blog.malwarebytes.com Open in urlscan Pro
130.211.198.3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Submission Tags: falconsandbox
Submission: On June 13 via api (June 13th 2021, 10:50:36 pm UTC) from US

Summary HTTP 207 Redirects Links 114 Behaviour Indicators

Summary

This website contacted 49 IPs in 5 countries across 37 domains to perform 207 HTTP transactions. The main IP is 130.211.198.3, located in Council Bluffs, United States and belongs to GOOGLE, US. The main domain is blog.malwarebytes.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on April 2nd 2019. Valid for: 2 years.

This is the only time blog.malwarebytes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
82	130.211.198.3 130.211.198.3	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5514	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 11	2600:9000:206... 2600:9000:206e:c600:16:26c7:ff80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	52.239.137.4 52.239.137.4	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	185.199.110.154 185.199.110.154	54113 (FASTLY) (FASTLY)
1	2606:4700:10:... 2606:4700:10::6814:b844	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:803::2008	15169 (GOOGLE) (GOOGLE)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
7	151.101.112.134 151.101.112.134	54113 (FASTLY) (FASTLY)
1	2600:1f18:21a... 2600:1f18:21ae:6701:45f:aca9:9171:ed8	14618 (AMAZON-AES) (AMAZON-AES)
1	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a02:26f0:6c0... 2a02:26f0:6c00:296::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1288:80:... 2a00:1288:80:800::7000	203220 (YAHOO-DEB) (YAHOO-DEB)
1	13.224.195.89 13.224.195.89	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:7eaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 4	142.250.185.230 142.250.185.230	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:6c0... 2a02:26f0:6c00:281::1931	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.32.13.117 13.32.13.117	16509 (AMAZON-02) (AMAZON-02)
1	18.205.51.212 18.205.51.212	14618 (AMAZON-AES) (AMAZON-AES)
19	2600:9000:211... 2600:9000:211a:9600:6:8656:f5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
10	151.101.64.134 151.101.64.134	54113 (FASTLY) (FASTLY)
2 2	2620:119:50e4... 2620:119:50e4:101::6cae:b55	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
3	104.75.88.209 104.75.88.209	16625 (AKAMAI-AS) (AKAMAI-AS)
1	99.86.241.41 99.86.241.41	16509 (AMAZON-02) (AMAZON-02)
2 2	52.49.183.138 52.49.183.138	16509 (AMAZON-02) (AMAZON-02)
1 2	13.32.2.126 13.32.2.126	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
3	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
4	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4	2a00:1450:400... 2a00:1450:4001:811::200d	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6813:9408	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
2	52.31.175.99 52.31.175.99	16509 (AMAZON-02) (AMAZON-02)
1	69.16.175.10 69.16.175.10	20446 (HIGHWINDS3) (HIGHWINDS3)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
5	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT)
207	49

82 130.211.198.3 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 3.198.211.130.bc.googleusercontent.com

blog.malwarebytes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2600:9000:206e:c600:16:26c7:ff80:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

www.malwarebytes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.239.137.4 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

optanon.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.199.110.154 (United States)

ASN54113 (FASTLY, US)
PTR: cdn-185-199-110-154.github.com

github.githubassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:b844 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.112.134 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

malwarebytesunpacked.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:21ae:6701:45f:aca9:9171:ed8 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

genesis.malwarebytes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.48 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:296::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:800::7000 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.195.89 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-195-89.fra2.r.cloudfront.net

scripts.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7eaf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.230 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f6.1e100.net

9812475.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
5118230.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:281::1931 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.13.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-13-117.vie50.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.205.51.212 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-205-51-212.compute-1.amazonaws.com

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2600:9000:211a:9600:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 151.101.64.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e4:101::6cae:b55 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.75.88.209 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-209.deploy.static.akamaitechnologies.com

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.241.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-241-41.vie50.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.183.138 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-183-138.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.2.126 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-2-126.vie50.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.114.49 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

a.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9408 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.31.175.99 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-175-99.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.10 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: hwcdn.net

cdn.bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
94	malwarebytes.com 1 redirects blog.malwarebytes.com www.malwarebytes.com genesis.malwarebytes.com	2 MB
22	disquscdn.com c.disquscdn.com a.disquscdn.com	980 KB
17	disqus.com malwarebytesunpacked.disqus.com disqus.com referrer.disqus.com	143 KB
12	google.com www.google.com adservice.google.com apis.google.com accounts.google.com	80 KB
6	bttrack.com cdn.bttrack.com bttrack.com	6 KB
6	doubleclick.net 2 redirects 9812475.fls.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net 5118230.fls.doubleclick.net	3 KB
4	facebook.net connect.facebook.net	135 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	3 KB
4	google-analytics.com www.google-analytics.com	20 KB
3	company-target.com 1 redirects api.company-target.com segments.company-target.com	2 KB
3	pinterest.com ct.pinterest.com	1 KB
3	google.de www.google.de adservice.google.de	436 B
3	adsrvr.org js.adsrvr.org insight.adsrvr.org	3 KB
3	bing.com bat.bing.com	9 KB
2	crazyegg.com script.crazyegg.com	3 KB
2	gstatic.com ssl.gstatic.com	79 KB
2	bidr.io 2 redirects match.prod.bidr.io	1019 B
2	pinimg.com s.pinimg.com	18 KB
2	yimg.com s.yimg.com	6 KB
2	licdn.com snap.licdn.com	4 KB
2	googletagmanager.com www.googletagmanager.com	111 KB
2	windows.net optanon.blob.core.windows.net	27 KB
1	t.co t.co	455 B
1	twitter.com analytics.twitter.com	660 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	facebook.com www.facebook.com
1	rlcdn.com id.rlcdn.com	66 B
1	googleadservices.com www.googleadservices.com	14 KB
1	quora.com q.quora.com	419 B
1	unpkg.com unpkg.com	2 KB
1	demandbase.com scripts.demandbase.com	16 KB
1	w.org s.w.org	567 B
1	gravatar.com secure.gravatar.com	3 KB
1	onetrust.com geolocation.onetrust.com	291 B
1	githubassets.com github.githubassets.com	11 KB
1	jsdelivr.net cdn.jsdelivr.net	2 KB
1	googleapis.com fonts.googleapis.com	1 KB
207	37

	Domain	Requested by
82	blog.malwarebytes.com	blog.malwarebytes.com www.malwarebytes.com
19	c.disquscdn.com	malwarebytesunpacked.disqus.com disqus.com c.disquscdn.com
11	www.malwarebytes.com	1 redirects blog.malwarebytes.com www.googletagmanager.com
10	disqus.com	malwarebytesunpacked.disqus.com c.disquscdn.com
5	bttrack.com	cdn.bttrack.com bttrack.com
5	malwarebytesunpacked.disqus.com	blog.malwarebytes.com malwarebytesunpacked.disqus.com www.malwarebytes.com
4	accounts.google.com	apis.google.com ssl.gstatic.com
4	apis.google.com	c.disquscdn.com apis.google.com
4	connect.facebook.net	c.disquscdn.com connect.facebook.net
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com blog.malwarebytes.com
3	a.disquscdn.com	blog.malwarebytes.com c.disquscdn.com
3	ct.pinterest.com	s.pinimg.com blog.malwarebytes.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com blog.malwarebytes.com
2	insight.adsrvr.org	js.adsrvr.org
2	script.crazyegg.com	www.googletagmanager.com script.crazyegg.com
2	5118230.fls.doubleclick.net	1 redirects www.malwarebytes.com
2	referrer.disqus.com	blog.malwarebytes.com
2	ssl.gstatic.com	accounts.google.com
2	segments.company-target.com	1 redirects blog.malwarebytes.com
2	match.prod.bidr.io	2 redirects
2	adservice.google.com	9812475.fls.doubleclick.net 5118230.fls.doubleclick.net
2	www.google.de	blog.malwarebytes.com
2	www.google.com	blog.malwarebytes.com
2	px.ads.linkedin.com	2 redirects
2	s.pinimg.com	www.googletagmanager.com s.pinimg.com
2	9812475.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	s.yimg.com	blog.malwarebytes.com s.yimg.com
2	snap.licdn.com	www.googletagmanager.com
2	www.googletagmanager.com	blog.malwarebytes.com www.googletagmanager.com
2	optanon.blob.core.windows.net	blog.malwarebytes.com optanon.blob.core.windows.net
1	t.co
1	analytics.twitter.com	static.ads-twitter.com
1	cdn.bttrack.com	5118230.fls.doubleclick.net
1	static.ads-twitter.com	blog.malwarebytes.com
1	www.facebook.com	c.disquscdn.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	id.rlcdn.com	blog.malwarebytes.com
1	api.company-target.com	scripts.demandbase.com
1	adservice.google.de	adservice.google.com
1	www.googleadservices.com	www.googletagmanager.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	px4.ads.linkedin.com	blog.malwarebytes.com
1	www.linkedin.com	1 redirects
1	q.quora.com	blog.malwarebytes.com
1	js.adsrvr.org	www.googletagmanager.com
1	unpkg.com	www.googletagmanager.com
1	scripts.demandbase.com	blog.malwarebytes.com
1	s.w.org	blog.malwarebytes.com
1	genesis.malwarebytes.com	www.malwarebytes.com
1	secure.gravatar.com	blog.malwarebytes.com
1	geolocation.onetrust.com	www.malwarebytes.com
1	github.githubassets.com	blog.malwarebytes.com
1	cdn.jsdelivr.net	blog.malwarebytes.com
1	fonts.googleapis.com	blog.malwarebytes.com
207	54

This site contains links to these domains. Also see Links.

Domain
www.malwarebytes.com
onetrust.com
resources.malwarebytes.com
press.malwarebytes.com
www.rsaconference.com
support.malwarebytes.com
forums.malwarebytes.com
www.youtube.com
jobs.malwarebytes.com
my.malwarebytes.com
cloud.malwarebytes.com
partners.malwarebytes.com
www.facebook.com
twitter.com
www.linkedin.com
virustotal.com
github.com
gist.github.com
www.threatgeek.com
hshrzd.wordpress.com
www.instagram.com
de.malwarebytes.com
es.malwarebytes.com
fr.malwarebytes.com
it.malwarebytes.com
pt.malwarebytes.com
br.malwarebytes.com
nl.malwarebytes.com
pl.malwarebytes.com
ru.malwarebytes.com

Subject Issuer	Validity	Valid
blog.malwarebytes.com DigiCert SHA2 High Assurance Server CA	`2019-04-02` - `2021-07-05`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-17` - `2021-08-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-03` - `2021-08-03`	a year	crt.sh
www.malwarebytes.com Amazon	`2021-05-26` - `2022-06-24`	a year	crt.sh
*.blob.core.windows.net Microsoft RSA TLS CA 01	`2021-06-02` - `2022-06-02`	a year	crt.sh
*.githubassets.com DigiCert SHA2 High Assurance Server CA	`2020-11-02` - `2021-11-09`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2021-02-12` - `2022-02-11`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2020-04-20` - `2022-05-09`	2 years	crt.sh
*.malwarebytes.com DigiCert SHA2 High Assurance Server CA	`2020-04-10` - `2022-05-23`	2 years	crt.sh
*.w.org Sectigo RSA Domain Validation Secure Server CA	`2019-12-19` - `2021-12-18`	2 years	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-04-30` - `2022-05-11`	a year	crt.sh
*.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-06-03` - `2021-07-21`	2 months	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2020-10-14` - `2021-11-15`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.pinterest.com DigiCert SHA2 High Assurance Server CA	`2020-07-16` - `2021-08-04`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2021-04-12` - `2021-10-12`	6 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.quora.com R3	`2021-05-30` - `2021-08-28`	3 months	crt.sh
a.disquscdn.com Amazon	`2020-11-30` - `2021-12-29`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-04-15` - `2021-10-15`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-05-17` - `2021-08-09`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2020-10-09` - `2021-10-28`	a year	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2019-06-19` - `2021-08-18`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.disquscdn.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-05-26` - `2021-08-24`	3 months	crt.sh
*.apis.google.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-29` - `2022-03-29`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh

This page contains 11 frames:

Primary Page: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Frame ID: E5D61532755780CCC1CD56541DA1CB68
Requests: 153 HTTP requests in this frame

Frame: https://9812475.fls.doubleclick.net/activityi;dc_pre=COCp-YLZlfECFXDIuwgdZxQMnQ;src=9812475;type=conve0;cat=forms000;ord=1;num=6202236689437;gtm=2wg690;auiddc=1447878614.1623624614;~oref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
Frame ID: C64D9A25C54AEC16A32BD58F5A8B7752
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=COCp-YLZlfECFXDIuwgdZxQMnQ;src=9812475;type=conve0;cat=forms000;ord=1;num=6202236689437;gtm=2wg690;auiddc=1447878614.1623624614;~oref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
Frame ID: AED0C040EA9B3889DFDCEDFEAB90535E
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
Frame ID: 805207EAFE4C87DD0959C42EED307EB9
Requests: 18 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=COCp-YLZlfECFXDIuwgdZxQMnQ;src=9812475;type=conve0;cat=forms000;ord=1;num=6202236689437;gtm=2wg690;auiddc=1447878614.1623624614;~oref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
Frame ID: B75DF4A3F63D2E7F31480636DB956971
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: 7F7F05E5E98AE1109668194B9EC75FC5
Requests: 3 HTTP requests in this frame

Frame: https://5118230.fls.doubleclick.net/activityi;dc_pre=CJCizoPZlfECFbnouwgde0EDHw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=674505151862.7255
Frame ID: 471FEC289AE1D7CDAA237ADDEE769767
Requests: 8 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=8mirph5&ref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&upid=r8yigtp&upv=1.1.0
Frame ID: 3979C1B9F0A85328EFF7113CA26B8990
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
Frame ID: A99D1AB17B3F17E2E4E21E86E1E8CA21
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
Frame ID: 421DF588DEC61AA431831A4700FCBBE6
Requests: 17 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: 7CF7475C725097D4D8F428741A4EF044
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /script\.crazyegg\.com\/pages\/scripts\/\d+\/\d+\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

207
Requests

100 %
HTTPS

53 %
IPv6

37
Domains

54
Subdomains

49
IPs

5
Countries

3698 kB
Transfer

6907 kB
Size

13
Cookies

114 Outgoing links

These are links going to different origins than the main page.

URL: https://www.malwarebytes.com/privacy/
Title: More Information

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/premium/
Title: Malwarebytes for Windows

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/mac/
Title: Malwarebytes for Mac

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/chromebook/
Title: Malwarebytes for Chromebook

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/browserguard/
Title: Malwarebytes Browser Guard

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/for-home/
Title: Overview

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/android/
Title: Malwarebytes for Android

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/ios/
Title: Malwarebytes for iOS

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/vpn/
Title: Malwarebytes Privacy VPN

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/for-home/products/
Title: Explore all Personal Products

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/pricing/
Title: Explore Pricing

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/mwb-download/thankyou/
Title: Free Trial of Malwarebytes Premium Protect your devices, your data, and your privacy—at home or on the go. Get free trial

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/cloud/
Title: Malwarebytes Nebula - Cloud Hosted Security Platform

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/endpoint-protection/
Title: Malwarebytes Endpoint Protection

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/edr/
Title: Malwarebytes Endpoint Detection & Response

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/incident-response/
Title: Malwarebytes Incident Response

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/crowdstrike/
Title: Malwarebytes Remediation for CrowdStrike

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/teams/
Title: Malwarebytes for Teams

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/services/malware-removal/
Title: Malwarebytes Malware Removal

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/endpoint-protection/server-security/
Title: Malwarebytes Endpoint Protection for Servers

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/edr/server-security/
Title: Malwarebytes Endpoint Detection and Response for Servers

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/solutions/small-business/
Title: Small Business Antivirus

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/solutions/mid-market/
Title: Secure Remote Workers

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/solutions/enterprise/
Title: Enterprise Antivirus and Cybersecurity

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/education/
Title: Education

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/finance/
Title: Finance

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/healthcare/
Title: Healthcare

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/
Title: Explore all Business Products

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/pricing/business/
Title: Explore Pricing

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/request_trial/?ref=nav
Title: Get a Free Trial Secure your endpoints and servers with industry-leading protection, detection, and response solutions. Get Started

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/partners/
Title: Explore Partnerships

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/partners/solution-providers/
Title: Resellers

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/partners/managed-service-providers/
Title: Managed Service Providers

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/techbench/
Title: Computer Repair

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/integrations/
Title: Technology Partners

Search URL Search Domain Scan URL

URL: https://resources.malwarebytes.com/casestudy/optimus-systems-delivers-trusted-desktop-security-services-malwarebytes-managed-services-provider/
Title: See full story

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/antivirus/
Title: Antivirus

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/malware/
Title: Malware

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/ransomware/
Title: Ransomware

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/cybersecurity/
Title: See all

Search URL Search Domain Scan URL

URL: https://resources.malwarebytes.com/#reviews
Title: Reviews

Search URL Search Domain Scan URL

URL: https://resources.malwarebytes.com/#analyst-reports
Title: Analyst Reports

Search URL Search Domain Scan URL

URL: https://resources.malwarebytes.com/casestudies/
Title: Case Studies

Search URL Search Domain Scan URL

URL: https://resources.malwarebytes.com/
Title: See all

Search URL Search Domain Scan URL

URL: https://press.malwarebytes.com/
Title: Learn more

Search URL Search Domain Scan URL

URL: https://www.rsaconference.com/usa
Title: See Event

Search URL Search Domain Scan URL

URL: https://support.malwarebytes.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/services/
Title: Premium Services

Search URL Search Domain Scan URL

URL: https://forums.malwarebytes.com/
Title: Forums

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/secure/
Title: Vulnerability Disclosure

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCB7JQhkZpiyvGPufW2RPBoQ
Title: Training for Personal Products

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/academy/
Title: Training for Business Products

Search URL Search Domain Scan URL

URL: https://support.malwarebytes.com/hc/en-us/articles/360046199873-Activate-Malwarebytes-Privacy-on-Windows-device
Title: See Content

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/contact/
Title: CONTACT US

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/company/
Title: About Malwarebytes

Search URL Search Domain Scan URL

URL: https://jobs.malwarebytes.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://my.malwarebytes.com/en/login/
Title: My Account

Search URL Search Domain Scan URL

URL: https://cloud.malwarebytes.com/
Title: Cloud Console

Search URL Search Domain Scan URL

URL: https://partners.malwarebytes.com/English/
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/newsletter/?email=&source=labs
Title: SUBSCRIBE

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Malwarebytes/

Search URL Search Domain Scan URL

URL: https://twitter.com/malwarebytes

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/malwarebytes

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/trickbot/
Title: TrickBot

Search URL Search Domain Scan URL

URL: https://virustotal.com/en/file/a4dfd173610d318acb4784645cf5e712d552b51d0c8cf10b2c4414d0486af27d/analysis/
Title: f26649fc31ede7594b18f8cd7cdbbc15

Search URL Search Domain Scan URL

URL: https://virustotal.com/en/file/6f4bef32e641d361b0039a82eef7784d2fd9fbc3f302d030c332233564ce8c40/analysis/
Title: 3814abbcd8c8a41665260e4b41af26d4

Search URL Search Domain Scan URL

URL: https://virustotal.com/en/file/2c4eab037c37b55780cce28e48d930faa60879045208ae4b64631bb7a2f4cb2a/analysis/
Title: f24384228fb49f9271762253b0733123

Search URL Search Domain Scan URL

URL: https://virustotal.com/en/file/229d8579a87738d3517ab62a035b967f7f256a2026f565481a174f6a2f837a85/analysis/1476817164/
Title: 10d72baf2c79b29bad1038e09c6ed107

Search URL Search Domain Scan URL

URL: https://virustotal.com/en/file/690a2e86a141d890c8ef94587ceb6366c01a8d9c74309606885ed7a784a98c30/analysis/1476817351/
Title: bd79db0f9f8263a215e527d6627baf2f

Search URL Search Domain Scan URL

URL: https://virustotal.com/en/file/a5725af4391d21a232dc6d4ad33d7d915bd190bdac9b1826b73f364dc5c1aa65/analysis/1477056933/
Title: 533b0bdae7f4c8dcd57556a45e1a62c8

Search URL Search Domain Scan URL

URL: https://virustotal.com/en/file/d461e3801e5c2efe54d202e23d55a3c58a97996c3af59dbefb988a677feb66aa/analysis/1477356071/
Title: c5a0a3dba3c3046e446bd940c20b6092

Search URL Search Domain Scan URL

URL: https://virustotal.com/en/file/0f5daef7bae8b8dd43bd7d1e3122586a2ab67b01a6f611b1469e042508c15438/analysis/1477407966/
Title: c90f766020855047c3a8138842266c5a

Search URL Search Domain Scan URL

URL: https://virustotal.com/en/file/168ab03d2c33ffc8f7409a80ae46dd362713344e6571b48e353185f44a8a5163/analysis/1477356022/
Title: 0b521fd97402c02366184ec413e888cc

Search URL Search Domain Scan URL

URL: https://virustotal.com/en/file/0fca1dbcaf17e2374618484a5239488a40c428c791aee2903095c8bcb7a784b6/analysis/1477407948/
Title: 5a7459fb0b49a8b28fae507730e2a924

Search URL Search Domain Scan URL

URL: https://virustotal.com/en/file/817109d3ea13fe1e718defe4a16959f64d966404a3dcfbe6b1aa85cffc3da765/analysis/
Title: 47d9e7c464927052ca0d22af7ad61f5d

Search URL Search Domain Scan URL

URL: https://virustotal.com/en/file/5f13136e195224ae5f7f9dd01a81594ffe37431a4f86cff1b16f04b2d709120c/analysis/
Title: e80ac57a092ffcf2965613c8b3c537c0

Search URL Search Domain Scan URL

URL: https://github.com/hasherezade/malware_analysis/blob/master/dyreza/dyreza_decoder.py
Title: the one found in Dyreza

Search URL Search Domain Scan URL

URL: https://github.com/hasherezade/malware_analysis/blob/master/trickbot/trick_decoder.py
Title: https://github.com/hasherezade/malware_analysis/blob/master/trickbot/trick_decoder.py

Search URL Search Domain Scan URL

URL: https://gist.github.com/hasherezade/88837ea728d3950c7c38160d016ea6cf
Title: here

Search URL Search Domain Scan URL

URL: https://github.com/hasherezade/malware_analysis/blob/master/trickbot/trick_config_decoder.py
Title: https://github.com/hasherezade/malware_analysis/blob/master/trickbot/trick_config_decoder.py

Search URL Search Domain Scan URL

URL: https://gist.github.com/hasherezade/0c464f970018f509444243b67a0c5447/raw/8efd199d3cae8ed26623e606bfb4cf08daf45ea3/mcconf.xml
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/hasherezade/0c464f970018f509444243b67a0c5447#file-mcconf-xml
Title: mcconf.xml

Search URL Search Domain Scan URL

URL: https://github.com/
Title: GitHub

Search URL Search Domain Scan URL

URL: https://gist.github.com/hasherezade/0c464f970018f509444243b67a0c5447/raw/8efd199d3cae8ed26623e606bfb4cf08daf45ea3/mcconf2.xml
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/hasherezade/0c464f970018f509444243b67a0c5447#file-mcconf2-xml
Title: mcconf2.xml

Search URL Search Domain Scan URL

URL: https://gist.github.com/hasherezade/0c464f970018f509444243b67a0c5447/raw/8efd199d3cae8ed26623e606bfb4cf08daf45ea3/servconf.xml
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/hasherezade/0c464f970018f509444243b67a0c5447#file-servconf-xml
Title: servconf.xml

Search URL Search Domain Scan URL

URL: https://gist.github.com/hasherezade/0c464f970018f509444243b67a0c5447/raw/8efd199d3cae8ed26623e606bfb4cf08daf45ea3/dinj.xml
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/hasherezade/0c464f970018f509444243b67a0c5447#file-dinj-xml
Title: dinj.xml

Search URL Search Domain Scan URL

URL: http://www.threatgeek.com/2016/10/trickbot-the-dyre-connection.html
Title: http://www.threatgeek.com/2016/10/trickbot-the-dyre-connection.html

Search URL Search Domain Scan URL

URL: https://twitter.com/hasherezade
Title: hasherezade

Search URL Search Domain Scan URL

URL: https://hshrzd.wordpress.com/
Title: https://hshrzd.wordpress.com

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t=Introducing+TrickBot%2C+Dyreza%26%238217%3Bs+successor

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Introducing+TrickBot%2C+Dyreza%26%238217%3Bs+successor+https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&via=Malwarebytes

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&title=Introducing+TrickBot%2C+Dyreza%26%238217%3Bs+successor&summary=&source=

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/Malwarebytes

Search URL Search Domain Scan URL

URL: https://www.instagram.com/malwarebytesofficial/

Search URL Search Domain Scan URL

URL: https://my.malwarebytes.com/en/login
Title: SIGN IN

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/legal/
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/accessibility/
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/tos/
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/
Title: English

Search URL Search Domain Scan URL

URL: https://de.malwarebytes.com/
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://es.malwarebytes.com/
Title: Español

Search URL Search Domain Scan URL

URL: https://fr.malwarebytes.com/
Title: Français

Search URL Search Domain Scan URL

URL: https://it.malwarebytes.com/
Title: Italiano

Search URL Search Domain Scan URL

URL: https://pt.malwarebytes.com/
Title: Português (Portugal)

Search URL Search Domain Scan URL

URL: https://br.malwarebytes.com/
Title: Português (Brasil)

Search URL Search Domain Scan URL

URL: https://nl.malwarebytes.com/
Title: Nederlands

Search URL Search Domain Scan URL

URL: https://pl.malwarebytes.com/
Title: Polski

Search URL Search Domain Scan URL

URL: https://ru.malwarebytes.com/
Title: Pусский

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/jp/
Title: 日本語

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/se/
Title: Svenska

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23

https://www.malwarebytes.com/css/NEW-NAV.css HTTP 301
https://www.malwarebytes.com/css/new-nav.css

Request Chain 107

https://9812475.fls.doubleclick.net/activityi;src=9812475;type=conve0;cat=forms000;ord=1;num=6202236689437;gtm=2wg690;auiddc=1447878614.1623624614;~oref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F HTTP 302
https://9812475.fls.doubleclick.net/activityi;dc_pre=COCp-YLZlfECFXDIuwgdZxQMnQ;src=9812475;type=conve0;cat=forms000;ord=1;num=6202236689437;gtm=2wg690;auiddc=1447878614.1623624614;~oref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F

Request Chain 121

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1623624614077&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2567940%26time%3D1623624614077%26url%3Dhttps%253A%252F%252Fblog.malwarebytes.com%252Fthreat-analysis%252F2016%252F10%252Ftrick-bot-dyrezas-successor%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1623624614077&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1623624614077&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&liSync=true&e_ipv6=AQIc6M-483fl8gAAAXoHkYMW8v3wHbjpZHCxiANV7-6j19bD6jG-KMyis9a7EaDpX-5zORzs

Request Chain 136

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AACyF07BjRcAADJsuzkOtA HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AACyF07BjRcAADJsuzkOtA&verifyHash=3540c023d2d60d221e14f2e7af297ac1e6034e5d

Request Chain 163

https://5118230.fls.doubleclick.net/activityi;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=674505151862.7255 HTTP 302
https://5118230.fls.doubleclick.net/activityi;dc_pre=CJCizoPZlfECFbnouwgde0EDHw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=674505151862.7255

207 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/ 228 KB
41 KB 505ms
187ms Document
text/html 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

3.198.211.130.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

2f37b7440bc51b5c73f070e6c5d8d0da1a5137a851e43ba5bb2ec5c7cd9e12c0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors none;
X-Frame-Options	DENY

Request headers

:method: GET
:authority: blog.malwarebytes.com
:scheme: https
:path: /threat-analysis/2016/10/trick-bot-dyrezas-successor/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx
date: Sun, 13 Jun 2021 22:50:12 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-pingback: https://blog.malwarebytes.com/xmlrpc.php
link: <https://blog.malwarebytes.com/wp-json/>; rel="https://api.w.org/" <https://blog.malwarebytes.com/wp-json/wp/v2/posts/14942>; rel="alternate"; type="application/json" <https://blog.malwarebytes.com/?p=14942>; rel=shortlink
x-powered-by: WP Engine
x-cacheable: SHORT
cache-control: max-age=600, must-revalidate
x-cache: HIT: 1
x-cache-group: normal
x-frame-options: DENY
content-security-policy: frame-ancestors none;
content-encoding: br

GET
H2 200 style.min.css
blog.malwarebytes.com/wp-includes/css/dist/block-library/ 57 KB
9 KB 187ms
182ms Stylesheet
text/css 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/css/dist/block-library/style.min.css?ver=5.7.2
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde

Request headers

:path: /wp-includes/css/dist/block-library/style.min.css?ver=5.7.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:12 GMT
content-encoding: br
last-modified: Tue, 06 Apr 2021 23:50:28 GMT
server: nginx
etag: W/"606cf3c4-e33b"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 prettyPhoto.min.css
blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/assets/prettyphoto/ 19 KB
3 KB 214ms
209ms Stylesheet
text/css 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/assets/prettyphoto/prettyPhoto.min.css?ver=2.3.2
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 3df56cf5e9b367ce3a1f69c52fe68655893e7443d0b9df0a8a094606775657c0

Request headers

:path: /wp-content/plugins/responsive-lightbox/assets/prettyphoto/prettyPhoto.min.css?ver=2.3.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:12 GMT
content-encoding: br
last-modified: Tue, 23 Feb 2021 22:11:49 GMT
server: nginx
etag: W/"60357da5-4bdc"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 css
fonts.googleapis.com/ 16 KB
1 KB 35ms
15ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro%3A300%2C400%2C700%2C300italic%2C400italic%2C700italic%7CBitter%3A400%2C700&subset=latin%2Clatin-ext

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b0028a42624782eed880f488391db76c57f0bb9a6636ac9f1f84d4a1eacaa5ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Origin: https://blog.malwarebytes.com
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 13 Jun 2021 22:26:02 GMT
server: ESF
date: Sun, 13 Jun 2021 22:50:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 13 Jun 2021 22:50:12 GMT

GET
H2 200 genericons.css
blog.malwarebytes.com/wp-content/plugins/jetpack/_inc/genericons/genericons/ 28 KB
16 KB 247ms
242ms Stylesheet
text/css 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 4ed10d0d64bb1515397e8666a63f484d640dbc5678fa62574e077b7aef1c3af2

Request headers

:path: /wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:12 GMT
content-encoding: br
last-modified: Thu, 03 Jun 2021 18:16:10 GMT
server: nginx
etag: W/"60b91c6a-6e6a"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery.min.js Show response
blog.malwarebytes.com/wp-includes/js/jquery/ 87 KB
31 KB 276ms
271ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Request headers

:path: /wp-includes/js/jquery/jquery.min.js?ver=3.5.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:12 GMT
content-encoding: br
last-modified: Wed, 07 Oct 2020 16:33:25 GMT
server: nginx
etag: W/"5f7dedd5-15d98"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery-migrate.min.js Show response
blog.malwarebytes.com/wp-includes/js/jquery/ 11 KB
4 KB 359ms
354ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

:path: /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:12 GMT
content-encoding: br
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
server: nginx
etag: W/"5fb4e3fe-2bd8"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery.prettyPhoto.min.js Show response
blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/assets/prettyphoto/ 22 KB
6 KB 258ms
253ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/assets/prettyphoto/jquery.prettyPhoto.min.js?ver=2.3.2
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ba0504cfd673e9fbf0bab2b70a67ac1bbea97891e12fc8cd3f94070f0c4898f8

Request headers

:path: /wp-content/plugins/responsive-lightbox/assets/prettyphoto/jquery.prettyPhoto.min.js?ver=2.3.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:12 GMT
content-encoding: br
last-modified: Tue, 23 Feb 2021 22:11:49 GMT
server: nginx
etag: W/"60357da5-5955"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 underscore.min.js Show response
blog.malwarebytes.com/wp-includes/js/ 16 KB
6 KB 276ms
271ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/underscore.min.js?ver=1.8.3
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 6cd0d6897b3d4779f7d88ce72531f22fbf75851b195fb14e6f3f23d051b3d1e9

Request headers

:path: /wp-includes/js/underscore.min.js?ver=1.8.3
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:12 GMT
content-encoding: br
last-modified: Thu, 25 Mar 2021 20:02:19 GMT
server: nginx
etag: W/"605cec4b-3ead"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 infinite-scroll.pkgd.min.js Show response
blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/assets/infinitescroll/ 25 KB
7 KB 287ms
282ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/assets/infinitescroll/infinite-scroll.pkgd.min.js?ver=5.7.2
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 378f79bc8e52dc7c86332d048c8b8f57ad672c3c917ca54b08630bb487b99d3f

Request headers

:path: /wp-content/plugins/responsive-lightbox/assets/infinitescroll/infinite-scroll.pkgd.min.js?ver=5.7.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:12 GMT
content-encoding: br
last-modified: Tue, 23 Feb 2021 22:11:49 GMT
server: nginx
etag: W/"60357da5-64e6"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 front.js Show response
blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/js/ 26 KB
6 KB 300ms
295ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/js/front.js?ver=2.3.2
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 3c8ba982e1a7629cb5be1c6e7ac909bb494b895a63affce2f6306e5cd244505a

Request headers

:path: /wp-content/plugins/responsive-lightbox/js/front.js?ver=2.3.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:12 GMT
content-encoding: br
last-modified: Tue, 23 Feb 2021 22:11:49 GMT
server: nginx
etag: W/"60357da5-68e8"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 normalize.css
cdn.jsdelivr.net/npm/normalize.css@8.0.1/ 6 KB
2 KB 31ms
14ms Stylesheet
text/css 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/normalize.css@8.0.1/normalize.css

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

580818700724d42d7fcc4979b0197971fca1c6d2e0286769237a0ac897df5512

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5679952
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aa92a93ae0000d6fdf4a79000000001
x-served-by: cache-fra19158-FRA
timing-allow-origin: *
server: cloudflare
etag: W/"17fa-f/3jQ73xCt0fBS88QwihUYDrRAQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 65eee065ebffd6fd-FRA

GET
H2 200 style.css
www.malwarebytes.com/css/ 220 KB
34 KB 131ms
78ms Stylesheet
text/css 2600:9000:206e:c600:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwarebytes.com/css/style.css?12-20-2016
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:c600:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ee15671dffc01e4ba638577cadff370a892edfeff19b1e2e10bc24fe0fe9942c

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:37:03 GMT
content-encoding: gzip
etag: W/"b28d1027275ed71:0"
last-modified: Thu, 10 Jun 2021 18:33:48 GMT
server: Microsoft-IIS/10.0
age: 788
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 8041ecf6e768a41bc9c64e0c75dc923d.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: YSCOlOYgAy42c3OrEVPLNCEzWFk1vehyP1biBStwRU3yIroBVvDdQg==

GET
H2 200 style.css
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/ 179 KB
29 KB 299ms
294ms Stylesheet
text/css 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 9a6f23bfe564fd6e98cf71ce4f1e2805f63c86dd4c0eca7b0a063268e5843559

Request headers

:path: /wp-content/themes/mb-labs-theme/style.css?03-03-2021
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:12 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-2ccdf"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery-1.11.3.min.js Show response
www.malwarebytes.com/js/ 94 KB
33 KB 92ms
39ms Script
application/javascript 2600:9000:206e:c600:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:c600:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:12 GMT
content-encoding: gzip
etag: W/"47626cd4336d71:0"
last-modified: Wed, 21 Apr 2021 00:18:06 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: VIE50-C1
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 8041ecf6e768a41bc9c64e0c75dc923d.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-id: RK9_IHCpsQuqy-Kq_lutNlPTqKeO8z8BD6FcmiLg61ucutI9Yh6ajQ==

GET
H/1.1 200
OK 9530a107-0af8-4204-a2c2-217efb78222b.js Show response
optanon.blob.core.windows.net/consent/ 140 KB
21 KB 294ms
80ms Script
application/x-javascript 52.239.137.4
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://optanon.blob.core.windows.net/consent/9530a107-0af8-4204-a2c2-217efb78222b.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.137.4 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: ec442600e3c090c1171e6d0aca38073cc048af3a7a301ec06bf933da6aa65c1b

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sun, 13 Jun 2021 22:50:12 GMT
Content-Encoding: GZIP
Last-Modified: Wed, 19 Aug 2020 23:29:25 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: NyuiOqvVdJMyWTtUb2ZlDA==
ETag: 0x8D84497B6030FBF
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
x-ms-request-id: d6950da7-b01e-010f-6ea6-607345000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: public, max-age=14400
x-ms-version: 2009-09-19
Content-Length: 20591

GET
H2 200 bootstrap.js Show response
www.malwarebytes.com/js/ 36 KB
10 KB 108ms
56ms Script
application/javascript 2600:9000:206e:c600:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwarebytes.com/js/bootstrap.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:c600:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ee5981421f40702d2438e8dad90e27efe1e87c0c72635944560232a90453cb69

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:42:47 GMT
content-encoding: gzip
last-modified: Sat, 01 May 2021 11:42:46 GMT
server: Microsoft-IIS/10.0
age: 444
x-powered-by: ASP.NET
etag: W/"055321b7f3ed71:0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 8041ecf6e768a41bc9c64e0c75dc923d.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: wwyz7TsMSF43c13VMx5ShmCUnsJLBFC8XhJhDveLCUyOP89HTaMsLA==

GET
H2 200 respond.min.js Show response
www.malwarebytes.com/js/ie-fixes/ 4 KB
3 KB 88ms
36ms Script
application/javascript 2600:9000:206e:c600:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwarebytes.com/js/ie-fixes/respond.min.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:c600:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 6252f8d40b521387483f57b7d0c812912a1d59ce038fdde2bcf67cf920486cac

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:42:47 GMT
content-encoding: gzip
etag: W/"5c042b34336d71:0"
last-modified: Wed, 21 Apr 2021 00:17:22 GMT
server: Microsoft-IIS/10.0
age: 444
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 8041ecf6e768a41bc9c64e0c75dc923d.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: iNuEI8TUJbnWzaQGniUAa9zQ61BmZhr-2o4xsqYSEeVp3nMfi0NQ_Q==

GET
H2 200 modernizr.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/ 17 KB
7 KB 357ms
354ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/modernizr.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: da819542692b3f1c2a667ba34eff3465a82d9756953a1446ab7d0772f9b1edd5

Request headers

:path: /wp-content/themes/mb-labs-theme/modernizr.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:12 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-434b"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 nav-resize.js Show response
www.malwarebytes.com/js/ 12 KB
4 KB 109ms
57ms Script
application/javascript 2600:9000:206e:c600:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwarebytes.com/js/nav-resize.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:c600:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 93e43a00cd73303f914fe90d7be15dc032f4796891b571bf6cd9d9f36f4c91eb

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:12 GMT
content-encoding: gzip
etag: W/"9ee890ccb74ad71:0"
last-modified: Mon, 17 May 2021 00:58:50 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: VIE50-C1
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 8041ecf6e768a41bc9c64e0c75dc923d.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-id: LSJe0FCOYci7yj6HlDvVYoFI--vZd891HW_eRubi_9qLuGBowL0Mig==

GET
H2 200 flexibility.js Show response
www.malwarebytes.com/js/ 17 KB
6 KB 112ms
60ms Script
application/javascript 2600:9000:206e:c600:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwarebytes.com/js/flexibility.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:c600:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 58c13e24cdfb6384c26836e3eac52d17701cd9d686c56ebf93efbbe9426f8cd6

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:12 GMT
content-encoding: gzip
etag: W/"e685d4c54336d71:0"
last-modified: Wed, 21 Apr 2021 00:17:54 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: VIE50-C1
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 8041ecf6e768a41bc9c64e0c75dc923d.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-id: E0ZstPBZRh5w7BtPav1MV5XKTUgMmTMefq5SnOYWYDDTmdYX0h4lIw==

GET
H2 200 global.js Show response
www.malwarebytes.com/js/ 20 KB
8 KB 110ms
59ms Script
application/javascript 2600:9000:206e:c600:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwarebytes.com/js/global.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:c600:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b08f47debbb15ec9b278fa48d7f8ded3d14a1a1040bd072c3cfe93ae22adadde

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:35:41 GMT
content-encoding: gzip
etag: W/"39fbf5e1bb4ad71:0"
last-modified: Mon, 17 May 2021 01:28:04 GMT
server: Microsoft-IIS/10.0
age: 870
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 8041ecf6e768a41bc9c64e0c75dc923d.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: Qp6Y2kugw_EUaLTw271l0-T8iZ-_4AuJ0EyUllc_5qXawKancT_4IQ==

GET
H2 200 xs.js Show response
www.malwarebytes.com/js/ 9 KB
3 KB 108ms
57ms Script
application/javascript 2600:9000:206e:c600:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwarebytes.com/js/xs.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:c600:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: c13527e6600d478c3cd7ae449acd6813e1c7209a97c0334702ee8d1a999a3a93

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:08 GMT
content-encoding: gzip
last-modified: Wed, 21 Apr 2021 00:17:17 GMT
server: Microsoft-IIS/10.0
age: 3
x-powered-by: ASP.NET
etag: W/"42e3ebaf4336d71:0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 8041ecf6e768a41bc9c64e0c75dc923d.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: _RhN9V-vBKqM9a4MWruySM23R2VlBYFIYQIknCXeEaNr-8Kwushl1A==

GET
H2 200 search.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/ 1 KB
713 B 356ms
354ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/search.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 1dc2b8fb26c1a74260a66519a2a5fdf37a938d1b43bbe4d8da7fcd652acc61b9

Request headers

:path: /wp-content/themes/mb-labs-theme/js/search.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:12 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-55e"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2

200

new-nav.css
www.malwarebytes.com/css/
Redirect Chain

https://www.malwarebytes.com/css/NEW-NAV.css
https://www.malwarebytes.com/css/new-nav.css

22 KB
4 KB

36ms
36ms

Stylesheet
text/css

2600:9000:206e:c600:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwarebytes.com/css/new-nav.css
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:c600:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 72622641b79819e5c8b5c0543d105a45e30f13b1a6c0b5c3701e72de5b57e427

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:12 GMT
content-encoding: gzip
etag: W/"379513a87a37d71:0"
last-modified: Thu, 22 Apr 2021 13:23:17 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: VIE50-C1
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 8041ecf6e768a41bc9c64e0c75dc923d.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-id: 8ZQrm06tUvMTdKC9s060Yrt6_mQ6FhFjPOYccxg_uOecMYjaeD2j2g==

Redirect headers

date: Sun, 13 Jun 2021 22:50:08 GMT
via: 1.1 8041ecf6e768a41bc9c64e0c75dc923d.cloudfront.net (CloudFront)
server: Microsoft-IIS/10.0
age: 3
x-powered-by: ASP.NET
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
location: https://www.malwarebytes.com/css/new-nav.css
cache-control: max-age=900
x-amz-cf-pop: VIE50-C1
content-length: 167
x-amz-cf-id: mk8ShZkmU_bBsmKIR13nQkoSN9MDoSsXjZ-rZ3uCRpMHJ_RDEiR5pg==

GET
H2 200 new-nav.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/ 6 KB
2 KB 356ms
354ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/new-nav.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: a2b3f57762f2932505c6fa9b43932cb13856966074febc5bb048052f17100bf6

Request headers

:path: /wp-content/themes/mb-labs-theme/js/new-nav.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:12 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-1703"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 arrow.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/refreshed_homepage/ 2 KB
1 KB 190ms
181ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/refreshed_homepage/arrow.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ad15e02b8d9bee31a51c502cff1977983fa2c8103b769db7ab097750f34016a9

Request headers

:path: /wp-content/themes/mb-labs-theme/images/refreshed_homepage/arrow.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-94e"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 personal-icon.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/ 2 KB
1 KB 191ms
182ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/personal-icon.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 9d815528e2ed7985b63e839cbeb0b684e1fa8da87da3c1a0962b1eecfe437614

Request headers

:path: /wp-content/themes/mb-labs-theme/images/icons/personal-icon.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-6f4"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 pricing-icon.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/ 2 KB
1022 B 191ms
183ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/pricing-icon.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 21da5195f86350f2b52a0ee70a668d4f72542d0413b57dd84f06593e0e0f7207

Request headers

:path: /wp-content/themes/mb-labs-theme/images/icons/pricing-icon.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-73c"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 business-icon.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/ 1 KB
726 B 191ms
183ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/business-icon.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 4b36c9516ea1b8ec7a2aa5fbedea5a09ee036a5062c201cb1daa4ed6d0793650

Request headers

:path: /wp-content/themes/mb-labs-theme/images/icons/business-icon.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-416"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 partner-icon.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/ 4 KB
2 KB 192ms
183ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/partner-icon.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: f8869aa9427c07872b91f3bb5485a65a0e389302f54ad6fe1b684c59d97d154a

Request headers

:path: /wp-content/themes/mb-labs-theme/images/icons/partner-icon.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-116b"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 optimus-systems.webp
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/partners/ 2 KB
2 KB 192ms
183ms Image
image/webp 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/partners/optimus-systems.webp
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8528b83134ef333f8b4f3b722f422569b5121e6fa817c9942bcbb91f5f61ea93

Request headers

:path: /wp-content/themes/mb-labs-theme/images/partners/optimus-systems.webp
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: "608b4e47-728"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 1832

GET
H2 200 rsa2021.jpg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/ 27 KB
28 KB 200ms
192ms Image
image/jpeg 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/rsa2021.jpg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8a849c6ffa64946fefa17e874080dea467783d0e20857bbfbb23480739625648

Request headers

:path: /wp-content/themes/mb-labs-theme/images/rsa2021.jpg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: "608b4e47-6d66"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 28006

GET
H2 200 watch-personal-icon.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/ 1 KB
830 B 207ms
199ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/watch-personal-icon.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: fa07bfad3039513f81cc0551de10a79c7c823bce84a5fbfba5a547f96479a367

Request headers

:path: /wp-content/themes/mb-labs-theme/images/icons/watch-personal-icon.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-4f9"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 watch-business-icon.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/ 1 KB
824 B 210ms
202ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/watch-business-icon.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 361aabb783830d45d3de5f19c4fe47d295e11518fb0279dd99d589eea8d43319

Request headers

:path: /wp-content/themes/mb-labs-theme/images/icons/watch-business-icon.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-504"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 privacy.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/ 4 KB
2 KB 211ms
204ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/privacy.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 0d8ac30d9520ce94e0246020e4bff9b6fea04f92ac0b5f09c7346104b9f5772a

Request headers

:path: /wp-content/themes/mb-labs-theme/images/privacy.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-10a3"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 search.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/ 296 B
438 B 212ms
204ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/search.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8f796d398e512c5d19a2fecc943d19a204927ff3cf9ec2cb3f75a025535268cd

Request headers

:path: /wp-content/themes/mb-labs-theme/images/search.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-128"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 photodune-6506897-online-theft-s-900x506.jpg
blog.malwarebytes.com/wp-content/uploads/2014/05/ 63 KB
64 KB 220ms
213ms Image
image/jpeg 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2014/05/photodune-6506897-online-theft-s-900x506.jpg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 23a25280a35e9e4a84b3c894f542b6f848e6c26c657c2edcade33164a3322fee

Request headers

:path: /wp-content/uploads/2014/05/photodune-6506897-online-theft-s-900x506.jpg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:06:39 GMT
server: nginx
etag: "588967bf-fde5"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 64997

GET
H2 200 wp-emoji-release.min.js Show response
blog.malwarebytes.com/wp-includes/js/ 14 KB
5 KB 208ms
201ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/wp-emoji-release.min.js?ver=5.7.2
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js?ver=5.7.2
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Wed, 06 Jan 2021 15:29:24 GMT
server: nginx
etag: W/"5ff5d754-3795"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 shutterstock_421820056-604x270.png
blog.malwarebytes.com/wp-content/uploads/2020/11/ 155 KB
155 KB 211ms
204ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2020/11/shutterstock_421820056-604x270.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: fd6a51cc8ebb9346818dccec2b48233af88a58645d5bca6fe3d6bb5b2c43b70b

Request headers

:path: /wp-content/uploads/2020/11/shutterstock_421820056-604x270.png
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Fri, 27 Nov 2020 20:06:38 GMT
server: nginx
etag: "5fc15c4e-26c2f"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 158767

GET
H2 200 shutterstock_248842327-604x270.jpg
blog.malwarebytes.com/wp-content/uploads/2017/11/ 28 KB
28 KB 220ms
213ms Image
image/jpeg 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2017/11/shutterstock_248842327-604x270.jpg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: e1cb886dfcdd5fe6412e646b3e1ce78d59c847844dc51c13597e549e6ea8ea4d

Request headers

:path: /wp-content/uploads/2017/11/shutterstock_248842327-604x270.jpg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Tue, 21 Nov 2017 11:28:35 GMT
server: nginx
etag: "5a140de3-6e5f"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 28255

GET
H2 200 security-threat-category-hacked-unpaced-604x270.jpg
blog.malwarebytes.com/wp-content/uploads/2013/11/ 78 KB
79 KB 243ms
236ms Image
image/jpeg 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2013/11/security-threat-category-hacked-unpaced-604x270.jpg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 0a98a1800f0819cbb062ff6b62c8bd3ffe1d5e3789bc9c4563ba15f706b04832

Request headers

:path: /wp-content/uploads/2013/11/security-threat-category-hacked-unpaced-604x270.jpg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:06:51 GMT
server: nginx
etag: "588967cb-13960"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 80224

GET
H2 200 photodune-2679907-http-s-604x270.jpg
blog.malwarebytes.com/wp-content/uploads/2015/05/ 65 KB
66 KB 250ms
243ms Image
image/jpeg 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2015/05/photodune-2679907-http-s-604x270.jpg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 4823fc995bed6c3bbd18a1d9c4184b9cfd7832a277729c501331815aef6dfd02

Request headers

:path: /wp-content/uploads/2015/05/photodune-2679907-http-s-604x270.jpg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:06:19 GMT
server: nginx
etag: "588967ab-10554"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 66900

GET
H2 200 photodune-5114174-internet-security-s-604x270.jpg
blog.malwarebytes.com/wp-content/uploads/2015/08/ 84 KB
85 KB 250ms
244ms Image
image/jpeg 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2015/08/photodune-5114174-internet-security-s-604x270.jpg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ee990b34a0d12a9e15b74e02a2d90385e9c5ccb3fd45b4f40de9e7cbd44f0357

Request headers

:path: /wp-content/uploads/2015/08/photodune-5114174-internet-security-s-604x270.jpg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:06:11 GMT
server: nginx
etag: "588967a3-151d3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 86483

GET
H2 200 labs-nav.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/ 493 B
413 B 164ms
154ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/labs-nav.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 19333622f176d68bc17e307d8df96b15447864fbb0bbaac495e507fa64d96077

Request headers

:path: /wp-content/themes/mb-labs-theme/js/labs-nav.js
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-1ed"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 contributors.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 910 B
743 B 208ms
203ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/contributors.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 6429fe0ed81fca5f6bb18cb0a0aacae3bd9de79192635aeed4cbda438139d75d

Request headers

:path: /wp-content/themes/mb-labs-theme/images/footer/contributors.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-38e"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 threat-center.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 2 KB
852 B 210ms
204ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/threat-center.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 32d4b293bb7f25a21cc44e81184d4bbcb3bdd1837e026b98ed0ad85b3b1a5292

Request headers

:path: /wp-content/themes/mb-labs-theme/images/footer/threat-center.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-812"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 glossary.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 760 B
654 B 249ms
244ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/glossary.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: b4e6efb587f3fdfb8155148201d0c51ac95d249a6727e8256acdfe624ade69af

Request headers

:path: /wp-content/themes/mb-labs-theme/images/footer/glossary.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-2f8"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 scams.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 842 B
698 B 249ms
244ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/scams.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 05a173cb58022e81eb499529ac56df6ad7bafe1c61b8128dca8b76f300b5b60e

Request headers

:path: /wp-content/themes/mb-labs-theme/images/footer/scams.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-34a"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 write.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 615 B
585 B 249ms
244ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/write.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: a6a97c4046257c7e4e063c9f76434c7ce2c1f105e46b07424fabfc054f2d4d24

Request headers

:path: /wp-content/themes/mb-labs-theme/images/footer/write.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-267"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 ic-pin-map.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 1 KB
821 B 249ms
244ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ic-pin-map.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 928759d761adf61723feb7a9affc2b058cc9d5044831da66fcadd823e265ab1c

Request headers

:path: /wp-content/themes/mb-labs-theme/images/footer/ic-pin-map.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-45a"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 world.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 4 KB
2 KB 249ms
244ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/world.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 05369fa3ab175c5ba5e63b7c60a872a64f82ddcb1de6a950d73004ed25930e69

Request headers

:path: /wp-content/themes/mb-labs-theme/images/footer/world.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-1019"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 gist-embed-f710d4a619fe68a1be4400197b4c3132.css
github.githubassets.com/assets/ 54 KB
11 KB 96ms
29ms Stylesheet
text/css 185.199.110.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://github.githubassets.com/assets/gist-embed-f710d4a619fe68a1be4400197b4c3132.css?ver=9.5.3

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.110.154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-110-154.github.com

Software

AmazonS3 /

Resource Hash

eb626421ca6e0a9e61e7df9cd7501a0cab6540f487c300a936d0d5f025b2755d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 628eaabe922d631bb89a3f711dc86fe2e57219da
date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: gzip
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
age: 395040
x-cache: HIT, HIT
strict-transport-security: max-age=31536000
content-length: 10539
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-dca17755-DCA, cache-bma1622-BMA
last-modified: Wed, 09 Jun 2021 08:42:26 GMT
server: AmazonS3
etag: "57d784e1edb54c310ecc93cda241f872"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 jetpack-carousel.css
blog.malwarebytes.com/wp-content/plugins/jetpack/modules/carousel/ 26 KB
5 KB 166ms
157ms Stylesheet
text/css 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/jetpack/modules/carousel/jetpack-carousel.css?ver=9.5.3
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ff37be8081d97cd5da09dea014d573e75a3b34365476f1cc459cdb0dfadab3ec

Request headers

:path: /wp-content/plugins/jetpack/modules/carousel/jetpack-carousel.css?ver=9.5.3
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Thu, 03 Jun 2021 18:16:10 GMT
server: nginx
etag: W/"60b91c6a-6859"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 comment_count.js Show response
blog.malwarebytes.com/wp-content/plugins/disqus-comment-system/public/js/ 889 B
620 B 164ms
155ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.21
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e

Request headers

:path: /wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.21
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Tue, 23 Feb 2021 22:11:47 GMT
server: nginx
etag: W/"60357da3-379"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 comment_embed.js Show response
blog.malwarebytes.com/wp-content/plugins/disqus-comment-system/public/js/ 1 KB
686 B 166ms
156ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.21
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: f055e217bde76d711bd8b42af773f9f99b8a29d81ad9ed10b6379cc7e6c60452

Request headers

:path: /wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.21
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Tue, 23 Feb 2021 22:11:47 GMT
server: nginx
etag: W/"60357da3-47e"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 imagesloaded.min.js Show response
blog.malwarebytes.com/wp-includes/js/ 5 KB
2 KB 167ms
157ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Request headers

:path: /wp-includes/js/imagesloaded.min.js?ver=4.1.4
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
server: nginx
etag: W/"5ee520a7-15fd"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 masonry.min.js Show response
blog.malwarebytes.com/wp-includes/js/ 24 KB
8 KB 170ms
160ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/masonry.min.js?ver=4.2.2
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb

Request headers

:path: /wp-includes/js/masonry.min.js?ver=4.2.2
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
server: nginx
etag: W/"5ee520a7-5e4a"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery.masonry.min.js Show response
blog.malwarebytes.com/wp-includes/js/jquery/ 2 KB
915 B 171ms
161ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25

Request headers

:path: /wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Thu, 18 Aug 2016 18:55:30 GMT
server: nginx
etag: W/"57b604a2-71b"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 functions.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/ 2 KB
1 KB 171ms
161ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/functions.js?ver=2013-07-18
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 9fcb181721162ce0d395b7b9b1e5bb5ca82c5f79bde749d4d0467ec2e65fcb4a

Request headers

:path: /wp-content/themes/mb-labs-theme/js/functions.js?ver=2013-07-18
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-8f9"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 wp-embed.min.js Show response
blog.malwarebytes.com/wp-includes/js/ 1 KB
947 B 172ms
163ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/wp-embed.min.js?ver=5.7.2
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

:path: /wp-includes/js/wp-embed.min.js?ver=5.7.2
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Wed, 06 Jan 2021 15:29:24 GMT
server: nginx
etag: W/"5ff5d754-592"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jetpack-carousel.min.js Show response
blog.malwarebytes.com/wp-content/plugins/jetpack/_inc/build/carousel/ 28 KB
8 KB 189ms
180ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/jetpack/_inc/build/carousel/jetpack-carousel.min.js?ver=9.5.3
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 1b596dd656e3aa66a49c4cd29839bf3987beafe7e08f286b4334f7484fbd2c9e

Request headers

:path: /wp-content/plugins/jetpack/_inc/build/carousel/jetpack-carousel.min.js?ver=9.5.3
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Thu, 03 Jun 2021 18:16:10 GMT
server: nginx
etag: W/"60b91c6a-70f0"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 standard-search-results-footer.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/ 2 KB
772 B 190ms
181ms Script
application/javascript 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/standard-search-results-footer.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 1532b16aa9cd1fef51c097aaf1abeac6cb6f239b026660e7105e49f4ae6549ff

Request headers

:path: /wp-content/themes/mb-labs-theme/js/standard-search-results-footer.js
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-704"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H/1.1 200
OK optanon.css
optanon.blob.core.windows.net/skins/6.4.0/default_flat_bottom_two_button_white/v2/css/ 23 KB
6 KB 72ms
72ms Stylesheet
text/css 52.239.137.4
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://optanon.blob.core.windows.net/skins/6.4.0/default_flat_bottom_two_button_white/v2/css/optanon.css
Requested by: Host: optanon.blob.core.windows.net
URL: https://optanon.blob.core.windows.net/consent/9530a107-0af8-4204-a2c2-217efb78222b.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.137.4 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 8c20518cd7e51066b82e8a8a1e8035210741cf808c02268915747960f531061c

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sun, 13 Jun 2021 22:50:12 GMT
Content-Encoding: gzip
Last-Modified: Thu, 13 Aug 2020 04:48:01 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: E062TbpGx6vwVsuuNM/jFw==
ETag: 0x8D83F440F482A65
Content-Type: text/css
Access-Control-Allow-Origin: *
x-ms-request-id: d6950df5-b01e-010f-2da6-607345000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
Content-Length: 5561

GET
H2 200 EU Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/ 32 B
291 B 45ms
23ms Script
text/javascript 2606:4700:10::6814:b844
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/EU?callback=jQuery1113010061883010196859_1623624613186&_=1623624613187

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0817a0d6a87f2d42532035e42b20ea55cfaa5ca1092c761f5fc5e734790bdbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 65eee068fb7e4e13-FRA
content-length: 32
cf-request-id: 0aa92a959d00004e13fe3f4000000001

GET
H2 200 Locator-Light.woff
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 29 KB
29 KB 162ms
161ms Font
font/woff 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/Locator-Light.woff
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ed2491fc7526ff0b5cfec3fe6f4cf8153796520fc845b735286b0f42183da98a

Request headers

sec-fetch-mode: cors
origin: https://blog.malwarebytes.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
:path: /wp-content/themes/mb-labs-theme/css/fonts/Locator-Light.woff
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://blog.malwarebytes.com
Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: "608b4e47-7330"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 29488

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 283 KB
77 KB 19ms
14ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c8d79e6951df8c1e8bc112a744ea5805ac147491a6102a4277279adc8dacf2a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 78766
x-xss-protection: 0
last-modified: Sun, 13 Jun 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 13 Jun 2021 22:50:13 GMT

GET
H2 200 box-link-rings-personal.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/backgrounds/ 1 KB
813 B 239ms
239ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/backgrounds/box-link-rings-personal.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2409f262a4b65de1c6867ad7d607898380900587b69a60b881a9b888bd53e625

Request headers

:path: /wp-content/themes/mb-labs-theme/images/backgrounds/box-link-rings-personal.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-52c"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 box-link-rings-biz.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/backgrounds/ 1 KB
815 B 239ms
238ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/backgrounds/box-link-rings-biz.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: d229467029bc6ef59725d5a74f93636feab4fb2ac5f3130ef4e75bd68cbc5cdd

Request headers

:path: /wp-content/themes/mb-labs-theme/images/backgrounds/box-link-rings-biz.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-52c"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 num-comments.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/ 1 KB
810 B 232ms
231ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/num-comments.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: da1c1ad273854673c3a3f7e8f76aae5d7c9c73f3ebd224c2be1f93106680b1d4

Request headers

:path: /wp-content/themes/mb-labs-theme/images/num-comments.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-4d3"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 Graphik-Light.otf
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 132 KB
132 KB 231ms
227ms Font
application/octet-stream 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/Graphik-Light.otf
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 30b410ec60b2dda5e521206ed5b3a9318922f62828db7409240f047f21593bcc

Request headers

sec-fetch-mode: cors
origin: https://blog.malwarebytes.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
:path: /wp-content/themes/mb-labs-theme/css/fonts/Graphik-Light.otf
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://blog.malwarebytes.com
Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: "608b4e47-20e60"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 134752

GET
H2 200 Graphik-Medium.otf
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 134 KB
135 KB 231ms
227ms Font
application/octet-stream 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/Graphik-Medium.otf
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: a7d4e6165ce4042167fcaaa0623eab885d6992458eb05c4fc74184cee79a9eb3

Request headers

sec-fetch-mode: cors
origin: https://blog.malwarebytes.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
:path: /wp-content/themes/mb-labs-theme/css/fonts/Graphik-Medium.otf
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://blog.malwarebytes.com
Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: "608b4e47-219c0"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 137664

GET
H2 200 Graphik-Regular.otf
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 128 KB
128 KB 231ms
227ms Font
application/octet-stream 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/Graphik-Regular.otf
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: f575112df5398271c1f04b48a995ccc6e17d69730e37304078178d46781152da

Request headers

sec-fetch-mode: cors
origin: https://blog.malwarebytes.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
:path: /wp-content/themes/mb-labs-theme/css/fonts/Graphik-Regular.otf
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://blog.malwarebytes.com
Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: "608b4e47-20084"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 131204

GET
H2 200 Locator-Medium.woff
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 29 KB
29 KB 229ms
227ms Font
font/woff 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/Locator-Medium.woff
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: a52bbdb7b132e850fdaf5740012fcc0bc3f6ef0be520bc4b987d8761d40d015a

Request headers

sec-fetch-mode: cors
origin: https://blog.malwarebytes.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
:path: /wp-content/themes/mb-labs-theme/css/fonts/Locator-Medium.woff
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://blog.malwarebytes.com
Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: "608b4e47-734c"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 29516

GET
H2 200 socicon.woff
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 20 KB
20 KB 229ms
227ms Font
font/woff 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/socicon.woff
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 0ed37960a59a6ec6b443f9ef043864d09a51db6fd276ae578d9166467bf986d1

Request headers

sec-fetch-mode: cors
origin: https://blog.malwarebytes.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
:path: /wp-content/themes/mb-labs-theme/css/fonts/socicon.woff
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://blog.malwarebytes.com
Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: "608b4e47-4ff8"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 20472

GET
H2 200 Locator-LightItalic.woff
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 30 KB
30 KB 229ms
227ms Font
font/woff 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/Locator-LightItalic.woff
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ad2cc26b0fdde8f4eb637ed12b25364e85af0bfba227dad42cb997ff4ad23eeb

Request headers

sec-fetch-mode: cors
origin: https://blog.malwarebytes.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
:path: /wp-content/themes/mb-labs-theme/css/fonts/Locator-LightItalic.woff
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://blog.malwarebytes.com
Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: "608b4e47-7888"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 30856

GET
H2 200 malvertising_chain.png
blog.malwarebytes.com/wp-content/uploads/2016/10/ 244 KB
244 KB 201ms
193ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2016/10/malvertising_chain.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: d1459acec6ea83b5908eff2f351da55ceedecdea59cee3fdf785d9e15fe1629b

Request headers

:path: /wp-content/uploads/2016/10/malvertising_chain.png
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:05:36 GMT
server: nginx
etag: "58896780-3d000"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 249856

GET
H2 200 installed.png
blog.malwarebytes.com/wp-content/uploads/2016/10/ 23 KB
24 KB 201ms
193ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2016/10/installed.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: cb1ab3021b66ae828f0da4d8eb6470e5dad1a004b82b644dd2aeec20d2d28861

Request headers

:path: /wp-content/uploads/2016/10/installed.png
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:05:36 GMT
server: nginx
etag: "58896780-5ddd"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 24029

GET
H2 200 client_id.png
blog.malwarebytes.com/wp-content/uploads/2016/10/ 6 KB
6 KB 201ms
192ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2016/10/client_id.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 7102ea65a4f1546a7b0227a53cc9058a211ba97d34d563c4f0d7f99b03e79c70

Request headers

:path: /wp-content/uploads/2016/10/client_id.png
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:05:35 GMT
server: nginx
etag: "5889677f-16fb"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 5883

GET
H2 200 gtag.png
blog.malwarebytes.com/wp-content/uploads/2016/10/ 4 KB
4 KB 201ms
192ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2016/10/gtag.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: a3d902fafe16ae4bed4e1b9054090d7e6e93f5fbc14bffdfc470fad8c536775e

Request headers

:path: /wp-content/uploads/2016/10/gtag.png
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:05:36 GMT
server: nginx
etag: "58896780-106c"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 4204

GET
H2 200 config_fragment.png
blog.malwarebytes.com/wp-content/uploads/2016/10/ 13 KB
13 KB 201ms
192ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2016/10/config_fragment.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: dc568bb8616eed9a8c3c3c94834cfa2260743720fd2af3ffb6edf7fa1e32ebb5

Request headers

:path: /wp-content/uploads/2016/10/config_fragment.png
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:05:35 GMT
server: nginx
etag: "5889677f-34c9"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 13513

GET
H2 200 modules_folder.png
blog.malwarebytes.com/wp-content/uploads/2016/10/ 11 KB
11 KB 201ms
192ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2016/10/modules_folder.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 36f9c1e2ccdb008580e07af17424a8fe7a6fddeadcfdf9c0fa5ceba8d69f131b

Request headers

:path: /wp-content/uploads/2016/10/modules_folder.png
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:05:36 GMT
server: nginx
etag: "58896780-2c40"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 11328

GET
H2 200 modules_configs.png
blog.malwarebytes.com/wp-content/uploads/2016/10/ 9 KB
9 KB 201ms
192ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2016/10/modules_configs.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 05ee3e141d98baa40fc2ba5f9962baf10ed5bfa702281ea07e1a8b95a24ff7d0

Request headers

:path: /wp-content/uploads/2016/10/modules_configs.png
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:05:36 GMT
server: nginx
etag: "58896780-2360"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 9056

GET
H2 200 svchost_deployes.png
blog.malwarebytes.com/wp-content/uploads/2016/10/ 9 KB
9 KB 201ms
193ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2016/10/svchost_deployes.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: a50adbd525500a60b4ac0f23ab7a13471bfb3ef5739892e22c46301879115feb

Request headers

:path: /wp-content/uploads/2016/10/svchost_deployes.png
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:05:37 GMT
server: nginx
etag: "58896781-24fd"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 9469

GET
H2 200 bot_task-1.png
blog.malwarebytes.com/wp-content/uploads/2016/10/ 14 KB
14 KB 201ms
193ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2016/10/bot_task-1.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 95cb7d08e289a0501243c287e90223acfd72b6e4adb60a7d34a2c8fb6abc07ab

Request headers

:path: /wp-content/uploads/2016/10/bot_task-1.png
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:05:35 GMT
server: nginx
etag: "5889677f-381c"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 14364

GET
H2 200 restarted-1.png
blog.malwarebytes.com/wp-content/uploads/2016/10/ 15 KB
15 KB 201ms
193ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2016/10/restarted-1.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8640d0e61015cd2786a76e6317fad368852aa017a9333c187a5053b7a192f758

Request headers

:path: /wp-content/uploads/2016/10/restarted-1.png
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:05:37 GMT
server: nginx
etag: "58896781-3ce5"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 15589

GET
H2 200 traffic1.png
blog.malwarebytes.com/wp-content/uploads/2016/10/ 25 KB
25 KB 201ms
193ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2016/10/traffic1.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: c2a416d323532adec9aa1ad3a8b35a3bf2e01449fa2bba9a28a7547b8ef8d36e

Request headers

:path: /wp-content/uploads/2016/10/traffic1.png
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:05:37 GMT
server: nginx
etag: "58896781-643c"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 25660

GET
H2 200 net_cmd60.png
blog.malwarebytes.com/wp-content/uploads/2016/10/ 103 KB
103 KB 201ms
193ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2016/10/net_cmd60.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ece8b895d39bc9c6fbcb407610bfca4900ef6e99cee5bac71f2bb5512bd13603

Request headers

:path: /wp-content/uploads/2016/10/net_cmd60.png
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:05:37 GMT
server: nginx
etag: "58896781-19ac5"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 105157

GET
H2 200 download_exe.png
blog.malwarebytes.com/wp-content/uploads/2016/10/ 45 KB
45 KB 201ms
193ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2016/10/download_exe.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 3ded49ec357474ead2928b3fd9523df804b1fea51dd278f988a3ca74a8fc3c95

Request headers

:path: /wp-content/uploads/2016/10/download_exe.png
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:05:36 GMT
server: nginx
etag: "58896780-b492"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 46226

GET
H2 200 router1.png
blog.malwarebytes.com/wp-content/uploads/2016/10/ 41 KB
41 KB 200ms
192ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2016/10/router1.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 623f80af82697dd496db7e760a88ca69b855018b8e30182fe382334ad7614b99

Request headers

:path: /wp-content/uploads/2016/10/router1.png
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:05:37 GMT
server: nginx
etag: "58896781-a3f1"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 41969

GET
H2 200 cert_unk.png
blog.malwarebytes.com/wp-content/uploads/2016/10/ 66 KB
67 KB 200ms
192ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2016/10/cert_unk.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 77ba68609568d437390cbb65544587932427e90e34ca01b3b083147f4a5f66a3

Request headers

:path: /wp-content/uploads/2016/10/cert_unk.png
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:05:36 GMT
server: nginx
etag: "58896780-108e2"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 67810

GET
H2 200 schema-1.png
blog.malwarebytes.com/wp-content/uploads/2016/10/ 16 KB
16 KB 198ms
192ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2016/10/schema-1.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 08d8022edab174bafc3adecf2515c27de78e9894b30b8cd1f76748577a350cb4

Request headers

:path: /wp-content/uploads/2016/10/schema-1.png
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:05:37 GMT
server: nginx
etag: "58896781-3f5b"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 16219

GET
H2 200 res_names.png
blog.malwarebytes.com/wp-content/uploads/2016/10/ 4 KB
4 KB 198ms
193ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2016/10/res_names.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 32bead89f8c7b43b3b2c3208cc570192e99b1042a151cde913074a71ba44a557

Request headers

:path: /wp-content/uploads/2016/10/res_names.png
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:05:37 GMT
server: nginx
etag: "58896781-104d"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 4173

GET
H2 200 loader_path.png
blog.malwarebytes.com/wp-content/uploads/2016/10/ 21 KB
21 KB 197ms
193ms Image
image/png 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2016/10/loader_path.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: c21ce2ab751ba8a0d5c983b35899437f95e4a60833b6aa1d13bc15ff038e8764

Request headers

:path: /wp-content/uploads/2016/10/loader_path.png
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Thu, 26 Jan 2017 03:05:36 GMT
server: nginx
etag: "58896780-5398"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 21400

GET
H2 200 08d5edde926eb9c13cb36804ee5e5316
secure.gravatar.com/avatar/ 2 KB
3 KB 22ms
5ms Image
image/png 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/08d5edde926eb9c13cb36804ee5e5316?s=96&d=identicon&r=g
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 13253fa3b3061ad717460274d9aaa0d2bb6ce497349cf44cdc83199e12278a69

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sun, 13 Jun 2021 22:50:13 GMT
last-modified: Tue, 14 Jun 2016 22:00:20 GMT
server: nginx
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="08d5edde926eb9c13cb36804ee5e5316.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/08d5edde926eb9c13cb36804ee5e5316?s=96&d=identicon&r=g>; rel="canonical"
content-length: 2522
expires: Sun, 13 Jun 2021 22:55:13 GMT

GET
H2 200 instagram_icon.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/ 5 KB
2 KB 174ms
174ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/instagram_icon.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5b62da3ed3fe1c94582c2a75526716000f7361ff70c0cc41aae4ee8212735c3e

Request headers

:path: /wp-content/themes/mb-labs-theme/images/icons/instagram_icon.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-1225"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 ic-search.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 601 B
604 B 174ms
174ms Image
image/svg+xml 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ic-search.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: d6f36a088f7c6dc6459a02c048b23e2407bf38a5249ecbc9547be2fce143f63a

Request headers

:path: /wp-content/themes/mb-labs-theme/images/footer/ic-search.svg
pragma: no-cache
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?03-03-2021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 00:24:39 GMT
server: nginx
etag: W/"608b4e47-259"
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H/1.1 200
OK count.js Show response
malwarebytesunpacked.disqus.com/ 1 KB
1 KB 149ms
48ms Script
application/javascript 151.101.112.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://malwarebytesunpacked.disqus.com/count.js

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.21

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 97
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 11 Jun 2021 18:50:49 GMT
Server: nginx
ETag: "60c3b089-367"
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
X-Amz-Cf-Pop: DFW3-C1
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id: feQ8-77qklwtE_ReutDZ0xYem4NGVb3sKqtBDQM8I_fdZzOTWcJYGQ==

GET
H/1.1 200
OK embed.js Show response
malwarebytesunpacked.disqus.com/ 74 KB
25 KB 160ms
59ms Script
application/javascript 151.101.112.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://malwarebytesunpacked.disqus.com/embed.js

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.21

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

a8ac44503a10a2c584dc26276fcb139752bcc54ff3298e8cc80f44209b04ac9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:13 GMT
Content-Encoding: gzip
Server: openresty
Age: 3
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 24672

GET
H2 200 wai.gif Show response
genesis.malwarebytes.com/api/v1/ 343 B
565 B 287ms
95ms XHR
application/json 2600:1f18:21ae:6701:45f:aca9:9171:ed8
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://genesis.malwarebytes.com/api/v1/wai.gif
Requested by: Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:21ae:6701:45f:aca9:9171:ed8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 624de26e418e30e37a6022b5822a9d09e42807828e10742acab7377dab034cce

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 13 Jun 2021 22:50:13 GMT
access-control-allow-credentials: true
server: Apache-Coyote/1.1
access-control-allow-headers: origin, content-type, accept, authorization
access-control-allow-methods: GET, POST
content-type: application/json

GET
H2 200 pillarpages.json Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/ 100 B
412 B 323ms
322ms XHR
application/json 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/pillarpages.json

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

3.198.211.130.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

7e9bcd405af64ba784d4ead6dba8ed5c146a22c5bb6f264e756e3ded19a6fb6f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors none;
X-Frame-Options	DENY

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
:path: /wp-content/themes/mb-labs-theme/pillarpages.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/javascript, */*; q=0.01
cache-control: no-cache
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
vary: Accept-Encoding,Cookie
last-modified: Sun, 13 Jun 2021 22:40:21 GMT
server: nginx
x-cacheable: SHORT
x-powered-by: WP Engine
etag: "64-5c4ad6d0f7b42"
x-frame-options: DENY
x-cache: HIT: 200
content-type: application/json
cache-control: max-age=600, must-revalidate
content-security-policy: frame-ancestors none;
accept-ranges: bytes
content-length: 100
x-cache-group: normal

GET
H2 200 intl-sites.json Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/ 890 B
631 B 155ms
155ms XHR
application/json 130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/intl-sites.json

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

3.198.211.130.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

728054ccf1f41ec0afdb688b6db421601bb60d505d9e1e2c2de16d9e4a14b774

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors none;
X-Frame-Options	DENY

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
cookie: OptanonConsent=isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A13+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
:path: /wp-content/themes/mb-labs-theme/intl-sites.json
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/json, text/javascript, */*; q=0.01
cache-control: no-cache
:authority: blog.malwarebytes.com
referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: gzip
vary: Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
last-modified: Sun, 13 Jun 2021 22:40:21 GMT
server: nginx
x-cacheable: SHORT
x-powered-by: WP Engine
etag: W/"37a-5c4ad6d101786"
x-frame-options: DENY
x-cache: HIT: 200
content-type: application/json
cache-control: max-age=600, must-revalidate
content-security-policy: frame-ancestors none;
x-cache-group: normal

GET
H2 200 2764.svg
s.w.org/images/core/emoji/13.0.1/svg/ 368 B
567 B 85ms
28ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.1/svg/2764.svg

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

09a743ee0c32ca57c9be64b13b29c396310d1dd309cb4d7d3be722e47db95f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT arn 1
date: Sun, 13 Jun 2021 22:50:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 20 Oct 2020 16:13:32 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 368
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 20ms
6ms Script
application/x-javascript 2a02:26f0:6c00:296::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:296::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:13 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=9845
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 6696
date: Sun, 13 Jun 2021 20:58:37 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Sun, 13 Jun 2021 22:58:37 GMT

GET
H2 200 ytc.js Show response
s.yimg.com/wi/ 15 KB
6 KB 7ms
7ms Script
application/javascript 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/ytc.js

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

b9e6c38b3493790e6525ba6715ad839211cab5db3ddc80c7f70f20f92679fee6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Sun, 13 Jun 2021 22:47:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 183
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 5639
x-amz-id-2: 1RfzhlmeffGpocXwivEXyk9TU2DUQm3CeegU4vCAvDvCgLD4sOTtcuh3j58u55cw8aKdC40e15c=
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Sat, 02 Jul 2022 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Thu, 27 May 2021 13:00:20 GMT
server: ATS
etag: "6de43f1c725d89777edaa2bc5d679ecb-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: 93KJF0WSSQY4PG04
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
x-amz-version-id: Bv0RNzsjZsSn6kGrZjdvdggYqc20u__d
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 HWyTnY16.min.js Show response
scripts.demandbase.com/ 60 KB
16 KB 289ms
64ms Script
application/javascript 13.224.195.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.demandbase.com/HWyTnY16.min.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-89.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 16f961e4eedc84409f706d7043ec879d9a7783c6f317640b0d97a73e98e9e8ea

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: IE5IzYwU4gx7oNbzFWwbL4ZS6nSJjwBv
content-encoding: gzip
last-modified: Tue, 08 Dec 2020 23:24:47 GMT
server: AmazonS3
age: 3052
etag: W/"c890c8c9866d4d0ee9b287e7db203091"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 29051585a13addd312c8ac9d527433c6.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
date: Sun, 13 Jun 2021 21:59:25 GMT
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: fwvmQP6bqK_HZFNUfyG2k5omLWoWedaS9dy_ToU5_wS5o0SCH_8Vkw==

GET
H2 200 web-vitals.umd.js Show response
unpkg.com/web-vitals@1.1.0/dist/ 4 KB
2 KB 31ms
14ms Script
application/javascript 2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/web-vitals@1.1.0/dist/web-vitals.umd.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22f39a41a30342a5c51d150be48c4726245655a560d154af893337d1ae953f62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7177479
vary: Accept-Encoding
cf-request-id: 0aa92a985000004ee5fd944000000001
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"1060-9qPq4bqeRCeFWudNuS98Bp0PQDY"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: e9412a941d9e2178046a5378c46b42d2
cache-control: public, max-age=31536000
cf-ray: 65eee06d4efd4ee5-FRA

GET
H3-29

200

activityi;dc_pre=COCp-YLZlfECFXDIuwgdZxQMnQ;src=9812475;type=conve0;cat=forms000;ord=1;num=6202236689437;gtm=2wg690;auiddc=1447878614.1623624614;~oref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-a... Show response
9812475.fls.doubleclick.net/ Frame C64D
Redirect Chain

https://9812475.fls.doubleclick.net/activityi;src=9812475;type=conve0;cat=forms000;ord=1;num=6202236689437;gtm=2wg690;auiddc=1447878614.1623624614;~oref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat...
https://9812475.fls.doubleclick.net/activityi;dc_pre=COCp-YLZlfECFXDIuwgdZxQMnQ;src=9812475;type=conve0;cat=forms000;ord=1;num=6202236689437;gtm=2wg690;auiddc=1447878614.1623624614;~oref=https%3A%2...

554 B
458 B

69ms
69ms

Document
text/html

142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9812475.fls.doubleclick.net/activityi;dc_pre=COCp-YLZlfECFXDIuwgdZxQMnQ;src=9812475;type=conve0;cat=forms000;ord=1;num=6202236689437;gtm=2wg690;auiddc=1447878614.1623624614;~oref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

11409f27f3ecd45de6f6a64711fb5705d9b754c53bea7fa51b9e3e1682d4eea4

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 9812475.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=COCp-YLZlfECFXDIuwgdZxQMnQ;src=9812475;type=conve0;cat=forms000;ord=1;num=6202236689437;gtm=2wg690;auiddc=1447878614.1623624614;~oref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.malwarebytes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 13 Jun 2021 22:50:14 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 433
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 13-Jun-2021 23:05:14 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 13 Jun 2021 22:50:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://9812475.fls.doubleclick.net/activityi;dc_pre=COCp-YLZlfECFXDIuwgdZxQMnQ;src=9812475;type=conve0;cat=forms000;ord=1;num=6202236689437;gtm=2wg690;auiddc=1447878614.1623624614;~oref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 1 KB
831 B 114ms
100ms Script
application/javascript 2a02:26f0:6c00:281::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:281::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 503f17f1ead39e733bbf304e686d367d5c7051a5df079f15b7e251b479959b13

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-encoding: gzip
x-cdn: akamai
etag: "57947439b864e017feed0d94316d5a8c"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=7200
x-fallback: 55ca3526-2.16.186.206
accept-ranges: bytes
content-length: 583
access-control-expose-headers: X-CDN

GET
H2 200 bat.js Show response
bat.bing.com/ 30 KB
9 KB 30ms
29ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 73e2e5173ed0d5a77b02914fa0ef1f67bb53143da75f0348f558f95565220ca1

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:13 GMT
content-encoding: gzip
last-modified: Fri, 28 May 2021 20:25:24 GMT
x-msedge-ref: Ref A: 52201DA373AB4E36BB67AD9D4D8746E4 Ref B: FRAEDGE1212 Ref C: 2021-06-13T22:50:14Z
etag: "0d2a696ff53d71:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 9008

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 176ms
57ms Script
application/x-javascript 13.32.13.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.13.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-13-117.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 17:24:14 GMT
Content-Encoding: gzip
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Age: 19561
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 61bfa9dc3dc260c1f6ca617cfc7e065a.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: VIE50-C2
X-Amz-Cf-Id: iwdstpHKZ3hSME04DoavHmIMtUVJQW5JerlkMe3tD4hhhLfERKkJsg==

GET
H2 200 demandbase-forms.js Show response
www.malwarebytes.com/js/ 3 KB
1 KB 35ms
35ms Script
application/javascript 2600:9000:206e:c600:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwarebytes.com/js/demandbase-forms.js?d=2020-02-04-15-03-08--0800
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:c600:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 5576e25dd8a4d45e90da43e0f127c4efb4d16eebcb7a1bc55fbb66e7cf504f9d

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:36:28 GMT
content-encoding: gzip
last-modified: Wed, 21 Apr 2021 00:17:50 GMT
server: Microsoft-IIS/10.0
age: 826
x-powered-by: ASP.NET
etag: W/"845686c34336d71:0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 8041ecf6e768a41bc9c64e0c75dc923d.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: I-gqNRgUJGARAoCOX04pWiDHz34kd2Ep-tYfllE72sy6i5WTPQrCeQ==

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 86 KB
34 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-930356311

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c4f41d4f14eae84b5de2a487c846b53ba6d337e90b3d5da7d5da05de05ebc04e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:14 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34863
x-xss-protection: 0
last-modified: Sun, 13 Jun 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 13 Jun 2021 22:50:14 GMT

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/64fab857ca52427587d3bd14a8d437b7/ 43 B
419 B 503ms
126ms Image
image/gif 18.205.51.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/64fab857ca52427587d3bd14a8d437b7/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.205.51.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-205-51-212.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:14 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Q-Stat: ,764a5e99636c246f22734b3aaf85f909,10.0.0.198,57236,185.76.9.97,,93909790945,1,1623624614.453,0.001,,.,0,0,0.000,0.000,-,0,0,197,165,82,10,26847,,,,,,-,
Content-Type: image/gif

GET
H/1.1 200
OK count-data.js Show response
malwarebytesunpacked.disqus.com/ 560 B
1 KB 49ms
49ms Script
application/javascript 151.101.112.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://malwarebytesunpacked.disqus.com/count-data.js?1=11354%20https%3A%2F%2Fblog.malwarebytes.org%2F%3Fp%3D11354&1=15831%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D15831&1=19164%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D19164&1=20605%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D20605&1=45581%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D45581

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/count.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

282837aec335cd6c5175eef85b0bfad6911bf994a19bfba92fe49e7eac205dd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:14 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 2982
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Connection: keep-alive
Content-Type: application/javascript; charset=UTF-8
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 560
X-XSS-Protection: 1; mode=block

GET
H2 200 lounge.567531e1abfac5c88f2ef94b952d12ba.css
c.disquscdn.com/next/embed/styles/ 0
26 KB 67ms
23ms Other
text/css 2600:9000:211a:9600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:30:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 533998
x-cache: Hit from cloudfront
content-length: 25570
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 07 Jun 2021 17:13:02 GMT
server: nginx
etag: "60be539e-63e2"
content-type: text/css; charset=utf-8
via: 1.1 a4035907ac3c3ba8d1fd116b6b6b9a4d.cloudfront.net (CloudFront)
expires: Tue, 07 Jun 2022 18:30:16 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: VIE50-C2
timing-allow-origin: *
x-amz-cf-id: jtsNCK1_pKk3NUd30LCCcLd7Gb3AajQ0q0snCzNSEo9E0EGzCCM4PA==
x-cache-hits: 0

GET
H2 200 common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js
c.disquscdn.com/next/embed/ 0
93 KB 67ms
24ms Other
application/javascript 2600:9000:211a:9600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:30:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 533998
x-cache: Hit from cloudfront
content-length: 94800
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 07 Jun 2021 17:13:02 GMT
server: nginx
etag: "60be539e-17250"
content-type: application/javascript; charset=utf-8
via: 1.1 a4035907ac3c3ba8d1fd116b6b6b9a4d.cloudfront.net (CloudFront)
expires: Tue, 07 Jun 2022 18:30:16 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: VIE50-C2
timing-allow-origin: *
x-amz-cf-id: iq9ig3xutgO7M5NEVJwTK32eseLJ-r0BgghA2UOSRuAXrg_tnehzCg==
x-cache-hits: 0

GET
H2 200 lounge.bundle.ac702132ea5e06471da27768120c5978.js
c.disquscdn.com/next/embed/ 0
118 KB 108ms
64ms Other
application/javascript 2600:9000:211a:9600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.ac702132ea5e06471da27768120c5978.js

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:30:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 533998
x-cache: Hit from cloudfront
content-length: 120382
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 07 Jun 2021 17:13:02 GMT
server: nginx
etag: "60be539e-1d63e"
content-type: application/javascript; charset=utf-8
via: 1.1 a4035907ac3c3ba8d1fd116b6b6b9a4d.cloudfront.net (CloudFront)
expires: Tue, 07 Jun 2022 18:30:16 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: VIE50-C2
timing-allow-origin: *
x-amz-cf-id: YTbK0_4EL5TWC_JiAE-x6spN_BMBzqyjQyOLNH7Ja_TvEAOqDoqRTw==
x-cache-hits: 0

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
12 KB 89ms
28ms Other
application/javascript 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:14 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 7
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 11965
X-XSS-Protection: 1; mode=block

GET
H3-29 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
882 B 6ms
6ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:17:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 1954
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Sun, 13 Jun 2021 23:17:40 GMT

GET
H2 200 10110317.json Show response
s.yimg.com/wi/config/ 46 B
337 B 107ms
107ms XHR
application/octet-stream 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/config/10110317.json

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

51f4cf88527819ae3950b1820aa534ebf6c2fcbc0894db427ba5ab59d9efd659

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:15 GMT
x-content-type-options: nosniff
age: 0
x-amz-server-side-encryption: AES256
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: Y0DC08HCSAZN0Q88
x-amz-id-2: 2YdpBbNnnKFRxVynG1dxyayzN+l7UCPwQySrLWb/EekvHOFGhOZR223EaPHxgZZGoYMReaMuygk=
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Thu, 29 Jul 2021 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Tue, 23 Jun 2020 16:15:29 GMT
server: ATS
etag: "cc3d0e0815ad7ef45a521c2a63b65393"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
access-control-allow-methods: GET
x-amz-version-id: wXZ_nu_nu9aA6v9PTivxO9CdOpSassoA
access-control-allow-origin: *
x-xss-protection: 1; mode=block
content-length: 46
content-type: application/octet-stream

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1623624614077&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2567940%26time%3D1623624614077%26url%3Dhttps%253A%252F%252Fblog.malwarebytes.com%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1623624614077&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1623624614077&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&liSync=true&e_i...

0
156 B

410ms
166ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1623624614077&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&liSync=true&e_ipv6=AQIc6M-483fl8gAAAXoHkYMW8v3wHbjpZHCxiANV7-6j19bD6jG-KMyis9a7EaDpX-5zORzs
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:15 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-proto: http/2
x-li-pop: prod-edc2
content-type: application/javascript
content-length: 0
x-li-uuid: qIEDLvxFiBag+NO7disAAA==

Redirect headers

date: Sun, 13 Jun 2021 22:50:14 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567940&time=1623624614077&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&liSync=true&e_ipv6=AQIc6M-483fl8gAAAXoHkYMW8v3wHbjpZHCxiANV7-6j19bD6jG-KMyis9a7EaDpX-5zORzs
x-li-proto: http/2
x-li-pop: prod-edc2
content-length: 0
x-li-uuid: WmrlFPxFiBYA4gvdCCsAAA==

GET
H2 204 4072696.js Show response
bat.bing.com/p/action/ 0
150 B 111ms
111ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/4072696.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ARR/3.0
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 13 Jun 2021 22:50:14 GMT
cache-control: private,max-age=86400
x-msedge-ref: Ref A: 3A6DBBD87AD2482FA841A3B453DB7951 Ref B: FRAEDGE1212 Ref C: 2021-06-13T22:50:14Z
x-powered-by: ARR/3.0
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
149 B 29ms
29ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=4072696&tm=gtm001&Ver=2&mid=41c57bb8-a7cc-4116-b2d0-d234da4bb002&sid=b736f040cc9911eb89fe255c2d132e6f&vid=b7371340cc9911ebb657dff27da7c0d0&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Introducing%20TrickBot,%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&p=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&r=&lt=1652&evt=pageLoad&msclkid=N&sv=1&rn=897596
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Sun, 13 Jun 2021 22:50:13 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: DF84AF52576E41E4A94CB096986DC00D Ref B: FRAEDGE1212 Ref C: 2021-06-13T22:50:14Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
92 B 16ms
15ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-3347303-10&cid=733958478.1623624614&jid=1112041321&uid=ABC602FB-6D2B-4937-9AC2-7A7B556B07E1&gjid=463669442&_gid=1191171403.1623624614&_u=aGBAgEAjAAAAAE~&z=224940201

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sun, 13 Jun 2021 22:50:14 GMT
content-type: text/plain
access-control-allow-origin: https://blog.malwarebytes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j90&a=1622901531&t=pageview&_s=1&dl=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&ul=en-us&de=UTF-8&dt=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAgEAj~&jid=1112041321&gjid=463669442&cid=733958478.1623624614&uid=ABC602FB-6D2B-4937-9AC2-7A7B556B07E1&tid=UA-3347303-10&_gid=1191171403.1623624614&gtm=2wg690MKSKW3&z=37774449

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Jun 2021 14:59:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 28265
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 18ms
18ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-3347303-10&cid=733958478.1623624614&jid=1112041321&_u=aGBAgEAjAAAAAE~&z=1788930040

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Jun 2021 22:50:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 17ms
16ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-3347303-10&cid=733958478.1623624614&jid=1112041321&_u=aGBAgEAjAAAAAE~&z=1788930040

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Jun 2021 22:50:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.c6ca189a.js Show response
s.pinimg.com/ct/lib/ 50 KB
17 KB 99ms
99ms Script
application/javascript 2a02:26f0:6c00:281::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.c6ca189a.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:281::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 6e68c7f596671913cde21ea0a5c4367b743a79422d87b0659e22f00673c5aeb8

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-encoding: gzip
x-cdn: akamai
etag: "6ed3b8d9c0f104e8bf55431013d34078"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=1209600
x-fallback: 55ca354e-2.16.186.206
accept-ranges: bytes
content-length: 17534
access-control-expose-headers: X-CDN

GET
H2 200 dc_pre=COCp-YLZlfECFXDIuwgdZxQMnQ;src=9812475;type=conve0;cat=forms000;ord=1;num=6202236689437;gtm=2wg690;auiddc=1447878614.1623624614;~oref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F... Show response
adservice.google.com/ddm/fls/i/ Frame AED0 553 B
503 B 45ms
45ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=COCp-YLZlfECFXDIuwgdZxQMnQ;src=9812475;type=conve0;cat=forms000;ord=1;num=6202236689437;gtm=2wg690;auiddc=1447878614.1623624614;~oref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F

Requested by

Host: 9812475.fls.doubleclick.net
URL: https://9812475.fls.doubleclick.net/activityi;dc_pre=COCp-YLZlfECFXDIuwgdZxQMnQ;src=9812475;type=conve0;cat=forms000;ord=1;num=6202236689437;gtm=2wg690;auiddc=1447878614.1623624614;~oref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4862fb8ba0f98335ccadec5e5ede4de6c0ec5087197cd984c1b4ebcaad5fef22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.com
:scheme: https
:path: /ddm/fls/i/dc_pre=COCp-YLZlfECFXDIuwgdZxQMnQ;src=9812475;type=conve0;cat=forms000;ord=1;num=6202236689437;gtm=2wg690;auiddc=1447878614.1623624614;~oref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://9812475.fls.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9812475.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 13 Jun 2021 22:50:14 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 433
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame 8052 10 KB
5 KB 190ms
189ms Document
text/html 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a466979e9750b813a29e702cac134072f5e7e0a0434f3f64c454e37fd7a7ea73

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: disqus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://blog.malwarebytes.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blog.malwarebytes.com/

Response headers

Connection: keep-alive
Content-Length: 3660
Server: nginx
Content-Type: text/html; charset=utf-8
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Last-Modified: Fri, 04 Dec 2020 03:04:34 GMT
ETag: W/"lounge:view:5248669117.8262d56f9b4092d30dbee7c65417762d.2"
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Referrer-Policy: no-referrer-when-downgrade
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Date: Sun, 13 Jun 2021 22:50:14 GMT
Age: 0
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 72ms
71ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-930356311

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

7ed6ea6b994f975e4ede747d96d2eb3f63ad55b3d5803615fdb115b487b461d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13984
x-xss-protection: 0
server: cafe
etag: 12421713846596914618
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 13 Jun 2021 22:50:14 GMT

GET
H2 200 dc_pre=COCp-YLZlfECFXDIuwgdZxQMnQ;src=9812475;type=conve0;cat=forms000;ord=1;num=6202236689437;gtm=2wg690;auiddc=1447878614.1623624614;~oref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F... Show response
adservice.google.de/ddm/fls/i/ Frame B75D 194 B
265 B 43ms
42ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=COCp-YLZlfECFXDIuwgdZxQMnQ;src=9812475;type=conve0;cat=forms000;ord=1;num=6202236689437;gtm=2wg690;auiddc=1447878614.1623624614;~oref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=COCp-YLZlfECFXDIuwgdZxQMnQ;src=9812475;type=conve0;cat=forms000;ord=1;num=6202236689437;gtm=2wg690;auiddc=1447878614.1623624614;~oref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.de
:scheme: https
:path: /ddm/fls/i/dc_pre=COCp-YLZlfECFXDIuwgdZxQMnQ;src=9812475;type=conve0;cat=forms000;ord=1;num=6202236689437;gtm=2wg690;auiddc=1447878614.1623624614;~oref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://adservice.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 13 Jun 2021 22:50:14 GMT
expires: Sun, 13 Jun 2021 22:50:14 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 / Show response
ct.pinterest.com/user/ 337 B
752 B 175ms
75ms XHR
application/json 104.75.88.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.pinterest.com/user/?tid=2614167509439&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1623624614225

Requested by

Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.c6ca189a.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-209.deploy.static.akamaitechnologies.com

Software

Resource Hash

4186cb82046abff174718350bb4493c13e32ee4e53f5b0783a2142599feb1a69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:14 GMT
content-encoding: gzip
vary: Accept-Encoding
x-cdn: akamai
access-control-allow-origin: https://blog.malwarebytes.com
x-envoy-upstream-service-time: 1
x-pinterest-rid: 1107228218142207
pin-unauth: dWlkPU5tUTVORFJrTWprdE16TXhOaTAwTmpCakxXRmhPR0V0TURCaE5qaGlZbVU0T0RZMQ
referrer-policy: origin
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
content-type: application/json; charset=utf-8
pragma: no-cache
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
content-length: 300
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
301 B 174ms
74ms Image
image/gif 104.75.88.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ct.pinterest.com/v3/?tid=2614167509439&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%22c6ca189a%22%2C%22floc_enabled%22%3Afalse%2C%22ecm_enabled%22%3Afalse%7D&cb=1623624614227

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-209.deploy.static.akamaitechnologies.com

Software

Resource Hash

37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Jun 2021 22:50:14 GMT
referrer-policy: origin
x-cdn: akamai
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 2
content-length: 35
x-pinterest-rid: 3122922578384820
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 1 KB
1 KB 257ms
138ms XHR
application/json 99.86.241.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&page_title=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&src=tag&key=5527c2aa519592df7d44a24d0105731b
Requested by: Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/HWyTnY16.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.241.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-241-41.vie50.r.cloudfront.net
Software: nginx /
Resource Hash: f0556e25a2d53c9a5546db60fba4959019132b8fd3ec44a11af8642d5e6d8bfa

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:14 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: VIE50-C1
x-cache: Miss from cloudfront
request-id: f3f9461e-280b-4ac6-ac02-eabb42f953a7
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://blog.malwarebytes.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 f1944380c787841c28b16df91c1ec34e.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: rEOOn-n7banSSNZMCiqfKdAJi3oyXazPdNd6dcgWqhJZaXY_w0Bjow==
expires: Sat, 12 Jun 2021 22:50:14 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AACyF07BjRcAADJsuzkOtA
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AACyF07BjRcAADJsuzkOtA&verifyHash=3540c023d2d60d221e14f2e7af297ac1e6034e5d

26 B
409 B

261ms
261ms

Image
image/gif

13.32.2.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AACyF07BjRcAADJsuzkOtA&verifyHash=3540c023d2d60d221e14f2e7af297ac1e6034e5d
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.2.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-2-126.vie50.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:15 GMT
Via: 1.1 444dde5644fa29b8d8dfac109693e2a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: VIE50-C2
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: ee48f35e01784405
X-Amz-Cf-Id: IWj2SZUv1szQAUMJAdVW_30zUz3GDdyRWkx9nO3kPeLPXAPk9wz5Zw==

Redirect headers

Date: Sun, 13 Jun 2021 22:50:15 GMT
Via: 1.1 444dde5644fa29b8d8dfac109693e2a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: VIE50-C2
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AACyF07BjRcAADJsuzkOtA&verifyHash=3540c023d2d60d221e14f2e7af297ac1e6034e5d
Connection: keep-alive
trace-id: c7aeabf1e91754bc
Content-Length: 0
X-Amz-Cf-Id: UotQLbuwHxzbLCaPFuw7WRw0_YP9E-7aeabXbZCy2LqCIzo3qQZe-A==

GET
H2 451 464526.gif
id.rlcdn.com/ 0
66 B 178ms
63ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:14 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/930356311/ 2 KB
1 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/930356311/?random=1623624614274&cv=9&fst=1623624614274&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa690&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&tiba=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b845bc28dbf3a30d8af7000b5554dbc51cff1b2edb951e29f4449bc371b459e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Jun 2021 22:50:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1103
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/930356311/ 42 B
64 B 21ms
21ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/930356311/?random=1623624614274&cv=9&fst=1623621600000&num=1&bg=ffffff&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa690&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&tiba=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&async=1&fmt=3&is_vtc=1&random=3601033031&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Jun 2021 22:50:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/930356311/ 42 B
64 B 26ms
25ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/930356311/?random=1623624614274&cv=9&fst=1623621600000&num=1&bg=ffffff&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa690&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&tiba=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&async=1&fmt=3&is_vtc=1&random=3601033031&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Jun 2021 22:50:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 lounge.load.a5921af07b365f6dfd62075d2dee3735.js Show response
c.disquscdn.com/next/embed/ Frame 8052 1 KB
1 KB 61ms
20ms Script
application/javascript 2600:9000:211a:9600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.a5921af07b365f6dfd62075d2dee3735.js

Requested by

Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

0a0c09e1e97f172c235c9dcb12dbcd2c20b6bd1bce3a0fe453b245139ededbac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Origin: https://disqus.com
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:30:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 533998
x-cache: Hit from cloudfront
content-length: 532
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 07 Jun 2021 17:13:02 GMT
server: nginx
etag: "60be539e-214"
content-type: application/javascript; charset=utf-8
via: 1.1 b0311c7e530c126dd286898583b59e4c.cloudfront.net (CloudFront)
expires: Tue, 07 Jun 2022 18:30:16 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: VIE50-C2
timing-allow-origin: *
x-amz-cf-id: 91UhKRl0uRgVnUGoFpelpFQTR1EY-LXqVXnkeSb91pePsUBCekjA2Q==
x-cache-hits: 0

POST
H2 204 / Show response
ct.pinterest.com/md/ 0
242 B 175ms
75ms XHR
text/plain 104.75.88.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.pinterest.com/md/

Requested by

Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.c6ca189a.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-209.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 13 Jun 2021 22:50:14 GMT
referrer-policy: origin
x-cdn: akamai
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 2
x-pinterest-rid: 2368369664650336
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js Show response
c.disquscdn.com/next/embed/ Frame 8052 282 KB
93 KB 20ms
20ms Script
application/javascript 2600:9000:211a:9600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.a5921af07b365f6dfd62075d2dee3735.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2025b295509745f39f42f941f1f806395a81e23e146febbff2e85e00df651b93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:30:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 533998
x-cache: Hit from cloudfront
content-length: 94800
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 07 Jun 2021 17:13:02 GMT
server: nginx
etag: "60be539e-17250"
content-type: application/javascript; charset=utf-8
via: 1.1 a4035907ac3c3ba8d1fd116b6b6b9a4d.cloudfront.net (CloudFront)
expires: Tue, 07 Jun 2022 18:30:16 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: VIE50-C2
timing-allow-origin: *
x-amz-cf-id: mc5knmcKWbeLT7PPvOnYfdToymN5g5ftj7yQ64cx0oMx87IjFA7iRA==
x-cache-hits: 0

GET
H2 200 lounge.567531e1abfac5c88f2ef94b952d12ba.css
c.disquscdn.com/next/embed/styles/ Frame 8052 158 KB
26 KB 20ms
20ms Stylesheet
text/css 2600:9000:211a:9600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

58e8635e959ce8b5383dcbf9dd50fda2f6a0aeef426760854dfdb2548a3b77fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:30:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 533998
x-cache: Hit from cloudfront
content-length: 25570
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 07 Jun 2021 17:13:02 GMT
server: nginx
etag: "60be539e-63e2"
content-type: text/css; charset=utf-8
via: 1.1 a4035907ac3c3ba8d1fd116b6b6b9a4d.cloudfront.net (CloudFront)
expires: Tue, 07 Jun 2022 18:30:16 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: VIE50-C2
timing-allow-origin: *
x-amz-cf-id: uRKXZ_DddhV8aJREOBaU8MN3dz-qjBZm5S3ff1n-NfbYn1iF6QBs2w==
x-cache-hits: 0

GET
H2 200 lounge.bundle.ac702132ea5e06471da27768120c5978.js Show response
c.disquscdn.com/next/embed/ Frame 8052 467 KB
118 KB 20ms
20ms Script
application/javascript 2600:9000:211a:9600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.ac702132ea5e06471da27768120c5978.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d42a5154973ce1847b0f60cd27dbde653347daf6169ed714e2f4a71a87f33a0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:30:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 533998
x-cache: Hit from cloudfront
content-length: 120382
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 07 Jun 2021 17:13:02 GMT
server: nginx
etag: "60be539e-1d63e"
content-type: application/javascript; charset=utf-8
via: 1.1 a4035907ac3c3ba8d1fd116b6b6b9a4d.cloudfront.net (CloudFront)
expires: Tue, 07 Jun 2022 18:30:16 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: VIE50-C2
timing-allow-origin: *
x-amz-cf-id: RQR8LmM6KWrcmfmGqxsiWr3aXWT_skycYvEDa1KV9JSGATf97NPXdw==
x-cache-hits: 0

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame 8052 12 KB
12 KB 29ms
29ms Script
application/javascript 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

481e97c1373314243ac83c1b1c9f466b9ce65b95f5fd4b82538f032d976820a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:14 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 7
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 11965
X-XSS-Protection: 1; mode=block

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j90&a=1622901531&t=event&ni=1&_s=2&dl=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&ul=en-us&de=UTF-8&dt=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHBAgEAjAAAAAE~&jid=&gjid=&cid=733958478.1623624614&uid=ABC602FB-6D2B-4937-9AC2-7A7B556B07E1&tid=UA-3347303-10&_gid=1191171403.1623624614&gtm=2wg690MKSKW3&cd2=7935&cd3=Enterprise%20Business&cd4=Financial%20Services&cd5=The%20Guardian%20Life%20Insurance%20Company%20of%20America&cd6=Guardian%20Life&cd7=Financial%20Services&cd8=Insurance&cd9=Over%20%245B&cd10=3%2C000%2B&cd11=New%20York&cd12=NY&cd13=(Non-AccountWatch%20Visitor)&cd14=(Non-AccountWatch%20Visitor)&cd15=(Non-AccountWatch%20Visitor)&cd16=(Non-AccountWatch%20Visitor)&cd17=US&cd18=glic.com&z=871314180

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Jun 2021 14:59:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 28265
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame 8052 3 KB
4 KB 135ms
135ms XHR
application/json 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=malwarebytesunpacked&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cbcc4ee0dfa02f413889645109c3bbce4802a5970dc38f8b2d65e587a0ba73da

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:14 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 3266
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK loadReactions Show response
disqus.com/api/3.0/threadReactions/ Frame 8052 85 B
530 B 190ms
131ms XHR
application/json 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/threadReactions/loadReactions?thread=5248669117&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

867bde5f1930963a16e7dac4c891142edaa529a4428bb3486165757b7c8ead08

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:14 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cache-Control: stale-while-revalidate=30, max-age=60
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 85
X-XSS-Protection: 1; mode=block

GET
H2 200 loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame 8052 3 KB
3 KB 20ms
20ms Image
image/gif 2600:9000:211a:9600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 03 Feb 2021 04:58:07 GMT
via: 1.1 a4035907ac3c3ba8d1fd116b6b6b9a4d.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 11296327
x-cache: Hit from cloudfront
content-length: 2971
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 27 Jan 2021 17:23:07 GMT
server: nginx
etag: "6011a17b-b9b"
content-type: image/gif
access-control-allow-origin: *
expires: Thu, 03 Feb 2022 04:58:07 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: VIE50-C2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 01P-1MMI4PWCRCZMgP_yZYJHblwYfWv0mFNqykUtPWvK2VgNqzp0gg==
x-cache-hits: 0

GET
H2 200 sprite.654110a9206fd22f08cca0798e34a65e.png
c.disquscdn.com/next/embed/assets/img/ Frame 8052 2 KB
2 KB 20ms
20ms Image
image/png 2600:9000:211a:9600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/sprite.654110a9206fd22f08cca0798e34a65e.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

cdba739c28b41f39ce438f2bf204fe739dc81a26cf559a9394ceed56a0666bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Apr 2021 06:58:50 GMT
via: 1.1 a4035907ac3c3ba8d1fd116b6b6b9a4d.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 4204284
x-cache: Hit from cloudfront
content-length: 1862
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Thu, 22 Apr 2021 19:20:03 GMT
server: nginx
etag: "6081cc63-746"
content-type: image/png
access-control-allow-origin: *
expires: Tue, 26 Apr 2022 06:58:50 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: VIE50-C2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: kDhhPV1petu3lEo-BkTyqZaaw-5hAsYJWqc1wvJ6SS7bb3ImB8ZjNw==
x-cache-hits: 0

GET
H2 200 icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame 8052 8 KB
8 KB 21ms
21ms Font
application/octet-stream 2600:9000:211a:9600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Origin: https://disqus.com
Referer: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 09:01:33 GMT
via: 1.1 b0311c7e530c126dd286898583b59e4c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 3505720
x-cache: Hit from cloudfront
content-length: 7900
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 28 Apr 2021 21:48:08 GMT
server: nginx
etag: "6089d818-1edc"
content-type: application/octet-stream
access-control-allow-origin: *
expires: Wed, 04 May 2022 09:01:33 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: VIE50-C2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: IhSRaZ857MfVQwC0iVK5Zlgg15V7J0e5IFtwdlhgGARaq5ido4xiyQ==
x-cache-hits: 0

GET
H2 200 noavatar92.png
a.disquscdn.com/1623278138/images/ Frame 8052 2 KB
2 KB 163ms
48ms Image
image/png 151.101.114.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1623278138/images/noavatar92.png

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:14 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 263952
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA2-C2
content-type: image/png
content-length: 1644
x-amz-cf-id: gwmSf1x2XUK5RFUWYP4jpFLceRy4By5JB4czoOElTiAUynV9vSJviw==
expires: Sat, 10 Jul 2021 21:31:02 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ Frame 8052 3 KB
2 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d334a4fb8b7550b0c44be95ef86e34ffcea28f9049aeb97cdf400cda8dfeee8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: IAT2iYwNdpMhlC72gmOHeA==
content-security-policy-report-only: default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/;
cross-origin-resource-policy: cross-origin
expires: Sun, 13 Jun 2021 22:56:31 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1780
x-fb-rlafr: 0
x-fb-debug: UtKPoTmfwV3O9THfMt6rTIcKS8JoWxfBstIWmygyc2yW0Vu7nBZ4G/VqBS36niw33eLI4FKA6dr9eVg0bUJ5WA==
x-fb-trip-id: 686109401
x-fb-content-md5: eb2ace72d4e5fe7eb29c8b1dcee3e343
date: Sun, 13 Jun 2021 22:50:14 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "c3767569414831671065ff09362c2704"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 api.js Show response
apis.google.com/js/ Frame 8052 12 KB
5 KB 27ms
27ms Script
application/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/api.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b264ca556a09a341d7d8c2ee64e63e0003b32c24ff4ce2b64c202e5b6ab140f7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-n8fJj0EL/td6cg/Huhl7bQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "79224003c2b5597899d15c3a85e46734"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-n8fJj0EL/td6cg/Huhl7bQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Sun, 13 Jun 2021 22:50:14 GMT

GET
H3-29 200 sdk.js Show response
connect.facebook.net/en_US/ Frame 8052 223 KB
65 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=b4756f866ab9edad1e7b287403ec3242&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c4b97492cf7599236ca6ce01823766e0f05ecfcfa5baeef5ea7c9782da1283d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://disqus.com
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: ljoGq3GgGzlPKrcw5wg0Ew==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 66887
x-fb-rlafr: 0
x-fb-debug: sWGA20RShKvD7g34z6TpWGcnUffXmrFV4PE4exmZ62TPHKm5GRSPWoyeBanoUqdmCoFk+GQ+B/3hJIJEWgP8+g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 4e9b7bcc8519e54331ef90aebc26bd02
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sun, 13 Jun 2021 22:50:14 GMT
vary: Accept-Encoding
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "44f0fbdc3a3cdcac85266a56ef299abd"
timing-allow-origin: *
priority: u=3,i
expires: Mon, 13 Jun 2022 21:52:00 GMT

GET
H2 200 status
www.facebook.com/x/oauth/ Frame 8052 0
0 40ms
40ms Fetch
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?ancestor_origins=https%3A%2F%2Fblog.malwarebytes.com&client_id=52254943976&input_token&origin=1&redirect_uri=https%3A%2F%2Fdisqus.com%2Fembed%2Fcomments%2F%3Fbase%3Ddefault%26f%3Dmalwarebytesunpacked%26t_i%3D14942%2520https%253A%252F%252Fblog.malwarebytes.com%252F%253Fp%253D14942%26t_u%3Dhttps%253A%252F%252Fblog.malwarebytes.com%252Fthreat-analysis%252F2016%252F10%252Ftrick-bot-dyrezas-successor%252F%26t_e%3DIntroducing%2520TrickBot%252C%2520Dyreza%25E2%2580%2599s%2520successor%26t_d%3DIntroducing%2520TrickBot%252C%2520Dyreza%2527s%2520successor%2520-%2520Malwarebytes%2520Labs%2520%257C%2520Malwarebytes%2520Labs%26t_t%3DIntroducing%2520TrickBot%252C%2520Dyreza%25E2%2580%2599s%2520successor%26s_o%3Ddefault%23version%3Da5921af07b365f6dfd62075d2dee3735&sdk=joey&wants_cookie_data=false

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: 9aAB8W1SXLzNw8KKZkwtrYN3tjT3qZngZ77/6EBDMCdCBLt9mJh+q50nJbB2Kc9g1GyTVxVo3glvR60LUhXPjg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
fb-s: unknown
cross-origin-opener-policy: same-origin-allow-popups
date: Sun, 13 Jun 2021 22:50:14 GMT
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://disqus.com
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/ Frame 8052 103 KB
34 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/api.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3fa4708138b3bf07311428cc3e0fd918d3db13e4e1c923927f25f1260b98024c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 09:46:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 133437
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35022
x-xss-protection: 0
last-modified: Wed, 19 May 2021 15:07:34 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 Jun 2022 09:46:17 GMT

GET
H2 200 iframe Show response
accounts.google.com/o/oauth2/ Frame 7F7F 513 B
613 B 15ms
15ms Document
text/html 2a00:1450:4001:811::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframe

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/cb=gapi.loaded_0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

92e74d313cb49d9f8842e0e9b99f9de16c1867b030972e30253dad31e37bcb07

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-D0EVO3UYxdFJzCA9hRaS8w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/iframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=216=DBSWQDhEJ4SQv0NLJ2s67wv0fH8Z8P0f6JUqifbbZSa2mDCTFRBE9cDdb-cSlKXdRPiRExDnaF1WK_QLwOEM80PtGau70gtjZ8ROA-5YGbJwK_-M3-lrTPK4-sotRoFVRO_HxL8SznAMauH71henCltpnOUB54fumSEioJH9EqE
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default

Response headers

content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 13 Jun 2021 22:50:14 GMT
content-language: en-US
content-security-policy: script-src 'report-sample' 'nonce-D0EVO3UYxdFJzCA9hRaS8w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 1076821231-idpiframe.js Show response
ssl.gstatic.com/accounts/o/ Frame 7F7F 115 KB
39 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/accounts/o/1076821231-idpiframe.js

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1816d947d4d4bafd1c4f03793110f64a56b2885ee29fc9fae3c226cea8bc2757

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 10:53:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42992
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40143
x-xss-protection: 0
last-modified: Fri, 04 Jun 2021 02:30:45 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Jun 2022 10:53:42 GMT

GET
H3-29 200 iframerpc Show response
accounts.google.com/o/oauth2/ Frame 7F7F 14 B
58 B 16ms
16ms XHR
application/json 2a00:1450:4001:811::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fdisqus.com&client_id=508198334196-bgmagrg0a2rub674g0shidj8fnd50dji.apps.googleusercontent.com

Requested by

Host: ssl.gstatic.com
URL: https://ssl.gstatic.com/accounts/o/1076821231-idpiframe.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/o/oauth2/iframe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-Requested-With: XmlHttpRequest

Response headers

date: Sun, 13 Jun 2021 22:50:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
content-type: application/json; charset=utf-8
cache-control: public, max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Sun, 13 Jun 2021 23:50:14 GMT

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame 8052 43 B
295 B 237ms
137ms Image
image/gif 151.101.112.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&integration=wordpress%203.0.21&load_time=461&event=init_embed&thread=5248669117&forum=malwarebytesunpacked&forum_id=3107640&imp=3aito671qs3etb&prev_imp&thread_slug=trick_bot_8211_dyreza8217s_successor&user_type=anon&referrer=https%3A%2F%2Fblog.malwarebytes.com%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=false

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:15 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H3-29

200

activityi;dc_pre=CJCizoPZlfECFbnouwgde0EDHw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=674505151862.7255 Show response
5118230.fls.doubleclick.net/ Frame 471F
Redirect Chain

https://5118230.fls.doubleclick.net/activityi;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=674505151862.7255?
https://5118230.fls.doubleclick.net/activityi;dc_pre=CJCizoPZlfECFbnouwgde0EDHw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=674505151862.7255?

481 B
398 B

70ms
69ms

Document
text/html

142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5118230.fls.doubleclick.net/activityi;dc_pre=CJCizoPZlfECFbnouwgde0EDHw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=674505151862.7255?

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

f91dec48b885df4b005060d5499bbbf501dc8978da05aa84bbc278d2daf425b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 5118230.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CJCizoPZlfECFbnouwgde0EDHw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=674505151862.7255?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.malwarebytes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkxhqEb0RqEtCmLwZKUAds0oXDfUERsH5sQcCXu1kv2GwNrv9p8RNmdHCN4
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blog.malwarebytes.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 13 Jun 2021 22:50:15 GMT
expires: Sun, 13 Jun 2021 22:50:15 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 375
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 13 Jun 2021 22:50:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5118230.fls.doubleclick.net/activityi;dc_pre=CJCizoPZlfECFbnouwgde0EDHw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=674505151862.7255?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK embed.js Show response
malwarebytesunpacked.disqus.com/ 74 KB
25 KB 214ms
214ms Script
application/javascript 151.101.112.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://malwarebytesunpacked.disqus.com/embed.js?_=1623624613188

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

f5f087c6df3e4eabbada67d2df4a5b84d07387e10f59c367ec123ef0cfa0c818

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:15 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 24672

GET
H/1.1 200
OK embed.js Show response
malwarebytesunpacked.disqus.com/ 74 KB
25 KB 204ms
204ms Script
application/javascript 151.101.112.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://malwarebytesunpacked.disqus.com/embed.js?_=1623624613189

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

f5f087c6df3e4eabbada67d2df4a5b84d07387e10f59c367ec123ef0cfa0c818

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:15 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 24672

GET
H2 200 2893.js Show response
script.crazyegg.com/pages/scripts/0081/ 4 KB
2 KB 38ms
18ms Script
text/javascript 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0081/2893.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7bb75464b1bd52d309cd75b33478883cfa1f395c6d952291e6696b7836c5717

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:15 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 461163
cf-polished: origSize=4225
ce-version: 11.1.306
cf-request-id: 0aa92a9e3500000610ab008000000001
timing-allow-origin: *
last-modified: Tue, 08 Jun 2021 14:44:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
cf-ray: 65eee076bd970610-FRA
cf-bgj: minify

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 6ms
6ms Script
application/x-javascript 2a02:26f0:6c00:296::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:296::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:15 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=9843
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 156ms
51ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:15 GMT
via: 1.1 varnish
last-modified: Fri, 04 Dec 2020 00:21:46 GMT
age: 82239
etag: "cbc512946c8abb461c6215ed5b454e5f+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1957
x-timer: S1623624616.589878,VS0,VE0
x-served-by: cache-fra19127-FRA

GET
H2 200 /
insight.adsrvr.org/track/pxl/ 70 B
261 B 214ms
70ms Image
image/gif 52.31.175.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/pxl/?adv=jtuxrxn&ct=0:fyckj1z&fmt=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.31.175.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-175-99.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Jun 2021 22:50:15 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame 3979 0
181 B 212ms
71ms Document
text/html 52.31.175.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=8mirph5&ref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&upid=r8yigtp&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.31.175.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-175-99.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: insight.adsrvr.org
:scheme: https
:path: /track/up?adv=8mirph5&ref=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&upid=r8yigtp&upv=1.1.0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.malwarebytes.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blog.malwarebytes.com/

Response headers

date: Sun, 13 Jun 2021 22:50:15 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 2893.json Show response
script.crazyegg.com/pages/data-scripts/0081/ 752 B
638 B 37ms
21ms XHR
application/json 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0081/2893.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0081/2893.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec4d888029c1f1fbfa696d65d77311633f1b07d5be31ae135d76d1158bf12ab9

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:15 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 461159
ce-version: 11.1.306
content-length: 258
cf-request-id: 0aa92a9e5f00004ea9c9291000000001
timing-allow-origin: *
last-modified: Tue, 08 Jun 2021 14:44:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
cf-ray: 65eee076ff6d4ea9-FRA

GET
H/1.1 200
OK analytics.min.js Show response
cdn.bttrack.com/js/14102/analytics/1.0/ Frame 471F 599 B
696 B 143ms
30ms Script
text/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bttrack.com/js/14102/analytics/1.0/analytics.min.js
Requested by: Host: 5118230.fls.doubleclick.net
URL: https://5118230.fls.doubleclick.net/activityi;dc_pre=CJCizoPZlfECFbnouwgde0EDHw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=674505151862.7255?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: /
Resource Hash: fbf44047407fd1714993b1c5cebf5bf2b17915261b8c24ec8c70382b4d389ece

Request headers

Referer: https://5118230.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:15 GMT
Content-Encoding: gzip
X-HW: 1623624615.dop212.sk1.t,1623624615.cds023.sk1.shn,1623624615.dop212.sk1.t,1623624615.cds052.sk1.c
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 368

GET
H3-29 200 dc_pre=CJCizoPZlfECFbnouwgde0EDHw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=674505151862.7255
adservice.google.com/ddm/fls/z/ Frame 471F 42 B
63 B 49ms
49ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CJCizoPZlfECFbnouwgde0EDHw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=674505151862.7255

Requested by

Host: 5118230.fls.doubleclick.net
URL: https://5118230.fls.doubleclick.net/activityi;dc_pre=CJCizoPZlfECFbnouwgde0EDHw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=674505151862.7255?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5118230.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Jun 2021 22:50:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
660 B 256ms
160ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=o1m5j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Sun, 13 Jun 2021 22:50:15 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: caabf8c278f0f5805302c470fb4a9475bd36526574bfdaf2c8ffc5250b57d8f7
x-transaction: 056ee2e44dd53402
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
455 B 255ms
158ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=o1m5j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Sun, 13 Jun 2021 22:50:15 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: aab453dcf7fcfd12ab26795bb663aff3d39bd8e288367541b959d9e561a9a6b3
x-transaction: ac678a98ed0d4310
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 lounge.567531e1abfac5c88f2ef94b952d12ba.css
c.disquscdn.com/next/embed/styles/ 0
26 KB 20ms
20ms Other
text/css 2600:9000:211a:9600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js?_=1623624613188

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:30:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 533999
x-cache: Hit from cloudfront
content-length: 25570
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 07 Jun 2021 17:13:02 GMT
server: nginx
etag: "60be539e-63e2"
content-type: text/css; charset=utf-8
via: 1.1 a4035907ac3c3ba8d1fd116b6b6b9a4d.cloudfront.net (CloudFront)
expires: Tue, 07 Jun 2022 18:30:16 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: VIE50-C2
timing-allow-origin: *
x-amz-cf-id: J_XCwbPJYPNrTmnNm1oTrGZ3PgM1lw5jULcKASL8iVfh6TZvvVreeg==
x-cache-hits: 0

GET
H2 200 common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js
c.disquscdn.com/next/embed/ 0
93 KB 21ms
21ms Other
application/javascript 2600:9000:211a:9600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js?_=1623624613188

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:30:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 533999
x-cache: Hit from cloudfront
content-length: 94800
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 07 Jun 2021 17:13:02 GMT
server: nginx
etag: "60be539e-17250"
content-type: application/javascript; charset=utf-8
via: 1.1 a4035907ac3c3ba8d1fd116b6b6b9a4d.cloudfront.net (CloudFront)
expires: Tue, 07 Jun 2022 18:30:16 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: VIE50-C2
timing-allow-origin: *
x-amz-cf-id: I6IcyrvNHijBbsnegfZUaMw5usGQRa_AhwJnI9uWyfXoblWYJT3mng==
x-cache-hits: 0

GET
H2 200 lounge.bundle.ac702132ea5e06471da27768120c5978.js
c.disquscdn.com/next/embed/ 0
118 KB 22ms
21ms Other
application/javascript 2600:9000:211a:9600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.ac702132ea5e06471da27768120c5978.js

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js?_=1623624613188

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:30:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 533999
x-cache: Hit from cloudfront
content-length: 120382
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 07 Jun 2021 17:13:02 GMT
server: nginx
etag: "60be539e-1d63e"
content-type: application/javascript; charset=utf-8
via: 1.1 a4035907ac3c3ba8d1fd116b6b6b9a4d.cloudfront.net (CloudFront)
expires: Tue, 07 Jun 2022 18:30:16 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: VIE50-C2
timing-allow-origin: *
x-amz-cf-id: iFlM3OfH1ECiqkmUMaih5qMqcu8yrBitzE2Y2AAi-0MM-Lf6bUAGnA==
x-cache-hits: 0

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
12 KB 29ms
29ms Other
application/javascript 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js?_=1623624613188

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:15 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 8
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 11965
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK js Show response
bttrack.com/engagement/ Frame 471F 10 KB
4 KB 548ms
139ms Script
text/javascript 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL: https://bttrack.com/engagement/js?goalId=14102&cb=1623624615682
Requested by: Host: cdn.bttrack.com
URL: https://cdn.bttrack.com/js/14102/analytics/1.0/analytics.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: c78f62df0ca7dd26e0de87a60f9df8653605682783464aa4c491846c58e07c3c

Request headers

Referer: https://5118230.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-ServerName: Track002-dc3
Pragma: no-cache
Date: Sun, 13 Jun 2021 22:49:48 GMT
Content-Encoding: gzip
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: text/javascript; charset=utf-8
Content-Length: 3518
Expires: -1

GET /
disqus.com/embed/comments/ Frame A99D 0
0

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame 421D 10 KB
5 KB 29ms
29ms Document
text/html 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a466979e9750b813a29e702cac134072f5e7e0a0434f3f64c454e37fd7a7ea73

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: disqus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://blog.malwarebytes.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: __jid=3aito671qs3etb; disqus_unique=3aito8tivm5c2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://blog.malwarebytes.com/

Response headers

Connection: keep-alive
Content-Length: 3660
Server: nginx
Content-Type: text/html; charset=utf-8
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Last-Modified: Fri, 04 Dec 2020 03:04:34 GMT
ETag: W/"lounge:view:5248669117.8262d56f9b4092d30dbee7c65417762d.2"
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Referrer-Policy: no-referrer-when-downgrade
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Date: Sun, 13 Jun 2021 22:50:15 GMT
Age: 1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains

GET
H2 200 lounge.load.a5921af07b365f6dfd62075d2dee3735.js Show response
c.disquscdn.com/next/embed/ Frame 421D 1 KB
1 KB 20ms
19ms Script
application/javascript 2600:9000:211a:9600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.a5921af07b365f6dfd62075d2dee3735.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

0a0c09e1e97f172c235c9dcb12dbcd2c20b6bd1bce3a0fe453b245139ededbac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Origin: https://disqus.com
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:30:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 533999
x-cache: Hit from cloudfront
content-length: 532
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 07 Jun 2021 17:13:02 GMT
server: nginx
etag: "60be539e-214"
content-type: application/javascript; charset=utf-8
via: 1.1 b0311c7e530c126dd286898583b59e4c.cloudfront.net (CloudFront)
expires: Tue, 07 Jun 2022 18:30:16 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: VIE50-C2
timing-allow-origin: *
x-amz-cf-id: wD1opsESsL2w6SAPpCZLguFTiKZqyPOi4FM9UOLgW_SkNwEIszX0sA==
x-cache-hits: 0

GET
H2 200 common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js Show response
c.disquscdn.com/next/embed/ Frame 421D 282 KB
93 KB 20ms
20ms Script
application/javascript 2600:9000:211a:9600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.a5921af07b365f6dfd62075d2dee3735.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2025b295509745f39f42f941f1f806395a81e23e146febbff2e85e00df651b93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:30:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 533999
x-cache: Hit from cloudfront
content-length: 94800
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 07 Jun 2021 17:13:02 GMT
server: nginx
etag: "60be539e-17250"
content-type: application/javascript; charset=utf-8
via: 1.1 a4035907ac3c3ba8d1fd116b6b6b9a4d.cloudfront.net (CloudFront)
expires: Tue, 07 Jun 2022 18:30:16 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: VIE50-C2
timing-allow-origin: *
x-amz-cf-id: OrXrRlTIc6h-3lC3U_TZyFl1UR0mv31ZEoBSAITK4WZdSBZ_4Bsh5w==
x-cache-hits: 0

GET
H2 200 lounge.567531e1abfac5c88f2ef94b952d12ba.css
c.disquscdn.com/next/embed/styles/ Frame 421D 158 KB
26 KB 20ms
20ms Stylesheet
text/css 2600:9000:211a:9600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

58e8635e959ce8b5383dcbf9dd50fda2f6a0aeef426760854dfdb2548a3b77fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:30:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 533999
x-cache: Hit from cloudfront
content-length: 25570
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 07 Jun 2021 17:13:02 GMT
server: nginx
etag: "60be539e-63e2"
content-type: text/css; charset=utf-8
via: 1.1 a4035907ac3c3ba8d1fd116b6b6b9a4d.cloudfront.net (CloudFront)
expires: Tue, 07 Jun 2022 18:30:16 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: VIE50-C2
timing-allow-origin: *
x-amz-cf-id: eQAxdFxZfujTkyBxdeVUKi2Yu7E-7TuzBgMAbT55Cdjvx8ERp9b9uA==
x-cache-hits: 0

GET
H2 200 lounge.bundle.ac702132ea5e06471da27768120c5978.js Show response
c.disquscdn.com/next/embed/ Frame 421D 467 KB
118 KB 20ms
20ms Script
application/javascript 2600:9000:211a:9600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.ac702132ea5e06471da27768120c5978.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d42a5154973ce1847b0f60cd27dbde653347daf6169ed714e2f4a71a87f33a0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:30:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 533999
x-cache: Hit from cloudfront
content-length: 120382
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 07 Jun 2021 17:13:02 GMT
server: nginx
etag: "60be539e-1d63e"
content-type: application/javascript; charset=utf-8
via: 1.1 a4035907ac3c3ba8d1fd116b6b6b9a4d.cloudfront.net (CloudFront)
expires: Tue, 07 Jun 2022 18:30:16 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: VIE50-C2
timing-allow-origin: *
x-amz-cf-id: 0lz3pgNDxkFk6k7Hg6czmyy00Whl0I0XnE0joAEaaudpXuj7mzG4Tw==
x-cache-hits: 0

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame 421D 12 KB
12 KB 29ms
29ms Script
application/javascript 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

481e97c1373314243ac83c1b1c9f466b9ce65b95f5fd4b82538f032d976820a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:15 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 8
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 11965
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame 421D 3 KB
4 KB 133ms
133ms XHR
application/json 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=malwarebytesunpacked&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cbcc4ee0dfa02f413889645109c3bbce4802a5970dc38f8b2d65e587a0ba73da

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:16 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 3266
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK loadReactions Show response
disqus.com/api/3.0/threadReactions/ Frame 421D 85 B
530 B 86ms
29ms XHR
application/json 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/threadReactions/loadReactions?thread=5248669117&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

867bde5f1930963a16e7dac4c891142edaa529a4428bb3486165757b7c8ead08

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:16 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 1
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cache-Control: stale-while-revalidate=30, max-age=60
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 85
X-XSS-Protection: 1; mode=block

GET
H2 200 noavatar92.png
a.disquscdn.com/1623278138/images/ Frame 421D 2 KB
2 KB 49ms
48ms Image
image/png 151.101.114.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1623278138/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.ac702132ea5e06471da27768120c5978.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:15 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 263953
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA2-C2
content-type: image/png
content-length: 1644
x-amz-cf-id: gwmSf1x2XUK5RFUWYP4jpFLceRy4By5JB4czoOElTiAUynV9vSJviw==
expires: Sat, 10 Jul 2021 21:31:02 GMT

GET
H2 200 sprite.654110a9206fd22f08cca0798e34a65e.png
c.disquscdn.com/next/embed/assets/img/ Frame 421D 2 KB
2 KB 20ms
19ms Image
image/png 2600:9000:211a:9600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/sprite.654110a9206fd22f08cca0798e34a65e.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

cdba739c28b41f39ce438f2bf204fe739dc81a26cf559a9394ceed56a0666bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Apr 2021 06:58:50 GMT
via: 1.1 a4035907ac3c3ba8d1fd116b6b6b9a4d.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 4204285
x-cache: Hit from cloudfront
content-length: 1862
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Thu, 22 Apr 2021 19:20:03 GMT
server: nginx
etag: "6081cc63-746"
content-type: image/png
access-control-allow-origin: *
expires: Tue, 26 Apr 2022 06:58:50 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: VIE50-C2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: czP0cKNj2oViZQyxnnOy-SkisTG25iwmrk_Dweg1QykY0PHk4naKMA==
x-cache-hits: 0

GET
H2 200 icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame 421D 8 KB
8 KB 21ms
20ms Font
application/octet-stream 2600:9000:211a:9600:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Origin: https://disqus.com
Referer: https://c.disquscdn.com/next/embed/styles/lounge.567531e1abfac5c88f2ef94b952d12ba.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 09:01:33 GMT
via: 1.1 b0311c7e530c126dd286898583b59e4c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 3505721
x-cache: Hit from cloudfront
content-length: 7900
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 28 Apr 2021 21:48:08 GMT
server: nginx
etag: "6089d818-1edc"
content-type: application/octet-stream
access-control-allow-origin: *
expires: Wed, 04 May 2022 09:01:33 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: VIE50-C2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: qttPV34bMiC0sGqV1PfyOYi2x7xlT34XhTtSxUU2OjUHQRzriPMc4Q==
x-cache-hits: 0

GET
H3-29 200 sdk.js Show response
connect.facebook.net/en_US/ Frame 421D 3 KB
2 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d334a4fb8b7550b0c44be95ef86e34ffcea28f9049aeb97cdf400cda8dfeee8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: IAT2iYwNdpMhlC72gmOHeA==
content-security-policy-report-only: default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/;
cross-origin-resource-policy: cross-origin
expires: Sun, 13 Jun 2021 22:56:31 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1780
x-fb-rlafr: 0
x-fb-debug: UtKPoTmfwV3O9THfMt6rTIcKS8JoWxfBstIWmygyc2yW0Vu7nBZ4G/VqBS36niw33eLI4FKA6dr9eVg0bUJ5WA==
x-fb-content-md5: eb2ace72d4e5fe7eb29c8b1dcee3e343
date: Sun, 13 Jun 2021 22:50:15 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "c3767569414831671065ff09362c2704"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H3-29 200 api.js Show response
apis.google.com/js/ Frame 421D 12 KB
5 KB 24ms
24ms Script
application/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/api.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.e51fe378e0cd63a2764bfb6c7ca542a8.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b264ca556a09a341d7d8c2ee64e63e0003b32c24ff4ce2b64c202e5b6ab140f7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-N23P+XgobKo4PyvGISuf3w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "79224003c2b5597899d15c3a85e46734"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-N23P+XgobKo4PyvGISuf3w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Sun, 13 Jun 2021 22:50:15 GMT

GET
H3-29 200 sdk.js Show response
connect.facebook.net/en_US/ Frame 421D 223 KB
65 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=b4756f866ab9edad1e7b287403ec3242&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c4b97492cf7599236ca6ce01823766e0f05ecfcfa5baeef5ea7c9782da1283d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://disqus.com
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: ljoGq3GgGzlPKrcw5wg0Ew==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 66887
x-fb-rlafr: 0
x-fb-debug: sWGA20RShKvD7g34z6TpWGcnUffXmrFV4PE4exmZ62TPHKm5GRSPWoyeBanoUqdmCoFk+GQ+B/3hJIJEWgP8+g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 4e9b7bcc8519e54331ef90aebc26bd02
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sun, 13 Jun 2021 22:50:15 GMT
vary: Accept-Encoding
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "44f0fbdc3a3cdcac85266a56ef299abd"
timing-allow-origin: *
priority: u=3,i
expires: Mon, 13 Jun 2022 21:52:00 GMT

GET
H3-29 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/ Frame 421D 103 KB
34 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/api.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3fa4708138b3bf07311428cc3e0fd918d3db13e4e1c923927f25f1260b98024c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 09:46:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 133439
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35022
x-xss-protection: 0
last-modified: Wed, 19 May 2021 15:07:34 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 Jun 2022 09:46:17 GMT

GET
H3-29 200 iframe Show response
accounts.google.com/o/oauth2/ Frame 7CF7 513 B
356 B 16ms
16ms Document
text/html 2a00:1450:4001:811::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframe

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/cb=gapi.loaded_0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

81936fabee79534382d35f64cc21743f8d3160d6bf6d4fe03063825a6219b67b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-uz1508BHTuv4iv9Bgf/C7g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/iframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=216=DBSWQDhEJ4SQv0NLJ2s67wv0fH8Z8P0f6JUqifbbZSa2mDCTFRBE9cDdb-cSlKXdRPiRExDnaF1WK_QLwOEM80PtGau70gtjZ8ROA-5YGbJwK_-M3-lrTPK4-sotRoFVRO_HxL8SznAMauH71henCltpnOUB54fumSEioJH9EqE
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default

Response headers

content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 13 Jun 2021 22:50:16 GMT
content-language: en-US
content-security-policy: script-src 'report-sample' 'nonce-uz1508BHTuv4iv9Bgf/C7g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 1076821231-idpiframe.js Show response
ssl.gstatic.com/accounts/o/ Frame 7CF7 115 KB
39 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/accounts/o/1076821231-idpiframe.js

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1816d947d4d4bafd1c4f03793110f64a56b2885ee29fc9fae3c226cea8bc2757

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 10:53:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42994
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40143
x-xss-protection: 0
last-modified: Fri, 04 Jun 2021 02:30:45 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Jun 2022 10:53:42 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1623278138/images/ Frame 421D 2 KB
2 KB 49ms
48ms Image
image/png 151.101.114.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1623278138/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.ac702132ea5e06471da27768120c5978.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 22:50:16 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 263953
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA2-C2
content-type: image/png
content-length: 1644
x-amz-cf-id: gwmSf1x2XUK5RFUWYP4jpFLceRy4By5JB4czoOElTiAUynV9vSJviw==
expires: Sat, 10 Jul 2021 21:31:02 GMT

GET
H3-29 200 iframerpc Show response
accounts.google.com/o/oauth2/ Frame 7CF7 14 B
58 B 17ms
16ms XHR
application/json 2a00:1450:4001:811::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fdisqus.com&client_id=508198334196-bgmagrg0a2rub674g0shidj8fnd50dji.apps.googleusercontent.com

Requested by

Host: ssl.gstatic.com
URL: https://ssl.gstatic.com/accounts/o/1076821231-idpiframe.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/o/oauth2/iframe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-Requested-With: XmlHttpRequest

Response headers

date: Sun, 13 Jun 2021 22:50:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
content-type: application/json; charset=utf-8
cache-control: public, max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Sun, 13 Jun 2021 23:50:16 GMT

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame 421D 43 B
295 B 146ms
146ms Image
image/gif 151.101.112.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&integration=wordpress%203.0.21&load_time=354&event=init_embed&thread=5248669117&forum=malwarebytesunpacked&forum_id=3107640&imp=3aitmrm1djvrkt&prev_imp=3aito671qs3etb&thread_slug=trick_bot_8211_dyreza8217s_successor&user_type=anon&referrer=https%3A%2F%2Fblog.malwarebytes.com%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=false

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 22:50:16 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK event Show response
bttrack.com/engagement/ Frame 471F 0
401 B 554ms
139ms XHR
text/plain 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL: https://bttrack.com/engagement/event?input=%7B%22globalId%22%3A%2200000000-0000-0000-0000-000000000042%22%2C%22creativeId%22%3A%22%22%2C%22placementId%22%3A%22%22%2C%22goalId%22%3A%2214102%22%2C%22sessionId%22%3A%220882eb12-744a-448a-bf35-d50513f33252%22%2C%22parentPublisherId%22%3A%22%22%2C%22publisherId%22%3A%22%22%2C%22siteId%22%3A%22%22%2C%22commonId%22%3A%22%22%2C%22heartbeat%22%3A1%2C%22url%22%3A%22https%3A%2F%2F5118230.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCJCizoPZlfECFbnouwgde0EDHw%3Bsrc%3D5118230%3Btype%3Dcount0%3Bcat%3Dsecur00%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Bord%3D1%3Bnum%3D674505151862.7255%3F%22%2C%22fingerprint%22%3A%22%22%2C%22fingerprintProvider%22%3A%22%22%7D
Requested by: Host: bttrack.com
URL: https://bttrack.com/engagement/js?goalId=14102&cb=1623624615682
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://5118230.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-ServerName: Track004-dc3
Pragma: no-cache
Date: Sun, 13 Jun 2021 22:49:48 GMT
Content-Encoding: gzip
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Access-Control-Allow-Origin: *
Cache-Control: private,no-cache
Content-Type: text/plain
Content-Length: 0
Expires: -1

GET
H/1.1 200
OK getpixels Show response
bttrack.com/engagement/ Frame 471F 0
400 B 556ms
140ms XHR
text/html 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL: https://bttrack.com/engagement/getpixels?gid=14102
Requested by: Host: bttrack.com
URL: https://bttrack.com/engagement/js?goalId=14102&cb=1623624615682
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://5118230.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-ServerName: Track004-dc3
Pragma: no-cache
Date: Sun, 13 Jun 2021 22:49:48 GMT
Content-Encoding: gzip
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Access-Control-Allow-Origin: *
Cache-Control: private,no-cache
Content-Type: text/html
Content-Length: 0
Expires: -1

GET
H/1.1 200
OK event Show response
bttrack.com/engagement/ Frame 471F 0
401 B 140ms
140ms XHR
text/plain 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL: https://bttrack.com/engagement/event?input=%7B%22globalId%22%3A%2200000000-0000-0000-0000-000000000042%22%2C%22creativeId%22%3A%22%22%2C%22placementId%22%3A%22%22%2C%22goalId%22%3A%2214102%22%2C%22sessionId%22%3A%220882eb12-744a-448a-bf35-d50513f33252%22%2C%22parentPublisherId%22%3A%22%22%2C%22publisherId%22%3A%22%22%2C%22siteId%22%3A%22%22%2C%22commonId%22%3A%22%22%2C%22heartbeat%22%3A2%2C%22url%22%3A%22https%3A%2F%2F5118230.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCJCizoPZlfECFbnouwgde0EDHw%3Bsrc%3D5118230%3Btype%3Dcount0%3Bcat%3Dsecur00%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Bord%3D1%3Bnum%3D674505151862.7255%3F%22%2C%22fingerprint%22%3A%22%22%2C%22fingerprintProvider%22%3A%22%22%7D
Requested by: Host: bttrack.com
URL: https://bttrack.com/engagement/js?goalId=14102&cb=1623624615682
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://5118230.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-ServerName: Track002-dc3
Pragma: no-cache
Date: Sun, 13 Jun 2021 22:49:53 GMT
Content-Encoding: gzip
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Access-Control-Allow-Origin: *
Cache-Control: private,no-cache
Content-Type: text/plain
Content-Length: 0
Expires: -1

GET
H/1.1 200
OK event Show response
bttrack.com/engagement/ Frame 471F 0
401 B 141ms
141ms XHR
text/plain 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL: https://bttrack.com/engagement/event?input=%7B%22globalId%22%3A%2200000000-0000-0000-0000-000000000042%22%2C%22creativeId%22%3A%22%22%2C%22placementId%22%3A%22%22%2C%22goalId%22%3A%2214102%22%2C%22sessionId%22%3A%220882eb12-744a-448a-bf35-d50513f33252%22%2C%22parentPublisherId%22%3A%22%22%2C%22publisherId%22%3A%22%22%2C%22siteId%22%3A%22%22%2C%22commonId%22%3A%22%22%2C%22heartbeat%22%3A3%2C%22url%22%3A%22https%3A%2F%2F5118230.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCJCizoPZlfECFbnouwgde0EDHw%3Bsrc%3D5118230%3Btype%3Dcount0%3Bcat%3Dsecur00%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Bord%3D1%3Bnum%3D674505151862.7255%3F%22%2C%22fingerprint%22%3A%22%22%2C%22fingerprintProvider%22%3A%22%22%7D
Requested by: Host: bttrack.com
URL: https://bttrack.com/engagement/js?goalId=14102&cb=1623624615682
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://5118230.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-ServerName: Track002-dc3
Pragma: no-cache
Date: Sun, 13 Jun 2021 22:49:58 GMT
Content-Encoding: gzip
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Access-Control-Allow-Origin: *
Cache-Control: private,no-cache
Content-Type: text/plain
Content-Length: 0
Expires: -1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=14942%20https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D14942&t_u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&t_e=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&t_d=Introducing%20TrickBot%2C%20Dyreza%27s%20successor%20-%20Malwarebytes%20Labs%20%7C%20Malwarebytes%20Labs&t_t=Introducing%20TrickBot%2C%20Dyreza%E2%80%99s%20successor&s_o=default

Verdicts & Comments Add Verdict or Comment

178 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.google.com/	1970-01-19 23:23:55	Name: NID Value: 216=DBSWQDhEJ4SQv0NLJ2s67wv0fH8Z8P0f6JUqifbbZSa2mDCTFRBE9cDdb-cSlKXdRPiRExDnaF1WK_QLwOEM80PtGau70gtjZ8ROA-5YGbJwK_-M3-lrTPK4-sotRoFVRO_HxL8SznAMauH71henCltpnOUB54fumSEioJH9EqE
.disqus.com/	1970-01-20 03:46:00	Name: disqus_unique Value: 3aito8tivm5c2
.malwarebytes.com/	1970-01-19 19:01:51	Name: _gid Value: GA1.2.1191171403.1623624614
.malwarebytes.com/	1970-01-19 19:01:51	Name: _uetsid Value: b736f040cc9911eb89fe255c2d132e6f
disqus.com/	1970-01-19 19:00:26	Name: __jid Value: 3aito671qs3etb
.malwarebytes.com/	1970-01-20 03:46:00	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Mon+Jun+14+2021+00%3A50%3A15+GMT%2B0200+(Central+European+Summer+Time)&version=6.4.0&landingPath=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-analysis%2F2016%2F10%2Ftrick-bot-dyrezas-successor%2F&groups=1%3A1%2C0_165071%3A1%2C101%3A1%2C2%3A1%2C3%3A1%2C102%3A1%2C103%3A1%2C4%3A1%2C104%3A1%2C105%3A1%2C106%3A1%2C107%3A1%2C109%3A1%2C110%3A1%2C112%3A1%2C113%3A1%2C114%3A1%2C115%3A1%2C116%3A1%2C117%3A1%2C118%3A1%2C0_165051%3A1%2C0_165052%3A1%2C0_165053%3A1%2C0_165054%3A1%2C0_165055%3A1%2C0_165056%3A1%2C0_165057%3A1%2C0_165058%3A1%2C0_165059%3A1%2C0_165060%3A1%2C0_165061%3A1%2C0_165062%3A1%2C0_165063%3A1%2C0_165064%3A1%2C0_165065%3A1%2C0_165066%3A1%2C0_165067%3A1%2C0_165068%3A1%2C0_165069%3A1%2C0_165070%3A1%2C0_165072%3A1%2C0_165073%3A1%2C0_165074%3A1%2C0_168809%3A1%2C0_168810%3A1%2C0_171059%3A1%2C0_171060%3A1%2C0_171061%3A1%2C0_171062%3A1%2C0_171063%3A1%2C0_171064%3A1%2C0_172264%3A1%2C0_172327%3A1%2C0_179764%3A1%2C0_172332%3A1%2C0_172328%3A1%2C0_172329%3A1%2C108%3A1%2C111%3A1
.malwarebytes.com/	1970-01-19 19:00:24	Name: _dc_gtm_UA-3347303-10 Value: 1
.malwarebytes.com/	1970-01-20 04:22:00	Name: _uetvid Value: b7371340cc9911ebb657dff27da7c0d0
.blog.malwarebytes.com/	1970-01-20 03:46:00	Name: _pin_unauth Value: dWlkPU5tUTVORFJrTWprdE16TXhOaTAwTmpCakxXRmhPR0V0TURCaE5qaGlZbVU0T0RZMQ
.malwarebytes.com/	1970-01-20 12:31:36	Name: _ga Value: GA1.2.733958478.1623624614
.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor	1971-01-19 19:00:24	Name: gaUserID Value: ABC602FB-6D2B-4937-9AC2-7A7B556B07E1
.malwarebytes.com/	1970-01-19 21:10:00	Name: _gcl_au Value: 1.1.1447878614.1623624614
.doubleclick.net/	1970-01-20 04:22:00	Name: IDE Value: AHWqTUkxhqEb0RqEtCmLwZKUAds0oXDfUERsH5sQcCXu1kv2GwNrv9p8RNmdHCN4

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://blog.malwarebytes.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2
console-api	log	URL: https://www.malwarebytes.com/js/nav-resize.js(Line 268) Message: There is no hero section
console-api	log	URL: https://malwarebytesunpacked.disqus.com/embed.js(Line 47) Message: Use DISQUS.reset instead of reloading embed.js please.
console-api	log	URL: https://malwarebytesunpacked.disqus.com/embed.js(Line 47) Message: See https://help.disqus.com/customer/portal/articles/472107-using-disqus-on-ajax-sites

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors none;
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5118230.fls.doubleclick.net
9812475.fls.doubleclick.net
a.disquscdn.com
accounts.google.com
adservice.google.com
adservice.google.de
analytics.twitter.com
api.company-target.com
apis.google.com
bat.bing.com
blog.malwarebytes.com
bttrack.com
c.disquscdn.com
cdn.bttrack.com
cdn.jsdelivr.net
connect.facebook.net
ct.pinterest.com
disqus.com
fonts.googleapis.com
genesis.malwarebytes.com
geolocation.onetrust.com
github.githubassets.com
googleads.g.doubleclick.net
id.rlcdn.com
insight.adsrvr.org
js.adsrvr.org
malwarebytesunpacked.disqus.com
match.prod.bidr.io
optanon.blob.core.windows.net
px.ads.linkedin.com
px4.ads.linkedin.com
q.quora.com
referrer.disqus.com
s.pinimg.com
s.w.org
s.yimg.com
script.crazyegg.com
scripts.demandbase.com
secure.gravatar.com
segments.company-target.com
snap.licdn.com
ssl.gstatic.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
unpkg.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.malwarebytes.com
disqus.com
104.244.42.133
104.244.42.3
104.75.88.209
108.174.10.14
13.224.195.89
13.32.13.117
13.32.2.126
130.211.198.3
142.250.185.230
142.250.185.98
151.101.112.134
151.101.114.49
151.101.12.157
151.101.64.134
18.205.51.212
185.199.110.154
192.0.77.48
192.132.33.46
2600:1f18:21ae:6701:45f:aca9:9171:ed8
2600:9000:206e:c600:16:26c7:ff80:93a1
2600:9000:211a:9600:6:8656:f5c0:93a1
2606:4700:10::6814:b844
2606:4700::6810:5514
2606:4700::6810:7eaf
2606:4700::6813:9408
2620:119:50e4:101::6cae:b55
2620:1ec:21::14
2620:1ec:c11::200
2a00:1288:80:800::7000
2a00:1450:4001:803::2008
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:811::200d
2a00:1450:4001:829::2002
2a00:1450:4001:829::200a
2a00:1450:4001:829::200e
2a00:1450:4001:82a::2004
2a00:1450:4001:831::2003
2a00:1450:400c:c00::9b
2a02:26f0:6c00:281::1931
2a02:26f0:6c00:296::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:fa87:fffe::c000:4902
35.244.174.68
52.239.137.4
52.31.175.99
52.49.183.138
69.16.175.10
99.86.241.41
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
05369fa3ab175c5ba5e63b7c60a872a64f82ddcb1de6a950d73004ed25930e69
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
05a173cb58022e81eb499529ac56df6ad7bafe1c61b8128dca8b76f300b5b60e
05ee3e141d98baa40fc2ba5f9962baf10ed5bfa702281ea07e1a8b95a24ff7d0
08d8022edab174bafc3adecf2515c27de78e9894b30b8cd1f76748577a350cb4
09a743ee0c32ca57c9be64b13b29c396310d1dd309cb4d7d3be722e47db95f27
0a0c09e1e97f172c235c9dcb12dbcd2c20b6bd1bce3a0fe453b245139ededbac
0a98a1800f0819cbb062ff6b62c8bd3ffe1d5e3789bc9c4563ba15f706b04832
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c
0d8ac30d9520ce94e0246020e4bff9b6fea04f92ac0b5f09c7346104b9f5772a
0ed37960a59a6ec6b443f9ef043864d09a51db6fd276ae578d9166467bf986d1
11409f27f3ecd45de6f6a64711fb5705d9b754c53bea7fa51b9e3e1682d4eea4
13253fa3b3061ad717460274d9aaa0d2bb6ce497349cf44cdc83199e12278a69
1532b16aa9cd1fef51c097aaf1abeac6cb6f239b026660e7105e49f4ae6549ff
16f961e4eedc84409f706d7043ec879d9a7783c6f317640b0d97a73e98e9e8ea
1816d947d4d4bafd1c4f03793110f64a56b2885ee29fc9fae3c226cea8bc2757
19333622f176d68bc17e307d8df96b15447864fbb0bbaac495e507fa64d96077
1b596dd656e3aa66a49c4cd29839bf3987beafe7e08f286b4334f7484fbd2c9e
1dc2b8fb26c1a74260a66519a2a5fdf37a938d1b43bbe4d8da7fcd652acc61b9
2025b295509745f39f42f941f1f806395a81e23e146febbff2e85e00df651b93
21da5195f86350f2b52a0ee70a668d4f72542d0413b57dd84f06593e0e0f7207
22f39a41a30342a5c51d150be48c4726245655a560d154af893337d1ae953f62
23a25280a35e9e4a84b3c894f542b6f848e6c26c657c2edcade33164a3322fee
2409f262a4b65de1c6867ad7d607898380900587b69a60b881a9b888bd53e625
282837aec335cd6c5175eef85b0bfad6911bf994a19bfba92fe49e7eac205dd6
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde
2f37b7440bc51b5c73f070e6c5d8d0da1a5137a851e43ba5bb2ec5c7cd9e12c0
30b410ec60b2dda5e521206ed5b3a9318922f62828db7409240f047f21593bcc
32bead89f8c7b43b3b2c3208cc570192e99b1042a151cde913074a71ba44a557
32d4b293bb7f25a21cc44e81184d4bbcb3bdd1837e026b98ed0ad85b3b1a5292
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
361aabb783830d45d3de5f19c4fe47d295e11518fb0279dd99d589eea8d43319
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
36f9c1e2ccdb008580e07af17424a8fe7a6fddeadcfdf9c0fa5ceba8d69f131b
378f79bc8e52dc7c86332d048c8b8f57ad672c3c917ca54b08630bb487b99d3f
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3c8ba982e1a7629cb5be1c6e7ac909bb494b895a63affce2f6306e5cd244505a
3ded49ec357474ead2928b3fd9523df804b1fea51dd278f988a3ca74a8fc3c95
3df56cf5e9b367ce3a1f69c52fe68655893e7443d0b9df0a8a094606775657c0
3fa4708138b3bf07311428cc3e0fd918d3db13e4e1c923927f25f1260b98024c
4186cb82046abff174718350bb4493c13e32ee4e53f5b0783a2142599feb1a69
481e97c1373314243ac83c1b1c9f466b9ce65b95f5fd4b82538f032d976820a6
4823fc995bed6c3bbd18a1d9c4184b9cfd7832a277729c501331815aef6dfd02
4862fb8ba0f98335ccadec5e5ede4de6c0ec5087197cd984c1b4ebcaad5fef22
4b36c9516ea1b8ec7a2aa5fbedea5a09ee036a5062c201cb1daa4ed6d0793650
4b845bc28dbf3a30d8af7000b5554dbc51cff1b2edb951e29f4449bc371b459e
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a
4ed10d0d64bb1515397e8666a63f484d640dbc5678fa62574e077b7aef1c3af2
503f17f1ead39e733bbf304e686d367d5c7051a5df079f15b7e251b479959b13
51f4cf88527819ae3950b1820aa534ebf6c2fcbc0894db427ba5ab59d9efd659
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5576e25dd8a4d45e90da43e0f127c4efb4d16eebcb7a1bc55fbb66e7cf504f9d
580818700724d42d7fcc4979b0197971fca1c6d2e0286769237a0ac897df5512
58c13e24cdfb6384c26836e3eac52d17701cd9d686c56ebf93efbbe9426f8cd6
58e8635e959ce8b5383dcbf9dd50fda2f6a0aeef426760854dfdb2548a3b77fb
5b62da3ed3fe1c94582c2a75526716000f7361ff70c0cc41aae4ee8212735c3e
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
623f80af82697dd496db7e760a88ca69b855018b8e30182fe382334ad7614b99
624de26e418e30e37a6022b5822a9d09e42807828e10742acab7377dab034cce
6252f8d40b521387483f57b7d0c812912a1d59ce038fdde2bcf67cf920486cac
6429fe0ed81fca5f6bb18cb0a0aacae3bd9de79192635aeed4cbda438139d75d
6cd0d6897b3d4779f7d88ce72531f22fbf75851b195fb14e6f3f23d051b3d1e9
6e68c7f596671913cde21ea0a5c4367b743a79422d87b0659e22f00673c5aeb8
7102ea65a4f1546a7b0227a53cc9058a211ba97d34d563c4f0d7f99b03e79c70
72622641b79819e5c8b5c0543d105a45e30f13b1a6c0b5c3701e72de5b57e427
728054ccf1f41ec0afdb688b6db421601bb60d505d9e1e2c2de16d9e4a14b774
73e2e5173ed0d5a77b02914fa0ef1f67bb53143da75f0348f558f95565220ca1
77ba68609568d437390cbb65544587932427e90e34ca01b3b083147f4a5f66a3
7e9bcd405af64ba784d4ead6dba8ed5c146a22c5bb6f264e756e3ded19a6fb6f
7ed6ea6b994f975e4ede747d96d2eb3f63ad55b3d5803615fdb115b487b461d1
81936fabee79534382d35f64cc21743f8d3160d6bf6d4fe03063825a6219b67b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8528b83134ef333f8b4f3b722f422569b5121e6fa817c9942bcbb91f5f61ea93
8640d0e61015cd2786a76e6317fad368852aa017a9333c187a5053b7a192f758
867bde5f1930963a16e7dac4c891142edaa529a4428bb3486165757b7c8ead08
8a849c6ffa64946fefa17e874080dea467783d0e20857bbfbb23480739625648
8c20518cd7e51066b82e8a8a1e8035210741cf808c02268915747960f531061c
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0
8f796d398e512c5d19a2fecc943d19a204927ff3cf9ec2cb3f75a025535268cd
928759d761adf61723feb7a9affc2b058cc9d5044831da66fcadd823e265ab1c
92e74d313cb49d9f8842e0e9b99f9de16c1867b030972e30253dad31e37bcb07
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
93e43a00cd73303f914fe90d7be15dc032f4796891b571bf6cd9d9f36f4c91eb
95cb7d08e289a0501243c287e90223acfd72b6e4adb60a7d34a2c8fb6abc07ab
9a6f23bfe564fd6e98cf71ce4f1e2805f63c86dd4c0eca7b0a063268e5843559
9d815528e2ed7985b63e839cbeb0b684e1fa8da87da3c1a0962b1eecfe437614
9fcb181721162ce0d395b7b9b1e5bb5ca82c5f79bde749d4d0467ec2e65fcb4a
a2b3f57762f2932505c6fa9b43932cb13856966074febc5bb048052f17100bf6
a3d902fafe16ae4bed4e1b9054090d7e6e93f5fbc14bffdfc470fad8c536775e
a466979e9750b813a29e702cac134072f5e7e0a0434f3f64c454e37fd7a7ea73
a50adbd525500a60b4ac0f23ab7a13471bfb3ef5739892e22c46301879115feb
a52bbdb7b132e850fdaf5740012fcc0bc3f6ef0be520bc4b987d8761d40d015a
a6a97c4046257c7e4e063c9f76434c7ce2c1f105e46b07424fabfc054f2d4d24
a7d4e6165ce4042167fcaaa0623eab885d6992458eb05c4fc74184cee79a9eb3
a8ac44503a10a2c584dc26276fcb139752bcc54ff3298e8cc80f44209b04ac9b
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad15e02b8d9bee31a51c502cff1977983fa2c8103b769db7ab097750f34016a9
ad2cc26b0fdde8f4eb637ed12b25364e85af0bfba227dad42cb997ff4ad23eeb
b0028a42624782eed880f488391db76c57f0bb9a6636ac9f1f84d4a1eacaa5ca
b0817a0d6a87f2d42532035e42b20ea55cfaa5ca1092c761f5fc5e734790bdbf
b08f47debbb15ec9b278fa48d7f8ded3d14a1a1040bd072c3cfe93ae22adadde
b264ca556a09a341d7d8c2ee64e63e0003b32c24ff4ce2b64c202e5b6ab140f7
b4e6efb587f3fdfb8155148201d0c51ac95d249a6727e8256acdfe624ade69af
b9e6c38b3493790e6525ba6715ad839211cab5db3ddc80c7f70f20f92679fee6
ba0504cfd673e9fbf0bab2b70a67ac1bbea97891e12fc8cd3f94070f0c4898f8
c13527e6600d478c3cd7ae449acd6813e1c7209a97c0334702ee8d1a999a3a93
c21ce2ab751ba8a0d5c983b35899437f95e4a60833b6aa1d13bc15ff038e8764
c2a416d323532adec9aa1ad3a8b35a3bf2e01449fa2bba9a28a7547b8ef8d36e
c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25
c4b97492cf7599236ca6ce01823766e0f05ecfcfa5baeef5ea7c9782da1283d4
c4f41d4f14eae84b5de2a487c846b53ba6d337e90b3d5da7d5da05de05ebc04e
c78f62df0ca7dd26e0de87a60f9df8653605682783464aa4c491846c58e07c3c
c8d79e6951df8c1e8bc112a744ea5805ac147491a6102a4277279adc8dacf2a8
cb1ab3021b66ae828f0da4d8eb6470e5dad1a004b82b644dd2aeec20d2d28861
cbcc4ee0dfa02f413889645109c3bbce4802a5970dc38f8b2d65e587a0ba73da
cdba739c28b41f39ce438f2bf204fe739dc81a26cf559a9394ceed56a0666bee
cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d1459acec6ea83b5908eff2f351da55ceedecdea59cee3fdf785d9e15fe1629b
d229467029bc6ef59725d5a74f93636feab4fb2ac5f3130ef4e75bd68cbc5cdd
d334a4fb8b7550b0c44be95ef86e34ffcea28f9049aeb97cdf400cda8dfeee8d
d42a5154973ce1847b0f60cd27dbde653347daf6169ed714e2f4a71a87f33a0c
d6f36a088f7c6dc6459a02c048b23e2407bf38a5249ecbc9547be2fce143f63a
da1c1ad273854673c3a3f7e8f76aae5d7c9c73f3ebd224c2be1f93106680b1d4
da819542692b3f1c2a667ba34eff3465a82d9756953a1446ab7d0772f9b1edd5
dc568bb8616eed9a8c3c3c94834cfa2260743720fd2af3ffb6edf7fa1e32ebb5
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
e1cb886dfcdd5fe6412e646b3e1ce78d59c847844dc51c13597e549e6ea8ea4d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7bb75464b1bd52d309cd75b33478883cfa1f395c6d952291e6696b7836c5717
eb626421ca6e0a9e61e7df9cd7501a0cab6540f487c300a936d0d5f025b2755d
ec442600e3c090c1171e6d0aca38073cc048af3a7a301ec06bf933da6aa65c1b
ec4d888029c1f1fbfa696d65d77311633f1b07d5be31ae135d76d1158bf12ab9
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
ece8b895d39bc9c6fbcb407610bfca4900ef6e99cee5bac71f2bb5512bd13603
ed2491fc7526ff0b5cfec3fe6f4cf8153796520fc845b735286b0f42183da98a
ee15671dffc01e4ba638577cadff370a892edfeff19b1e2e10bc24fe0fe9942c
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ee5981421f40702d2438e8dad90e27efe1e87c0c72635944560232a90453cb69
ee990b34a0d12a9e15b74e02a2d90385e9c5ccb3fd45b4f40de9e7cbd44f0357
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0556e25a2d53c9a5546db60fba4959019132b8fd3ec44a11af8642d5e6d8bfa
f055e217bde76d711bd8b42af773f9f99b8a29d81ad9ed10b6379cc7e6c60452
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f575112df5398271c1f04b48a995ccc6e17d69730e37304078178d46781152da
f5f087c6df3e4eabbada67d2df4a5b84d07387e10f59c367ec123ef0cfa0c818
f8869aa9427c07872b91f3bb5485a65a0e389302f54ad6fe1b684c59d97d154a
f91dec48b885df4b005060d5499bbbf501dc8978da05aa84bbc278d2daf425b2
fa07bfad3039513f81cc0551de10a79c7c823bce84a5fbfba5a547f96479a367
fbf44047407fd1714993b1c5cebf5bf2b17915261b8c24ec8c70382b4d389ece
fd6a51cc8ebb9346818dccec2b48233af88a58645d5bca6fe3d6bb5b2c43b70b
ff37be8081d97cd5da09dea014d573e75a3b34365476f1cc459cdb0dfadab3ec
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

blog.malwarebytes.com Open in urlscan Pro 130.211.198.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

207 Requests

100 %HTTPS

53 %IPv6

37 Domains

54 Subdomains

49 IPs

5 Countries

3698 kBTransfer

6907 kBSize

13 Cookies

114 Outgoing links

Redirected requests

207 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.malwarebytes.com Open in urlscan Pro
130.211.198.3 Public Scan

Screenshot
Live screenshot

Full Image

207
Requests

100 %
HTTPS

53 %
IPv6

37
Domains

54
Subdomains

49
IPs

5
Countries

3698 kB
Transfer

6907 kB
Size

13
Cookies

207 HTTP transactions
0 data transactions