wpscan.com Open in urlscan Pro
192.0.78.24 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Submission: On May 08 via api (May 8th 2024, 2:10:24 am UTC) from TR — Scanned from DE

Summary HTTP 92 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 4 domains to perform 92 HTTP transactions. The main IP is 192.0.78.24, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is wpscan.com.
TLS certificate: Issued by R3 on March 11th 2024. Valid for: 3 months.

This is the only time wpscan.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	192.0.78.24 192.0.78.24	2635 (AUTOMATTIC) (AUTOMATTIC)
71	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
6 6	192.0.72.31 192.0.72.31	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
6	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
3	192.0.78.23 192.0.78.23	2635 (AUTOMATTIC) (AUTOMATTIC)
1	192.0.78.18 192.0.78.18	2635 (AUTOMATTIC) (AUTOMATTIC)
92	7

8 192.0.78.24 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

wpscan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

71 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts-api.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widgets.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 192.0.72.31 (San Francisco, United States) 6 redirects

ASN2635 (AUTOMATTIC, US)

a8cteam5105.files.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

0.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.78.23 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

public-api.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.18 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

r-login.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
77	wp.com s0.wp.com — Cisco Umbrella Rank: 8676 fonts-api.wp.com — Cisco Umbrella Rank: 17672 stats.wp.com — Cisco Umbrella Rank: 2906 fonts.wp.com — Cisco Umbrella Rank: 18235 widgets.wp.com — Cisco Umbrella Rank: 12188 pixel.wp.com — Cisco Umbrella Rank: 2883	983 KB
10	wordpress.com 6 redirects a8cteam5105.files.wordpress.com public-api.wordpress.com — Cisco Umbrella Rank: 9972 r-login.wordpress.com — Cisco Umbrella Rank: 28743	2 KB
8	wpscan.com wpscan.com	213 KB
2	gravatar.com 0.gravatar.com — Cisco Umbrella Rank: 9291	6 KB
92	4

	Domain	Requested by
67	s0.wp.com	wpscan.com s0.wp.com
8	wpscan.com	wpscan.com s0.wp.com
6	a8cteam5105.files.wordpress.com	6 redirects
5	pixel.wp.com	wpscan.com
3	public-api.wordpress.com	s0.wp.com
2	widgets.wp.com	wpscan.com s0.wp.com
2	0.gravatar.com	wpscan.com 0.gravatar.com
1	r-login.wordpress.com	wpscan.com
1	fonts.wp.com	fonts-api.wp.com
1	stats.wp.com	wpscan.com
1	fonts-api.wp.com	wpscan.com
92	11

This site contains links to these domains. Also see Links.

Domain
status.wpscan.com
api.startservicefounds.com
wordpress.org
automattic.com
jetpack.com
github.com
twitter.com
www.facebook.com
wordpress.com
wp.me
subscribe.wordpress.com

Subject Issuer	Validity	Valid
tls.automattic.com R3	`2024-03-11` - `2024-06-09`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2023-11-28` - `2024-12-28`	a year	crt.sh
*.gravatar.com Sectigo ECC Domain Validation Secure Server CA	`2023-12-05` - `2025-01-04`	a year	crt.sh
*.wordpress.com Sectigo ECC Domain Validation Secure Server CA	`2023-12-05` - `2025-01-04`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Frame ID: 202EA75DA8AE0E26CBC982F381C57E98
Requests: 89 HTTP requests in this frame

Frame: https://widgets.wp.com/likes/master.html?ver=20240508
Frame ID: 15AFBABD91F883DC48894120CB029BB5
Requests: 1 HTTP requests in this frame

Frame: https://r-login.wordpress.com/remote-login.php?wpcom_remote_login=key&origin=aHR0cHM6Ly93cHNjYW4uY29t&wpcomid=221720208&time=1715134219
Frame ID: AC8750CFBEB5FB5730C15F2C732734AB
Requests: 1 HTTP requests in this frame

Frame: https://widgets.wp.com/likes/index.html?ver=20240508
Frame ID: 4B0DC720518906B7CF6D5C50BB325005
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Surge of JavaScript Malware in sites with vulnerable versions of LiteSpeed Cache Plugin | WPScan

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment(?:\.min)?\.js

Page Statistics

92
Requests

92 %
HTTPS

14 %
IPv6

4
Domains

11
Subdomains

7
IPs

2
Countries

1211 kB
Transfer

3401 kB
Size

4
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://status.wpscan.com/
Title: Status

Search URL Search Domain Scan URL

URL: https://api.startservicefounds.com/
Title: .]

Search URL Search Domain Scan URL

URL: https://wordpress.org/plugins/wpscan/
Title: WordPress plugin

Search URL Search Domain Scan URL

URL: https://automattic.com/privacy/
Title: Privacy

Search URL Search Domain Scan URL

URL: https://automattic.com/privacy/#california-consumer-privacy-act-ccpa
Title: Privacy Notice for California Users

Search URL Search Domain Scan URL

URL: https://jetpack.com/
Title: Jetpack

Search URL Search Domain Scan URL

URL: https://github.com/wpscanteam/wpscan/
Title: GitHub

Search URL Search Domain Scan URL

URL: https://twitter.com/_wpscan_
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/WPScan
Title: Facebook

Search URL Search Domain Scan URL

URL: https://automattic.com/work-with-us/
Title: Work With Us

Search URL Search Domain Scan URL

URL: https://wordpress.com/?ref=footer_blog
Title: Blog at WordPress.com.

Search URL Search Domain Scan URL

URL: https://wordpress.com/log-in?redirect_to=https%3A%2F%2Fr-login.wordpress.com%2Fremote-login.php%3Faction%3Dlink%26back%3Dhttps%253A%252F%252Fwpscan.com%252Fblog%252Fsurge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin%252F
Title: Log in now.

Search URL Search Domain Scan URL

URL: https://wordpress.com/start/
Title: Sign up

Search URL Search Domain Scan URL

URL: https://wp.me/pf0jyo-1Ql
Title: Copy shortlink

Search URL Search Domain Scan URL

URL: https://wordpress.com/abuse/?report_url=https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Title: Report this content

Search URL Search Domain Scan URL

URL: https://wordpress.com/read/blogs/221720208/posts/7089
Title: View post in Reader

Search URL Search Domain Scan URL

URL: https://subscribe.wordpress.com/
Title: Manage subscriptions

Search URL Search Domain Scan URL

URL: https://automattic.com/cookies/
Title: Cookie Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 59

https://a8cteam5105.files.wordpress.com/2024/05/screenshot-2024-05-03-at-9.45.50e280afam.png?w=1024 HTTP 302
https://wpscan.com/wp-content/uploads/2024/05/screenshot-2024-05-03-at-9.45.50e280afam.png?w=1024

Request Chain 60

https://a8cteam5105.files.wordpress.com/2024/05/screenshot-2024-05-03-at-9.45.19e280afam.png?w=1024 HTTP 302
https://wpscan.com/wp-content/uploads/2024/05/screenshot-2024-05-03-at-9.45.19e280afam.png?w=1024

Request Chain 61

https://a8cteam5105.files.wordpress.com/2024/05/screenshot-2024-05-03-at-9.46.30e280afam-1.png?w=1024 HTTP 302
https://wpscan.com/wp-content/uploads/2024/05/screenshot-2024-05-03-at-9.46.30e280afam-1.png?w=1024

Request Chain 64

https://a8cteam5105.files.wordpress.com/2023/08/cropped-83c25-favicon.png?w=50 HTTP 302
https://wpscan.com/wp-content/uploads/2023/08/cropped-83c25-favicon.png?w=50

Request Chain 73

https://a8cteam5105.files.wordpress.com/2024/05/screenshot-2024-05-03-at-9.48.05e280afam.png?w=1024 HTTP 302
https://wpscan.com/wp-content/uploads/2024/05/screenshot-2024-05-03-at-9.48.05e280afam.png?w=1024

Request Chain 89

https://a8cteam5105.files.wordpress.com/2023/08/cropped-83c25-favicon.png?w=32 HTTP 302
https://wpscan.com/wp-content/uploads/2023/08/cropped-83c25-favicon.png?w=32

92 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/ 155 KB
36 KB 406ms
384ms Document
text/html 192.0.78.24
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.24 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a6f824aa94d333e161acdb2fc725add690d0fe557ae9983a165d8598066b8bc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 08 May 2024 02:10:19 GMT
host-header: WordPress.com
link: <https://wp.me/pf0jyo-1Ql>; rel=shortlink
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding accept, content-type, cookie
x-ac: 2.hhn _dca BYPASS
x-frame-options: SAMEORIGIN
x-hacker: Want root? Visit join.a8c.com/hacker and mention this header.

GET
H2 200 /
s0.wp.com/_static/ 10 KB
3 KB 43ms
16ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJxtzEkKgDAMQNELWeOAWBfiWaQNUu0QTIrXF0UQxOWDz4eDlElRMAqErMjnxUWGFYVmsz0GzhFCstkjw45+FrSKEstHpWEu4P/o3Ybv99aVT2Gs+6rrmnbQej0BKWI0fQ==&cssminify=yes
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 376eacb307ddbfb56e702fe1c39363c70218d2e4ac32d7ba96f0403da942a093

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Wed, 17 Jan 2024 20:39:57 GMT
server: nginx
etag: W/"65a83b1d-27f9"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Thu, 16 Jan 2025 20:54:29 GMT

GET
H2 200 style.css
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/block-library/blocks/navigation/ 16 KB
3 KB 43ms
17ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/block-library/blocks/navigation/style.css?m=1714730783i&cssminify=yes
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: c8c8de9f2c25e4e47071bf4a48cc25a3e776962b0c4de8c02f70c6e4d2aa9551

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: miss
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT hhn 1
server: nginx
etag: W/16484-1714730802055.602
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Sat, 03 May 2025 10:35:35 GMT

GET
H2 200 front-end.css
s0.wp.com/wp-content/themes/a8c/wpscan/wpscan-blocks/build/header-authentication/ 18 KB
5 KB 41ms
15ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/themes/a8c/wpscan/wpscan-blocks/build/header-authentication/front-end.css?m=1702662004i&cssminify=yes
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 9ea4014a36c926585ea174c56419c5e621f1d665df5203280da8097dde91f170

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT hhn 1
server: nginx
etag: W/22949-1702662008559.1091
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Sun, 15 Dec 2024 10:41:35 GMT

GET
H2 200 style-index.css
s0.wp.com/wp-content/themes/a8c/wpscan/wpscan-blocks/build/site-header/ 22 KB
3 KB 31ms
6ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/themes/a8c/wpscan/wpscan-blocks/build/site-header/style-index.css?m=1707753011i&cssminify=yes
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: d13dd52675ea4f88e0e1a78bd4f85c2571096d3783e6d694af96e4b60a1d1b22

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT hhn 1
server: nginx
etag: W/22344-1707753014702.9314
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 11 Feb 2025 15:57:11 GMT

GET
H2 200 /
s0.wp.com/_static/ 32 KB
7 KB 40ms
14ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJydjEEKgCAQAD+UrR6KLtFbTJfQdJXWxe9HUB/oOMMw0KtyhRpSgyyqJjkCMURs1brzZWAhyMVLQgZnryKMCbiHipfahXzC0TEP8H/2NZ94fltezbxMxkx61vEGx+U/hQ==&cssminify=yes
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 25ee8903d79dafe188d9b51dcf4de5e43d8bfdb39c3cbd19d725fd15a5cb3000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 26 May 2023 15:31:16 GMT
server: nginx
etag: W/"6470d0c4-7e84"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Sat, 25 May 2024 16:37:41 GMT

GET
H2 200 view.css
s0.wp.com/wp-content/mu-plugins/jetpack-plugin/sun/_inc/blocks/subscriptions/ 8 KB
1 KB 40ms
15ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/jetpack-plugin/sun/_inc/blocks/subscriptions/view.css?m=1714510484i&cssminify=yes
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 5b3a660c1b76da9bbcfcb172d4e4fdd35fb2106cff8c644eeb5d05736f3145b2

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT hhn 1
server: nginx
etag: W/8380-1714510495479.9253
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 30 Apr 2025 21:07:23 GMT

GET
H2 200 style.css
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/block-library/blocks/social-links/ 10 KB
2 KB 40ms
15ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/block-library/blocks/social-links/style.css?m=1714730783i&cssminify=yes
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: d877bcfeb3d95204ef9f807d2ef1994d3df56b15174944ed4655af09b49a5a08

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT hhn 1
server: nginx
etag: W/10596-1714730802247.6008
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Sat, 03 May 2025 12:01:12 GMT

GET
H2 200 /
s0.wp.com/_static/ 369 B
676 B 30ms
5ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/mu-plugins/core-compat/wp-mediaelement.css,/wp-content/mu-plugins/wpcom-bbpress-premium-themes.css?m=1432920480j&cssminify=yes
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 9c83b89ab9d2677980617afacb833a74da3050a2d3d711176b500d7922e49ab5

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 19 May 2023 02:57:01 GMT
server: nginx
etag: "6466e57d-171"
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 369
expires: Sat, 09 Nov 2024 15:12:34 GMT

GET
H2 200 /
s0.wp.com/_static/ 84 KB
31 KB 30ms
6ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/mu-plugins/comment-likes/css/comment-likes.css,/i/noticons/noticons.css,/wp-content/themes/a8c/wpscan/style.css?m=1702663271j&cssminify=yes
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 0c5901a67a4639e9d9dc8e29cb37ca8ecd92f99bd47cbaa6760d2f9c0afadd70

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 15 Dec 2023 18:01:15 GMT
server: nginx
etag: W/"657c946b-150d0"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Sun, 15 Dec 2024 10:41:35 GMT

GET
H2 200 css2
fonts-api.wp.com/ 21 KB
1 KB 53ms
28ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css2?family=Inter%3Awght%40100%3B200%3B300%3B400%3B500%3B600%3B700%3B800%3B900&display=swap&ver=1702663271

Requested by

Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

dce8ccb14dbf05095410baefc4794b19f0266e9787146aac1082ea853cd03ba5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 02:10:19 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-nc: BYPASS hhn 2
last-modified: Wed, 08 May 2024 01:58:45 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 /
s0.wp.com/_static/ 3 KB
1 KB 41ms
17ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJx9jd0OgjAMhV/IWbiAeGN8FDO7ModjJWsHry+CPzEx3vU7pycfzKNBTkpJYShmjMWHJNCTjhZvTwYp6RWdJ0qOM9iiPFjVgO9nIZvxCpIR5uA8qQCKwBabLTJdXm1uv1Q7+G33xCYyWg2cvsB00Yb8b5rpEtkvp1/dH3yMTsOxbg9NXTdVW/V3YZNeIw==&cssminify=yes
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 3938c8cc0f5f7786f1e83dc1bb17670f6fdab720087313a9013c291e2b50e960

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 26 May 2023 15:31:16 GMT
server: nginx
etag: W/"6470d0c4-dc4"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Sat, 25 May 2024 19:30:12 GMT

GET
H2 200 /
s0.wp.com/_static/ 31 KB
12 KB 39ms
15ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyNjcsKQjEMBX/ImlsQry7ET5GahrbXNCmmRfx7H7gRN+7OwGEGbs2hSifpUIdrPFIRg4V6C3j5MNgQqBoHk4HlcKUYYry/Z5G0RrMV/C06FUEwxRLYsSa1L/iR9Uz1mc0bSKznwK/DsR787Kd5P/ntbnkAuNBIYA==&cssminify=yes
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 177413798e91791f7a111eb76e9b154bdc8eddc8f15a24487cacf6a46c459352

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Mon, 18 Mar 2024 19:29:44 GMT
server: nginx
etag: W/"65f89628-7b91"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 18 Mar 2025 19:55:00 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ 64 KB
21 KB 44ms
20ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyNjUEOwjAMBD9EaiqhkgviLdC4yFFiV7ZDxe9JJQ7c4Lo7swvbGmZhR3bIBlXuVDA0Q709ehaIFxmyHaBzxHNpCW0HE5nDEzmJ7tUq5bVQKZ1B9aES/5IU+35/cdGgjZ0q/qN9fX3wa72M5/EYp+kUY34D7+hMqw==
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 4802a16a9035772248123f970004bbf489c975f9e4fa0500b4ebcfb6f4d958b8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Tue, 19 Mar 2024 16:41:45 GMT
server: nginx
etag: W/"65f9c049-ff5d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Wed, 19 Mar 2025 16:42:28 GMT

GET
H2 200 react.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/vendors/ 10 KB
4 KB 47ms
23ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/vendors/react.min.js?m=1714730783i&ver=18
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: a851ac2edc584a3b08c0a057bb2d0c08ac95c4de2cc453e22a2c83305cce3694

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:42 GMT
server: nginx
etag: W/"6634b732-2884"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 react-dom.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/vendors/ 126 KB
42 KB 44ms
21ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/vendors/react-dom.min.js?m=1714730783i&ver=18
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 827253195ec32b4d90f7db617f3819bb6616b0e3beb3620e56c7b2f64c73a68d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:39 GMT
server: nginx
etag: W/"6634b72f-1f6e5"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/dom-ready/ 460 B
781 B 43ms
20ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/dom-ready/index.min.js?m=1714730783i&ver=222ad38e3e5e302c8bbf
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 52d995270969aed722e4e20184d2d424f0e1afb1040ef2273549bf0ba7c75d07

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:41 GMT
server: nginx
etag: "6634b731-1cc"
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 460
expires: Sat, 03 May 2025 19:56:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/hooks/ 4 KB
2 KB 41ms
18ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/hooks/index.min.js?m=1714730783i&ver=3aee234ea7807d8d70bc
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 24004b1763b0275d5a1d9f66f08616a54b95aeec1f0034766bbb479679a82fc3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:39 GMT
server: nginx
etag: W/"6634b72f-10a6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Mon, 05 May 2025 13:57:26 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/i18n/ 9 KB
4 KB 44ms
21ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/i18n/index.min.js?m=1714730783i&ver=5baa98e4345eccc97e24
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: d743ad07240fdc75d2e2a357b4ff44b334f6d4c53683e31e824aaf61d3bad0c9

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:39 GMT
server: nginx
etag: W/"6634b72f-227d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Mon, 05 May 2025 13:57:26 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/a11y/ 2 KB
1 KB 45ms
22ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/a11y/index.min.js?m=1714730783i&ver=9061ce25a6ee8a006b52
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 729cb114db2bc898ebd76af066a49a76432f8ad984505e6ecfcfbc37672813cf

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:38 GMT
server: nginx
etag: W/"6634b72e-939"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/url/ 8 KB
4 KB 49ms
26ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/url/index.min.js?m=1714730783i&ver=413660a39c97a1da8d51
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 8f0cc43f54fd55ab30f2110c7046f7bfce314f7cfad51248736e58cb8c01e79b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:39 GMT
server: nginx
etag: W/"6634b72f-2021"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/api-fetch/ 5 KB
3 KB 43ms
20ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/api-fetch/index.min.js?m=1714730783i&ver=1d1bb669e2c3067cc691
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: d6aa645764dc59ae4f0585681381d901f186cae336e44e1fbc8de1c0a529e7ff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:41 GMT
server: nginx
etag: W/"6634b731-155b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/blob/ 1 KB
879 B 44ms
22ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/blob/index.min.js?m=1714730783i&ver=94959d5178d135a3f178
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 81d80f7617f35c300905e4d00edab280731bc69dc5a1bb457a3171a296f0c579

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:41 GMT
server: nginx
etag: W/"6634b731-457"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/autop/ 5 KB
2 KB 49ms
26ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/autop/index.min.js?m=1714730783i&ver=dd02809e92d21384c288
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 499b2afc2ca8c8cd894668ae9c64b89438c8170ecd5251af73215052f5125d1a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:41 GMT
server: nginx
etag: W/"6634b731-15ee"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/block-serialization-default-parser/ 2 KB
1 KB 48ms
26ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/block-serialization-default-parser/index.min.js?m=1714730783i&ver=ccafd59466e043b1e67a
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: d6480caf5f26b15563f969737af7f284bf796de4dd63c8caaa3481fe75d05b80

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:41 GMT
server: nginx
etag: W/"6634b731-94e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/deprecated/ 687 B
775 B 43ms
21ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/deprecated/index.min.js?m=1714730783i&ver=5f56b9106e825b0b4ab3
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: fe788e0f7ae46a370ab3eb4f2a404269b1072e56135216713e39502c7dacde59

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:41 GMT
server: nginx
etag: W/"6634b731-2af"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/dom/ 12 KB
5 KB 43ms
21ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/dom/index.min.js?m=1714730783i&ver=44e4bca27663d6dfa4f6
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: bbc51c7d3315175c9f89d86add8afd37a09671935e0306a1fea6e0189f37901c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:39 GMT
server: nginx
etag: W/"6634b72f-3036"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/escape-html/ 1003 B
850 B 41ms
19ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/escape-html/index.min.js?m=1714730783i&ver=fbad781820bda8333f76
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: d413a32d4aad316a296461ff801272dc11512f252e5eba70da8e0673c204b235

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:39 GMT
server: nginx
etag: W/"6634b72f-3eb"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/element/ 11 KB
5 KB 41ms
19ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/element/index.min.js?m=1714730783i&ver=30b6834ec0d0e2c24761
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 6dc63fe3f880324c960483652ea9f872199ad3887e2e072e1925cb167bafa576

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:41 GMT
server: nginx
etag: W/"6634b731-2dfa"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/is-shallow-equal/ 1021 B
845 B 39ms
17ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/is-shallow-equal/index.min.js?m=1714730783i&ver=5299ef30233b42ce5199
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: d1250ea07224819d007acda104687b92e3a5174adacf12837fc5e9ff14021286

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:39 GMT
server: nginx
etag: W/"6634b72f-3fd"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/keycodes/ 3 KB
2 KB 39ms
17ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/keycodes/index.min.js?m=1714730783i&ver=54656f44cb3b10270813
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 45a05663a6bbdacc788b036380a0ee4c7b49b7bc498d8a98d8e5748b91e59030

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:42 GMT
server: nginx
etag: W/"6634b732-b1b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/priority-queue/ 3 KB
2 KB 39ms
18ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/priority-queue/index.min.js?m=1714730783i&ver=c01f24e11b08ca4aff89
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 96e284f53f584411c21ef89fa08219b4188014333413eef9f7de213669c25fa7

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:39 GMT
server: nginx
etag: W/"6634b72f-d06"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/compose/ 36 KB
13 KB 45ms
23ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/compose/index.min.js?m=1714730783i&ver=093c0dd3cc3b42e06b10
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 2e3161cf8fb5342820617a465c6fd72afa46a0b54db3a03813a691725310dbcb

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:42 GMT
server: nginx
etag: W/"6634b732-8f28"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/private-apis/ 3 KB
1 KB 44ms
22ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/private-apis/index.min.js?m=1714730783i&ver=52428a68ae244aabb6fb
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 466ce3f481df55d5402c2179fbfff4190e0881d9a94ab5303b4978bb123bd8db

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:42 GMT
server: nginx
etag: W/"6634b732-ad7"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/redux-routine/ 9 KB
3 KB 44ms
23ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/redux-routine/index.min.js?m=1714730783i&ver=786aeb57a8ae5605915c
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 97cc56205ee842e64adc7912cb7e86c6b31a90ba065cf46009c09bca05293059

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:42 GMT
server: nginx
etag: W/"6634b732-2207"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/data/ 26 KB
9 KB 43ms
21ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/data/index.min.js?m=1714730783i&ver=775ef911186224e99d04
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 4c1a698e927911868181713c7d0e7da0b92e77df92cdc16da18af9996d36e7f2

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:41 GMT
server: nginx
etag: W/"6634b731-68b5"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/html-entities/ 791 B
753 B 48ms
27ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/html-entities/index.min.js?m=1714730783i&ver=e9ce7ebd2e4bd93c7be1
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: a37ef75bef9c0b9ca67220a826fad8761b880347fbb763c56d38834eb1c5a302

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:41 GMT
server: nginx
etag: W/"6634b731-317"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/rich-text/ 29 KB
10 KB 41ms
20ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/rich-text/index.min.js?m=1714730783i&ver=d74d6fdfa4dd7a3d2b19
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: c27189ef18e573874cb6a29be7c8b65198b834b3730075acd911e8e620036d9a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:39 GMT
server: nginx
etag: W/"6634b72f-75d9"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/shortcode/ 3 KB
2 KB 41ms
20ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/shortcode/index.min.js?m=1714730783i&ver=76f6ae4ad6804e0c13db
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 91d0022cd0ba8821088854f4e21f21ddf56c1b1017446ca6189ff7bf593e2b72

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:39 GMT
server: nginx
etag: W/"6634b72f-b57"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/blocks/ 162 KB
52 KB 44ms
22ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/blocks/index.min.js?m=1714730783i&ver=8570854c2e71fb68a3b2
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 648de9ccf482ab921c21fcb7bee35c03e4b27d925ff118b58684224c3fcf7050

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:41 GMT
server: nginx
etag: W/"6634b731-286fc"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 moment.min.js Show response
s0.wp.com/wp-includes/js/dist/vendor/ 57 KB
19 KB 39ms
18ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-includes/js/dist/vendor/moment.min.js?m=1677512590i
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 56b95721a3bba73d47c6342c465047cc8d9d3d26384e42f452636862311d1389

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 19 May 2023 02:58:00 GMT
server: nginx
etag: W/"6466e5b8-e245"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Thu, 30 May 2024 20:23:04 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/date/ 81 KB
19 KB 47ms
26ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/date/index.min.js?m=1714730783i&ver=5fc751fe4ae7f26be56d
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 74d03376e6e562b5deb393114bd83ac81bbeb60f5bb382503c87b603d4c7afc6

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:39 GMT
server: nginx
etag: W/"6634b72f-1459b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/primitives/ 2 KB
1 KB 47ms
26ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/primitives/index.min.js?m=1714730783i&ver=b4d0cbe8c9d1406d9272
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 885ff1bcf0828fa69b7119bf6afa7a714a77cd706c3bb5a7464fdd5a42ea1f11

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:39 GMT
server: nginx
etag: W/"6634b72f-807"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/warning/ 314 B
636 B 40ms
19ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/warning/index.min.js?m=1714730783i&ver=180dc4315a2b8452c969
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 90b05973c3353ae40a2e848fc0af3791ff4451496bb74628a78e855d579b6030

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:42 GMT
server: nginx
etag: "6634b732-13a"
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 314
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/components/ 676 KB
213 KB 39ms
18ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/components/index.min.js?m=1714730783i&ver=d7241193572a2383c276
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: ac392de65b7432e0f4f00a8b08e2327a052366929ae44835a5da22d5e699cde7

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:39 GMT
server: nginx
etag: W/"6634b72f-a8e3f"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/keyboard-shortcuts/ 3 KB
2 KB 44ms
24ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/keyboard-shortcuts/index.min.js?m=1714730783i&ver=11e656b8022eefb724a9
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 0ef09f0ecd971a005906098e1ea1bd43f61ad95965d7dd3e95280e660c1e94b9

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:39 GMT
server: nginx
etag: W/"6634b72f-bc3"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/commands/ 45 KB
16 KB 41ms
20ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/commands/index.min.js?m=1714730783i&ver=9bc20b6f3bc5d577df06
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 04fbcc5c655eba5c04a46c8813bf0e72e93e92c38801741416fbbdceb9231cde

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:39 GMT
server: nginx
etag: W/"6634b72f-b500"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/notices/ 2 KB
1 KB 46ms
26ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/notices/index.min.js?m=1714730783i&ver=3b1baf0bf68fbf761c53
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: df309966f83e4286fd0ee29aaf050588318f17f069f7e85e3104f7df5ba7f07a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:39 GMT
server: nginx
etag: W/"6634b72f-81b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/preferences-persistence/ 5 KB
2 KB 42ms
22ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/preferences-persistence/index.min.js?m=1714730783i&ver=c909eb23fd4ebcefd711
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 5dc0ddf1a4e52508143c01647247427603126ce6f37d701b58687d3e600d26dd

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:42 GMT
server: nginx
etag: W/"6634b732-15f9"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/preferences/ 7 KB
3 KB 39ms
19ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/preferences/index.min.js?m=1714730783i&ver=7dd50a30a0deddcc4a3b
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 0d85a7c1f243b8df1bfc866e180404ac0b47f369acc5c778a7c8c78c5d6ec607

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:39 GMT
server: nginx
etag: W/"6634b72f-1cd5"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/style-engine/ 6 KB
2 KB 39ms
19ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/style-engine/index.min.js?m=1714730783i&ver=6f3270a97e88008ab3cd
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: d2387f3c3c625da53b1226e57f7606d2843dc2958dc9cfe59ce8fb5f56da36f5

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:41 GMT
server: nginx
etag: W/"6634b731-1707"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/token-list/ 1 KB
890 B 42ms
22ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/token-list/index.min.js?m=1714730783i&ver=2e4f9d7784b966f1b2aa
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 24b406d9c4aa4cbc7d8ca1e0825b1bb101ece5225006f5e705b0161578825426

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:41 GMT
server: nginx
etag: W/"6634b731-4f3"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/wordcount/ 2 KB
1 KB 43ms
23ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/wordcount/index.min.js?m=1714730783i&ver=cf9956240bdc3dee807e
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 4664afb0465f6d376a2d67e7297f91f00bbb8524db52638bef298082d80bbdf0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:41 GMT
server: nginx
etag: W/"6634b731-9b3"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:14:55 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/block-editor/ 843 KB
235 KB 39ms
19ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/block-editor/index.min.js?m=1714730783i&ver=9b7fadf8dc837bf21770
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: c9a31449beb621085452a734e77ec774966f1439bc6dbc0654095c1a3aa8bcd5

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
last-modified: Fri, 03 May 2024 10:06:41 GMT
server: nginx
etag: W/"6634b731-d2a2e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 06 May 2025 08:21:42 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ 251 KB
80 KB 47ms
27ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyVkMGOwjAMRH+I4C1o1eWA+BSUJqZ1mzpR7LTs3xNEdw+rvXCybI3eeAbWZFxkRVbQAWcUsF8O1iTO8jZMF6KbBLpCwcOA1mM2tlQ5KzmrFBluuUIMst+PsoO3oUKK5kWGhXD9S5mLSaH0xAIjarJu2naQwnAldrDxpHTiMqXnV/IvaxTIQU3K8f79ns92ui41Z8xQK4iz1drBr3ghjzFllJ9ggTrQOGHNm8n3WA0v87lpm4/D56ltjuMDyWyQeQ==
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: e412d6d94d1fd2c1ba500c589c1ba92f409fb1f45f8cc18cafb267fe9af16a7b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Tue, 12 Mar 2024 16:08:44 GMT
server: nginx
etag: W/"65f07e0c-3ea00"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Wed, 12 Mar 2025 16:39:04 GMT

GET
H2 200 navigation.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/interactivity/ 3 KB
1 KB 47ms
27ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/interactivity/navigation.min.js?ver=18.2.0
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: b0e5480451a7c60c95ff9ecf67c2f4bb2f5ffa934fd0722dc960d569eb028099

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:42 GMT
server: nginx
etag: W/"6634b732-d08"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Sat, 03 May 2025 10:35:35 GMT

GET
H2 200 search.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/interactivity/ 1 KB
926 B 38ms
18ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/interactivity/search.min.js?ver=18.2.0
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: b2fbdfe99409688beafbb77fc80b22cca852c09cceee191eb80927c868df6d79

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:41 GMT
server: nginx
etag: W/"6634b731-53f"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Wed, 07 May 2025 15:49:28 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/interactivity/ 34 KB
13 KB 46ms
27ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/interactivity/index.min.js?ver=18.2.0
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 5ab731f33fc9ae7491c2cfa14e84ee439b3b3d2acb093b210b6b9e8df23bf9cf

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 10:06:42 GMT
server: nginx
etag: W/"6634b732-882c"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Sat, 03 May 2025 10:35:35 GMT

GET
BLOB 200
OK b139a4fd-f636-4bbb-b733-8f10cdb0c8f3
https://wpscan.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://wpscan.com/b139a4fd-f636-4bbb-b733-8f10cdb0c8f3
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Length: 1185
Content-Type: text/javascript

GET
H2 200 /
s0.wp.com/ 1 KB
775 B 27ms
7ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/?custom-css=1&csblog=f0jyo&cscache=6&csrev=29
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 34221c1882376af01e489b7ccd0c5607abd62368279bdcf79c8b4b29ab8ace6f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-hacker: Want root? Visit join.a8c.com/hacker and mention this header.
date: Wed, 08 May 2024 02:10:19 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
server: nginx
x-nc: HIT hhn 1
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
host-header: WordPress.com
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 12 Nov 2024 11:22:10 GMT

GET
H2

200

screenshot-2024-05-03-at-9.45.50e280afam.png
wpscan.com/wp-content/uploads/2024/05/
Redirect Chain

https://a8cteam5105.files.wordpress.com/2024/05/screenshot-2024-05-03-at-9.45.50e280afam.png?w=1024
https://wpscan.com/wp-content/uploads/2024/05/screenshot-2024-05-03-at-9.45.50e280afam.png?w=1024

12 KB
12 KB

230ms
229ms

Image
image/webp

192.0.78.24
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wpscan.com/wp-content/uploads/2024/05/screenshot-2024-05-03-at-9.45.50e280afam.png?w=1024

Requested by

Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/

Protocol

Server

192.0.78.24 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a8326820d5a795932d55a6033c7a4de68fa10a37764c48cdfedf0681a34e4715

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://wpscan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Wed, 08 May 2024 02:10:20 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 14:51:26 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept
content-type: image/webp
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 11964
expires: Sun, 09 Jun 2024 18:06:18 GMT

Redirect headers

x-nc: hhn 31 np
date: Wed, 08 May 2024 02:10:20 GMT
x-content-type-options: nosniff
server: nginx
content-type: text/html
location: https://wpscan.com/wp-content/uploads/2024/05/screenshot-2024-05-03-at-9.45.50e280afam.png?w=1024
alt-svc: h3=":443"; ma=86400
content-length: 138

GET
H2

200

screenshot-2024-05-03-at-9.45.19e280afam.png
wpscan.com/wp-content/uploads/2024/05/
Redirect Chain

https://a8cteam5105.files.wordpress.com/2024/05/screenshot-2024-05-03-at-9.45.19e280afam.png?w=1024
https://wpscan.com/wp-content/uploads/2024/05/screenshot-2024-05-03-at-9.45.19e280afam.png?w=1024

21 KB
21 KB

241ms
241ms

Image
image/webp

192.0.78.24
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wpscan.com/wp-content/uploads/2024/05/screenshot-2024-05-03-at-9.45.19e280afam.png?w=1024

Requested by

Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/

Protocol

Server

192.0.78.24 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

46801f558d4cde129909a34a2da8fa4af902fc49a16e1792f285f99e602c3471

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://wpscan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Wed, 08 May 2024 02:10:20 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 14:52:13 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept
content-type: image/webp
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 21402
expires: Tue, 28 May 2024 05:01:32 GMT

Redirect headers

x-nc: hhn 31 np
date: Wed, 08 May 2024 02:10:20 GMT
x-content-type-options: nosniff
server: nginx
content-type: text/html
location: https://wpscan.com/wp-content/uploads/2024/05/screenshot-2024-05-03-at-9.45.19e280afam.png?w=1024
alt-svc: h3=":443"; ma=86400
content-length: 138

GET
H2

200

screenshot-2024-05-03-at-9.46.30e280afam-1.png
wpscan.com/wp-content/uploads/2024/05/
Redirect Chain

https://a8cteam5105.files.wordpress.com/2024/05/screenshot-2024-05-03-at-9.46.30e280afam-1.png?w=1024
https://wpscan.com/wp-content/uploads/2024/05/screenshot-2024-05-03-at-9.46.30e280afam-1.png?w=1024

28 KB
29 KB

224ms
223ms

Image
image/webp

192.0.78.24
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wpscan.com/wp-content/uploads/2024/05/screenshot-2024-05-03-at-9.46.30e280afam-1.png?w=1024

Requested by

Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/

Protocol

Server

192.0.78.24 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0ec4ca07c4fffcd58d16a8197d2ae292dca58b4d9a7afe37a5314fea12dfb563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://wpscan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Wed, 08 May 2024 02:10:20 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 14:53:20 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept
content-type: image/webp
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 29054
expires: Thu, 30 May 2024 17:42:39 GMT

Redirect headers

x-nc: hhn 31 np
date: Wed, 08 May 2024 02:10:20 GMT
x-content-type-options: nosniff
server: nginx
content-type: text/html
location: https://wpscan.com/wp-content/uploads/2024/05/screenshot-2024-05-03-at-9.46.30e280afam-1.png?w=1024
alt-svc: h3=":443"; ma=86400
content-length: 138

GET
H2 200 hovercards.min.js Show response
0.gravatar.com/js/hovercards/ 13 KB
5 KB 189ms
6ms Script
application/javascript 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://0.gravatar.com/js/hovercards/hovercards.min.js?ver=2024194d47d929f88574eb4a47e5b1778b683b87e7f6078bb6a33f34c1178752e83406

Requested by

Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4d47d929f88574eb4a47e5b1778b683b87e7f6078bb6a33f34c1178752e83406

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 02:10:20 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
last-modified: Mon, 01 Apr 2024 10:35:09 GMT
server: nginx
etag: W/"660a8ddd-3309"
content-type: application/javascript
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Wed, 15 May 2024 02:10:20 GMT

GET
H2 200 wpgroho.js Show response
s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/ 655 B
702 B 174ms
173ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240i
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: b6e4492d3b8358a81b80908b1f84e6bd2f64a7a46d48793af99d27bf29f4c2e8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
date: Wed, 08 May 2024 02:10:20 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT hhn 1
server: nginx
etag: W/1125-1684465005221.1526
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 30 May 2024 20:22:44 GMT

GET
H2

200

cropped-83c25-favicon.png
wpscan.com/wp-content/uploads/2023/08/
Redirect Chain

https://a8cteam5105.files.wordpress.com/2023/08/cropped-83c25-favicon.png?w=50
https://wpscan.com/wp-content/uploads/2023/08/cropped-83c25-favicon.png?w=50

1 KB
1 KB

207ms
206ms

Image
image/webp

192.0.78.24
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wpscan.com/wp-content/uploads/2023/08/cropped-83c25-favicon.png?w=50

Requested by

Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/

Protocol

Server

192.0.78.24 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

309630929cf16eb7f8b0acbf6b30099fb70ea75724f8476e82561f9d03b5898f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://wpscan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Wed, 08 May 2024 02:10:20 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _dca BYPASS
last-modified: Tue, 22 Aug 2023 18:06:06 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept
content-type: image/webp
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 1182
expires: Thu, 30 May 2024 12:07:39 GMT

Redirect headers

x-nc: hhn 31 np
date: Wed, 08 May 2024 02:10:20 GMT
x-content-type-options: nosniff
server: nginx
content-type: text/html
location: https://wpscan.com/wp-content/uploads/2023/08/cropped-83c25-favicon.png?w=50
alt-svc: h3=":443"; ma=86400
content-length: 138

GET
H2 200 / Show response
s0.wp.com/_static/ 83 KB
25 KB 174ms
174ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJydkN1OwzAMhV+IzDAJKBeIR5k8x2rdJU6JEwZvT7SGXVRoEtzZn45/zoHz4ihpYS0Qq1tCHUUNgpzY4L1y5QnVB8672e7gd/HMZUE69R6sKhxECY5VggfCnKpxuMp+wC6K3thKKcaG3PrKvAHbwTJxbDIcqFEjVEAzLpfB9Q9Rz59/c9HR4YPVpwxYS4pYitBVbIyZJrDczoof+8GVupXcstiTcOelmdu0/w7cJszs0fuvSyk69qTf4uvD8/3wtH98GfbzN1nMvnw=
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: d6f722983845ccb5aee06cc883da4ff8012b1bb815d67f7e69f9bd7e0854a3d5

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:20 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Thu, 22 Feb 2024 18:19:53 GMT
server: nginx
etag: W/"65d79049-14a75"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Fri, 21 Feb 2025 19:36:06 GMT

GET
H2 200 w.js Show response
stats.wp.com/ 12 KB
5 KB 191ms
8ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/w.js?67
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 79674b01741c3978417b6b9b4b98d125755e7bb468979d5cd593eac4b94cdb91

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
x-nc: HIT hhn
date: Wed, 08 May 2024 02:10:20 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/12827-1705538370042.3745
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400
expires: Fri, 17 Jan 2025 00:39:37 GMT

OPTIONS
H2 200 me
public-api.wordpress.com/wp/v2/users/ Frame 0
0 427ms
220ms Preflight
text/plain 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/wp/v2/users/me?context=edit&_locale=user

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: x-wp-nonce
Access-Control-Request-Method: GET
Origin: https://wpscan.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
access-control-allow-origin: https://wpscan.com
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
alt-svc: h3=":443"; ma=86400
content-encoding: br
content-type: text/plain;charset=utf-8
date: Wed, 08 May 2024 02:10:20 GMT
host-header: WordPress.com
link: <https://public-api.wordpress.com/>; rel="https://api.w.org/"
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding Origin
x-ac: 1.hhn _dca BYPASS
x-content-type-options: nosniff
x-hacker: Oh, Awesome: I/Opossum
x-robots-tag: noindex

GET
H3 404 me Show response
public-api.wordpress.com/wp/v2/users/ 114 B
678 B 248ms
236ms Fetch
application/json 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/wp/v2/users/me?context=edit&_locale=user

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v18.2.0/build/api-fetch/index.min.js?m=1714730783i&ver=1d1bb669e2c3067cc691

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.23 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

321227fe038fc2f282fd904a174fbaf931eb5d763ce64eded0e6a3f31d32119f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept: application/json, */*;q=0.1
Referer: https://wpscan.com/
X-WP-Nonce: 829b19872a
sec-ch-ua-platform: "Win32"

Response headers

x-hacker: Oh, Awesome: I/Opossum
date: Wed, 08 May 2024 02:10:20 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-ac: 1.hhn _dca BYPASS
host-header: WordPress.com
alt-svc: h3=":443"; ma=86400
server: nginx
vary: Accept-Encoding, Origin
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://wpscan.com
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
access-control-allow-credentials: true
x-robots-tag: noindex
link: <https://public-api.wordpress.com/>; rel="https://api.w.org/"
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type

GET
H2 200 page-background-general.svg
s0.wp.com/wp-content/themes/a8c/wpscan/assets/img/ 938 B
871 B 175ms
174ms Image
image/svg+xml 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/themes/a8c/wpscan/assets/img/page-background-general.svg
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??/wp-content/mu-plugins/comment-likes/css/comment-likes.css,/i/noticons/noticons.css,/wp-content/themes/a8c/wpscan/style.css?m=1702663271j&cssminify=yes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 23a68bd650da9efb54c5db9ae6f85dabdb8c83ffcfaed3aacf1e5017e667bd54

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://s0.wp.com/_static/??/wp-content/mu-plugins/comment-likes/css/comment-likes.css,/i/noticons/noticons.css,/wp-content/themes/a8c/wpscan/style.css?m=1702663271j&cssminify=yes
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:20 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
last-modified: Fri, 11 Aug 2023 16:21:42 GMT
server: nginx
etag: W/"64d66016-3aa"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Wed, 28 Aug 2024 10:17:55 GMT

GET
H2 200 a8c-analytics.js Show response
s0.wp.com/wp-content/mu-plugins/a8c-analytics/ 3 KB
2 KB 146ms
146ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/a8c-analytics/a8c-analytics.js?v=1712316471
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: e0fe415b06997c40f65d080af1f30cceb052472e66a35c3bb006f82cb0d26cfd

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
date: Wed, 08 May 2024 02:10:20 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT hhn 1
server: nginx
etag: W/3297-1712316478961.21
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Sat, 05 Apr 2025 11:28:11 GMT

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.wp.com/s/inter/v13/ 46 KB
46 KB 134ms
127ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css2?family=Inter%3Awght%40100%3B200%3B300%3B400%3B500%3B600%3B700%3B800%3B900&display=swap&ver=1702663271

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts-api.wp.com/
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:20 GMT
x-content-type-options: nosniff
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
server: nginx
age: 9925
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 46704
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 98ea495d590c298f281d8ddbe9c3a82c9d507d6c9a6bd6356fbfbb666ee037ff

Request headers

Referer
Origin: https://wpscan.com
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: application/octet-stream

GET
H2

200

screenshot-2024-05-03-at-9.48.05e280afam.png
wpscan.com/wp-content/uploads/2024/05/
Redirect Chain

https://a8cteam5105.files.wordpress.com/2024/05/screenshot-2024-05-03-at-9.48.05e280afam.png?w=1024
https://wpscan.com/wp-content/uploads/2024/05/screenshot-2024-05-03-at-9.48.05e280afam.png?w=1024

113 KB
114 KB

421ms
421ms

Image
image/webp

192.0.78.24
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wpscan.com/wp-content/uploads/2024/05/screenshot-2024-05-03-at-9.48.05e280afam.png?w=1024

Requested by

Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/

Protocol

Server

192.0.78.24 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c58ef4e83829a56e8d4667babdc28c8286fcac597d5b50adad73dbcb4ae83872

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://wpscan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Wed, 08 May 2024 02:10:20 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 03 May 2024 14:56:35 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept
content-type: image/webp
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 116082
expires: Fri, 14 Jun 2024 13:32:09 GMT

Redirect headers

x-nc: hhn 31 np
date: Wed, 08 May 2024 02:10:20 GMT
x-content-type-options: nosniff
server: nginx
content-type: text/html
location: https://wpscan.com/wp-content/uploads/2024/05/screenshot-2024-05-03-at-9.48.05e280afam.png?w=1024
alt-svc: h3=":443"; ma=86400
content-length: 138

GET
H2 200 master.html
widgets.wp.com/likes/ Frame 15AF 0
0 25ms
6ms Document
text/html 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.wp.com/likes/master.html?ver=20240508
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://wpscan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-encoding: br
content-type: text/html
date: Wed, 08 May 2024 02:10:20 GMT
etag: W/"65fd56ed-b00"
last-modified: Fri, 22 Mar 2024 10:01:17 GMT
server: nginx
timing-allow-origin: *
vary: Accept-Encoding
x-ac: 2.hhn _dfw MISS
x-nc: HIT hhn 2

GET
H2 200 g.gif
pixel.wp.com/ 50 B
177 B 12ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.9834937710888307
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Wed, 08 May 2024 02:10:20 GMT
cache-control: no-cache
server: nginx
alt-svc: h3=":443"; ma=86400
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
177 B 12ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?blog=221720208&v=wpcom&tz=-4&user_id=0&post=7089&subd=a8cteam5105&host=wpscan.com&ref=&rand=0.6407041542865213
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Wed, 08 May 2024 02:10:20 GMT
cache-control: no-cache
server: nginx
alt-svc: h3=":443"; ma=86400
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
177 B 11ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?crypt=UE40eW5QN0p8M2Y%2FRE1lSiYrZXhzUkM5fD1uTDNLUGt6QzVbd3FKb3Q4aWxfXXI3YWo4Qz1OQTklbU5iaFcmUVFuNjY9c2xqOUdMWmdBL19wOGp1T3xISjRRdT1tTj0xUG4vS0p4Y3xOZ2JRWVpORElfWH5SZEZOJllrVG8lPTcuVjYvWDl2Vmt2N3pLbH5keUY2ZlQuS1stRCtUPVQmMmx2RFZFWHRNRG0uP2M1emROMz1wNkYraGVdUWNmQz9RZC18c049STNHaW12Miw2V1AlU1RmTDJWNW5CMFFqdl9wL11DbmZbRn49bzd8VDJHSTVEbEpdeGdbZXkvYi53WHB6cy10K3RPOThBNzVWXz03WW9ZTjh8Xzh0U01CTXUlZlI2X0VWVGF2K3otJWRwQkRdcmpvWE8xd2stS2Y5dF1bUHBLa1U%3D&v=wpcom-no-pv&rand=0.3475312028111923
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Wed, 08 May 2024 02:10:20 GMT
cache-control: no-cache
server: nginx
alt-svc: h3=":443"; ma=86400
content-length: 50
content-type: image/gif

GET
H3 200 wp-emoji-release.min.js Show response
s0.wp.com/wp-includes/js/ 18 KB
5 KB 6ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1710334132i&ver=6.5.3-alpha-58086
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Wed, 08 May 2024 02:10:20 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
last-modified: Wed, 13 Mar 2024 12:49:00 GMT
server: nginx
etag: W/"65f1a0bc-4926"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Sat, 03 May 2025 14:00:22 GMT

GET
H3 200 965.a8c-analytics.js Show response
s0.wp.com/wp-content/mu-plugins/a8c-analytics/ 16 KB
6 KB 7ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/a8c-analytics/965.a8c-analytics.js
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/wp-content/mu-plugins/a8c-analytics/a8c-analytics.js?v=1712316471
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 9b4bb033db4d3890108d5c9c56cd77d4e10707a5f7721341952f66ade15c0c22

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
date: Wed, 08 May 2024 02:10:20 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT hhn 1
server: nginx
etag: W/15911-1712316478957.21
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Sat, 05 Apr 2025 11:28:33 GMT

GET
H2 200 hovercards.min.css
0.gravatar.com/js/hovercards/ 4 KB
1 KB 7ms
6ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://0.gravatar.com/js/hovercards/hovercards.min.css?ver=2024194d47d929f88574eb4a47e5b1778b683b87e7f6078bb6a33f34c1178752e83406

Requested by

Host: 0.gravatar.com
URL: https://0.gravatar.com/js/hovercards/hovercards.min.js?ver=2024194d47d929f88574eb4a47e5b1778b683b87e7f6078bb6a33f34c1178752e83406

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4845f9cdb0fbf13f3cf2fbb844bd4152071e338703f737c988051b154529d201

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 02:10:20 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
last-modified: Mon, 01 Apr 2024 10:35:09 GMT
server: nginx
etag: W/"660a8ddd-e1d"
content-type: text/css
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Wed, 15 May 2024 02:10:20 GMT

GET
H2 200 remote-login.php
r-login.wordpress.com/ Frame AC87 0
0 166ms
147ms Document
text/html 192.0.78.18
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://r-login.wordpress.com/remote-login.php?wpcom_remote_login=key&origin=aHR0cHM6Ly93cHNjYW4uY29t&wpcomid=221720208&time=1715134219

Requested by

Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.18 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://wpscan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, must-revalidate, max-age=0
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 08 May 2024 02:10:20 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding Cookie
x-ac: 1.hhn _dfw MISS

GET
H3 200 554.a8c-analytics.js Show response
s0.wp.com/wp-content/mu-plugins/a8c-analytics/ 19 KB
6 KB 6ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/a8c-analytics/554.a8c-analytics.js
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/wp-content/mu-plugins/a8c-analytics/a8c-analytics.js?v=1712316471
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: aec792cc15cffb9bfd9a157693fee4aabe72372a8fe91fe079287eb8c445d2e3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
date: Wed, 08 May 2024 02:10:20 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT hhn 1
server: nginx
etag: W/19466-1712316484104.083
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Sat, 05 Apr 2025 11:28:33 GMT

GET
H3 200 126.a8c-analytics.js Show response
s0.wp.com/wp-content/mu-plugins/a8c-analytics/ 9 KB
4 KB 6ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/a8c-analytics/126.a8c-analytics.js
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/wp-content/mu-plugins/a8c-analytics/a8c-analytics.js?v=1712316471
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: e4e83384cc531eb80f5626d9b2bebdd4d5f54fe4b4149ee3d87eddc4ee7e2b06

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
date: Wed, 08 May 2024 02:10:20 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT hhn 1
server: nginx
etag: W/9600-1712316480545.7031
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Sat, 05 Apr 2025 11:28:34 GMT

GET
H2 200 / Show response
public-api.wordpress.com/geo/ 130 B
367 B 105ms
105ms Fetch
application/json 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/geo/?_=1715134220338

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/wp-content/mu-plugins/a8c-analytics/965.a8c-analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3409f688fff31f269583f0ad0e40ac7c47bfbea77787499b9d1284da7649aa8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-hacker: Want root? Visit join.a8c.com/hacker and mention this header.
date: Wed, 08 May 2024 02:10:20 GMT
content-encoding: br
x-ac: 1.hhn _dca BYPASS
strict-transport-security: max-age=31536000
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
host-header: WordPress.com
alt-svc: h3=":443"; ma=86400

GET
H2 200 g.gif
pixel.wp.com/ 50 B
177 B 7ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?x_cookie-banner-view=total%2Cwpscan-com&v=wpcom-no-pv&rand=0.19850573602134602
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Wed, 08 May 2024 02:10:20 GMT
cache-control: no-cache
server: nginx
alt-svc: h3=":443"; ma=86400
content-length: 50
content-type: image/gif

GET
H2 200 t.gif
pixel.wp.com/ 43 B
170 B 6ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/t.gif?site=wpscan.com&path=%2Fblog%2Fsurge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin%2F&_en=a8c_cookie_banner_view&_ui=6GSfXIEoagyRpBos5oUqIm%2B3&_ut=anon&_ts=1715134220447&_tz=-2&_lg=de-DE&_pf=Win32&_ht=1200&_wd=1600&_sx=0&_sy=0&_dl=https%3A%2F%2Fwpscan.com%2Fblog%2Fsurge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin%2F&_dr=&blog_id=221720208&blog_tz=-4&user_lang=en&blog_lang=en&user_id=0&_rt=1715134220450&_=_
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Wed, 08 May 2024 02:10:20 GMT
cache-control: no-cache
server: nginx
alt-svc: h3=":443"; ma=86400
content-length: 43
content-type: image/gif

GET
H3 200 actionbar.css
s0.wp.com/wp-content/mu-plugins/actionbar/ 15 KB
4 KB 7ms
6ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.css?v=20240115
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: c1e62caa83381d8a3c58be2a17f28bff4176e8ddcd882bb923f3152852c06df9

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
date: Wed, 08 May 2024 02:10:20 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT hhn 1
server: nginx
etag: W/18324-1705283922318.0986
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 14 Jan 2025 01:58:53 GMT

GET
H3 200 actionbar.js Show response
s0.wp.com/wp-content/mu-plugins/actionbar/ 8 KB
3 KB 7ms
7ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.js?v=20231122
Requested by: Host: wpscan.com
URL: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 28bac34917bba2f5ebef5c3a1533fdfcd9c7c6e0accef5bc18addd58adeb1181

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://wpscan.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
date: Wed, 08 May 2024 02:10:20 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
x-minify: t
alt-svc: h3=":443"; ma=86400
x-nc: HIT hhn 1
server: nginx
etag: W/15129-1699585415136.014
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 21 Nov 2024 12:53:02 GMT

GET
H3

200

cropped-83c25-favicon.png
wpscan.com/wp-content/uploads/2023/08/
Redirect Chain

https://a8cteam5105.files.wordpress.com/2023/08/cropped-83c25-favicon.png?w=32
https://wpscan.com/wp-content/uploads/2023/08/cropped-83c25-favicon.png?w=32

588 B
826 B

136ms
136ms

Other
image/webp

192.0.78.24
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://wpscan.com/wp-content/uploads/2023/08/cropped-83c25-favicon.png?w=32

Protocol

Server

192.0.78.24 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0fd3d48d974180aa81b498f5f82b883044895dcebbf4a04f9017d696365578a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://wpscan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Wed, 08 May 2024 02:10:20 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _dca BYPASS
last-modified: Tue, 22 Aug 2023 18:06:06 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept
content-type: image/webp
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 588
expires: Sat, 08 Jun 2024 13:53:52 GMT

Redirect headers

x-nc: hhn 31 np
date: Wed, 08 May 2024 02:10:20 GMT
x-content-type-options: nosniff
server: nginx
content-type: text/html
location: https://wpscan.com/wp-content/uploads/2023/08/cropped-83c25-favicon.png?w=32
alt-svc: h3=":443"; ma=86400
content-length: 138

POST
H3 200 admin-ajax.php
wpscan.com/wp-admin/ 0
0 215ms
215ms Fetch
text/html 192.0.78.24
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://wpscan.com/wp-admin/admin-ajax.php

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.js?v=20231122

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.24 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

x-hacker: Want root? Visit join.a8c.com/hacker and mention this header.
date: Wed, 08 May 2024 02:10:20 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
x-ac: 2.hhn _dca BYPASS
host-header: WordPress.com
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: nginx
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://wpscan.com
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-robots-tag: noindex
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H3 200 index.html
widgets.wp.com/likes/ Frame 4B0D 0
0 6ms
6ms Document
text/html 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.wp.com/likes/index.html?ver=20240508
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJydkN1OwzAMhV+IzDAJKBeIR5k8x2rdJU6JEwZvT7SGXVRoEtzZn45/zoHz4ihpYS0Qq1tCHUUNgpzY4L1y5QnVB8672e7gd/HMZUE69R6sKhxECY5VggfCnKpxuMp+wC6K3thKKcaG3PrKvAHbwTJxbDIcqFEjVEAzLpfB9Q9Rz59/c9HR4YPVpwxYS4pYitBVbIyZJrDczoof+8GVupXcstiTcOelmdu0/w7cJszs0fuvSyk69qTf4uvD8/3wtH98GfbzN1nMvnw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://wpscan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 145
content-type: text/html
date: Wed, 08 May 2024 02:10:20 GMT
etag: "65c4a068-91"
last-modified: Thu, 08 Feb 2024 09:35:36 GMT
server: nginx
timing-allow-origin: *
x-ac: 2.hhn _dfw MISS
x-nc: HIT hhn 2

Verdicts & Comments Add Verdict or Comment

68 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
wpscan.com/	1970-01-20 20:25:55	Name: country_code Value: DE
wpscan.com/	1970-01-20 20:25:55	Name: region Value: Hamburg
.wpscan.com/	1970-01-21 06:01:34	Name: tk_ai Value: 6GSfXIEoagyRpBos5oUqIm%2B3
.wpscan.com/	1970-01-20 20:25:36	Name: tk_qs Value:

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://public-api.wordpress.com/wp/v2/users/me?context=edit&_locale=user Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.gravatar.com
a8cteam5105.files.wordpress.com
fonts-api.wp.com
fonts.wp.com
pixel.wp.com
public-api.wordpress.com
r-login.wordpress.com
s0.wp.com
stats.wp.com
widgets.wp.com
wpscan.com
192.0.72.31
192.0.76.3
192.0.77.32
192.0.78.18
192.0.78.23
192.0.78.24
2a04:fa87:fffe::c000:4902
04fbcc5c655eba5c04a46c8813bf0e72e93e92c38801741416fbbdceb9231cde
0c5901a67a4639e9d9dc8e29cb37ca8ecd92f99bd47cbaa6760d2f9c0afadd70
0d85a7c1f243b8df1bfc866e180404ac0b47f369acc5c778a7c8c78c5d6ec607
0ec4ca07c4fffcd58d16a8197d2ae292dca58b4d9a7afe37a5314fea12dfb563
0ef09f0ecd971a005906098e1ea1bd43f61ad95965d7dd3e95280e660c1e94b9
0fd3d48d974180aa81b498f5f82b883044895dcebbf4a04f9017d696365578a1
177413798e91791f7a111eb76e9b154bdc8eddc8f15a24487cacf6a46c459352
23a68bd650da9efb54c5db9ae6f85dabdb8c83ffcfaed3aacf1e5017e667bd54
24004b1763b0275d5a1d9f66f08616a54b95aeec1f0034766bbb479679a82fc3
24b406d9c4aa4cbc7d8ca1e0825b1bb101ece5225006f5e705b0161578825426
25ee8903d79dafe188d9b51dcf4de5e43d8bfdb39c3cbd19d725fd15a5cb3000
28bac34917bba2f5ebef5c3a1533fdfcd9c7c6e0accef5bc18addd58adeb1181
2e3161cf8fb5342820617a465c6fd72afa46a0b54db3a03813a691725310dbcb
309630929cf16eb7f8b0acbf6b30099fb70ea75724f8476e82561f9d03b5898f
321227fe038fc2f282fd904a174fbaf931eb5d763ce64eded0e6a3f31d32119f
3409f688fff31f269583f0ad0e40ac7c47bfbea77787499b9d1284da7649aa8b
34221c1882376af01e489b7ccd0c5607abd62368279bdcf79c8b4b29ab8ace6f
376eacb307ddbfb56e702fe1c39363c70218d2e4ac32d7ba96f0403da942a093
3938c8cc0f5f7786f1e83dc1bb17670f6fdab720087313a9013c291e2b50e960
45a05663a6bbdacc788b036380a0ee4c7b49b7bc498d8a98d8e5748b91e59030
4664afb0465f6d376a2d67e7297f91f00bbb8524db52638bef298082d80bbdf0
466ce3f481df55d5402c2179fbfff4190e0881d9a94ab5303b4978bb123bd8db
46801f558d4cde129909a34a2da8fa4af902fc49a16e1792f285f99e602c3471
4802a16a9035772248123f970004bbf489c975f9e4fa0500b4ebcfb6f4d958b8
4845f9cdb0fbf13f3cf2fbb844bd4152071e338703f737c988051b154529d201
499b2afc2ca8c8cd894668ae9c64b89438c8170ecd5251af73215052f5125d1a
4c1a698e927911868181713c7d0e7da0b92e77df92cdc16da18af9996d36e7f2
4d47d929f88574eb4a47e5b1778b683b87e7f6078bb6a33f34c1178752e83406
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
52d995270969aed722e4e20184d2d424f0e1afb1040ef2273549bf0ba7c75d07
56b95721a3bba73d47c6342c465047cc8d9d3d26384e42f452636862311d1389
5ab731f33fc9ae7491c2cfa14e84ee439b3b3d2acb093b210b6b9e8df23bf9cf
5b3a660c1b76da9bbcfcb172d4e4fdd35fb2106cff8c644eeb5d05736f3145b2
5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c
5dc0ddf1a4e52508143c01647247427603126ce6f37d701b58687d3e600d26dd
648de9ccf482ab921c21fcb7bee35c03e4b27d925ff118b58684224c3fcf7050
6dc63fe3f880324c960483652ea9f872199ad3887e2e072e1925cb167bafa576
729cb114db2bc898ebd76af066a49a76432f8ad984505e6ecfcfbc37672813cf
74d03376e6e562b5deb393114bd83ac81bbeb60f5bb382503c87b603d4c7afc6
79674b01741c3978417b6b9b4b98d125755e7bb468979d5cd593eac4b94cdb91
81d80f7617f35c300905e4d00edab280731bc69dc5a1bb457a3171a296f0c579
827253195ec32b4d90f7db617f3819bb6616b0e3beb3620e56c7b2f64c73a68d
885ff1bcf0828fa69b7119bf6afa7a714a77cd706c3bb5a7464fdd5a42ea1f11
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
8f0cc43f54fd55ab30f2110c7046f7bfce314f7cfad51248736e58cb8c01e79b
90b05973c3353ae40a2e848fc0af3791ff4451496bb74628a78e855d579b6030
91d0022cd0ba8821088854f4e21f21ddf56c1b1017446ca6189ff7bf593e2b72
96e284f53f584411c21ef89fa08219b4188014333413eef9f7de213669c25fa7
97cc56205ee842e64adc7912cb7e86c6b31a90ba065cf46009c09bca05293059
98ea495d590c298f281d8ddbe9c3a82c9d507d6c9a6bd6356fbfbb666ee037ff
9b4bb033db4d3890108d5c9c56cd77d4e10707a5f7721341952f66ade15c0c22
9c83b89ab9d2677980617afacb833a74da3050a2d3d711176b500d7922e49ab5
9ea4014a36c926585ea174c56419c5e621f1d665df5203280da8097dde91f170
a37ef75bef9c0b9ca67220a826fad8761b880347fbb763c56d38834eb1c5a302
a6f824aa94d333e161acdb2fc725add690d0fe557ae9983a165d8598066b8bc4
a8326820d5a795932d55a6033c7a4de68fa10a37764c48cdfedf0681a34e4715
a851ac2edc584a3b08c0a057bb2d0c08ac95c4de2cc453e22a2c83305cce3694
ac392de65b7432e0f4f00a8b08e2327a052366929ae44835a5da22d5e699cde7
aec792cc15cffb9bfd9a157693fee4aabe72372a8fe91fe079287eb8c445d2e3
b0e5480451a7c60c95ff9ecf67c2f4bb2f5ffa934fd0722dc960d569eb028099
b2fbdfe99409688beafbb77fc80b22cca852c09cceee191eb80927c868df6d79
b6e4492d3b8358a81b80908b1f84e6bd2f64a7a46d48793af99d27bf29f4c2e8
bbc51c7d3315175c9f89d86add8afd37a09671935e0306a1fea6e0189f37901c
c1e62caa83381d8a3c58be2a17f28bff4176e8ddcd882bb923f3152852c06df9
c27189ef18e573874cb6a29be7c8b65198b834b3730075acd911e8e620036d9a
c58ef4e83829a56e8d4667babdc28c8286fcac597d5b50adad73dbcb4ae83872
c8c8de9f2c25e4e47071bf4a48cc25a3e776962b0c4de8c02f70c6e4d2aa9551
c9a31449beb621085452a734e77ec774966f1439bc6dbc0654095c1a3aa8bcd5
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d1250ea07224819d007acda104687b92e3a5174adacf12837fc5e9ff14021286
d13dd52675ea4f88e0e1a78bd4f85c2571096d3783e6d694af96e4b60a1d1b22
d2387f3c3c625da53b1226e57f7606d2843dc2958dc9cfe59ce8fb5f56da36f5
d413a32d4aad316a296461ff801272dc11512f252e5eba70da8e0673c204b235
d6480caf5f26b15563f969737af7f284bf796de4dd63c8caaa3481fe75d05b80
d6aa645764dc59ae4f0585681381d901f186cae336e44e1fbc8de1c0a529e7ff
d6f722983845ccb5aee06cc883da4ff8012b1bb815d67f7e69f9bd7e0854a3d5
d743ad07240fdc75d2e2a357b4ff44b334f6d4c53683e31e824aaf61d3bad0c9
d877bcfeb3d95204ef9f807d2ef1994d3df56b15174944ed4655af09b49a5a08
dce8ccb14dbf05095410baefc4794b19f0266e9787146aac1082ea853cd03ba5
df309966f83e4286fd0ee29aaf050588318f17f069f7e85e3104f7df5ba7f07a
e0fe415b06997c40f65d080af1f30cceb052472e66a35c3bb006f82cb0d26cfd
e412d6d94d1fd2c1ba500c589c1ba92f409fb1f45f8cc18cafb267fe9af16a7b
e4e83384cc531eb80f5626d9b2bebdd4d5f54fe4b4149ee3d87eddc4ee7e2b06
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
fe788e0f7ae46a370ab3eb4f2a404269b1072e56135216713e39502c7dacde59

wpscan.com Open in urlscan Pro 192.0.78.24 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

92 Requests

92 %HTTPS

14 %IPv6

4 Domains

11 Subdomains

7 IPs

2 Countries

1211 kBTransfer

3401 kBSize

4 Cookies

18 Outgoing links

Redirected requests

92 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

wpscan.com Open in urlscan Pro
192.0.78.24 Public Scan

Screenshot
Live screenshot

Full Image

92
Requests

92 %
HTTPS

14 %
IPv6

4
Domains

11
Subdomains

7
IPs

2
Countries

1211 kB
Transfer

3401 kB
Size

4
Cookies

92 HTTP transactions
1 data transactions