52	Name: optimizelyEndUserId Value: lo_hpiyrL0FAfl3
littlefield.co/	1970-01-19 17:01:52	Name: uid Value: lo_hpiyrL0FAfl3

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn-client.medium.com/lite/static/js/main.a60690d5.chunk.js(Line 1) Message: -+++++= .+++++= .+@@@@@+ #@@@@: .@@@@@= @@@@@ @+@@@@- =#@@@@@ @ +@@@@: :% @@@@@ @ @@@@-%: @@@@@ @ @@@@- @@@@@ -@- #@@+ :@@@@@: -#@@@#- ## =@@@@@@@= ....... .........
console-api	log	URL: https://cdn-client.medium.com/lite/static/js/main.a60690d5.chunk.js(Line 1) Message: We're hiring! https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	allow-from medium.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
browser-http-intake.logs.datadoghq.com
cdn-client.medium.com
cdn.branch.io
cdn.optimizely.com
collector-medium.lightstep.com
d1z2jf7jlzjs58.cloudfront.net
errors.client.optimizely.com
glyph.medium.com
littlefield.co
medium.com
miro.medium.com
srv-2020-03-23-15.pixel.parsely.com
www.google-analytics.com
143.204.208.18
2600:1f18:24e6:b900:df42:1c57:6342:57f9
2600:9000:2057:2e00:11:f728:3040:93a1
2600:9000:214f:b200:19:9934:6a80:93a1
2606:4700::6810:7991
2606:4700::6810:7a7f
2a00:1450:4001:800::200e
2a02:26f0:6c00:183::13b8
34.194.182.13
34.227.153.53
52.20.81.85
52.5.181.79
99.86.3.84
0334d48bbe13eaa107c6a9044247b0185e8a24957bbd2735ade4edcde9282219
087a4c7aa118304c5ce85d5917d95a49b3c93204ef3500752dfde52595e4eac6
098090a5b77ebc2706425c14f6c800857e86f41e70fa5ec6293a256e0248b8f7
119c1d01aab9911cd2edaec947604ee5b07675e996e8020b37fb6414b2b6555f
12fe85ec038af8c41ba830412520589dbd125d417913c10a57838ac92ab96192
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
198313984861d871dbd396ea4e714e26aac663f2f3c7ae0479cde83b5736f2e5
2043b3ea38eca4f7f7e3e921e40a9200974e1fe04e1eee37cf898a79d7e89f57
35e1b71340a5cdf107fe8584465d8aa0a69060d44751a1d20d8af6ef94cb5a30
39d1d684ea29a9fc9deb35c90bdbb8657f838db7be40229e55edabd4115c69ff
3b36da70234ce6fea51fd95adfeca6f167ed6e509e3282cc90480227730b4914
41e9f9b800bd393d62f8f829869da3a539cd0c4125825d000e8aa09ce9b39215
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45d498a1a3af7c5ccdc6491b3fa67ef434ceb4b9daa2b6ca1edd42b6eb9655f8
47285c1fd5c68a5ba634d82375d46948b31b6792b77ec7b01b65fb5c81eb4894
4c0cc04185396c9a83cfda3644c23327d7d8ff9247157c438575b83713894173
4e3e25cbf845d084cdb8cc1b96c34047fda2a038e3573b862dfb259515064057
4f2a3a2921ac407ec2b0fb9b700775f84b5650d31818d80c34686d70426c6e16
5195d160b2cedd371c62cbaf0ce26b99e9aef6a5806f058ee70bdda0df2411e6
53b064007b84cb890ed2b5b9d7ebdbdd0cdcb82ed287aec13f7f3f11854be13c
58711bafae315df048e1bc0c36ae1dfd017810b34fd9b4b021f774694397baad
5b860c65f7f44e8eb5fa75ebec3944e86dec91edc3437cf9b7a423e689d54b6c
5f04b1c52c7ca82a31618955d49104f11fb6cdccff96f1062848bd3e88094a96
610faeeb6b6e045b4e581fda844ad5cd9856f11f6ea027fb1f2fb45c5de66280
66a72ac27426a5e9a6da0a8bb35682e3aea052f8b722f1232dac6cddd6e15513
6ba86025bdb8bd7184e4369c53fed4d3b0fe5017942e5762c0c7f4e79d0687ff
6ea437c9f867fe257a03740cba0ca6521d8b2f0e7698499b8cd27434d8297298
6eb2c00c2f1b0e850d7c204f22567b7f53001829f0bba952f840f91d33ca5238
7d23e5262a00120077da3d01613ccff2035f072c3e47dcb00c045e7385fb7d8a
7fb63491617dcb725696cb640597c6532670d3ad43e93f84a71ebae58098aa80
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
86b22b2ae4234f87d2fa8996a23553e5e42cb390ac62b8a0ed328fc7dd5b67d4
9181e08df77a7ebddd47bffe42d36e5a7d3504b321baad2581ba2887cbac5e13
94f4d1c424f59a8c4e2d9a85e132c800c60f41a57703c695119deb1a38982c90
980f8fe7d702700311530e692fc4f62851dc4dad59da7337ac7b40dd837c74ad
98eed91bc76d46dae3740cc82ad249e686a59cf83add22875a3800b93b45bab1
992222e9b1cd44f241622547bb93ff51a6ef2f667355c2667309f3c0e2fc932a
99c5448d6c84fc71d6805e2485727db250113edcaea123a064f8c26ce95947d8
a372d28be3865d8e171c5007439e4b7c2634a3f639afc6fd6f5c66794ef47182
a3d669b687929b3aa777fdd2c400c2b8c6b794978536a64d7e1f71edcf8037e8
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
ac2eecdd14ab27e28375012cec6828a90ac6050d6cb14f61829d569a4f848764
affbbd2ba7c52e044dab8cc1d56493938821a5f07557ad1df9870f84e1f2cffc
b1f1dc3e5d44b470f527725e1d6b26b8edfd787c00e0440052de2673e3f0755e
b3986390b8cc1d94f35926722bdc434fc12571434662e5e5902a9ccb67c34733
b3d54a00a66bc07e8b29b40646cac7052b9d37d0e8cdf61d92d68600e9cb7070
ba0782ca15d607ab8a033d108ac94cb0a773d7fc20c5bd699cdc05015d7a0225
ba264612d493a184210158fb8070f92ee3a016c3cac0ee8ed32ac4158499abf6
bc72a2ca45067a3d17fed4cd8776fec5dca3b9ecd7300e107f9256a86a0c8b2f
be2687a478f013a2126ab1ae432159621a02a80ffbd0fa1b651a75791fcd044e
be843c4550d2c3d689a3c50ebecc7a57a4ecc50faa804936b4e04660ba6654fc
becdcb1f03731e6c559e13b1f358ecd96e91ca30454cf7454301ec9307250dca
c052c8b059a31f98e839da5f71dd3e45f6cff5973be79a2a11ebc335019e96bc
c1a57f0b61edd6127a7e5d6b9585cd365319c28e601dfffc7476b1c52c584420
cba6f513920a72a01cdc548dbf7550176b7c36b37ca66edb935127ccd61fc34a
cce0732c8c391f14bd77a04b6fd1e6da8d2559fd088c802c8cda3ca17ba1d405
ce7fd479f9b79ae6e18dad599f2d3e76f4e3d6f5c361ac2b86ebbed6ebf8da84
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d15ba251dd1484d21a4c1046bce18e0c6410f1ffba76c74e65d2eb1e006cab34
d3e0198833e6c6d2081150728be187f64c8d2364c741ebd2aa50ab372213b1e7
d690868bfd75c1e67fdc61ab4861261d5217814bf990699860ef3e681c84458e
d9cf449df847d07405d9fd7866f876e9672e59d7a7cccdab7d64b559ffe89b98
de19520c7f0c45668cbdf93004bf946ce1e06d9dec7ddeb691e7e36d71b4990d
df6365d94c4e9e419beae10b9027eecae933345a68cde5e1d7a5c788027ef82a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6a8ed50e2a1f562651d85cf55481b4d2178e9e88a85ee866bf677bf745e185b
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ef1ed6a034a5055a869c7c25765ee1f2844a27a54e83e8a857d77b3f1cd83dd3
f0b9a9e4ea994c106a4fc595828ca1332b2cd0435d5d159d26d1773344d97367
f366013224aa25b220a49ac4ffb5de57e9b1bbf86ff039dfa344f66f9e0593e1
f3a0305d68f71b4fa81a04180b7c690f50214d62d9e6aba933229ac1a51d3c1f
f56aa23c362a922e9d232e57749295f17eee7503bad0b76d1613649718881b98
f57137897a4e676f0d2199b79def1a95b253a1a938dff9d8ba10519f3beb2b08
faf9dbef29ddc3d9150322f67e6a0ee2756ffeeaad362c856215b7e251f3b21f
fc3c4e87b1887524ae0946b562e72ab2da4e09e4540132c67a03aebd45d2be5c
fd73917d3ea9303fcd26ca018b4e0a688516e534d1439951ed8dc4f5e1f38f4d

littlefield.co Open in urlscan Pro 52.5.181.79 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

83 Requests

100 %HTTPS

54 %IPv6

10 Domains

15 Subdomains

13 IPs

3 Countries

1347 kBTransfer

3229 kBSize

10 Cookies

33 Outgoing links

Page URL History

Redirected requests

83 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

littlefield.co Open in urlscan Pro
52.5.181.79 Public Scan

Screenshot
Live screenshot

Full Image

83
Requests

100 %
HTTPS

54 %
IPv6

10
Domains

15
Subdomains

13
IPs

3
Countries

1347 kB
Transfer

3229 kB
Size

10
Cookies

83 HTTP transactions
4 data transactions