urlscan.io logo urlscan.io
SecurityTrails logo

blog.scilabs.mx Open in urlscan Pro
66.22.15.150  Public Scan

Go To Rescan Add Verdict Report
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Submission: On June 30 via manual from NL — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 35 HTTP transactions. The main IP is 66.22.15.150, located in United States and belongs to RADWARE-CLOUD-SERVICES, US. The main domain is blog.scilabs.mx.
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on October 3rd 2023. Valid for: a year.
This is the only time blog.scilabs.mx was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
31 66.22.15.150 25773 (RADWARE-C...)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
35 3
Apex Domain
Subdomains		 Transfer
31 scilabs.mx
blog.scilabs.mx
2 MB
3 gstatic.com
fonts.gstatic.com
118 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 83
2 KB
35 3
Domain Requested by
31 blog.scilabs.mx blog.scilabs.mx
3 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com blog.scilabs.mx
35 3
Subject Issuer Validity Valid
*.scilabs.mx
GeoTrust TLS RSA CA G1		 2023-10-03 -
2024-11-02		 a year crt.sh
upload.video.google.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.gstatic.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Frame ID: 9AB9F6A40947FA37F4CB6FF1B1271717
Requests: 35 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Campaña de Malware atribuida a APT-C-36, contexto y IOCs

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

35
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1766 kB
Transfer

2404 kB
Size

16
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

35 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/ 		47 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
223de3f6b141b47230bd7a6178da0f81a652f11f8c7af3641a60e25c4b190eb0
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sun, 30 Jun 2024 17:04:26 GMT
link
<https://blog.scilabs.mx/wp-json/>; rel="https://api.w.org/", <https://blog.scilabs.mx/wp-json/wp/v2/posts/422>; rel="alternate"; type="application/json", <https://blog.scilabs.mx/?p=422>; rel=shortlink
x-frame-options
sameorigin
x-pingback
https://blog.scilabs.mx/xmlrpc.php
style.min.css
blog.scilabs.mx/wp-includes/css/dist/block-library/ 		79 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-includes/css/dist/block-library/style.min.css
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:27 GMT
content-encoding
gzip
last-modified
Fri, 17 Dec 2021 21:26:24 GMT
etag
W/"13abe-5d35e30ec5405"
x-frame-options
sameorigin
content-type
text/css
style.css
blog.scilabs.mx/wp-content/themes/twentynineteen/ 		78 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-content/themes/twentynineteen/style.css
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
64e6c847b43f135af65a335bdf981f8729399643a1b790bf492226f5db1a5b0e
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:27 GMT
content-encoding
gzip
last-modified
Fri, 17 Dec 2021 22:01:14 GMT
etag
W/"1397e-5d35ead7eedc1"
x-frame-options
sameorigin
content-type
text/css
font-awesome.min.css
blog.scilabs.mx/wp-content/themes/twentynineteen/fontawesome/css/ 		30 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-content/themes/twentynineteen/fontawesome/css/font-awesome.min.css
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:27 GMT
content-encoding
gzip
last-modified
Fri, 17 Dec 2021 22:01:14 GMT
etag
W/"791c-5d35ead7e8830"
x-frame-options
sameorigin
content-type
text/css
css
fonts.googleapis.com/ 		11 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C600&1&display=swap
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c0c4dc54f76b3ed86c0ffe83ff98f7d2b0cd8c3de92bca47159b3dd8d948b78a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Sun, 30 Jun 2024 17:04:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 30 Jun 2024 16:09:32 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 30 Jun 2024 17:04:27 GMT
jquery.min.js
blog.scilabs.mx/wp-includes/js/jquery/ 		87 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-includes/js/jquery/jquery.min.js
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:27 GMT
content-encoding
gzip
last-modified
Fri, 17 Dec 2021 21:26:24 GMT
etag
W/"15db1-5d35e30ed78ff"
x-frame-options
sameorigin
content-type
application/javascript
jquery-migrate.min.js
blog.scilabs.mx/wp-includes/js/jquery/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-includes/js/jquery/jquery-migrate.min.js
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:27 GMT
content-encoding
gzip
last-modified
Fri, 17 Dec 2021 21:26:24 GMT
etag
W/"2bd8-5d35e30ed78ff"
x-frame-options
sameorigin
content-type
application/javascript
front.js
blog.scilabs.mx/wp-content/plugins/wp-security-hardening/modules/js/ 		59 B
219 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-content/plugins/wp-security-hardening/modules/js/front.js
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
c33275705e60d7f9f4ed1667e4ca1ad0ba8acf6036d74538670467be8dad7f81
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:27 GMT
last-modified
Mon, 01 Feb 2021 00:04:22 GMT
accept-ranges
bytes
etag
"3b-5ba3b1897ed80"
content-length
59
x-frame-options
sameorigin
content-type
application/javascript
Top-Banner-SCIBLOG.jpg
blog.scilabs.mx/wp-content/uploads/2023/11/ 		258 KB
258 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.scilabs.mx/wp-content/uploads/2023/11/Top-Banner-SCIBLOG.jpg
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
613454a8637649441395e9782a9a0ace106fd15230c25e4f6f81a55e770458c4
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:27 GMT
last-modified
Fri, 17 Nov 2023 21:32:52 GMT
accept-ranges
bytes
etag
"40611-60a5fe0f40eb8"
content-length
263697
x-frame-options
sameorigin
content-type
image/jpeg
TELEFONO_tiny_bttm.png
blog.scilabs.mx/wp-content/uploads/2021/12/ 		255 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.scilabs.mx/wp-content/uploads/2021/12/TELEFONO_tiny_bttm.png
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
cf0dc9c31787ab8f466966dc6486bceaf4ad2190dfcfd47648b10a35517d0259
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:27 GMT
last-modified
Thu, 23 Dec 2021 00:07:04 GMT
accept-ranges
bytes
etag
"ff-5d3c504b5d6ed"
content-length
255
x-frame-options
sameorigin
content-type
image/png
contactanos-personalized-advice.png
blog.scilabs.mx/wp-content/uploads/2021/12/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.scilabs.mx/wp-content/uploads/2021/12/contactanos-personalized-advice.png
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
6972423c4b517d6105e4db40d4c2bc85368b8a60ffbe895c230f2f3c83a0bafb
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:27 GMT
last-modified
Thu, 23 Dec 2021 00:16:38 GMT
accept-ranges
bytes
etag
"15e3-5d3c526e979f0"
content-length
5603
x-frame-options
sameorigin
content-type
image/png
reporta-vul_tiny_bttm.png
blog.scilabs.mx/wp-content/uploads/2021/12/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.scilabs.mx/wp-content/uploads/2021/12/reporta-vul_tiny_bttm.png
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
afe73c70d61e06bed5e2979d1fff1bab08c1e31cbc2ed8cec6a659f2cc4dec46
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:28 GMT
last-modified
Thu, 23 Dec 2021 00:18:45 GMT
accept-ranges
bytes
etag
"7fd-5d3c52e77a9ae"
content-length
2045
x-frame-options
sameorigin
content-type
image/png
tw-bs4.css
blog.scilabs.mx/wp-content/plugins/wp-security-hardening/modules/inc/assets/css/ 		209 KB
35 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-content/plugins/wp-security-hardening/modules/inc/assets/css/tw-bs4.css
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
653b40ccb6ed560a39d8f3dc1902b946647a9939b955c6c53116454bdfe4c4e9
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:28 GMT
content-encoding
gzip
last-modified
Sun, 27 Oct 2019 17:06:46 GMT
etag
W/"34351-595e768747580"
x-frame-options
sameorigin
content-type
text/css
font-awesome.min.css
blog.scilabs.mx/wp-content/plugins/wp-security-hardening/modules/inc/fa/css/ 		20 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-content/plugins/wp-security-hardening/modules/inc/fa/css/font-awesome.min.css
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
b769324e0921f9f649611113e65f528ebae5e140da8a7e63c5d6ea7bc7a33bc0
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:28 GMT
content-encoding
gzip
last-modified
Sun, 27 Oct 2019 17:06:46 GMT
etag
W/"511e-595e768747580"
x-frame-options
sameorigin
content-type
text/css
front.css
blog.scilabs.mx/wp-content/plugins/wp-security-hardening/modules/css/ 		145 B
297 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-content/plugins/wp-security-hardening/modules/css/front.css
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
b2de4ae656c0605f0cc9ea54ab32a4508f56fc4f02dcc407d33fd44370afc1cb
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:28 GMT
last-modified
Sun, 27 Oct 2019 17:06:46 GMT
accept-ranges
bytes
etag
"91-595e768747580"
content-length
145
x-frame-options
sameorigin
content-type
text/css
jquery.bxslider.min.js
blog.scilabs.mx/wp-content/themes/twentynineteen/js/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-content/themes/twentynineteen/js/jquery.bxslider.min.js
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
0157d11106d6b70289099fd1ce1f7bea3a9dfbb46cee3994edb07ce765bb92fc
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:28 GMT
content-encoding
gzip
last-modified
Fri, 17 Dec 2021 22:01:14 GMT
etag
W/"5d92-5d35ead7ee209"
x-frame-options
sameorigin
content-type
application/javascript
navigation.min.js
blog.scilabs.mx/wp-content/themes/twentynineteen/js/ 		2 KB
846 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-content/themes/twentynineteen/js/navigation.min.js
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
5b84335d42b38d3122349f53b20dd6a5cb0f45d1e45e5683fd572bcdda8c04a2
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:28 GMT
content-encoding
gzip
last-modified
Fri, 17 Dec 2021 22:01:14 GMT
etag
W/"61f-5d35ead7ee209"
x-frame-options
sameorigin
content-type
application/javascript
jquery.fitvids.min.js
blog.scilabs.mx/wp-content/themes/twentynineteen/js/fitvids/ 		2 KB
952 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-content/themes/twentynineteen/js/fitvids/jquery.fitvids.min.js
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
8994924c0f3ab4474ee0a7c04417ad84933c4467cc9192fcb60b9774f15f5990
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:28 GMT
content-encoding
gzip
last-modified
Fri, 17 Dec 2021 22:01:14 GMT
etag
W/"6da-5d35ead7ede21"
x-frame-options
sameorigin
content-type
application/javascript
skip-link-focus-fix.min.js
blog.scilabs.mx/wp-content/themes/twentynineteen/js/ 		325 B
400 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-content/themes/twentynineteen/js/skip-link-focus-fix.min.js
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
53f829ae556bf7011727483015d83a98bcdb4b5796eecb728827c1282c971536
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:28 GMT
content-encoding
gzip
last-modified
Fri, 17 Dec 2021 22:01:14 GMT
etag
W/"145-5d35ead7ee209"
x-frame-options
sameorigin
content-type
application/javascript
colormag-custom.min.js
blog.scilabs.mx/wp-content/themes/twentynineteen/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-content/themes/twentynineteen/js/colormag-custom.min.js
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
2b32be0979cb9f2119bd22563ed89560525c15a8edfd6e662a1968314783f689
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:28 GMT
content-encoding
gzip
last-modified
Fri, 17 Dec 2021 22:01:14 GMT
etag
W/"b0a-5d35ead7ee209"
x-frame-options
sameorigin
content-type
application/javascript
wp-embed.min.js
blog.scilabs.mx/wp-includes/js/ 		1 KB
938 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-includes/js/wp-embed.min.js
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:28 GMT
content-encoding
gzip
last-modified
Fri, 17 Dec 2021 21:26:24 GMT
etag
W/"592-5d35e30eda00f"
x-frame-options
sameorigin
content-type
application/javascript
wp-emoji-release.min.js
blog.scilabs.mx/wp-includes/js/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-includes/js/wp-emoji-release.min.js
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:28 GMT
content-encoding
gzip
last-modified
Fri, 17 Dec 2021 21:26:24 GMT
etag
W/"4705-5d35e30edabc7"
x-frame-options
sameorigin
content-type
application/javascript
stormcaster.js
blog.scilabs.mx/18f5227b-e27b-445a-a53f-f845fbe69b40/ 		237 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/18f5227b-e27b-445a-a53f-f845fbe69b40/stormcaster.js
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
rdwr /
Resource Hash
083aa627d1b2a29661b9548eb547582b11faf1d2d90c076279053ab56be15f2b

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:28 GMT
content-encoding
gzip
via
1.1 google
last-modified
Tue, 18 Jun 2024 04:33:55 GMT
server
rdwr
age
760
etag
W/"66710e33-3b3c5"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600,public
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
90611
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 		47 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C600&1&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://fonts.googleapis.com/
Origin
https://blog.scilabs.mx
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 27 Jun 2024 09:37:33 GMT
x-content-type-options
nosniff
age
286015
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Jun 2025 09:37:33 GMT
fontawesome-webfont.woff2
blog.scilabs.mx/wp-content/themes/twentynineteen/fontawesome/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-content/themes/twentynineteen/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/wp-content/themes/twentynineteen/fontawesome/css/font-awesome.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/wp-content/themes/twentynineteen/fontawesome/css/font-awesome.min.css
Origin
https://blog.scilabs.mx
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:28 GMT
last-modified
Fri, 17 Dec 2021 22:01:14 GMT
accept-ranges
bytes
etag
"12d68-5d35ead7e8c18"
content-length
77160
x-frame-options
sameorigin
content-type
font/woff2
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2
fonts.gstatic.com/s/opensans/v40/ 		24 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C600&1&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7e510e61c497d334da21eccda06df5d3a428c9ea94d6903b6138e7c7255aba0f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://fonts.googleapis.com/
Origin
https://blog.scilabs.mx
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 25 Jun 2024 15:07:31 GMT
x-content-type-options
nosniff
age
439017
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24984
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:04:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 25 Jun 2025 15:07:31 GMT
Imagen1.png
blog.scilabs.mx/en/wp-content/uploads/sites/2/2022/07/ 		96 KB
96 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.scilabs.mx/en/wp-content/uploads/sites/2/2022/07/Imagen1.png
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
4380cf487ca5a25f41b009b3da4602f60fe393af3b191b4fb323955fd7bd11da
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:28 GMT
last-modified
Mon, 18 Jul 2022 23:34:44 GMT
accept-ranges
bytes
etag
"17e83-5e41cd00e7d05"
content-length
97923
x-frame-options
sameorigin
content-type
image/png
Imagen2.png
blog.scilabs.mx/en/wp-content/uploads/sites/2/2022/07/ 		713 KB
714 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.scilabs.mx/en/wp-content/uploads/sites/2/2022/07/Imagen2.png
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
6b6a85e191fa0b0fd43efcc37b35b5286a7e3f156500be3eef8c8e035f0bd2ea
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:28 GMT
last-modified
Mon, 18 Jul 2022 23:34:45 GMT
accept-ranges
bytes
etag
"b23de-5e41cd02218c8"
content-length
730078
x-frame-options
sameorigin
content-type
image/png
Imagen3.png
blog.scilabs.mx/en/wp-content/uploads/sites/2/2022/07/ 		143 KB
143 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.scilabs.mx/en/wp-content/uploads/sites/2/2022/07/Imagen3.png
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
8e259b839fc6e26aeb6624dc6289f828691e3158ad85d8708445bf8eaf54fe56
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:28 GMT
last-modified
Mon, 18 Jul 2022 23:34:46 GMT
accept-ranges
bytes
etag
"23b99-5e41cd02d7712"
content-length
146329
x-frame-options
sameorigin
content-type
image/png
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2
fonts.gstatic.com/s/opensans/v40/ 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C600&1&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6b0dab5300943d98f4f20de9d48a49e0186441f6fb8b5e95a9635a30c0b60e72
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://fonts.googleapis.com/
Origin
https://blog.scilabs.mx
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 27 Jun 2024 15:59:39 GMT
x-content-type-options
nosniff
age
263089
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47136
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:04:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Jun 2025 15:59:39 GMT
c99a4269-161c-4242-a3f0-28d44fa6ce24
blog.scilabs.mx/ 		660 B
599 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/c99a4269-161c-4242-a3f0-28d44fa6ce24?
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/18f5227b-e27b-445a-a53f-f845fbe69b40/stormcaster.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
rdwr /
Resource Hash
1f575cf9a88abf713023330da552ff5b6e69ca11c137e5d866e81cf3171197b1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

x-response-time
3ms
date
Sun, 30 Jun 2024 17:04:28 GMT
via
1.1 google
content-encoding
gzip
server
rdwr
content-type
text/plain; charset=UTF-8
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
c99a4269-161c-4242-a3f0-28d44fa6ce24
blog.scilabs.mx/ 		255 B
395 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/c99a4269-161c-4242-a3f0-28d44fa6ce24?
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/18f5227b-e27b-445a-a53f-f845fbe69b40/stormcaster.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
rdwr /
Resource Hash
1f5b589efa9bf6520f1e2985b7977e0d6fe91cfee10c4eca5e96ca26ca4b82bd

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

x-response-time
3ms
date
Sun, 30 Jun 2024 17:04:28 GMT
via
1.1 google
content-encoding
gzip
server
rdwr
content-type
text/plain; charset=UTF-8
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fontawesome-webfont.woff
blog.scilabs.mx/wp-content/plugins/wp-security-hardening/modules/inc/fa/fonts/ 		82 KB
82 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-content/plugins/wp-security-hardening/modules/inc/fa/fonts/fontawesome-webfont.woff?v=4.1.0
Requested by
Host: blog.scilabs.mx
URL: https://blog.scilabs.mx/wp-content/plugins/wp-security-hardening/modules/inc/fa/css/font-awesome.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
66db52b456efe7e29cec11fa09421d03cb09e37ed1b567307ec0444fd605ce31
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/wp-content/plugins/wp-security-hardening/modules/inc/fa/css/font-awesome.min.css
Origin
https://blog.scilabs.mx
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:28 GMT
last-modified
Sun, 27 Oct 2019 17:06:46 GMT
accept-ranges
bytes
etag
"14730-595e768747580"
content-length
83760
x-frame-options
sameorigin
content-type
font/woff
MicrosoftTeams-image-21.png
blog.scilabs.mx/wp-content/uploads/2021/12/ 		26 KB
26 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-content/uploads/2021/12/MicrosoftTeams-image-21.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
fd6c12d9c99cf2f7ed68b1b527bcf383d11c2721a521fa05770da9f51efc0406
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:28 GMT
last-modified
Fri, 17 Dec 2021 21:43:35 GMT
accept-ranges
bytes
etag
"6884-5d35e6e5a8754"
content-length
26756
x-frame-options
sameorigin
content-type
image/png
MicrosoftTeams-image-21.png
blog.scilabs.mx/wp-content/uploads/2021/12/ 		26 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.scilabs.mx/wp-content/uploads/2021/12/MicrosoftTeams-image-21.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.22.15.150 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
fd6c12d9c99cf2f7ed68b1b527bcf383d11c2721a521fa05770da9f51efc0406
Security Headers
Name Value
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 30 Jun 2024 17:04:28 GMT
last-modified
Fri, 17 Dec 2021 21:43:35 GMT
accept-ranges
bytes
etag
"6884-5d35e6e5a8754"
content-length
26756
x-frame-options
sameorigin
content-type
image/png

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage object| _wpemojiSettings undefined| $ function| jQuery object| whp_local_data string| __uzdbm_1 string| __uzdbm_2 string| __uzdbm_3 string| __uzdbm_4 string| __uzdbm_5 string| __uzdbm_6 string| __uzdbm_7 object| SSJSConnectorObj function| ssConf object| regeneratorRuntime object| ssTimeLogs object| BrowserStyle string| j function| ssJSActionTaker function| ssJSConnWriteCookies object| twemoji object| wp number| fpd

16 Cookies

Domain/Path Name / Value
blog.scilabs.mx/ Name: __uzma
Value: 82156ac4-54d1-4042-893b-5fd586657dba
blog.scilabs.mx/ Name: __uzmb
Value: 1719767066
blog.scilabs.mx/ Name: __uzme
Value: 4751
blog.scilabs.mx/ Name: __uzmc
Value: 860981025197
blog.scilabs.mx/ Name: __uzmd
Value: 1719767066
blog.scilabs.mx/ Name: __uzmf
Value: 7f60008a466a63-44a4-4d58-9271-00bb0d36c54817197670662060-547e5c4b5d24af5310
.scilabs.mx/ Name: uzmx
Value: 7f9000f1309a22-b3d4-4e9f-ab3e-63f2c3ac62621-17197670662060-e468504c28a531b510
.scilabs.mx/ Name: __ssds
Value: 2
.scilabs.mx/ Name: __ssuzjsr2
Value: a9be0cd8e
.scilabs.mx/ Name: __uzmaj2
Value: 3fb8b59a-115d-409a-9b57-7a82580ee6be
.scilabs.mx/ Name: __uzmbj2
Value: 1719767068
.scilabs.mx/ Name: __uzmcj2
Value: 259031022194
.scilabs.mx/ Name: __uzmdj2
Value: 1719767068
.scilabs.mx/ Name: __uzmlj2
Value: aptEONsB7ekE1nF7e/uDGbfbtL8SnnYIZvEitb7yfgg=
.scilabs.mx/ Name: __uzmfj2
Value: 7f60008a466a63-44a4-4d58-9271-00bb0d36c54817197670682770-24cd4a6d91791b2510
.scilabs.mx/ Name: uzmxj
Value: 7f9000f1309a22-b3d4-4e9f-ab3e-63f2c3ac62621-17197670682770-8563527255a4e52910

10 Console Messages

Source Level URL
Text
security warning URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/(Line 587)
Message:
Mixed Content: The page at 'https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/' was loaded over HTTPS, but requested an insecure element 'http://blog.scilabs.mx/en/wp-content/uploads/sites/2/2022/07/Imagen1.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/(Line 587)
Message:
Mixed Content: The page at 'https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/' was loaded over HTTPS, but requested an insecure element 'http://blog.scilabs.mx/en/wp-content/uploads/sites/2/2022/07/Imagen2.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/(Line 587)
Message:
Mixed Content: The page at 'https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/' was loaded over HTTPS, but requested an insecure element 'http://blog.scilabs.mx/en/wp-content/uploads/sites/2/2022/07/Imagen3.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/(Line 587)
Message:
Mixed Content: The page at 'https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/' was loaded over HTTPS, but requested an insecure element 'http://blog.scilabs.mx/en/wp-content/uploads/sites/2/2022/07/Imagen4.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/(Line 587)
Message:
Mixed Content: The page at 'https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/' was loaded over HTTPS, but requested an insecure element 'http://blog.scilabs.mx/en/wp-content/uploads/sites/2/2022/07/Imagen5.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/(Line 587)
Message:
Mixed Content: The page at 'https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/' was loaded over HTTPS, but requested an insecure element 'http://blog.scilabs.mx/en/wp-content/uploads/sites/2/2022/07/Imagen6.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/(Line 587)
Message:
Mixed Content: The page at 'https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/' was loaded over HTTPS, but requested an insecure element 'http://blog.scilabs.mx/en/wp-content/uploads/sites/2/2022/07/Imagen7.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/(Line 587)
Message:
Mixed Content: The page at 'https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/' was loaded over HTTPS, but requested an insecure element 'http://blog.scilabs.mx/en/wp-content/uploads/sites/2/2022/07/Imagen1.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/(Line 587)
Message:
Mixed Content: The page at 'https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/' was loaded over HTTPS, but requested an insecure element 'http://blog.scilabs.mx/en/wp-content/uploads/sites/2/2022/07/Imagen2.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/(Line 587)
Message:
Mixed Content: The page at 'https://blog.scilabs.mx/malware-campaign-attributed-to-apt-c-36-context-and-iocs-update-june-2022/' was loaded over HTTPS, but requested an insecure element 'http://blog.scilabs.mx/en/wp-content/uploads/sites/2/2022/07/Imagen3.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options sameorigin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blog.scilabs.mx
fonts.googleapis.com
fonts.gstatic.com
2a00:1450:4001:800::200a
2a00:1450:4001:829::2003
66.22.15.150
0157d11106d6b70289099fd1ce1f7bea3a9dfbb46cee3994edb07ce765bb92fc
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
083aa627d1b2a29661b9548eb547582b11faf1d2d90c076279053ab56be15f2b
1f575cf9a88abf713023330da552ff5b6e69ca11c137e5d866e81cf3171197b1
1f5b589efa9bf6520f1e2985b7977e0d6fe91cfee10c4eca5e96ca26ca4b82bd
223de3f6b141b47230bd7a6178da0f81a652f11f8c7af3641a60e25c4b190eb0
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2b32be0979cb9f2119bd22563ed89560525c15a8edfd6e662a1968314783f689
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
4380cf487ca5a25f41b009b3da4602f60fe393af3b191b4fb323955fd7bd11da
53f829ae556bf7011727483015d83a98bcdb4b5796eecb728827c1282c971536
5b84335d42b38d3122349f53b20dd6a5cb0f45d1e45e5683fd572bcdda8c04a2
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
613454a8637649441395e9782a9a0ace106fd15230c25e4f6f81a55e770458c4
64e6c847b43f135af65a335bdf981f8729399643a1b790bf492226f5db1a5b0e
653b40ccb6ed560a39d8f3dc1902b946647a9939b955c6c53116454bdfe4c4e9
66db52b456efe7e29cec11fa09421d03cb09e37ed1b567307ec0444fd605ce31
6972423c4b517d6105e4db40d4c2bc85368b8a60ffbe895c230f2f3c83a0bafb
6b0dab5300943d98f4f20de9d48a49e0186441f6fb8b5e95a9635a30c0b60e72
6b6a85e191fa0b0fd43efcc37b35b5286a7e3f156500be3eef8c8e035f0bd2ea
7e510e61c497d334da21eccda06df5d3a428c9ea94d6903b6138e7c7255aba0f
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c
8994924c0f3ab4474ee0a7c04417ad84933c4467cc9192fcb60b9774f15f5990
8e259b839fc6e26aeb6624dc6289f828691e3158ad85d8708445bf8eaf54fe56
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
afe73c70d61e06bed5e2979d1fff1bab08c1e31cbc2ed8cec6a659f2cc4dec46
b2de4ae656c0605f0cc9ea54ab32a4508f56fc4f02dcc407d33fd44370afc1cb
b769324e0921f9f649611113e65f528ebae5e140da8a7e63c5d6ea7bc7a33bc0
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c0c4dc54f76b3ed86c0ffe83ff98f7d2b0cd8c3de92bca47159b3dd8d948b78a
c33275705e60d7f9f4ed1667e4ca1ad0ba8acf6036d74538670467be8dad7f81
cf0dc9c31787ab8f466966dc6486bceaf4ad2190dfcfd47648b10a35517d0259
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
fd6c12d9c99cf2f7ed68b1b527bcf383d11c2721a521fa05770da9f51efc0406