malwarebreakdown.wordpress.com Open in urlscan Pro
192.0.78.13 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://malwarebreakdown.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Effective URL:
https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Submission: On April 05 via api (April 5th 2021, 8:17:22 pm UTC) from US

Summary HTTP 128 Redirects Links 30 Behaviour Indicators

Summary

This website contacted 22 IPs in 3 countries across 12 domains to perform 128 HTTP transactions. The main IP is 192.0.78.13, located in United States and belongs to AUTOMATTIC, US. The main domain is malwarebreakdown.wordpress.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 12th 2020. Valid for: 2 years.

This is the only time malwarebreakdown.wordpress.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	192.0.78.24 192.0.78.24	2635 (AUTOMATTIC) (AUTOMATTIC)
2	192.0.78.13 192.0.78.13	2635 (AUTOMATTIC) (AUTOMATTIC)
28	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
7	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
18	192.0.72.23 192.0.72.23	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
6	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
3	176.34.151.72 176.34.151.72	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
4	192.0.78.23 192.0.78.23	2635 (AUTOMATTIC) (AUTOMATTIC)
1	192.0.77.38 192.0.77.38	2635 (AUTOMATTIC) (AUTOMATTIC)
7	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
4	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
3	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1 2	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
1	2606:2800:134... 2606:2800:134:1a0d:1429:742:782:b6	15133 (EDGECAST) (EDGECAST)
3	2606:2800:233... 2606:2800:233:8173:898f:63b3:95c3:79d2	15133 (EDGECAST) (EDGECAST)
22	2606:2800:134... 2606:2800:134:fa2:1627:1fe:edb:1665	15133 (EDGECAST) (EDGECAST)
3	2606:2800:233... 2606:2800:233:7ee2:97c:ab4c:6c70:be36	15133 (EDGECAST) (EDGECAST)
128	22

1 192.0.78.24 (United States) 1 redirects

ASN2635 (AUTOMATTIC, US)

malwarebreakdown.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.78.13 (United States)

ASN2635 (AUTOMATTIC, US)

malwarebreakdown.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 192.0.77.32 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widgets.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

0.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
1.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 192.0.72.23 (United States)

ASN2635 (AUTOMATTIC, US)

malwarebreakdown.files.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 192.0.76.3 (United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 176.34.151.72 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-176-34-151-72.eu-west-1.compute.amazonaws.com

s.pubmine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.0.78.23 (United States)

ASN2635 (AUTOMATTIC, US)

public-api.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.38 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.pubmine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:800e:face:b00c:0:2 (United States)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.200 (United States) 1 redirects

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:134:1a0d:1429:742:782:b6 (United States)

ASN15133 (EDGECAST, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:2800:233:8173:898f:63b3:95c3:79d2 (United States)

ASN15133 (EDGECAST, US)

abs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2606:2800:134:fa2:1627:1fe:edb:1665 (United States)

ASN15133 (EDGECAST, US)

pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:2800:233:7ee2:97c:ab4c:6c70:be36 (United States)

ASN15133 (EDGECAST, US)

ton.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	wp.com s0.wp.com stats.wp.com widgets.wp.com pixel.wp.com	416 KB
29	twimg.com cdn.syndication.twimg.com abs.twimg.com pbs.twimg.com ton.twimg.com	464 KB
24	wordpress.com malwarebreakdown.wordpress.com malwarebreakdown.files.wordpress.com public-api.wordpress.com	799 KB
11	gstatic.com fonts.gstatic.com www.gstatic.com	172 KB
9	twitter.com 1 redirects platform.twitter.com syndication.twitter.com	214 KB
7	gravatar.com 0.gravatar.com 1.gravatar.com secure.gravatar.com	17 KB
6	googleapis.com fonts.googleapis.com translate.googleapis.com	98 KB
4	pubmine.com s.pubmine.com c0.pubmine.com	53 KB
2	google-analytics.com ssl.google-analytics.com	18 KB
1	facebook.com graph.facebook.com	650 B
1	google.com translate.google.com	2 KB
1	malwarebreakdown.com 1 redirects malwarebreakdown.com	203 B
128	12

	Domain	Requested by
25	s0.wp.com	malwarebreakdown.wordpress.com s0.wp.com widgets.wp.com public-api.wordpress.com
22	pbs.twimg.com	malwarebreakdown.wordpress.com
18	malwarebreakdown.files.wordpress.com	malwarebreakdown.wordpress.com
8	fonts.gstatic.com	fonts.googleapis.com
7	platform.twitter.com	s0.wp.com platform.twitter.com
5	pixel.wp.com	malwarebreakdown.wordpress.com
5	0.gravatar.com	malwarebreakdown.wordpress.com 0.gravatar.com
4	translate.googleapis.com	translate.google.com translate.googleapis.com srcdoc
4	public-api.wordpress.com	malwarebreakdown.wordpress.com s0.wp.com public-api.wordpress.com
3	ton.twimg.com	platform.twitter.com ton.twimg.com
3	abs.twimg.com	malwarebreakdown.wordpress.com
3	www.gstatic.com	malwarebreakdown.wordpress.com translate.googleapis.com
3	widgets.wp.com	malwarebreakdown.wordpress.com s0.wp.com widgets.wp.com
3	s.pubmine.com	malwarebreakdown.wordpress.com c0.pubmine.com
2	syndication.twitter.com	1 redirects platform.twitter.com
2	ssl.google-analytics.com	malwarebreakdown.wordpress.com
2	fonts.googleapis.com	malwarebreakdown.wordpress.com s0.wp.com
2	malwarebreakdown.wordpress.com	s0.wp.com
1	secure.gravatar.com
1	cdn.syndication.twimg.com	platform.twitter.com
1	graph.facebook.com	s0.wp.com
1	c0.pubmine.com	malwarebreakdown.wordpress.com
1	stats.wp.com	malwarebreakdown.wordpress.com
1	translate.google.com	malwarebreakdown.wordpress.com
1	1.gravatar.com	malwarebreakdown.wordpress.com
1	malwarebreakdown.com	1 redirects
128	26

This site contains links to these domains. Also see Links.

Domain
malwarebreakdown.com
www.virustotal.com
malwarebreakdown.files.wordpress.com
www.hybrid-analysis.com
gravatar.com
translate.google.com
twitter.com
www.youtube.com
plus.google.com
blog.nesarkworld.com
wordpress.com
wp.me
en.wordpress.com
subscribe.wordpress.com

Subject Issuer	Validity	Valid
*.wordpress.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-12` - `2022-11-14`	2 years	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.files.wordpress.com Sectigo RSA Domain Validation Secure Server CA	`2020-12-21` - `2022-01-21`	a year	crt.sh
*.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
s.pubmine.com Sectigo RSA Domain Validation Secure Server CA	`2020-10-27` - `2021-10-27`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
c0.pubmine.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-16` - `2022-04-16`	a year	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-02-10` - `2021-05-10`	3 months	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Frame ID: 688960E3C030FC1E161B75E1B9B86DC0
Requests: 90 HTTP requests in this frame

Frame: https://public-api.wordpress.com/connect/?googleplus-sign-in=https%3A%2F%2Fmalwarebreakdown.wordpress.com&color_scheme=light
Frame ID: FC0D2B9C7F3A6A27FE9A027AFF3F5D0E
Requests: 2 HTTP requests in this frame

Frame: https://widgets.wp.com/likes/master.html?ver=20210317
Frame ID: 9BEC0BA006D6A0ACC97C253DF0E9865E
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.0edc1ef9f8b82d9b79c6115bda79f63f.html?origin=https%3A%2F%2Fmalwarebreakdown.wordpress.com
Frame ID: 1F29A8F761C1D0B973A1BE356212DE8C
Requests: 2 HTTP requests in this frame

Frame: https://public-api.wordpress.com/wp-admin/rest-proxy/
Frame ID: 6090B88F6167DA53B877460BAA34D998
Requests: 3 HTTP requests in this frame

Frame: https://translate.googleapis.com/translate_a/l?client=te&alpha=true&hl=en&cb=callback
Frame ID: 349580169F25600743E2373ED902129A
Requests: 1 HTTP requests in this frame

Frame: https://widgets.wp.com/likes/index.html?ver=20210317
Frame ID: B9F2F4BC48067FC45AE30FB1DD986FB7
Requests: 2 HTTP requests in this frame

Frame: https://abs.twimg.com/emoji/v2/72x72/1f4a3.png
Frame ID: 97AC73AECCDA03A3B3CBB3F2541D92C0
Requests: 34 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: 33229224FF91AAE27BAF18857B3EFF31
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://malwarebreakdown.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-a... HTTP 301
https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-a... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+s\d+\.wp\.com/i
script /\/wp-(?:content|includes)\//i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+s\d+\.wp\.com/i
script /\/wp-(?:content|includes)\//i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+s\d+\.wp\.com/i
script /\/wp-(?:content|includes)\//i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

Page Statistics

128
Requests

99 %
HTTPS

59 %
IPv6

12
Domains

26
Subdomains

22
IPs

3
Countries

2273 kB
Transfer

4093 kB
Size

6
Cookies

30 Outgoing links

These are links going to different origins than the main page.

URL: https://malwarebreakdown.com/
Title: HOME

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/ip-address/185.154.53.33/information/
Title: VirusTotal report

Search URL Search Domain Scan URL

URL: https://malwarebreakdown.files.wordpress.com/2019/07/2847f-ed895-http-traffic2.png

Search URL Search Domain Scan URL

URL: https://malwarebreakdown.files.wordpress.com/2019/07/c74d6-39e82-dns-queries.png

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/ip-address/185.118.66.84/information/
Title: 185.118.66.84

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/ip-address/34.194.213.50/information/
Title: 34.194.213.50

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/ip-address/87.106.190.153/information/
Title: 87.106.190.153

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/ip-address/185.156.179.126/information/
Title: 185.156.179.126

Search URL Search Domain Scan URL

URL: https://malwarebreakdown.files.wordpress.com/2019/07/d4f60-b120b-traffic1.png

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/file/059335a3470680fb7b959a8ed8f8a487376382011a22fbc8ebfee6fed837e986/analysis/1495047670/
Title: 059335a3470680fb7b959a8ed8f8a487376382011a22fbc8ebfee6fed837e986

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/file/3624e48df3d08146e2a80a47684fdd2c8475ff6b55fceeb47b637a542ba4af50/analysis/1495047760/
Title: 3624e48df3d08146e2a80a47684fdd2c8475ff6b55fceeb47b637a542ba4af50

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/file/ac1f66aeef43044139d5a50dbc1b06b8c0603edcbe9f9f7ec616ce4686d5e40c/analysis/1495047808/
Title: ac1f66aeef43044139d5a50dbc1b06b8c0603edcbe9f9f7ec616ce4686d5e40c

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/file/c3c891c779abc432a9b8fd056af3acedf0d8773ddfa2d4535c150fafc108c58c/analysis/
Title: c3c891c779abc432a9b8fd056af3acedf0d8773ddfa2d4535c150fafc108c58c

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/file/099dcb12acae191a9692f739b366fe245a01c0dc267dc512544c638d3cb6d1da/analysis/
Title: 099dcb12acae191a9692f739b366fe245a01c0dc267dc512544c638d3cb6d1da

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/file/8cd46d3397ef9e2ab0ef4a37042bef4f89901150739388b3af2511119b2e46c6/analysis/
Title: 8cd46d3397ef9e2ab0ef4a37042bef4f89901150739388b3af2511119b2e46c6

Search URL Search Domain Scan URL

URL: https://www.hybrid-analysis.com/sample/8cd46d3397ef9e2ab0ef4a37042bef4f89901150739388b3af2511119b2e46c6?environmentId=100
Title: Hybrid-Analysis Report

Search URL Search Domain Scan URL

URL: https://malwarebreakdown.files.wordpress.com/2019/07/d4a48-46e6c-seamless-redirect.png

Search URL Search Domain Scan URL

URL: https://malwarebreakdown.files.wordpress.com/2019/07/8d32d-d22a2-temp5.png

Search URL Search Domain Scan URL

URL: https://malwarebreakdown.com/wp-content/uploads/2017/05/seamless-campaign-to-rig-ek-051717.zip
Title: Seamless Campaign to RIG EK 051717.zip

Search URL Search Domain Scan URL

URL: https://gravatar.com/site/signup/
Title:

Search URL Search Domain Scan URL

URL: https://translate.google.com/
Title: Translate

Search URL Search Domain Scan URL

URL: https://twitter.com/Oddly_Normal/
Title: View Oddly_Normal’s profile on Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC2k3NU9zcKsNAxV-Kl1TsXA/
Title: View UC2k3NU9zcKsNAxV-Kl1TsXA’s profile on YouTube

Search URL Search Domain Scan URL

URL: https://plus.google.com/u/0/105375048264821782442/
Title: View 105375048264821782442’s profile on Google+

Search URL Search Domain Scan URL

URL: http://blog.nesarkworld.com/2017/12/06/what-is-icedid-trojan-2/
Title: What is IcedID Trojan

Search URL Search Domain Scan URL

URL: https://wordpress.com/log-in?redirect_to=https%3A%2F%2Fmalwarebreakdown.wordpress.com%2F2017%2F05%2F17%2Fseamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit%2F&signup_flow=account
Title: Log in now.

Search URL Search Domain Scan URL

URL: https://wordpress.com/start/
Title: Sign up

Search URL Search Domain Scan URL

URL: https://wp.me/p7UUE6-45c
Title: Copy shortlink

Search URL Search Domain Scan URL

URL: http://en.wordpress.com/abuse/
Title: Report this content

Search URL Search Domain Scan URL

URL: https://subscribe.wordpress.com/
Title: Manage subscriptions

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://malwarebreakdown.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/ HTTP 301
https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 135

https://syndication.twitter.com/i/jot HTTP 302
https://platform.twitter.com/jot.html

128 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Redirect Chain

https://malwarebreakdown.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

145 KB
34 KB

585ms
544ms

Document
text/html

192.0.78.13
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.13 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

afdeaab2d1e6cae53be2df3b8d4cb822da13bb2072e9cacc92c5b60b00224468

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: malwarebreakdown.wordpress.com
:scheme: https
:path: /2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx
date: Mon, 05 Apr 2021 20:17:02 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding Cookie
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
host-header: WordPress.com
x-pingback: https://malwarebreakdown.wordpress.com/xmlrpc.php
link: <https://wp.me/p7UUE6-45c>; rel=shortlink
content-encoding: gzip
x-ac: 1.ams _dfw
strict-transport-security: max-age=15552000

Redirect headers

server: nginx
date: Mon, 05 Apr 2021 20:17:02 GMT
content-type: text/html; charset=utf-8
location: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
strict-transport-security: max-age=31536000
vary: Cookie
x-ac: 3.ams _dfw

GET
H2 200 /
s0.wp.com/_static/ 208 KB
52 KB 56ms
18ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJydkdFOxCAQRX9IOjbGJn0wfguUCbI7A4SB3fTvpa26XRuN8YUwwz33Zga4JjXFUDAU4KoSVeeDwDVNkZWwJ5y/Vd0k8gA7zFB0NzBmq62Ao2g0HbS7CPJnFDhhSXo6q7U6yD+1rrbSYHbtJSNc+sfuqevBVE92yV8NTNZ5Bikz4R+MVmqXr+dYi3LZ2/9aZF18cPIDvpt8maH1OemyKBit10jITfYbtv2CMSmjiGon+8qqvDXwuLm7OF6stxVDE953NtRDiMU3Wr4uB88tCj6SgTDIpNNt3ld+6Yd+GMZhHJ9P77494tI=?cssminify=yes
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 1625b73e4d3b63dffc3d99bf955c0cafc4f35aed33593c462263c03f18211c68

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:02 GMT
content-encoding: gzip
last-modified: Thu, 01 Apr 2021 22:22:49 GMT
server: nginx
etag: W/"606647b9-341c8"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Sat, 02 Apr 2022 08:38:58 GMT

GET
H2 200 css
fonts.googleapis.com/ 12 KB
1 KB 35ms
16ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Archivo+Narrow%3A400%2C700%7CRoboto%3A400%2C500%2C700%2C300%2C400italic&subset=latin%2Clatin-ext

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7fe462d6d568614f32c2f3a288140380493ff4184e9debaa9697df6ea3a9bed3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Origin: https://malwarebreakdown.wordpress.com
Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 20:17:02 GMT
server: ESF
date: Mon, 05 Apr 2021 20:17:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 05 Apr 2021 20:17:02 GMT

GET
H2 200 fontawesome-all.css
s0.wp.com/wp-content/themes/premium/lenscap/inc/fontawesome/css/ 37 KB
8 KB 55ms
18ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/themes/premium/lenscap/inc/fontawesome/css/fontawesome-all.css?m=1525233279h&cssminify=yes
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 258841e31301a4c86089d11c4f9467fc9c4871a29003a728c93397801910c903

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:02 GMT
content-encoding: gzip
server: nginx
etag: W/"5ae97742-b425"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Thu, 03 Feb 2022 06:07:46 GMT

GET
H2 200 /
s0.wp.com/_static/ 6 KB
2 KB 55ms
19ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyVjEEOwjAMBD+EsYKg6gXxlpCayODEUe2q4veEG1wquO1qZxbXBkmrU3UsCzRZMlfDladMbujaoKn1ZP4U2iezHW4rtPRVH0wgcUWn0iQ6/XFgmjgKFJo4AnfwBzeTgmiKzlq/Ctwk8rylznQVzT1m7NRHfUuXcg5DOB6GcQyn+wujk3DB?cssminify=yes
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 42cd771f53f58b26a67af607db5c038ad867c754940d6735dcf40ba82cfc2a62

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:02 GMT
content-encoding: gzip
last-modified: Thu, 25 Feb 2021 16:01:18 GMT
server: nginx
etag: W/"6037c9ce-17c2"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Fri, 25 Feb 2022 16:06:17 GMT

GET
H2 200 /
s0.wp.com/_static/ 29 KB
11 KB 55ms
19ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJxti0EKgCAQAD+ULUaJl+gtJqbG6opr9P3o0CHqNAzMwFmEpdxcbpAOUfDwMTMU4iY2NLECB1Nj9g97y9zB/8Vko0GB5Oktn6kFlxxDGMEjrQbvYEmzVHIclNZy2i9lFDfR?cssminify=yes
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: b70891fc93d3d70dd404dc552206fef8430a1cf1adf5d9fdbec73c4fc712ca8e

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:02 GMT
content-encoding: gzip
last-modified: Thu, 25 Feb 2021 16:01:18 GMT
server: nginx
etag: W/"6037c9ce-72b3"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Fri, 25 Feb 2022 16:01:25 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ 127 KB
41 KB 74ms
38ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyFjtsKwyAMhl9oqZRCyy7GnsVqJko0zihd334dO1B6s6uQ5PsPaslgOFVMVQVRkWdPCE2waLfdwKcbd0FOasfFBpma80lUQdIVLWSWeti+Kp8MNYvysg/3hmX9jC769BeC6F3ZTPfwrm+hCrnwYz3+ZmL3a7lwsdoKGNIi7xATM0ht86a7xks/9tPQD+N0Dk8unGVN
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 32499e2d02032981731d62d858b252023b88721c6ce45fbc97313009b9fa34e9

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:02 GMT
content-encoding: gzip
last-modified: Thu, 01 Apr 2021 21:48:08 GMT
server: nginx
etag: W/"60663f98-1fa8e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Fri, 01 Apr 2022 21:48:15 GMT

GET
H2 200 style.css
s0.wp.com/wp-content/mu-plugins/highlander-comments/ 19 KB
3 KB 55ms
19ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1530132353h&cssminify=yes
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 89d01b152beefa0885d7821cea6cc319054d5e272549b004479a6ac81ecafee3

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:02 GMT
content-encoding: gzip
server: nginx
etag: W/"5b33f7b7-5e1f"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Thu, 03 Feb 2022 04:32:42 GMT

GET
H2 200 fc9be7b5eece161a01c445435d81f7c6
0.gravatar.com/avatar/ 2 KB
2 KB 10ms
5ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://0.gravatar.com/avatar/fc9be7b5eece161a01c445435d81f7c6?s=44&d=identicon&r=G
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 01fab4c49f961772adb5c35c6139852ae1ea506a95b75b3460a66fff9cd09dbc

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 05 Apr 2021 20:17:02 GMT
last-modified: Tue, 20 Sep 2016 22:35:27 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="fc9be7b5eece161a01c445435d81f7c6.jpeg"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/fc9be7b5eece161a01c445435d81f7c6?s=44&d=identicon&r=G>; rel="canonical"
content-length: 1536
expires: Mon, 05 Apr 2021 20:22:02 GMT

GET
H2 200 2847f-ed895-http-traffic2.png
malwarebreakdown.files.wordpress.com/2019/07/ 36 KB
36 KB 2266ms
2218ms Image
image/png 192.0.72.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malwarebreakdown.files.wordpress.com/2019/07/2847f-ed895-http-traffic2.png?w=925

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

561983e67c5e294f576515620a530072c21cb91b1e689700ebc5864cc0febcb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 23 np
date: Mon, 05 Apr 2021 20:17:03 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Tue, 23 Jul 2019 15:56:54 GMT
server: nginx
vary: Accept, Origin
content-type: image/png
access-control-allow-origin: https://malwarebreakdown.wordpress.com
x-orig-src: 0_imageresize
accept-ranges: bytes
content-length: 36546
access-control-allow-credentials: true
expires: Fri, 14 May 2021 06:57:21 GMT

GET
H2 200 c74d6-39e82-dns-queries.png
malwarebreakdown.files.wordpress.com/2019/07/ 11 KB
11 KB 2201ms
2154ms Image
image/png 192.0.72.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malwarebreakdown.files.wordpress.com/2019/07/c74d6-39e82-dns-queries.png

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

43041c03d75220779c40778ba9ba62bd6e8d222f602a8673dcc6bbc76eed42e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 23 np
date: Mon, 05 Apr 2021 20:17:03 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Tue, 23 Jul 2019 15:56:55 GMT
server: nginx
x-orig-src: 01_mogdir
content-type: image/png
access-control-allow-origin: https://malwarebreakdown.wordpress.com
access-control-allow-credentials: true
accept-ranges: bytes
vary: Origin
content-length: 11290
expires: Mon, 26 Apr 2021 10:44:41 GMT

GET
H2 200 d4f60-b120b-traffic1.png
malwarebreakdown.files.wordpress.com/2019/07/ 158 KB
158 KB 2265ms
2219ms Image
image/png 192.0.72.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malwarebreakdown.files.wordpress.com/2019/07/d4f60-b120b-traffic1.png?w=925

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1b6da0b82f5cddfb06fb3437cf48312f81dc2884845b0eb3c7a98f7715b3754c

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 23 np
date: Mon, 05 Apr 2021 20:17:03 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Tue, 23 Jul 2019 15:56:55 GMT
server: nginx
vary: Accept, Origin
content-type: image/png
access-control-allow-origin: https://malwarebreakdown.wordpress.com
x-orig-src: 0_imageresize
accept-ranges: bytes
content-length: 161818
access-control-allow-credentials: true
expires: Tue, 04 May 2021 20:55:39 GMT

GET
H2 200 d4a48-46e6c-seamless-redirect.png
malwarebreakdown.files.wordpress.com/2019/07/ 80 KB
80 KB 2282ms
2236ms Image
image/png 192.0.72.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malwarebreakdown.files.wordpress.com/2019/07/d4a48-46e6c-seamless-redirect.png?w=925

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c0a185a83e0b59d00534e269ebf678785698e2620afa547d9e0f56885d990c7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 23 np
date: Mon, 05 Apr 2021 20:17:03 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Tue, 23 Jul 2019 15:56:54 GMT
server: nginx
vary: Accept, Origin
content-type: image/png
access-control-allow-origin: https://malwarebreakdown.wordpress.com
x-orig-src: 0_imageresize
accept-ranges: bytes
content-length: 81579
access-control-allow-credentials: true
expires: Thu, 06 May 2021 09:34:46 GMT

GET
H2 200 8d32d-d22a2-temp5.png
malwarebreakdown.files.wordpress.com/2019/07/ 24 KB
24 KB 2217ms
2170ms Image
image/png 192.0.72.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malwarebreakdown.files.wordpress.com/2019/07/8d32d-d22a2-temp5.png

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8594c231f7164d206d51d595b7da8258940afbf323ca3140f8f77dd43dd80106

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 23 np
date: Mon, 05 Apr 2021 20:17:03 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Tue, 23 Jul 2019 15:56:55 GMT
server: nginx
x-orig-src: 01_mogdir
content-type: image/png
access-control-allow-origin: https://malwarebreakdown.wordpress.com
access-control-allow-credentials: true
accept-ranges: bytes
vary: Origin
content-length: 24095
expires: Mon, 10 May 2021 23:13:24 GMT

GET
H2 200 83129-65196-appdata5.png
malwarebreakdown.files.wordpress.com/2019/07/ 49 KB
50 KB 2248ms
2202ms Image
image/png 192.0.72.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malwarebreakdown.files.wordpress.com/2019/07/83129-65196-appdata5.png?w=456&h=348

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

58a213bf51d3f817e5456437e6f83a4206bb708911fbc6e342b952fcbd08c061

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 23 np
date: Mon, 05 Apr 2021 20:17:03 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Tue, 23 Jul 2019 15:56:55 GMT
server: nginx
vary: Accept, Origin
content-type: image/png
access-control-allow-origin: https://malwarebreakdown.wordpress.com
x-orig-src: 0_imageresize
accept-ranges: bytes
content-length: 50683
access-control-allow-credentials: true
expires: Sun, 09 May 2021 09:00:40 GMT

GET
H2 200 2a148-83ce2-appdata-24.png
malwarebreakdown.files.wordpress.com/2019/07/ 16 KB
16 KB 2218ms
2217ms Image
image/png 192.0.72.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malwarebreakdown.files.wordpress.com/2019/07/2a148-83ce2-appdata-24.png?w=1136&h=348

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6c9e6c59ca970a087902481cba3e536ca776b9d6903177d9ed4ab5f9f5364a5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 23 np
date: Mon, 05 Apr 2021 20:17:03 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Tue, 23 Jul 2019 15:56:55 GMT
server: nginx
vary: Accept, Origin
content-type: image/png
access-control-allow-origin: https://malwarebreakdown.wordpress.com
x-orig-src: 0_imageresize
accept-ranges: bytes
content-length: 16617
access-control-allow-credentials: true
expires: Fri, 14 May 2021 04:10:37 GMT

GET
H2 200 33f30-e52d1-programdata1.png
malwarebreakdown.files.wordpress.com/2019/07/ 35 KB
35 KB 2174ms
2173ms Image
image/png 192.0.72.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malwarebreakdown.files.wordpress.com/2019/07/33f30-e52d1-programdata1.png?w=664&h=203

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

79021c460953d74c3575e1c0e4eccce8c6940def0d11024ad4dae446a736fc86

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 23 np
date: Mon, 05 Apr 2021 20:17:03 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Tue, 23 Jul 2019 15:56:55 GMT
server: nginx
vary: Accept, Origin
content-type: image/png
access-control-allow-origin: https://malwarebreakdown.wordpress.com
x-orig-src: 0_imageresize
accept-ranges: bytes
content-length: 35995
access-control-allow-credentials: true
expires: Sat, 08 May 2021 01:38:29 GMT

GET
H2 200 9d56a-2ddf3-programdata-21.png
malwarebreakdown.files.wordpress.com/2019/07/ 3 KB
3 KB 2146ms
2145ms Image
image/png 192.0.72.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malwarebreakdown.files.wordpress.com/2019/07/9d56a-2ddf3-programdata-21.png?w=928&h=203

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4545c8320f4fa01c242d58d60c01c8d94fdecaa5447f8add85e552007e842074

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 23 np
date: Mon, 05 Apr 2021 20:17:03 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Tue, 23 Jul 2019 15:56:55 GMT
server: nginx
vary: Accept, Origin
content-type: image/png
access-control-allow-origin: https://malwarebreakdown.wordpress.com
x-orig-src: 0_imageresize
accept-ranges: bytes
content-length: 2927
access-control-allow-credentials: true
expires: Sat, 01 May 2021 04:49:25 GMT

GET
H2 200 36b26-88adf-reg12.png
malwarebreakdown.files.wordpress.com/2019/07/ 52 KB
52 KB 2193ms
2192ms Image
image/png 192.0.72.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malwarebreakdown.files.wordpress.com/2019/07/36b26-88adf-reg12.png?w=925

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

bf768af2a4293b664e782c198e414868a64528cd19e29f8e0490b970a2248e9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 23 np
date: Mon, 05 Apr 2021 20:17:03 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Tue, 23 Jul 2019 15:56:55 GMT
server: nginx
vary: Accept, Origin
content-type: image/png
access-control-allow-origin: https://malwarebreakdown.wordpress.com
x-orig-src: 0_imageresize
accept-ranges: bytes
content-length: 53325
access-control-allow-credentials: true
expires: Wed, 28 Apr 2021 03:02:09 GMT

GET
H2 200 webfont.js Show response
s0.wp.com/wp-content/plugins/custom-fonts/js/ 12 KB
5 KB 22ms
18ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: cb8943abdc046f98c2a74cbe013552f1ed2a5746fd76546ed63f60d32dd83615

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:02 GMT
content-encoding: gzip
server: nginx
etag: W/"5867460b-30cd"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Thu, 03 Feb 2022 04:33:04 GMT

GET
H2 200 wp-emoji-release.min.js Show response
s0.wp.com/wp-includes/js/ 14 KB
5 KB 22ms
18ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1612197847h&ver=5.7.1-alpha-50603
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:02 GMT
content-encoding: gzip
server: nginx
etag: W/"60182fe5-3795"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Thu, 31 Mar 2022 14:01:35 GMT

GET
H2 200 global-print.css
s0.wp.com/wp-content/mu-plugins/global-print/ 5 KB
2 KB 21ms
19ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/global-print/global-print.css?m=1465851035h&cssminify=yes
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 7d08e9159f7d2bf0835085cbd1ffb0252b0e11de45ed07db4447f8e63f181dbf

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:02 GMT
content-encoding: gzip
server: nginx
etag: W/"5c32dc5f-1f6c"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Thu, 03 Feb 2022 04:32:50 GMT

GET
H2 200 6c7f5-c07ec-reg22.png
malwarebreakdown.files.wordpress.com/2019/07/ 53 KB
53 KB 2213ms
2212ms Image
image/png 192.0.72.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malwarebreakdown.files.wordpress.com/2019/07/6c7f5-c07ec-reg22.png?w=925

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3a6dabb17cf8a30461f1a67779a4c3a1ac9251f5cd7a8bc76e3fbedc84e60183

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 23 np
date: Mon, 05 Apr 2021 20:17:03 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Tue, 23 Jul 2019 15:56:55 GMT
server: nginx
vary: Accept, Origin
content-type: image/png
access-control-allow-origin: https://malwarebreakdown.wordpress.com
x-orig-src: 0_imageresize
accept-ranges: bytes
content-length: 54161
access-control-allow-credentials: true
expires: Sun, 09 May 2021 06:44:18 GMT

GET
H2 200 29382-59e4d-reg31.png
malwarebreakdown.files.wordpress.com/2019/07/ 62 KB
62 KB 2218ms
2218ms Image
image/png 192.0.72.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malwarebreakdown.files.wordpress.com/2019/07/29382-59e4d-reg31.png?w=925

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7f5e7e656c7c3940fd374a072e77ea1c6a1f5cd69e0d3238cf355f69c45e6f9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 23 np
date: Mon, 05 Apr 2021 20:17:03 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Tue, 23 Jul 2019 15:56:55 GMT
server: nginx
vary: Accept, Origin
content-type: image/png
access-control-allow-origin: https://malwarebreakdown.wordpress.com
x-orig-src: 0_imageresize
accept-ranges: bytes
content-length: 63327
access-control-allow-credentials: true
expires: Sun, 02 May 2021 09:37:00 GMT

GET
H2 200 82460-c8a22-startup2.png
malwarebreakdown.files.wordpress.com/2019/07/ 36 KB
36 KB 2213ms
2212ms Image
image/png 192.0.72.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malwarebreakdown.files.wordpress.com/2019/07/82460-c8a22-startup2.png?w=338&h=384

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

287b646317cb17945cb6923e94c794c6e96add4e747e81d2a1ce72b0e020c7f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 23 np
date: Mon, 05 Apr 2021 20:17:03 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Tue, 23 Jul 2019 15:56:55 GMT
server: nginx
vary: Accept, Origin
content-type: image/png
access-control-allow-origin: https://malwarebreakdown.wordpress.com
x-orig-src: 0_imageresize
accept-ranges: bytes
content-length: 36492
access-control-allow-credentials: true
expires: Thu, 06 May 2021 02:56:05 GMT

GET
H2 200 1f380-764ef-startup-menu.png
malwarebreakdown.files.wordpress.com/2019/07/ 16 KB
16 KB 2188ms
2187ms Image
image/png 192.0.72.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malwarebreakdown.files.wordpress.com/2019/07/1f380-764ef-startup-menu.png?w=1254&h=384

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3ae05b457465f77eced4f5edb927372f92125550c4d8fa861e459f6a368782c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 23 np
date: Mon, 05 Apr 2021 20:17:03 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Tue, 23 Jul 2019 15:56:55 GMT
server: nginx
vary: Accept, Origin
content-type: image/png
access-control-allow-origin: https://malwarebreakdown.wordpress.com
x-orig-src: 0_imageresize
accept-ranges: bytes
content-length: 16699
access-control-allow-credentials: true
expires: Mon, 03 May 2021 07:53:42 GMT

GET
H2 200 fc9be7b5eece161a01c445435d81f7c6
0.gravatar.com/avatar/ 2 KB
2 KB 9ms
6ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://0.gravatar.com/avatar/fc9be7b5eece161a01c445435d81f7c6?s=65&d=identicon&r=G
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 4d2a776f71b35cae613223abe3b3e999d950b7e58fe52296c781b9a7f8e0e53e

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 05 Apr 2021 20:17:02 GMT
last-modified: Tue, 20 Sep 2016 22:35:27 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="fc9be7b5eece161a01c445435d81f7c6.jpeg"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/fc9be7b5eece161a01c445435d81f7c6?s=65&d=identicon&r=G>; rel="canonical"
content-length: 2335
expires: Mon, 05 Apr 2021 20:22:02 GMT

GET
H2 200 ad516503a11cd5ca435acc9bb6523536
1.gravatar.com/avatar/ 2 KB
2 KB 9ms
5ms Image
image/png 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=identicon&forcedefault=y&r=G
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: cb3e87ff58a5e66937ffb6013c8265ed549658a4ff59c1f8d8ae193f488390a5

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 05 Apr 2021 20:17:02 GMT
last-modified: Sat, 01 Mar 2008 02:44:06 GMT
server: nginx
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=identicon&forcedefault=y&r=G>; rel="canonical"
content-length: 1792
expires: Mon, 05 Apr 2021 20:22:02 GMT

GET
H2 200 gprofiles.js Show response
0.gravatar.com/js/ 23 KB
7 KB 19ms
5ms Script
application/javascript 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://0.gravatar.com/js/gprofiles.js?ver=202114y
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 3742b8f2006b7a23df3252c615bb113e94f77729ac9cc4b021e35517285cf0c2

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:02 GMT
content-encoding: gzip
last-modified: Thu, 02 Apr 2020 15:50:36 GMT
server: nginx
etag: W/"5e8609cc-5dea"
content-type: application/javascript
cache-control: max-age=604800
expires: Mon, 12 Apr 2021 20:17:02 GMT

GET
H2 200 wpgroho.js Show response
s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/ 868 B
506 B 16ms
16ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240h
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 9a90398fe43db7f3effe146858ff7f8c16d1402a2d28090223edd0c50da27087

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:02 GMT
content-encoding: gzip
server: nginx
etag: W/"5ffc31a9-465"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Tue, 11 Jan 2022 11:08:29 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ 42 KB
11 KB 22ms
16ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/jquery/jquery.autoresize.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1573483029j
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 4a82bed4d069950b1f5e43cdfb5b107eee29ee9e60b6363543b3f3ee58e0f558

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:02 GMT
content-encoding: gzip
last-modified: Mon, 11 Nov 2019 14:37:22 GMT
server: nginx
etag: W/"5dc97222-a830"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Wed, 10 Nov 2021 14:37:26 GMT

GET
H2 200 /
s0.wp.com/_static/ 51 KB
21 KB 22ms
16ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJx9y0sKgCAQBuALZYMR1iY6i9gg2vjAB9Htq0WLoNr9Dz7YIlPBF/QFXGWRqjY+g5Ip1IwEFkuUamX30KqcG3hHxRAuTEsiTPuz/TGNHpM5j4942dlNXPBedCMXgz0AjCRDjg==?cssminify=yes
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: e36ba0544357f147232ec32a4279f5779d3bedea5f6241da54a412cdd00e0389

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:02 GMT
content-encoding: gzip
last-modified: Mon, 01 Mar 2021 19:49:46 GMT
server: nginx
etag: W/"603d455a-cb7b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Tue, 01 Mar 2022 19:52:25 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ 315 KB
82 KB 2203ms
2198ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyVU1tSwzAMvBCO22GGwgfDITgA49hqqkR+YMkN5fQ4tB2mj0npV+yVViutHD0mZWMQCKJ71g62aCF9NT0/6NNQiiwemE0HV6L9Z4G8O3waDFuE8WZaD5KMHVQGxu+Lqr6oRKXDwJpwANaVVGBjgiPIM8k2el8htSf1E7vVPGKaU7ggnQDnRNlAtUKnDB6L1wSBrUm/Wvvj/wl19hQD4xaY0N0jdTBxjbJFdz9PYrGb92u23KSOZpciBrlDlAXtsDvmY7BU3KnRGRLtGo9hZksjug6ENZQajQOCIjNqAZ/ICJzhM3UOD09/1Ea0jCgCWQl6IAwXdrQUu78OYnbGsbJkmA8D+NS0ZXqVM4rG1clUa7L2hqtaPSnJtQe+5km9gm/B3bDDmhwLAx3nUUdghiNI4FRniKYf8eQ21/6A7EHUY7PYm7aO2f9jUV2MHcE0aeBpRRdArfHmX5dPy9Xy5Xm5WPU/eKK5FA==
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 251d88cc7bffb3fd03a4dad9e34dce0c145a64d5f45b071311c5fef90bae5cdd

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 2
date: Mon, 05 Apr 2021 20:17:03 GMT
content-encoding: gzip
last-modified: Wed, 31 Mar 2021 13:41:56 GMT
server: nginx
etag: W/"60647c24-4ec2e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Tue, 05 Apr 2022 20:17:02 GMT

GET
H2 200 element.js Show response
translate.google.com/translate_a/ 4 KB
2 KB 19ms
14ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit&ver=5.7.1-alpha-50603

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

c9224f024a2783fafeddc468428825ee3a0bc3d1a14ae36f014f3f19d2bbf98a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Apr 2021 20:17:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: HTTP server (unknown)
content-language: en
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1874
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sharing.js Show response
s0.wp.com/wp-content/mu-plugins/post-flair/sharing/ 15 KB
4 KB 23ms
18ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/post-flair/sharing/sharing.js?m=1611055338h
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 1127fb86a27e063f7c16f71e8c9a3c6d087dc02964718b664a0c3dd8525d2567

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:02 GMT
content-encoding: gzip
server: nginx
etag: W/"6006c0fb-5a9e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Wed, 19 Jan 2022 11:22:42 GMT

GET
H2 200 w.js Show response
stats.wp.com/ 10 KB
4 KB 52ms
15ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/w.js?61
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 2b787dd1927b1cd247687f620670aa7b497a075bd5a418721b59fa5fb912ed55

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams
date: Mon, 05 Apr 2021 20:17:02 GMT
content-encoding: gzip
server: nginx
etag: W/"5fff0d1e-28ca"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Fri, 04 Mar 2022 22:24:12 GMT

GET
H/1.1 200
OK conf Show response
s.pubmine.com/ 242 B
551 B 122ms
54ms Script
text/javascript 176.34.151.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pubmine.com/conf?gdpr=1&pp.pt=1&pp.ht=0&pp.tn=lenscap&pp.amp=false&pp.consent=0&pp.gdpr_applies=true&pp.ad.label.text=Advertisements&pp.ad.reportAd.text=Report%20this%20ad&pp.ad.privacySettings.text=Privacy&pp.siteid=8982&pp.blogid=116998470&pp.js_hint=tcf2_test&rid=4216895676534&ref=https%3A%2F%2Fmalwarebreakdown.wordpress.com%2F2017%2F05%2F17%2Fseamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit%2F&vp=1600x1200&cb=callback__kn51bi2n_1
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.34.151.72 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-176-34-151-72.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 100059518ea2b93e9541f103477f13994a9e81e870f0cf7112ca921064f6dab6

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Apr 2021 20:17:02 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
age: 4100
date: Mon, 05 Apr 2021 19:08:42 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Mon, 05 Apr 2021 21:08:42 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v20/ 15 KB
16 KB 10ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Archivo+Narrow%3A400%2C700%7CRoboto%3A400%2C500%2C700%2C300%2C400italic&subset=latin%2Clatin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://malwarebreakdown.wordpress.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 30 Mar 2021 15:37:32 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:19:00 GMT
server: sffe
age: 535170
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15816
x-xss-protection: 0
expires: Wed, 30 Mar 2022 15:37:32 GMT

GET
H2 200 fa-brands-400.woff2
s0.wp.com/wp-content/themes/premium/lenscap/inc/fontawesome/webfonts/ 54 KB
54 KB 56ms
21ms Font
application/font-woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/themes/premium/lenscap/inc/fontawesome/webfonts/fa-brands-400.woff2
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/wp-content/themes/premium/lenscap/inc/fontawesome/css/fontawesome-all.css?m=1525233279h&cssminify=yes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: e8562087317b34c4b2ac60e28e272b7b33e37523aacd5f2adba7a4f108e415c6

Request headers

Origin: https://malwarebreakdown.wordpress.com
Referer: https://s0.wp.com/wp-content/themes/premium/lenscap/inc/fontawesome/css/fontawesome-all.css?m=1525233279h&cssminify=yes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:02 GMT
x-ac: 4.ams _dfw
last-modified: Mon, 07 Jan 2019 05:01:30 GMT
server: nginx
etag: "5c32dd2a-d768"
access-control-allow-methods: GET, HEAD
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 55144
expires: Thu, 03 Feb 2022 13:34:20 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v20/ 15 KB
15 KB 9ms
6ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Archivo+Narrow%3A400%2C700%7CRoboto%3A400%2C500%2C700%2C300%2C400italic&subset=latin%2Clatin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://malwarebreakdown.wordpress.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Apr 2021 10:03:37 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:36 GMT
server: sffe
age: 296005
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15736
x-xss-protection: 0
expires: Sat, 02 Apr 2022 10:03:37 GMT

GET
H2 200 fa-solid-900.woff2
s0.wp.com/wp-content/themes/premium/lenscap/inc/fontawesome/webfonts/ 43 KB
43 KB 56ms
21ms Font
application/font-woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/themes/premium/lenscap/inc/fontawesome/webfonts/fa-solid-900.woff2
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/wp-content/themes/premium/lenscap/inc/fontawesome/css/fontawesome-all.css?m=1525233279h&cssminify=yes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: cb7aa6b06aa5a8eea3670662c4b0c37104041c14575fc170dc48677a0506a33a

Request headers

Origin: https://malwarebreakdown.wordpress.com
Referer: https://s0.wp.com/wp-content/themes/premium/lenscap/inc/fontawesome/css/fontawesome-all.css?m=1525233279h&cssminify=yes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:02 GMT
x-ac: 4.ams _dfw
last-modified: Wed, 02 May 2018 08:30:58 GMT
server: nginx
etag: "5ae97742-ac24"
access-control-allow-methods: GET, HEAD
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 44068
expires: Thu, 03 Feb 2022 11:58:57 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v20/ 16 KB
16 KB 11ms
9ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Archivo+Narrow%3A400%2C700%7CRoboto%3A400%2C500%2C700%2C300%2C400italic&subset=latin%2Clatin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://malwarebreakdown.wordpress.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Apr 2021 10:03:37 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:37 GMT
server: sffe
age: 296005
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15872
x-xss-protection: 0
expires: Sat, 02 Apr 2022 10:03:37 GMT

GET
H2 200 tss0ApVBdCYD5Q7hcxTE1ArZ0bbwiXw.woff2
fonts.gstatic.com/s/archivonarrow/v12/ 18 KB
18 KB 11ms
9ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/archivonarrow/v12/tss0ApVBdCYD5Q7hcxTE1ArZ0bbwiXw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Archivo+Narrow%3A400%2C700%7CRoboto%3A400%2C500%2C700%2C300%2C400italic&subset=latin%2Clatin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79a55cb67645da5f76d990ad52d179d986e1658149d6d67cf63394417eb10b2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://malwarebreakdown.wordpress.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 02:33:43 GMT
x-content-type-options: nosniff
last-modified: Tue, 01 Sep 2020 03:49:20 GMT
server: sffe
age: 495799
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18008
x-xss-protection: 0
expires: Thu, 31 Mar 2022 02:33:43 GMT

GET
H2 200 tss3ApVBdCYD5Q7hcxTE1ArZ0b5LrGld-9I.woff2
fonts.gstatic.com/s/archivonarrow/v12/ 18 KB
18 KB 13ms
12ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/archivonarrow/v12/tss3ApVBdCYD5Q7hcxTE1ArZ0b5LrGld-9I.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Archivo+Narrow%3A400%2C700%7CRoboto%3A400%2C500%2C700%2C300%2C400italic&subset=latin%2Clatin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

221815c51fde0eb187cdcee6d505f8c37bce4a4879df22bd0cdc39becdba8df1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://malwarebreakdown.wordpress.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Apr 2021 10:03:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 01 Sep 2020 03:49:22 GMT
server: sffe
age: 296005
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18048
x-xss-protection: 0
expires: Sat, 02 Apr 2022 10:03:37 GMT

GET
H2 200 / Show response
public-api.wordpress.com/connect/ Frame FC0D 2 KB
1 KB 2251ms
217ms Document
text/html 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/connect/?googleplus-sign-in=https%3A%2F%2Fmalwarebreakdown.wordpress.com&color_scheme=light

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

836f08de047ffd842c82da1ce8e86defaaa92b5c16a0de86856bb99813da16be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: public-api.wordpress.com
:scheme: https
:path: /connect/?googleplus-sign-in=https%3A%2F%2Fmalwarebreakdown.wordpress.com&color_scheme=light
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://malwarebreakdown.wordpress.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://malwarebreakdown.wordpress.com/

Response headers

server: nginx
date: Mon, 05 Apr 2021 20:17:05 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
host-header: WordPress.com
content-encoding: gzip
x-ac: 2.ams _dfw
strict-transport-security: max-age=15552000

GET
H2 200 fa-regular-400.woff2
s0.wp.com/wp-content/themes/premium/lenscap/inc/fontawesome/webfonts/ 12 KB
12 KB 2040ms
2040ms Font
application/font-woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/themes/premium/lenscap/inc/fontawesome/webfonts/fa-regular-400.woff2
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/wp-content/themes/premium/lenscap/inc/fontawesome/css/fontawesome-all.css?m=1525233279h&cssminify=yes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: d2cdb4f2ed4b585d772068df75c01d0a360d45d27294188fccf5ceb4255fdc83

Request headers

Origin: https://malwarebreakdown.wordpress.com
Referer: https://s0.wp.com/wp-content/themes/premium/lenscap/inc/fontawesome/css/fontawesome-all.css?m=1525233279h&cssminify=yes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:04 GMT
x-ac: 4.ams _dfw
last-modified: Mon, 07 Jan 2019 05:01:30 GMT
server: nginx
etag: "5c32dd2a-2fb8"
access-control-allow-methods: GET, HEAD
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 12216
expires: Thu, 03 Feb 2022 11:58:57 GMT

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c

Request headers

Origin: https://malwarebreakdown.wordpress.com
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 angle-down.jpg
s0.wp.com/wp-content/themes/premium/lenscap/images/ 580 B
713 B 2039ms
2038ms Image
image/jpeg 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/themes/premium/lenscap/images/angle-down.jpg
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJydkdFOxCAQRX9IOjbGJn0wfguUCbI7A4SB3fTvpa26XRuN8YUwwz33Zga4JjXFUDAU4KoSVeeDwDVNkZWwJ5y/Vd0k8gA7zFB0NzBmq62Ao2g0HbS7CPJnFDhhSXo6q7U6yD+1rrbSYHbtJSNc+sfuqevBVE92yV8NTNZ5Bikz4R+MVmqXr+dYi3LZ2/9aZF18cPIDvpt8maH1OemyKBit10jITfYbtv2CMSmjiGon+8qqvDXwuLm7OF6stxVDE953NtRDiMU3Wr4uB88tCj6SgTDIpNNt3ld+6Yd+GMZhHJ9P77494tI=?cssminify=yes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 76c86504b947f6e7e81cdb12c39c820c95db77a24b86854d26719036fb8724ee

Request headers

Referer: https://s0.wp.com/_static/??-eJydkdFOxCAQRX9IOjbGJn0wfguUCbI7A4SB3fTvpa26XRuN8YUwwz33Zga4JjXFUDAU4KoSVeeDwDVNkZWwJ5y/Vd0k8gA7zFB0NzBmq62Ao2g0HbS7CPJnFDhhSXo6q7U6yD+1rrbSYHbtJSNc+sfuqevBVE92yV8NTNZ5Bikz4R+MVmqXr+dYi3LZ2/9aZF18cPIDvpt8maH1OemyKBit10jITfYbtv2CMSmjiGon+8qqvDXwuLm7OF6stxVDE953NtRDiMU3Wr4uB88tCj6SgTDIpNNt3ld+6Yd+GMZhHJ9P77494tI=?cssminify=yes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:04 GMT
x-ac: 4.ams _dfw
last-modified: Sat, 31 Dec 2016 05:39:06 GMT
server: nginx
etag: "5867447a-244"
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 580
expires: Thu, 03 Feb 2022 11:59:00 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ 4 KB
1 KB 62ms
49ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Ubuntu:b%7CKarla:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a18ec5457bc5f41119302839ae211aba31c0ce1ff46d7464493809aeec7000e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 20:17:03 GMT
server: ESF
date: Mon, 05 Apr 2021 20:17:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 05 Apr 2021 20:17:03 GMT

GET
H3-Q050 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
378 B 60ms
46ms Image
image/gif 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1098598293&utmhn=malwarebreakdown.wordpress.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Seamless%20Malvertising%20Campaign%20Leads%20to%20RIG%20EK%20at%20185.154.53.33%20and%20Drops%20Ramnit%20%E2%80%93%20Malware%20breakdown&utmhid=375534136&utmr=-&utmp=%2F2017%2F05%2F17%2Fseamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit%2F&utmht=1617653823068&utmac=UA-52447-2&utmcc=__utma%3D11735858.711941733.1617653823.1617653823.1617653823.1%3B%2B__utmz%3D11735858.1617653823.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=500249414&utmredir=1&utmu=uBQAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Apr 2021 20:17:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ata.js Show response
c0.pubmine.com/2.20.01606319652693/ 194 KB
52 KB 2993ms
35ms Script
application/javascript 192.0.77.38
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.pubmine.com/2.20.01606319652693/ata.js

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.38 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

55b0b1a36ac4d15dae7fc571a8ba7b7b1417338c56fc5334b5251602743cb994

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Mon, 05 Apr 2021 20:17:06 GMT
content-encoding: gzip
last-modified: Wed, 25 Nov 2020 15:56:06 GMT
server: nginx
x-amz-cf-pop: AMS50-C1
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=15552000

GET
DATA 200
OK truncated
/ 14 KB
14 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1cfd32e37f8aba263101f06e8f702adfaef55a6601857cf5e2c6dd0b0388dcd6

Request headers

Origin: https://malwarebreakdown.wordpress.com
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H3-Q050 200 4iCv6KVjbNBYlgoCxCvjsGyN.woff2
fonts.gstatic.com/s/ubuntu/v15/ 28 KB
28 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoCxCvjsGyN.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:b%7CKarla:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

045469f2d577c2ad73219bbd713640bcb4a4f9a46cecc6c0df0e66338646b27f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://malwarebreakdown.wordpress.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Apr 2021 10:03:37 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:03:43 GMT
server: sffe
age: 296006
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28968
x-xss-protection: 0
expires: Sat, 02 Apr 2022 10:03:37 GMT

GET
H3-Q050 200 qkBbXvYC6trAT7RVLtw.woff2
fonts.gstatic.com/s/karla/v15/ 29 KB
29 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/karla/v15/qkBbXvYC6trAT7RVLtw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:b%7CKarla:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cb6e74951b276f25770b35ae0e206139f1494d73cce9c72382731c50c7b8880f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://malwarebreakdown.wordpress.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 30 Mar 2021 13:40:37 GMT
x-content-type-options: nosniff
last-modified: Thu, 28 Jan 2021 22:11:53 GMT
server: sffe
age: 542186
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29268
x-xss-protection: 0
expires: Wed, 30 Mar 2022 13:40:37 GMT

GET
H3-Q050 200 qkBVXvYC6trAT7RQHt6e4Q.woff2
fonts.gstatic.com/s/karla/v15/ 29 KB
29 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/karla/v15/qkBVXvYC6trAT7RQHt6e4Q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:b%7CKarla:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ffd613c417eee02c7fd4be829859eb33fb2f1d15e4b4821578a37a798fa29a76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://malwarebreakdown.wordpress.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Apr 2021 10:03:47 GMT
x-content-type-options: nosniff
last-modified: Thu, 28 Jan 2021 22:09:46 GMT
server: sffe
age: 295996
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29956
x-xss-protection: 0
expires: Sat, 02 Apr 2022 10:03:47 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 53ms
12ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyVU1tSwzAMvBCO22GGwgfDITgA49hqqkR+YMkN5fQ4tB2mj0npV+yVViutHD0mZWMQCKJ71g62aCF9NT0/6NNQiiwemE0HV6L9Z4G8O3waDFuE8WZaD5KMHVQGxu+Lqr6oRKXDwJpwANaVVGBjgiPIM8k2el8htSf1E7vVPGKaU7ggnQDnRNlAtUKnDB6L1wSBrUm/Wvvj/wl19hQD4xaY0N0jdTBxjbJFdz9PYrGb92u23KSOZpciBrlDlAXtsDvmY7BU3KnRGRLtGo9hZksjug6ENZQajQOCIjNqAZ/ICJzhM3UOD09/1Ea0jCgCWQl6IAwXdrQUu78OYnbGsbJkmA8D+NS0ZXqVM4rG1clUa7L2hqtaPSnJtQe+5km9gm/B3bDDmhwLAx3nUUdghiNI4FRniKYf8eQ21/6A7EHUY7PYm7aO2f9jUV2MHcE0aeBpRRdArfHmX5dPy9Xy5Xm5WPU/eKK5FA==
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B89) /
Resource Hash: 0ccadac47f8db7d9086cb5d1a3230580ee43e7db056734068ce3785376e90500

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Apr 2021 20:17:05 GMT
Content-Encoding: gzip
Last-Modified: Wed, 03 Mar 2021 19:22:22 GMT
Server: ECS (amb/6B89)
Age: 916
Etag: "965fcfc23c3459afe3ebf42b92f31e6d+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 29026

GET
H2 200 translateelement.css
translate.googleapis.com/translate_static/css/ 18 KB
3 KB 6ms
5ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_static/css/translateelement.css

Requested by

Host: translate.google.com
URL: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit&ver=5.7.1-alpha-50603

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:13:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 222
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3130
x-xss-protection: 0
last-modified: Wed, 24 Feb 2021 19:45:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 05 Apr 2021 21:13:23 GMT

GET
H2 200 main.js Show response
translate.googleapis.com/translate_static/js/element/ 4 KB
2 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_static/js/element/main.js

Requested by

Host: translate.google.com
URL: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit&ver=5.7.1-alpha-50603

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80f35659d030651ea3acc6d6e97475b42eaa60d5700e83f9623cf90904d42cec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 19:44:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1936
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1673
x-xss-protection: 0
last-modified: Thu, 25 Feb 2021 22:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 05 Apr 2021 20:44:49 GMT

GET
H2 200 master.html Show response
widgets.wp.com/likes/ Frame 9BEC 3 KB
1 KB 17ms
15ms Document
text/html 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.wp.com/likes/master.html?ver=20210317
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 3737b9545ee44941fe97194d2b912493c5985ed768b2e80148f2c9c4837131cc

Request headers

:method: GET
:authority: widgets.wp.com
:scheme: https
:path: /likes/master.html?ver=20210317
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://malwarebreakdown.wordpress.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://malwarebreakdown.wordpress.com/

Response headers

server: nginx
date: Mon, 05 Apr 2021 20:17:05 GMT
content-type: text/html
last-modified: Tue, 16 Mar 2021 23:50:17 GMT
vary: Accept-Encoding
etag: W/"60514439-a6a"
content-encoding: gzip
x-ac: 4.ams _dfw
x-nc: HIT ams 2

GET
H2 200 g.gif
pixel.wp.com/ 50 B
115 B 18ms
16ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.2347416306378287
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
74 B 18ms
16ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?blog=116998470&v=wpcom&tz=0&user_id=0&post=15698&subd=malwarebreakdown&host=malwarebreakdown.wordpress.com&ref=&rand=0.49564680459368193
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
74 B 18ms
16ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?crypt=UE5XaGUuOTlwaD85flAmcm1mcmZsaDhkV11YdWtpP0NsWnVkPS9sL0ViLndld3BmSkpSVUctWTNGWUpSLmxWNWhpP2wxRndSQjE3aXJFK2lfK3ZLXSs1ME98OTAtVEtvMmROSDRpUndrQVosaV8reSZsRzBEMW5tJURlJX4mWG5kSlFjMkxlZnlCKy5nVnE3bnhxRnV1bXloSlpvLnl%2BelRzWDEmZDNvRFl%2BZzU0VmVCSEQzWXE0cHY%2FQkQyVW9EfC93U1NYeEdmbS8rTnFjV0MyWUR6JmdsOS58dmFIU1VVUGdJP1ExOEYrbkp6JUJyLEhHNzlIcWlJZS9vWzFZU2FqNjZmSmJWZkFpcCtdOUNBU09BaUIsSHRvRC5lc1pVVmNPJTI9PU8lelNielZ%2Bb1ksLyV0OGVlUD9jSStnc0VNUkdkTlU%2Fd0hJRUo0LXBnSHM9cTFhXUVXbHY0a2FPS2E4fkRiWmZvTVhzRHBHdGNkP05NfH5GbzNyS2lxZkI5ekJ2Uk0%3D&v=wpcom-no-pv&rand=0.6216039498612838
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 / Show response
malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/ 4 KB
1 KB 293ms
293ms XHR
application/json 192.0.78.13
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/?relatedposts=1

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFjtsKwyAMhl9oqZRCyy7GnsVqJko0zihd334dO1B6s6uQ5PsPaslgOFVMVQVRkWdPCE2waLfdwKcbd0FOasfFBpma80lUQdIVLWSWeti+Kp8MNYvysg/3hmX9jC769BeC6F3ZTPfwrm+hCrnwYz3+ZmL3a7lwsdoKGNIi7xATM0ht86a7xks/9tPQD+N0Dk8unGVN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.13 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

30e6e02eda1379eec15d576ecc9a718b8ffe3d584033df1de3b1031ea2066267

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
x-requested-with: XMLHttpRequest

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date: Mon, 05 Apr 2021 20:17:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
x-pingback: https://malwarebreakdown.wordpress.com/xmlrpc.php
content-type: application/json; charset=utf-8
x-ac: 1.ams _dfw
strict-transport-security: max-age=15552000
host-header: WordPress.com
vary: Accept-Encoding

GET
H2 200 hovercard.min.css
0.gravatar.com/dist/css/ 8 KB
2 KB 5ms
5ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://0.gravatar.com/dist/css/hovercard.min.css?ver=202114y
Requested by: Host: 0.gravatar.com
URL: https://0.gravatar.com/js/gprofiles.js?ver=202114y
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1a0b51af7ff79f11c0a779bf478304fa451ac5587675952b8378b47f0a97504d

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
content-encoding: gzip
last-modified: Wed, 11 Nov 2020 15:57:10 GMT
server: nginx
etag: W/"5fac09d6-1e86"
content-type: text/css
cache-control: max-age=604800
expires: Mon, 12 Apr 2021 20:17:05 GMT

GET
H2 200 services.min.css
0.gravatar.com/dist/css/ 3 KB
587 B 6ms
5ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://0.gravatar.com/dist/css/services.min.css?ver=202114y
Requested by: Host: 0.gravatar.com
URL: https://0.gravatar.com/js/gprofiles.js?ver=202114y
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
content-encoding: gzip
last-modified: Thu, 22 Mar 2018 09:46:04 GMT
server: nginx
etag: W/"5ab37b5c-a54"
content-type: text/css
cache-control: max-age=604800
expires: Mon, 12 Apr 2021 20:17:05 GMT

GET
H2 200 / Show response
public-api.wordpress.com/geo/ 139 B
349 B 193ms
159ms XHR
application/json 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/geo/

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7ab2818631662848ed3c167f8ecc1811cc2ad629514a2c09f729e86e226ffb29

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date: Mon, 05 Apr 2021 20:17:05 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ac: 2.ams _dfw
strict-transport-security: max-age=15552000
host-header: WordPress.com

GET
H2 200 app.bundle.js Show response
s0.wp.com/wp-content/blog-plugins/wordads-classes/js/ 3 KB
1 KB 16ms
16ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/blog-plugins/wordads-classes/js/app.bundle.js?id=10f08b851d8a01803359
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyVU1tSwzAMvBCO22GGwgfDITgA49hqqkR+YMkN5fQ4tB2mj0npV+yVViutHD0mZWMQCKJ71g62aCF9NT0/6NNQiiwemE0HV6L9Z4G8O3waDFuE8WZaD5KMHVQGxu+Lqr6oRKXDwJpwANaVVGBjgiPIM8k2el8htSf1E7vVPGKaU7ggnQDnRNlAtUKnDB6L1wSBrUm/Wvvj/wl19hQD4xaY0N0jdTBxjbJFdz9PYrGb92u23KSOZpciBrlDlAXtsDvmY7BU3KnRGRLtGo9hZksjug6ENZQajQOCIjNqAZ/ICJzhM3UOD09/1Ea0jCgCWQl6IAwXdrQUu78OYnbGsbJkmA8D+NS0ZXqVM4rG1clUa7L2hqtaPSnJtQe+5km9gm/B3bDDmhwLAx3nUUdghiNI4FRniKYf8eQ21/6A7EHUY7PYm7aO2f9jUV2MHcE0aeBpRRdArfHmX5dPy9Xy5Xm5WPU/eKK5FA==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 2342cd730ae1d1d011eec7480358fe06c3e6ff924c0623604f78cd5838f1adb6

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:05 GMT
content-encoding: gzip
server: nginx
etag: W/"605d1413-d8c"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Fri, 25 Mar 2022 22:53:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
74 B 17ms
17ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?x_wordads_cmp_view=no_cookie&v=wpcom-no-pv&rand=0.5933822943557918
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 / Show response
graph.facebook.com/ 244 B
650 B 57ms
38ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fmalwarebreakdown.wordpress.com%2F2017%2F05%2F17%2Fseamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit%2F

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/wp-content/mu-plugins/post-flair/sharing/sharing.js?m=1611055338h

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

206acafea019224c99a0499ef3ccaf51f546dcab420c0842f2f9272a78b91155

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev: 1003567860
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 181
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: mvku/Tijb9Leb92LvgMk9g12RPsnF/5vSZcZrKpg5fpAy7AJ6liVk+IYjPmP96e0PNZXToInRj+ekdMudVdDig==
x-fb-trace-id: E3CHaYIg8f8
date: Mon, 05 Apr 2021 20:17:05 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: APHrlGdyvG-9A2qInJ8cr9q
cache-control: no-store
facebook-api-version: v3.2
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
74 B 16ms
15ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.9052547139440945
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H3-Q050 200 element_main.js Show response
translate.googleapis.com/element/TE_20210224_00/e/js/element/ 250 KB
89 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/element/TE_20210224_00/e/js/element/element_main.js

Requested by

Host: translate.googleapis.com
URL: https://translate.googleapis.com/translate_static/js/element/main.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca537b74a51c73d56a401ea7d361ad32f692558ab321b86a8fb0979f2927712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:13:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 222
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 91310
x-xss-protection: 0
last-modified: Wed, 24 Feb 2021 18:08:41 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Apr 2022 20:13:23 GMT

GET
H2 200 banner.bundle.js Show response
s0.wp.com/wp-content/blog-plugins/wordads-classes/js/ 19 KB
6 KB 17ms
16ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/blog-plugins/wordads-classes/js/banner.bundle.js?id=69626cb5d25b886923fc
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyVU1tSwzAMvBCO22GGwgfDITgA49hqqkR+YMkN5fQ4tB2mj0npV+yVViutHD0mZWMQCKJ71g62aCF9NT0/6NNQiiwemE0HV6L9Z4G8O3waDFuE8WZaD5KMHVQGxu+Lqr6oRKXDwJpwANaVVGBjgiPIM8k2el8htSf1E7vVPGKaU7ggnQDnRNlAtUKnDB6L1wSBrUm/Wvvj/wl19hQD4xaY0N0jdTBxjbJFdz9PYrGb92u23KSOZpciBrlDlAXtsDvmY7BU3KnRGRLtGo9hZksjug6ENZQajQOCIjNqAZ/ICJzhM3UOD09/1Ea0jCgCWQl6IAwXdrQUu78OYnbGsbJkmA8D+NS0ZXqVM4rG1clUa7L2hqtaPSnJtQe+5km9gm/B3bDDmhwLAx3nUUdghiNI4FRniKYf8eQ21/6A7EHUY7PYm7aO2f9jUV2MHcE0aeBpRRdArfHmX5dPy9Xy5Xm5WPU/eKK5FA==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: d0a67e7fe073b9abd646d15f49c56cf92a8cd280502a588b0a7bdf3d0aa7ebfc

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:05 GMT
content-encoding: gzip
server: nginx
etag: W/"605d1413-4be9"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Fri, 25 Mar 2022 22:53:01 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 9BEC 114 KB
29 KB 20ms
19ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/jed/jed.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js,/wp-content/js/rlt-proxy.js?m=20210317
Requested by: Host: widgets.wp.com
URL: https://widgets.wp.com/likes/master.html?ver=20210317
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 8b8c5d5416df54da07faeab6bf039f652735cca2e2ed4b6e8842b55368520d01

Request headers

Referer: https://widgets.wp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:05 GMT
content-encoding: gzip
last-modified: Tue, 16 Mar 2021 21:39:27 GMT
server: nginx
etag: W/"6051258f-1c97b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Wed, 16 Mar 2022 21:51:11 GMT

GET
H/1.1 200
OK widget_iframe.0edc1ef9f8b82d9b79c6115bda79f63f.html Show response
platform.twitter.com/widgets/ Frame 1F29 320 KB
104 KB 13ms
13ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.0edc1ef9f8b82d9b79c6115bda79f63f.html?origin=https%3A%2F%2Fmalwarebreakdown.wordpress.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BC3) /
Resource Hash: a8d227efe0ef553cba37d86bef6e44598dbf9bd9fad3db2582b0ffdebdbd6138

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://malwarebreakdown.wordpress.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://malwarebreakdown.wordpress.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 339475
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 05 Apr 2021 20:17:05 GMT
Etag: "e9ffeb87a3b6f068499be71966b442d9+gzip"
Last-Modified: Wed, 03 Mar 2021 19:20:25 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (amb/6BC3)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105690

GET
H2 200 / Show response
public-api.wordpress.com/wp-admin/rest-proxy/ Frame 6090 8 KB
3 KB 157ms
157ms Document
text/html 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/wp-admin/rest-proxy/

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/jed/jed.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js,/wp-content/js/rlt-proxy.js?m=20210317

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d1a44cca98246c0470f23e07e9a137911363cb0a47c40f9975ccb51a2ee9c4c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: public-api.wordpress.com
:scheme: https
:path: /wp-admin/rest-proxy/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://widgets.wp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://widgets.wp.com/

Response headers

server: nginx
date: Mon, 05 Apr 2021 20:17:05 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
p3p: CP="CAO PSA OUR"
set-cookie: wp_api=+; expires=Sun, 05-Apr-2020 20:17:05 GMT; Max-Age=0; path=/wp-admin/rest-proxy/; domain=public-api.wordpress.com; secure; SameSite=None wp_api_sec=+; expires=Sun, 05-Apr-2020 20:17:05 GMT; Max-Age=0; path=/; domain=public-api.wordpress.com; secure; HttpOnly; SameSite=None
content-encoding: gzip
x-ac: 2.ams _dfw
strict-transport-security: max-age=15552000

GET
H2 200 translate_24dp.png
www.gstatic.com/images/branding/product/1x/ 825 B
914 B 7ms
6ms Image
image/png 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/1x/translate_24dp.png

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 06:13:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 50594
vary: Origin
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 825
x-xss-protection: 0
expires: Tue, 05 Apr 2022 06:13:51 GMT

GET
H2 200 googlelogo_color_42x16dp.png
www.gstatic.com/images/branding/googlelogo/1x/ 910 B
1 KB 6ms
6ms Image
image/png 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Apr 2021 18:28:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 265733
vary: Origin
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 910
x-xss-protection: 0
expires: Sat, 02 Apr 2022 18:28:12 GMT

GET
H2 200 translate_24dp.png
www.gstatic.com/images/branding/product/2x/ 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/2x/translate_24dp.png

Requested by

Host: translate.googleapis.com
URL: https://translate.googleapis.com/translate_static/css/translateelement.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://translate.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 19:15:33 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 3692
vary: Origin
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1847
x-xss-protection: 0
expires: Tue, 05 Apr 2022 19:15:33 GMT

GET
H2 200 googleplus-sign-in.js Show response
s0.wp.com/wp-content/js/ Frame FC0D 11 KB
4 KB 16ms
16ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/googleplus-sign-in.js?m=1551752381h
Requested by: Host: public-api.wordpress.com
URL: https://public-api.wordpress.com/connect/?googleplus-sign-in=https%3A%2F%2Fmalwarebreakdown.wordpress.com&color_scheme=light
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 83f49a60c7b81bab4b8b2ffd154c069fdde45e0ec303ce85ede59495844f919a

Request headers

Referer: https://public-api.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:05 GMT
content-encoding: gzip
server: nginx
etag: W/"5c7ddce7-4290"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Fri, 04 Mar 2022 02:20:31 GMT

GET
H3-Q050 200 l Show response
translate.googleapis.com/translate_a/ Frame 3495 3 KB
2 KB 17ms
17ms Script
application/javascript 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_a/l?client=te&alpha=true&hl=en&cb=callback

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

13b5eece5a7359f9c0de2b4b3c24eeed42fa547e5811238bc9434dcc975bb101

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-86k21Yo4K2TpuETx3o/zBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="TranslateApiHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"TranslateApiHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/TranslateApiHttp/external"}]}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
origin-trial: AmWWqEiPtRKXiIreUsgUyNMptDcKdmLPlGI32DPZjDKK+yBAUi7+FT3r/9RpkTnzHyXYUWiPfirCGMg3Ogzc7gMAAAB3eyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjE0MTI0Nzk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
content-security-policy: script-src 'report-sample' 'nonce-86k21Yo4K2TpuETx3o/zBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 1F29 183 B
411 B 173ms
127ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=1b6f9811816e1ab891ae224a74f0db92aab4cfd9

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.0edc1ef9f8b82d9b79c6115bda79f63f.html?origin=https%3A%2F%2Fmalwarebreakdown.wordpress.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ced34f591157438ef47695f979ac95f8758408e8d9b88e63aee8b382ec975785

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-response-time: 104
date: Mon, 05 Apr 2021 20:17:05 GMT
content-encoding: gzip
last-modified: Mon, 05 Apr 2021 20:17:05 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: a9679373decb229548fa83c4da8dad0f
strict-transport-security: max-age=631138519
content-length: 152

GET
H/1.1 200
OK moment~timeline~tweet.bd459ee688d39ebbbe0e6b166a1d2cb9.js Show response
platform.twitter.com/js/ 23 KB
8 KB 13ms
12ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/moment~timeline~tweet.bd459ee688d39ebbbe0e6b166a1d2cb9.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B7F) /
Resource Hash: e98a4eaa87878c23468648dab95993b5364dabffd5d3fd09b875243e7d4e9c7c

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Apr 2021 20:17:05 GMT
Content-Encoding: gzip
Last-Modified: Wed, 03 Mar 2021 19:20:13 GMT
Server: ECS (amb/6B7F)
Age: 339476
Etag: "bec3cda673021d4ec31aee3fc3eea418+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 7652

GET
H/1.1 200
OK timeline.4d8f2209bfca17ad1826ab582cf6da09.js Show response
platform.twitter.com/js/ 21 KB
7 KB 25ms
12ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/timeline.4d8f2209bfca17ad1826ab582cf6da09.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B89) /
Resource Hash: 7ad582812f30bccc1425611adead2395ca65d59bfe6a6add62fa61b9ee773986

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Apr 2021 20:17:05 GMT
Content-Encoding: gzip
Last-Modified: Wed, 03 Mar 2021 19:20:13 GMT
Server: ECS (amb/6B89)
Age: 339476
Etag: "eb92795319bccd2f28b07dac5efe5412+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 6649

GET
H2 200 6e2cf-a3e0a-think3r.png
malwarebreakdown.files.wordpress.com/2019/07/ 49 KB
49 KB 385ms
384ms Image
image/png 192.0.72.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malwarebreakdown.files.wordpress.com/2019/07/6e2cf-a3e0a-think3r.png?w=350&h=200&crop=1

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6da4866822363344501ddae81dd762924fa4c7bb73ded3a5527b784133d88733

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 23 np
date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Tue, 23 Jul 2019 15:56:52 GMT
server: nginx
vary: Accept, Origin
content-type: image/png
access-control-allow-origin: https://malwarebreakdown.wordpress.com
x-orig-src: 0_imageresize
accept-ranges: bytes
content-length: 50049
access-control-allow-credentials: true
expires: Thu, 06 May 2021 16:59:50 GMT

GET
H2 200 08659-22890-http-traffic-edited.png
malwarebreakdown.files.wordpress.com/2019/07/ 32 KB
32 KB 385ms
384ms Image
image/png 192.0.72.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malwarebreakdown.files.wordpress.com/2019/07/08659-22890-http-traffic-edited.png?w=350&h=200&crop=1

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b24b60471c9a5579581d1e7709a2a20053794135585f0691c7620f59109c8524

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 23 np
date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Tue, 23 Jul 2019 15:58:01 GMT
server: nginx
vary: Accept, Origin
content-type: image/png
access-control-allow-origin: https://malwarebreakdown.wordpress.com
x-orig-src: 0_imageresize
accept-ranges: bytes
content-length: 32454
access-control-allow-credentials: true
expires: Sat, 01 May 2021 04:35:06 GMT

GET
H2 200 1361a-0a081-iframe.png
malwarebreakdown.files.wordpress.com/2019/07/ 14 KB
14 KB 441ms
440ms Image
image/png 192.0.72.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malwarebreakdown.files.wordpress.com/2019/07/1361a-0a081-iframe.png?w=350&h=200&crop=1

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

de2bcf387ae7ba6decb83bf01095260fafa6f4185220a656793d12e72b3314ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 23 np
date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Tue, 23 Jul 2019 15:57:58 GMT
server: nginx
vary: Accept, Origin
content-type: image/png
access-control-allow-origin: https://malwarebreakdown.wordpress.com
x-orig-src: 0_imageresize
accept-ranges: bytes
content-length: 13886
access-control-allow-credentials: true
expires: Sat, 08 May 2021 04:22:52 GMT

GET
H2 200 3874d-41694-http-and-dns-traffic-edited.png
malwarebreakdown.files.wordpress.com/2019/07/ 32 KB
32 KB 384ms
384ms Image
image/png 192.0.72.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malwarebreakdown.files.wordpress.com/2019/07/3874d-41694-http-and-dns-traffic-edited.png?w=350&h=200&crop=1

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

37cf37fcfc95fb792d044403cac43f1113d2aca85204a6413c11a0b72757defd

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS ams 23 np
date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Tue, 23 Jul 2019 15:58:18 GMT
server: nginx
vary: Accept, Origin
content-type: image/png
access-control-allow-origin: https://malwarebreakdown.wordpress.com
x-orig-src: 0_imageresize
accept-ranges: bytes
content-length: 32560
access-control-allow-credentials: true
expires: Fri, 30 Apr 2021 13:13:40 GMT

GET
H2 200 profile Show response
cdn.syndication.twimg.com/timeline/ 149 KB
11 KB 281ms
239ms Script
application/javascript 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/timeline/profile?callback=__twttr.callbacks.tl_i0_profile_DynamicAnalysis_old&dnt=false&domain=malwarebreakdown.wordpress.com&lang=en&screen_name=DynamicAnalysis&suppress_response_codes=true&t=1797393&tz=GMT%2B0200&with_replies=false

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f /

Resource Hash

87b6db89d9f307c17c9a958a932c64314fccc3bca96e21542a61ee40d77e6bd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: attachment; filename=jsonp.jsonp
access-control-allow-methods: GET
content-length: 10899
x-xss-protection: 0
access-contol-allow-origin: platform.twitter.com
x-response-time: 218
last-modified: Mon, 05 Apr 2021 20:17:05 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: application/javascript;charset=utf-8
cache-control: must-revalidate, max-age=300
x-connection-hash: dea2fea34f4a5b2bd8ddd2c938320fdf
timing-allow-origin: *
x-transaction: 0035bbc100edfe29
expires: Mon, 05 Apr 2021 20:22:05 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 6090 22 KB
5 KB 17ms
17ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/rlt-proxy.js?m=20210316
Requested by: Host: public-api.wordpress.com
URL: https://public-api.wordpress.com/wp-admin/rest-proxy/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 15514b26b2548f8ff4520fd08fd8d2b7007a1a34461429baa32daac08d916f16

Request headers

Referer: https://public-api.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:05 GMT
content-encoding: gzip
last-modified: Tue, 16 Mar 2021 17:39:21 GMT
server: nginx
etag: W/"6050ed49-5765"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Wed, 16 Mar 2022 17:39:26 GMT

GET
H2 200 batch Show response
public-api.wordpress.com/rest/v1/ Frame 6090 545 B
404 B 219ms
218ms XHR
application/json 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/rest/v1/batch?http_envelope=1&urls[]=/me&urls[]=/sites/116998470/posts/15698/likes&urls[]=/sites/116998470/posts/15698/reblogs/mine

Requested by

Host: public-api.wordpress.com
URL: https://public-api.wordpress.com/wp-admin/rest-proxy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

bcee6e742a83c95bf713bbfd177d39e1e16eeeb269d40cc70566209bf8cdba78

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://public-api.wordpress.com/wp-admin/rest-proxy/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-hacker: Oh, Awesome: Opossum
date: Mon, 05 Apr 2021 20:17:05 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
cache-control: no-cache, must-revalidate, max-age=0
x-ac: 2.ams _dfw
strict-transport-security: max-age=15552000
host-header: WordPress.com
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 index.html Show response
widgets.wp.com/likes/ Frame B9F2 126 B
194 B 16ms
16ms Document
text/html 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.wp.com/likes/index.html?ver=20210317
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFjtsKwyAMhl9oqZRCyy7GnsVqJko0zihd334dO1B6s6uQ5PsPaslgOFVMVQVRkWdPCE2waLfdwKcbd0FOasfFBpma80lUQdIVLWSWeti+Kp8MNYvysg/3hmX9jC769BeC6F3ZTPfwrm+hCrnwYz3+ZmL3a7lwsdoKGNIi7xATM0ht86a7xks/9tPQD+N0Dk8unGVN
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 6c79541d416470cf6276c0fe3e41528c51c823d125a45a1678355897fe9f3dc3

Request headers

:method: GET
:authority: widgets.wp.com
:scheme: https
:path: /likes/index.html?ver=20210317
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://malwarebreakdown.wordpress.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://malwarebreakdown.wordpress.com/

Response headers

server: nginx
date: Mon, 05 Apr 2021 20:17:05 GMT
content-type: text/html
content-length: 126
last-modified: Sat, 23 Dec 2017 00:24:47 GMT
etag: "5a3da24f-7e"
x-ac: 4.ams _dfw
x-nc: HIT ams 2
accept-ranges: bytes

GET
H2 200 style.css
widgets.wp.com/likes/ Frame B9F2 4 KB
1 KB 16ms
16ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.wp.com/likes/style.css
Requested by: Host: widgets.wp.com
URL: https://widgets.wp.com/likes/index.html?ver=20210317
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: f8291c2dfd40b03e80064b0606e575b596426592287554a2a985f70430f8a230

Request headers

Referer: https://widgets.wp.com/likes/index.html?ver=20210317
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:05 GMT
content-encoding: gzip
server: nginx
etag: W/"5a3da259-12d7"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-ac: 4.ams _dfw
expires: Thu, 03 Feb 2022 04:33:00 GMT

GET
H2 200 1f4a3.png
abs.twimg.com/emoji/v2/72x72/ Frame 97AC 561 B
705 B 33ms
12ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f4a3.png

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8EA8) /

Resource Hash

e3f9d45110f6534fe8f65ebee07c9c6a1dce6e5ae6433265d22940a7f43b6870

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 21182958
x-ton-expected-size: 561
x-cache: HIT
content-length: 561
x-response-time: 11
surrogate-key: twitter-assets
last-modified: Mon, 17 Sep 2018 19:13:25 GMT
server: ECAcc (frc/8EA8)
etag: "E7dQxtwD0aGUfdL9QoFSxA=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 6a63cf2047951f36cf68143521dbefdf
accept-ranges: bytes
expires: Tue, 05 Apr 2022 20:17:05 GMT

GET
H2 200 1f575-fe0f-200d-2642-fe0f.png
abs.twimg.com/emoji/v2/72x72/ Frame 97AC 1013 B
1 KB 32ms
11ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f575-fe0f-200d-2642-fe0f.png

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F33) /

Resource Hash

f61670211b093dbc9450146a26d46197a299bfbbe437379c0283d2d19f7bbde5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 21708385
x-ton-expected-size: 1013
x-cache: HIT
content-length: 1013
x-response-time: 13
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:27 GMT
server: ECAcc (frc/8F33)
etag: "W/f8ZIb8KTUEfS8/aeRnlA=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: e4eb80845c4b68f6521d49d4b7b3952e
accept-ranges: bytes
expires: Tue, 05 Apr 2022 20:17:05 GMT

GET
H2 200 1f44f.png
abs.twimg.com/emoji/v2/72x72/ Frame 97AC 1 KB
1 KB 33ms
12ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f44f.png

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F88) /

Resource Hash

876e139116fc16aa3c4d125fc455be61e9c68bf474539ca822a2d2edee6a7459

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 18154263
x-ton-expected-size: 1072
x-cache: HIT
content-length: 1072
x-response-time: 10
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:28:35 GMT
server: ECAcc (frc/8F88)
etag: "HwgzY5zG+7n9Q99ZvoJHLw=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 02bc49bb5afe800093b3175c125c2c7b
accept-ranges: bytes
expires: Tue, 05 Apr 2022 20:17:05 GMT

GET
H2 200 0YQ6LfBD
pbs.twimg.com/card_img/1377368281993117700/ Frame 97AC 38 KB
38 KB 57ms
15ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1377368281993117700/0YQ6LfBD?format=jpg&name=600x314

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BC1) /

Resource Hash

0236f8820fb85130789e9b73bc9cbefd77d02cd25a734e750ac2795e0c213778

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 413760
x-cache: HIT
content-length: 38539
x-response-time: 156
surrogate-key: card_img card_img/bucket/3 card_img/1377368281993117700
last-modified: Wed, 31 Mar 2021 21:10:43 GMT
server: ECS (amb/6BC1)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: b91c28befe8b0296b7d07e0d902587b0
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 GMJZZtBY
pbs.twimg.com/card_img/1377021440827006979/ Frame 97AC 3 KB
3 KB 56ms
14ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1377021440827006979/GMJZZtBY?format=jpg&name=600x314

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BAD) /

Resource Hash

04de37235aa22553dd4d1fe2e7dee685754f9e658aa9deb0714d0c47de5be6ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 482969
x-cache: HIT
content-length: 2672
x-response-time: 192
surrogate-key: card_img card_img/bucket/5 card_img/1377021440827006979
last-modified: Tue, 30 Mar 2021 22:12:29 GMT
server: ECS (amb/6BAD)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 0e3d3f24a762d911094a725ae5231712
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 aFQ5mdbu
pbs.twimg.com/card_img/1377021440755662852/ Frame 97AC 35 KB
35 KB 77ms
35ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1377021440755662852/aFQ5mdbu?format=jpg&name=600x314

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B9F) /

Resource Hash

ba98ed6bdfae09d2e6c9d2849f4acf6e3ba30e8a388287b03a2c811029a43bff

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 482969
x-cache: HIT
content-length: 35643
x-response-time: 208
surrogate-key: card_img card_img/bucket/3 card_img/1377021440755662852
last-modified: Tue, 30 Mar 2021 22:12:29 GMT
server: ECS (amb/6B9F)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: d807ff2119c288c26ce1bf042515d6e0
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 1za72fEo
pbs.twimg.com/card_img/1376669859673595904/ Frame 97AC 25 KB
25 KB 80ms
39ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1376669859673595904/1za72fEo?format=jpg&name=600x314

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BA6) /

Resource Hash

5ac42884909ca95b892e657444d0d581cd1f93931061e136495eda3cd1c91d55

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 574759
x-cache: HIT
content-length: 25791
x-response-time: 138
surrogate-key: card_img card_img/bucket/8 card_img/1376669859673595904
last-modified: Mon, 29 Mar 2021 22:55:26 GMT
server: ECS (amb/6BA6)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: c5acfbc1702ef28a420a4f12658c0112
accept-ranges: bytes

GET
H2 200 E9f0aCYu
pbs.twimg.com/card_img/1378113501051318274/ Frame 97AC 17 KB
17 KB 80ms
38ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1378113501051318274/E9f0aCYu?format=jpg&name=600x314

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BBF) /

Resource Hash

6127b9170bdb5d5773ecedcfea6bde360d9bf1a0b54bd2c0044a9459dcb12276

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 245772
x-cache: HIT
content-length: 17254
surrogate-key: card_img card_img/bucket/5 card_img/1378113501051318274
last-modified: Fri, 02 Apr 2021 22:31:57 GMT
server: ECS (amb/6BBF)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 4961a985fcfd69c742a91885c235a5d864629b249b259c6b92be76c25fb92ab8
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 FTpG2PC6
pbs.twimg.com/card_img/1377753673195909122/ Frame 97AC 3 KB
3 KB 80ms
39ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1377753673195909122/FTpG2PC6?format=jpg&name=600x314

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BA5) /

Resource Hash

04de37235aa22553dd4d1fe2e7dee685754f9e658aa9deb0714d0c47de5be6ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 329654
x-cache: HIT
content-length: 2672
x-response-time: 148
surrogate-key: card_img card_img/bucket/5 card_img/1377753673195909122
last-modified: Thu, 01 Apr 2021 22:42:07 GMT
server: ECS (amb/6BA5)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 42a10a41464b1e55128b0a6eda27a9ad
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 zvBib7k_
pbs.twimg.com/card_img/1377734215257751554/ Frame 97AC 27 KB
28 KB 46ms
44ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1377734215257751554/zvBib7k_?format=jpg&name=600x314

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BC0) /

Resource Hash

900d5fdb161472dba89bf63fdbcc32b9ceba423cc330bce6ad0c275336c8af0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 329654
x-cache: HIT
content-length: 28009
x-response-time: 143
surrogate-key: card_img card_img/bucket/7 card_img/1377734215257751554
last-modified: Thu, 01 Apr 2021 21:24:48 GMT
server: ECS (amb/6BC0)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 4707a145be54e8fd175b680ea646499f
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
platform.twitter.com/css/ Frame 97AC 53 KB
12 KB 13ms
12ms Stylesheet
text/css 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/css/timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B87) /
Resource Hash: 8a322ede0b619b9051fccbe2a1a31f402f416d45f92c245aafcbe75e42f6f2b2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Apr 2021 20:17:05 GMT
Content-Encoding: gzip
Last-Modified: Wed, 03 Mar 2021 19:20:10 GMT
Server: ECS (amb/6B87)
Age: 339476
Etag: "fb5a989a2b36d6be5344baad6a1936fd+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: text/css; charset=utf-8
Content-Length: 12144

GET
H/1.1 200
OK timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
platform.twitter.com/css/ 53 KB
53 KB 14ms
13ms Image
text/css 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform.twitter.com/css/timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B87) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Apr 2021 20:17:05 GMT
Content-Encoding: gzip
Last-Modified: Wed, 03 Mar 2021 19:20:10 GMT
Server: ECS (amb/6B87)
Age: 339476
Etag: "fb5a989a2b36d6be5344baad6a1936fd+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: text/css; charset=utf-8
Content-Length: 12144

GET
H2 200 MZcvnhsY_normal.jpg
pbs.twimg.com/profile_images/901783088908394496/ Frame 97AC 2 KB
2 KB 34ms
32ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/901783088908394496/MZcvnhsY_normal.jpg

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B7A) /

Resource Hash

bc740c3112caddaec0203f975f014756ba0aad2b52b76029e0752193bfa2829d

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 131108
x-cache: HIT
content-length: 1655
x-response-time: 121
surrogate-key: profile_images profile_images/bucket/8 profile_images/901783088908394496
last-modified: Sun, 27 Aug 2017 12:24:57 GMT
server: ECS (amb/6B7A)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: f459effdb9ad6c9a4aa6a20a1a81fbb5
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 cpYWuYI9_normal.jpg
pbs.twimg.com/profile_images/1092582027994509312/ Frame 97AC 2 KB
2 KB 34ms
32ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1092582027994509312/cpYWuYI9_normal.jpg

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B8A) /

Resource Hash

502ea5ffffca54ef6c3381e16ca883baca7d03ec38f6faf6b78e7b445b635d2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 2061
x-cache: HIT
content-length: 2263
x-response-time: 118
surrogate-key: profile_images profile_images/bucket/6 profile_images/1092582027994509312
last-modified: Tue, 05 Feb 2019 00:31:49 GMT
server: ECS (amb/6B8A)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: e85008f721b0c33519e55af4b7fa9a04
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 V22-Luf7_normal.jpg
pbs.twimg.com/profile_images/1364491704817098753/ Frame 97AC 2 KB
2 KB 33ms
32ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1364491704817098753/V22-Luf7_normal.jpg

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B91) /

Resource Hash

0bd4d9f7d275b70945e5336fa505c3ab024799962ba6ae639884ced0be363457

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 474362
x-cache: HIT
content-length: 1883
x-response-time: 113
surrogate-key: profile_images profile_images/bucket/3 profile_images/1364491704817098753
last-modified: Wed, 24 Feb 2021 08:23:48 GMT
server: ECS (amb/6B91)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 39b3bfcc1d29ca217e11d79d8c3f0b78cec34d6f61987148c0ee77c3d73930c5
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 A7cfxZ4g_normal.jpg
pbs.twimg.com/profile_images/798153733255401473/ Frame 97AC 2 KB
2 KB 45ms
43ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/798153733255401473/A7cfxZ4g_normal.jpg

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BAD) /

Resource Hash

0ca9eca02d1cccfd08000fee76efe3ec10c3893e7309ad05d8d41a4e4794dd3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 411643
x-cache: HIT
content-length: 2035
x-response-time: 116
surrogate-key: profile_images profile_images/bucket/9 profile_images/798153733255401473
last-modified: Mon, 14 Nov 2016 13:18:53 GMT
server: ECS (amb/6BAD)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 0bc4e83394003a4052612badb1d35b17
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 gPViRCLD_normal.jpg
pbs.twimg.com/profile_images/743038494725918721/ Frame 97AC 2 KB
2 KB 45ms
43ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/743038494725918721/gPViRCLD_normal.jpg

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B97) /

Resource Hash

6ecbc4298aa2684ee0af1b8217e77dc0ec54d2c6a6c1f7d19da3651fcefae09d

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 199944
x-cache: HIT
content-length: 1959
x-response-time: 116
surrogate-key: profile_images profile_images/bucket/8 profile_images/743038494725918721
last-modified: Wed, 15 Jun 2016 11:10:36 GMT
server: ECS (amb/6B97)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 4b781f90bf88b73daf6c9d041351d2df
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 xzAn2AVm_normal.jpg
pbs.twimg.com/profile_images/974430581059547136/ Frame 97AC 2 KB
2 KB 46ms
44ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/974430581059547136/xzAn2AVm_normal.jpg

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BC0) /

Resource Hash

4737c021e34070399f7fdca09304a0513b694bdef036a762a5b566b6e2b83ddb

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 371275
x-cache: HIT
content-length: 2035
x-response-time: 123
surrogate-key: profile_images profile_images/bucket/1 profile_images/974430581059547136
last-modified: Thu, 15 Mar 2018 23:40:09 GMT
server: ECS (amb/6BC0)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: fcdeca9f9ea487d192ff95d65cf0e474
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 EszUAB2W4AAQSYD
pbs.twimg.com/tweet_video_thumb/ Frame 97AC 14 KB
14 KB 46ms
44ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/tweet_video_thumb/EszUAB2W4AAQSYD?format=jpg&name=360x360

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BC0) /

Resource Hash

a2da4dc936ac32d84df19d71de35805b013a946cf1e4da44a996098b8b87c7f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 273557
x-cache: HIT
content-length: 14207
x-response-time: 121
surrogate-key: tweet_video_thumb tweet_video_thumb/bucket/8 tweet_video_thumb/1354690684893192192
last-modified: Thu, 28 Jan 2021 07:18:02 GMT
server: ECS (amb/6BC0)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: b6b3fb6bebe63a6c88e7297e6a061117
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 Ere8x-qW8AAAsAG
pbs.twimg.com/media/ Frame 97AC 74 KB
75 KB 45ms
44ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/Ere8x-qW8AAAsAG?format=png&name=360x360

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BA8) /

Resource Hash

e1376abedbe74077c6c62341dcd840a347f7303799b90400f2d7d2c592b2cb70

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 482975
x-cache: HIT
content-length: 76275
x-response-time: 169
surrogate-key: media media/bucket/4 media/1348754180241027072
last-modified: Mon, 11 Jan 2021 22:08:29 GMT
server: ECS (amb/6BA8)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 98e514a4bef8c48046a1dbfecf985344
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
ton.twimg.com/tfw/css/ Frame 97AC 44 KB
7 KB 28ms
7ms Stylesheet
text/css 2606:2800:233:7ee2:97c:ab4c:6c70:be36
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:7ee2:97c:ab4c:6c70:be36 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FC6) /

Resource Hash

a549034009f79ead18a2154a8b730d8acb61e2f36c0434c0f9cff0f73df5d8cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 438579
x-ton-expected-size: 45170
x-cache: HIT
vary: Accept-Encoding
content-length: 6839
x-response-time: 9
surrogate-key: tfw
last-modified: Tue, 14 May 2019 18:53:54 GMT
server: ECAcc (frc/8FC6)
etag: "4mhImCFS9rptiUICNnLD1g=="
strict-transport-security: max-age=631138519
content-type: text/css
access-control-allow-origin: *
x-connection-hash: 6a0b5d9f008eca9427a153abe5357ebf
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
expires: Mon, 12 Apr 2021 20:17:05 GMT

GET
H2 200 syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
ton.twimg.com/tfw/css/ 44 KB
44 KB 31ms
10ms Image
text/css 2606:2800:233:7ee2:97c:ab4c:6c70:be36
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:7ee2:97c:ab4c:6c70:be36 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FC6) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 438579
x-ton-expected-size: 45170
x-cache: HIT
vary: Accept-Encoding
content-length: 6839
x-response-time: 9
surrogate-key: tfw
last-modified: Tue, 14 May 2019 18:53:54 GMT
server: ECAcc (frc/8FC6)
etag: "4mhImCFS9rptiUICNnLD1g=="
strict-transport-security: max-age=631138519
content-type: text/css
access-control-allow-origin: *
x-connection-hash: 6a0b5d9f008eca9427a153abe5357ebf
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
expires: Mon, 12 Apr 2021 20:17:05 GMT

GET
DATA 200
OK truncated
/ Frame 97AC 825 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 97AC 739 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 97AC 607 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 059d7f76a7662405100374530359da8f439f4b945864fafab45b834320a429e2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 97AC 572 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 42ecd6904f43af4e6cef62ddbeffa7b2b0b6c8ec5080a3e1deec4576f4294859

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 97AC 644 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 195e8e91bc727766f427243d4cfb79cdc873639991600bf99e9d2cab5cad77c8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 97AC 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ded16b9cb72df85ea242aaef8878c716abb57c746f0bfda6eabd2b9ddb2a23b5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 0YQ6LfBD
pbs.twimg.com/card_img/1377368281993117700/ Frame 97AC 38 KB
38 KB 13ms
13ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1377368281993117700/0YQ6LfBD?format=jpg&name=600x314

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BC1) /

Resource Hash

0236f8820fb85130789e9b73bc9cbefd77d02cd25a734e750ac2795e0c213778

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 413760
x-cache: HIT
content-length: 38539
x-response-time: 156
surrogate-key: card_img card_img/bucket/3 card_img/1377368281993117700
last-modified: Wed, 31 Mar 2021 21:10:43 GMT
server: ECS (amb/6BC1)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: b91c28befe8b0296b7d07e0d902587b0
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 news_stroke_v1_78ce5b21fb24a7c7e528d22fc25bd9f9df7f24e2.svg
ton.twimg.com/tfw/assets/ Frame 97AC 829 B
531 B 7ms
6ms Image
image/svg+xml 2606:2800:233:7ee2:97c:ab4c:6c70:be36
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ton.twimg.com/tfw/assets/news_stroke_v1_78ce5b21fb24a7c7e528d22fc25bd9f9df7f24e2.svg

Requested by

Host: ton.twimg.com
URL: https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:7ee2:97c:ab4c:6c70:be36 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FB7) /

Resource Hash

5c0f79d0286f1fd3db48e1b689358017b302c0f4babde540329e8c644cf119c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 437772
x-ton-expected-size: 829
x-cache: HIT
vary: Accept-Encoding
content-length: 395
x-response-time: 7
surrogate-key: tfw
last-modified: Tue, 14 May 2019 18:53:54 GMT
server: ECAcc (frc/8FB7)
etag: "CTUg6L9PuY+d9h5xpE0zmw=="
strict-transport-security: max-age=631138519
content-type: image/svg+xml
access-control-allow-origin: *
x-connection-hash: f88cc63a160202a289ffe7ed148642d4
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
expires: Mon, 12 Apr 2021 20:17:05 GMT

GET
H2 200 GMJZZtBY
pbs.twimg.com/card_img/1377021440827006979/ Frame 97AC 3 KB
3 KB 13ms
13ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1377021440827006979/GMJZZtBY?format=jpg&name=600x314

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BAD) /

Resource Hash

04de37235aa22553dd4d1fe2e7dee685754f9e658aa9deb0714d0c47de5be6ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 482969
x-cache: HIT
content-length: 2672
x-response-time: 192
surrogate-key: card_img card_img/bucket/5 card_img/1377021440827006979
last-modified: Tue, 30 Mar 2021 22:12:29 GMT
server: ECS (amb/6BAD)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 0e3d3f24a762d911094a725ae5231712
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 aFQ5mdbu
pbs.twimg.com/card_img/1377021440755662852/ Frame 97AC 35 KB
35 KB 13ms
13ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1377021440755662852/aFQ5mdbu?format=jpg&name=600x314

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B9F) /

Resource Hash

ba98ed6bdfae09d2e6c9d2849f4acf6e3ba30e8a388287b03a2c811029a43bff

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:05 GMT
x-content-type-options: nosniff
age: 482969
x-cache: HIT
content-length: 35643
x-response-time: 208
surrogate-key: card_img card_img/bucket/3 card_img/1377021440755662852
last-modified: Tue, 30 Mar 2021 22:12:29 GMT
server: ECS (amb/6B9F)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: d807ff2119c288c26ce1bf042515d6e0
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 1za72fEo
pbs.twimg.com/card_img/1376669859673595904/ Frame 97AC 25 KB
25 KB 13ms
13ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1376669859673595904/1za72fEo?format=jpg&name=600x314

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BA6) /

Resource Hash

5ac42884909ca95b892e657444d0d581cd1f93931061e136495eda3cd1c91d55

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:06 GMT
x-content-type-options: nosniff
age: 574760
x-cache: HIT
content-length: 25791
x-response-time: 138
surrogate-key: card_img card_img/bucket/8 card_img/1376669859673595904
last-modified: Mon, 29 Mar 2021 22:55:26 GMT
server: ECS (amb/6BA6)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: c5acfbc1702ef28a420a4f12658c0112
accept-ranges: bytes

GET
H2 200 E9f0aCYu
pbs.twimg.com/card_img/1378113501051318274/ Frame 97AC 17 KB
17 KB 13ms
13ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1378113501051318274/E9f0aCYu?format=jpg&name=600x314

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BBF) /

Resource Hash

6127b9170bdb5d5773ecedcfea6bde360d9bf1a0b54bd2c0044a9459dcb12276

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:06 GMT
x-content-type-options: nosniff
age: 245773
x-cache: HIT
content-length: 17254
surrogate-key: card_img card_img/bucket/5 card_img/1378113501051318274
last-modified: Fri, 02 Apr 2021 22:31:57 GMT
server: ECS (amb/6BBF)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 4961a985fcfd69c742a91885c235a5d864629b249b259c6b92be76c25fb92ab8
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 FTpG2PC6
pbs.twimg.com/card_img/1377753673195909122/ Frame 97AC 3 KB
3 KB 13ms
13ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1377753673195909122/FTpG2PC6?format=jpg&name=600x314

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BA5) /

Resource Hash

04de37235aa22553dd4d1fe2e7dee685754f9e658aa9deb0714d0c47de5be6ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:06 GMT
x-content-type-options: nosniff
age: 329655
x-cache: HIT
content-length: 2672
x-response-time: 148
surrogate-key: card_img card_img/bucket/5 card_img/1377753673195909122
last-modified: Thu, 01 Apr 2021 22:42:07 GMT
server: ECS (amb/6BA5)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 42a10a41464b1e55128b0a6eda27a9ad
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
DATA 200
OK truncated
/ 135 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a914ebd8267f0641e0ebd8333aa52a13ec9635160335147b7d90aed18c6db017

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK pixel
s.pubmine.com/ 43 B
366 B 32ms
32ms Image
image/gif 176.34.151.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.pubmine.com/pixel?id=15&type=img
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.34.151.72 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-176-34-151-72.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Apr 2021 20:17:06 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: image/gif

GET
BLOB 200
OK 380fc030-77c4-420f-a16f-df648b5f5667
https://malwarebreakdown.wordpress.com/ 2 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://malwarebreakdown.wordpress.com/380fc030-77c4-420f-a16f-df648b5f5667
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ea6c65d8e460987a7ea8f98355f789fe6bfbe11b0afe7a1c65d6042da65ea33

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 1567
Content-Type: text/javascript

GET
H2 200 zvBib7k_
pbs.twimg.com/card_img/1377734215257751554/ Frame 97AC 27 KB
28 KB 13ms
13ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1377734215257751554/zvBib7k_?format=jpg&name=600x314

Requested by

Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BC0) /

Resource Hash

900d5fdb161472dba89bf63fdbcc32b9ceba423cc330bce6ad0c275336c8af0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 20:17:06 GMT
x-content-type-options: nosniff
age: 329655
x-cache: HIT
content-length: 28009
x-response-time: 143
surrogate-key: card_img card_img/bucket/7 card_img/1377734215257751554
last-modified: Thu, 01 Apr 2021 21:24:48 GMT
server: ECS (amb/6BC0)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 4707a145be54e8fd175b680ea646499f
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 actionbar.css
s0.wp.com/wp-content/mu-plugins/actionbar/ 12 KB
3 KB 19ms
18ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.css?v=20201002
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 567b9db6dae11476eddb5328bfcd2977e165f2a9bee36c417ba5b4a47265e99a

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:06 GMT
content-encoding: gzip
server: nginx
etag: W/"5f88539e-376b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Fri, 22 Oct 2021 18:33:08 GMT

GET
H2 200 actionbar.js Show response
s0.wp.com/wp-content/mu-plugins/actionbar/ 15 KB
5 KB 19ms
19ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.js?v=20201002
Requested by: Host: malwarebreakdown.wordpress.com
URL: https://malwarebreakdown.wordpress.com/2017/05/17/seamless-malvertising-campaign-leads-to-rig-ek-at-185-154-53-33-and-drops-ramnit/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 7d4d250af967a07b7066ef13b91d26e5fe9177fbd3f29b137186b1c35a2afd1c

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Mon, 05 Apr 2021 20:17:06 GMT
content-encoding: gzip
server: nginx
etag: W/"5f88539e-4f45"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Fri, 22 Oct 2021 18:33:08 GMT

POST
H/1.1 200
OK adjr Show response
s.pubmine.com/ 48 B
542 B 71ms
71ms XHR
application/json 176.34.151.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pubmine.com/adjr?pvid=ad51d88e-d718-4580-9138-e3b93f8b821e&rid=4216895676534
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.20.01606319652693/ata.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.34.151.72 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-176-34-151-72.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 869290755707f999027171645e324fc6f17bbed350b1999b3eb5d3fa9797409b

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 05 Apr 2021 20:17:06 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://malwarebreakdown.wordpress.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Expires: 0

GET
H2 200 aa8b3b80c8a729747ead568224e815d2
secure.gravatar.com/blavatar/ 513 B
780 B 7ms
5ms Image
image/png 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/blavatar/aa8b3b80c8a729747ead568224e815d2?s=50&d=https%3A%2F%2Fs0.wp.com%2Fi%2Flogo%2Fwpcom-gray-white.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: fc169e869f74fbbee1145c7e2c369e6ca160e4fe1d52cc86fdc0c781d64d4153

Request headers

Referer: https://malwarebreakdown.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 05 Apr 2021 20:17:06 GMT
last-modified: Tue, 20 Sep 2016 22:39:34 GMT
server: nginx
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="aa8b3b80c8a729747ead568224e815d2.png"
accept-ranges: bytes
link: <https://www.gravatar.com/blavatar/aa8b3b80c8a729747ead568224e815d2?s=50&d=https%3A%2F%2Fs0.wp.com%2Fi%2Flogo%2Fwpcom-gray-white.png>; rel="canonical"
content-length: 513
expires: Mon, 05 Apr 2021 20:22:06 GMT

GET
H/1.1

200
OK

jot.html Show response
platform.twitter.com/ Frame 3322
Redirect Chain

https://syndication.twitter.com/i/jot
https://platform.twitter.com/jot.html

80 B
571 B

12ms
12ms

Document
text/html

2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/jot.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B89) /
Resource Hash: 90214d135602962e47ea9587a7eeb62fac1c64a541e373ea76e2b4e8b33e3f88

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
Origin: https://malwarebreakdown.wordpress.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 339477
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 05 Apr 2021 20:17:06 GMT
Etag: "d9592a6c704736fa4da218d4357976dd"
Last-Modified: Wed, 03 Mar 2021 19:22:21 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (amb/6B89)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 80

Redirect headers

cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length: 0
content-type: text/html;charset=utf-8
date: Mon, 05 Apr 2021 20:17:06 GMT
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Mon, 05 Apr 2021 20:17:06 GMT
location: https://platform.twitter.com/jot.html
pragma: no-cache
server: tsa_o
status: 302 Found
strict-transport-security: max-age=631138519
x-connection-hash: a9679373decb229548fa83c4da8dad0f
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 132
x-transaction: 001b37a8009c7dc1
x-tsa-request-body-time: 15
x-twitter-response-tags: BouncerCompliant
x-xss-protection: 0

Verdicts & Comments Add Verdict or Comment

118 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.wordpress.com/	1970-01-19 17:22:20	Name: ccpa_applies Value: false
.wordpress.com/	1970-01-19 17:20:55	Name: __utmb Value: 11735858.1.10.1617653823
.wordpress.com/	1970-01-19 17:20:54	Name: __utmt Value: 1
.wordpress.com/	1969-12-31 23:59:59	Name: __utmc Value: 11735858
.wordpress.com/	1970-01-19 21:43:41	Name: __utmz Value: 11735858.1617653823.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.wordpress.com/	1970-01-20 10:52:05	Name: __utma Value: 11735858.711941733.1617653823.1617653823.1617653823.1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://s0.wp.com/_static/??-eJyFjtsKwyAMhl9oqZRCyy7GnsVqJko0zihd334dO1B6s6uQ5PsPaslgOFVMVQVRkWdPCE2waLfdwKcbd0FOasfFBpma80lUQdIVLWSWeti+Kp8MNYvysg/3hmX9jC769BeC6F3ZTPfwrm+hCrnwYz3+ZmL3a7lwsdoKGNIi7xATM0ht86a7xks/9tPQD+N0Dk8unGVN(Line 764) Message: JQMIGRATE: Migrate is installed, version 3.3.2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.gravatar.com
1.gravatar.com
abs.twimg.com
c0.pubmine.com
cdn.syndication.twimg.com
fonts.googleapis.com
fonts.gstatic.com
graph.facebook.com
malwarebreakdown.com
malwarebreakdown.files.wordpress.com
malwarebreakdown.wordpress.com
pbs.twimg.com
pixel.wp.com
platform.twitter.com
public-api.wordpress.com
s.pubmine.com
s0.wp.com
secure.gravatar.com
ssl.google-analytics.com
stats.wp.com
syndication.twitter.com
ton.twimg.com
translate.google.com
translate.googleapis.com
widgets.wp.com
www.gstatic.com
104.244.42.200
176.34.151.72
192.0.72.23
192.0.76.3
192.0.77.32
192.0.77.38
192.0.78.13
192.0.78.23
192.0.78.24
2606:2800:134:1a0d:1429:742:782:b6
2606:2800:134:fa2:1627:1fe:edb:1665
2606:2800:233:7ee2:97c:ab4c:6c70:be36
2606:2800:233:8173:898f:63b3:95c3:79d2
2606:2800:234:59:254c:406:2366:268c
2a00:1450:4001:800::200a
2a00:1450:4001:80e::200a
2a00:1450:4001:80e::200e
2a00:1450:4001:810::2003
2a00:1450:4001:827::2003
2a00:1450:4001:828::2008
2a03:2880:f01c:800e:face:b00c:0:2
2a04:fa87:fffe::c000:4902
01fab4c49f961772adb5c35c6139852ae1ea506a95b75b3460a66fff9cd09dbc
0236f8820fb85130789e9b73bc9cbefd77d02cd25a734e750ac2795e0c213778
045469f2d577c2ad73219bbd713640bcb4a4f9a46cecc6c0df0e66338646b27f
04de37235aa22553dd4d1fe2e7dee685754f9e658aa9deb0714d0c47de5be6ca
059d7f76a7662405100374530359da8f439f4b945864fafab45b834320a429e2
0bd4d9f7d275b70945e5336fa505c3ab024799962ba6ae639884ced0be363457
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c
0ca9eca02d1cccfd08000fee76efe3ec10c3893e7309ad05d8d41a4e4794dd3a
0ccadac47f8db7d9086cb5d1a3230580ee43e7db056734068ce3785376e90500
0ea6c65d8e460987a7ea8f98355f789fe6bfbe11b0afe7a1c65d6042da65ea33
100059518ea2b93e9541f103477f13994a9e81e870f0cf7112ca921064f6dab6
1127fb86a27e063f7c16f71e8c9a3c6d087dc02964718b664a0c3dd8525d2567
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
13b5eece5a7359f9c0de2b4b3c24eeed42fa547e5811238bc9434dcc975bb101
15514b26b2548f8ff4520fd08fd8d2b7007a1a34461429baa32daac08d916f16
1625b73e4d3b63dffc3d99bf955c0cafc4f35aed33593c462263c03f18211c68
195e8e91bc727766f427243d4cfb79cdc873639991600bf99e9d2cab5cad77c8
1a0b51af7ff79f11c0a779bf478304fa451ac5587675952b8378b47f0a97504d
1b6da0b82f5cddfb06fb3437cf48312f81dc2884845b0eb3c7a98f7715b3754c
1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213
1cfd32e37f8aba263101f06e8f702adfaef55a6601857cf5e2c6dd0b0388dcd6
206acafea019224c99a0499ef3ccaf51f546dcab420c0842f2f9272a78b91155
221815c51fde0eb187cdcee6d505f8c37bce4a4879df22bd0cdc39becdba8df1
2342cd730ae1d1d011eec7480358fe06c3e6ff924c0623604f78cd5838f1adb6
24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf
251d88cc7bffb3fd03a4dad9e34dce0c145a64d5f45b071311c5fef90bae5cdd
258841e31301a4c86089d11c4f9467fc9c4871a29003a728c93397801910c903
287b646317cb17945cb6923e94c794c6e96add4e747e81d2a1ce72b0e020c7f9
2b787dd1927b1cd247687f620670aa7b497a075bd5a418721b59fa5fb912ed55
30e6e02eda1379eec15d576ecc9a718b8ffe3d584033df1de3b1031ea2066267
32499e2d02032981731d62d858b252023b88721c6ce45fbc97313009b9fa34e9
3737b9545ee44941fe97194d2b912493c5985ed768b2e80148f2c9c4837131cc
3742b8f2006b7a23df3252c615bb113e94f77729ac9cc4b021e35517285cf0c2
37cf37fcfc95fb792d044403cac43f1113d2aca85204a6413c11a0b72757defd
3a6dabb17cf8a30461f1a67779a4c3a1ac9251f5cd7a8bc76e3fbedc84e60183
3ae05b457465f77eced4f5edb927372f92125550c4d8fa861e459f6a368782c4
42cd771f53f58b26a67af607db5c038ad867c754940d6735dcf40ba82cfc2a62
42ecd6904f43af4e6cef62ddbeffa7b2b0b6c8ec5080a3e1deec4576f4294859
43041c03d75220779c40778ba9ba62bd6e8d222f602a8673dcc6bbc76eed42e9
45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc
4545c8320f4fa01c242d58d60c01c8d94fdecaa5447f8add85e552007e842074
4737c021e34070399f7fdca09304a0513b694bdef036a762a5b566b6e2b83ddb
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
4a82bed4d069950b1f5e43cdfb5b107eee29ee9e60b6363543b3f3ee58e0f558
4d2a776f71b35cae613223abe3b3e999d950b7e58fe52296c781b9a7f8e0e53e
4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b
502ea5ffffca54ef6c3381e16ca883baca7d03ec38f6faf6b78e7b445b635d2e
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55b0b1a36ac4d15dae7fc571a8ba7b7b1417338c56fc5334b5251602743cb994
561983e67c5e294f576515620a530072c21cb91b1e689700ebc5864cc0febcb8
567b9db6dae11476eddb5328bfcd2977e165f2a9bee36c417ba5b4a47265e99a
58a213bf51d3f817e5456437e6f83a4206bb708911fbc6e342b952fcbd08c061
5ac42884909ca95b892e657444d0d581cd1f93931061e136495eda3cd1c91d55
5c0f79d0286f1fd3db48e1b689358017b302c0f4babde540329e8c644cf119c7
5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed
5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30
6127b9170bdb5d5773ecedcfea6bde360d9bf1a0b54bd2c0044a9459dcb12276
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
6c79541d416470cf6276c0fe3e41528c51c823d125a45a1678355897fe9f3dc3
6c9e6c59ca970a087902481cba3e536ca776b9d6903177d9ed4ab5f9f5364a5d
6da4866822363344501ddae81dd762924fa4c7bb73ded3a5527b784133d88733
6ecbc4298aa2684ee0af1b8217e77dc0ec54d2c6a6c1f7d19da3651fcefae09d
76c86504b947f6e7e81cdb12c39c820c95db77a24b86854d26719036fb8724ee
79021c460953d74c3575e1c0e4eccce8c6940def0d11024ad4dae446a736fc86
79a55cb67645da5f76d990ad52d179d986e1658149d6d67cf63394417eb10b2f
7ab2818631662848ed3c167f8ecc1811cc2ad629514a2c09f729e86e226ffb29
7ad582812f30bccc1425611adead2395ca65d59bfe6a6add62fa61b9ee773986
7d08e9159f7d2bf0835085cbd1ffb0252b0e11de45ed07db4447f8e63f181dbf
7d4d250af967a07b7066ef13b91d26e5fe9177fbd3f29b137186b1c35a2afd1c
7f5e7e656c7c3940fd374a072e77ea1c6a1f5cd69e0d3238cf355f69c45e6f9e
7fe462d6d568614f32c2f3a288140380493ff4184e9debaa9697df6ea3a9bed3
80f35659d030651ea3acc6d6e97475b42eaa60d5700e83f9623cf90904d42cec
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
836f08de047ffd842c82da1ce8e86defaaa92b5c16a0de86856bb99813da16be
83f49a60c7b81bab4b8b2ffd154c069fdde45e0ec303ce85ede59495844f919a
8594c231f7164d206d51d595b7da8258940afbf323ca3140f8f77dd43dd80106
869290755707f999027171645e324fc6f17bbed350b1999b3eb5d3fa9797409b
876e139116fc16aa3c4d125fc455be61e9c68bf474539ca822a2d2edee6a7459
87b6db89d9f307c17c9a958a932c64314fccc3bca96e21542a61ee40d77e6bd5
89d01b152beefa0885d7821cea6cc319054d5e272549b004479a6ac81ecafee3
8a322ede0b619b9051fccbe2a1a31f402f416d45f92c245aafcbe75e42f6f2b2
8b8c5d5416df54da07faeab6bf039f652735cca2e2ed4b6e8842b55368520d01
900d5fdb161472dba89bf63fdbcc32b9ceba423cc330bce6ad0c275336c8af0f
90214d135602962e47ea9587a7eeb62fac1c64a541e373ea76e2b4e8b33e3f88
9a90398fe43db7f3effe146858ff7f8c16d1402a2d28090223edd0c50da27087
a18ec5457bc5f41119302839ae211aba31c0ce1ff46d7464493809aeec7000e6
a2da4dc936ac32d84df19d71de35805b013a946cf1e4da44a996098b8b87c7f3
a549034009f79ead18a2154a8b730d8acb61e2f36c0434c0f9cff0f73df5d8cf
a8d227efe0ef553cba37d86bef6e44598dbf9bd9fad3db2582b0ffdebdbd6138
a914ebd8267f0641e0ebd8333aa52a13ec9635160335147b7d90aed18c6db017
afdeaab2d1e6cae53be2df3b8d4cb822da13bb2072e9cacc92c5b60b00224468
b24b60471c9a5579581d1e7709a2a20053794135585f0691c7620f59109c8524
b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae
b70891fc93d3d70dd404dc552206fef8430a1cf1adf5d9fdbec73c4fc712ca8e
ba98ed6bdfae09d2e6c9d2849f4acf6e3ba30e8a388287b03a2c811029a43bff
bc740c3112caddaec0203f975f014756ba0aad2b52b76029e0752193bfa2829d
bcee6e742a83c95bf713bbfd177d39e1e16eeeb269d40cc70566209bf8cdba78
bf768af2a4293b664e782c198e414868a64528cd19e29f8e0490b970a2248e9e
c0a185a83e0b59d00534e269ebf678785698e2620afa547d9e0f56885d990c7c
c9224f024a2783fafeddc468428825ee3a0bc3d1a14ae36f014f3f19d2bbf98a
ca537b74a51c73d56a401ea7d361ad32f692558ab321b86a8fb0979f2927712c
cb3e87ff58a5e66937ffb6013c8265ed549658a4ff59c1f8d8ae193f488390a5
cb6e74951b276f25770b35ae0e206139f1494d73cce9c72382731c50c7b8880f
cb7aa6b06aa5a8eea3670662c4b0c37104041c14575fc170dc48677a0506a33a
cb8943abdc046f98c2a74cbe013552f1ed2a5746fd76546ed63f60d32dd83615
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c
ced34f591157438ef47695f979ac95f8758408e8d9b88e63aee8b382ec975785
d0a67e7fe073b9abd646d15f49c56cf92a8cd280502a588b0a7bdf3d0aa7ebfc
d1a44cca98246c0470f23e07e9a137911363cb0a47c40f9975ccb51a2ee9c4c6
d2cdb4f2ed4b585d772068df75c01d0a360d45d27294188fccf5ceb4255fdc83
de2bcf387ae7ba6decb83bf01095260fafa6f4185220a656793d12e72b3314ba
ded16b9cb72df85ea242aaef8878c716abb57c746f0bfda6eabd2b9ddb2a23b5
e1376abedbe74077c6c62341dcd840a347f7303799b90400f2d7d2c592b2cb70
e36ba0544357f147232ec32a4279f5779d3bedea5f6241da54a412cdd00e0389
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f9d45110f6534fe8f65ebee07c9c6a1dce6e5ae6433265d22940a7f43b6870
e8562087317b34c4b2ac60e28e272b7b33e37523aacd5f2adba7a4f108e415c6
e98a4eaa87878c23468648dab95993b5364dabffd5d3fd09b875243e7d4e9c7c
e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f61670211b093dbc9450146a26d46197a299bfbbe437379c0283d2d19f7bbde5
f8291c2dfd40b03e80064b0606e575b596426592287554a2a985f70430f8a230
fc169e869f74fbbee1145c7e2c369e6ca160e4fe1d52cc86fdc0c781d64d4153
ffd613c417eee02c7fd4be829859eb33fb2f1d15e4b4821578a37a798fa29a76

malwarebreakdown.wordpress.com Open in urlscan Pro 192.0.78.13 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

128 Requests

99 %HTTPS

59 %IPv6

12 Domains

26 Subdomains

22 IPs

3 Countries

2273 kBTransfer

4093 kBSize

6 Cookies

30 Outgoing links

Page URL History

Redirected requests

128 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

malwarebreakdown.wordpress.com Open in urlscan Pro
192.0.78.13 Public Scan

Screenshot
Live screenshot

Full Image

128
Requests

99 %
HTTPS

59 %
IPv6

12
Domains

26
Subdomains

22
IPs

3
Countries

2273 kB
Transfer

4093 kB
Size

6
Cookies

128 HTTP transactions
9 data transactions