0ffset.net
Open in
urlscan Pro
185.201.10.87
Public Scan
Effective URL: https://0ffset.net/reverse-engineering/malware-analysis/analyzing-turlas-keylogger-1/
Submission: On August 13 via api from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on July 1st 2019. Valid for: 3 months.
This is the only time 0ffset.net was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 192.0.78.25 192.0.78.25 | 2635 (AUTOMATTIC) (AUTOMATTIC - Automattic) | |
1 9 | 185.201.10.87 185.201.10.87 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
1 | 2a00:1450:400... 2a00:1450:4001:809::2002 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 54.230.95.180 54.230.95.180 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 52.85.184.123 52.85.184.123 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 192.0.77.32 192.0.77.32 | 2635 (AUTOMATTIC) (AUTOMATTIC - Automattic) | |
1 | 2a04:fa87:fff... 2a04:fa87:fffe::c000:4902 | 2635 (AUTOMATTIC) (AUTOMATTIC - Automattic) | |
1 | 192.0.76.3 192.0.76.3 | 2635 (AUTOMATTIC) (AUTOMATTIC - Automattic) | |
31 | 8 |
ASN15169 (GOOGLE - Google LLC, US)
pagead2.googlesyndication.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-95-180.fra2.r.cloudfront.net
downloads.mailchimp.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-184-123.fra2.r.cloudfront.net
z-na.amazon-adsystem.com |
ASN2635 (AUTOMATTIC - Automattic, Inc, US)
PTR: wordpress.com
s0.wp.com |
ASN2635 (AUTOMATTIC - Automattic, Inc, US)
secure.gravatar.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
0ffset.net
1 redirects
0ffset.net |
81 KB |
2 |
wp.com
c0.wp.com Failed s0.wp.com stats.wp.com |
6 KB |
1 |
gravatar.com
secure.gravatar.com |
7 KB |
1 |
amazon-adsystem.com
z-na.amazon-adsystem.com |
8 KB |
1 |
mailchimp.com
downloads.mailchimp.com |
46 KB |
1 |
googlesyndication.com
pagead2.googlesyndication.com |
35 KB |
1 |
wp.me
1 redirects
wp.me |
107 B |
0 |
fontawesome.com
Failed
use.fontawesome.com Failed |
|
31 | 8 |
Domain | Requested by | |
---|---|---|
9 | 0ffset.net |
1 redirects
0ffset.net
|
1 | stats.wp.com |
0ffset.net
|
1 | secure.gravatar.com |
0ffset.net
|
1 | s0.wp.com |
0ffset.net
|
1 | z-na.amazon-adsystem.com |
0ffset.net
|
1 | downloads.mailchimp.com |
0ffset.net
|
1 | pagead2.googlesyndication.com |
0ffset.net
|
1 | wp.me | 1 redirects |
0 | use.fontawesome.com Failed |
0ffset.net
|
0 | c0.wp.com Failed |
0ffset.net
|
31 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
0ffset.net Let's Encrypt Authority X3 |
2019-07-01 - 2019-09-29 |
3 months | crt.sh |
*.g.doubleclick.net Google Internet Authority G3 |
2019-07-29 - 2019-10-21 |
3 months | crt.sh |
downloads.mailchimp.com Amazon |
2019-07-24 - 2020-08-24 |
a year | crt.sh |
z-na.amazon-adsystem.com Amazon |
2019-06-12 - 2020-06-07 |
a year | crt.sh |
*.wp.com Go Daddy Secure Certificate Authority - G2 |
2018-04-10 - 2020-05-11 |
2 years | crt.sh |
*.gravatar.com COMODO RSA Domain Validation Secure Server CA |
2018-09-06 - 2020-09-05 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://0ffset.net/reverse-engineering/malware-analysis/analyzing-turlas-keylogger-1/
Frame ID: F45A6BAB62F16F0E71984F5AD47E4312
Requests: 31 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://wp.me/paA0Gi-BM
HTTP 301
https://0ffset.net/?p=2342 HTTP 301
https://0ffset.net/reverse-engineering/malware-analysis/analyzing-turlas-keylogger-1/ Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- headers link /rel="https:\/\/api\.w\.org\/"/i
PHP (Programming Languages) Expand
Detected patterns
- headers link /rel="https:\/\/api\.w\.org\/"/i
MySQL (Databases) Expand
Detected patterns
- headers link /rel="https:\/\/api\.w\.org\/"/i
LiteSpeed (Web Servers) Expand
Detected patterns
- headers server /^LiteSpeed$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://wp.me/paA0Gi-BM
HTTP 301
https://0ffset.net/?p=2342 HTTP 301
https://0ffset.net/reverse-engineering/malware-analysis/analyzing-turlas-keylogger-1/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
31 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
0ffset.net/reverse-engineering/malware-analysis/analyzing-turlas-keylogger-1/ Redirect Chain
|
76 KB 23 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
style.min.css
c0.wp.com/c/5.2.2/wp-includes/css/dist/block-library/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
theme.min.css
c0.wp.com/c/5.2.2/wp-includes/css/dist/block-library/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
foundation.min.css
0ffset.net/wp-content/themes/ubik/assets/css/ |
86 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.min.css
0ffset.net/wp-content/themes/ubik/assets/css/ |
41 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kirki-styles.css
0ffset.net/wp-content/themes/ubik/inc/customizer/kirki/assets/css/ |
0 83 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
social-logos.min.css
c0.wp.com/p/jetpack/7.6/_inc/social-logos/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jetpack.css
c0.wp.com/p/jetpack/7.6/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery.js
c0.wp.com/c/5.2.2/wp-includes/js/jquery/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery-migrate.min.js
c0.wp.com/c/5.2.2/wp-includes/js/jquery/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
related-posts.min.js
c0.wp.com/p/jetpack/7.6/_inc/build/related-posts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
all.js
use.fontawesome.com/releases/v5.0.13/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ |
93 KB 35 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
embed.js
downloads.mailchimp.com/js/signup-forms/popup/unique-methods/ |
128 KB 46 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wp-emoji-release.min.js
0ffset.net/wp-includes/js/ |
14 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
onejs
z-na.amazon-adsystem.com/widgets/ |
22 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
photon.min.js
c0.wp.com/p/jetpack/7.6/_inc/build/photon/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
devicepx-jetpack.js
s0.wp.com/wp-content/js/ |
10 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gprofiles.js
secure.gravatar.com/js/ |
20 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
wpgroho.js
c0.wp.com/p/jetpack/7.6/modules/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
comment-reply.min.js
c0.wp.com/c/5.2.2/wp-includes/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
foundation.min.js
0ffset.net/wp-content/themes/ubik/assets/js/ |
145 KB 30 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.js
0ffset.net/wp-content/themes/ubik/assets/js/ |
299 B 362 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
lazy-images.min.js
c0.wp.com/p/jetpack/7.6/_inc/build/lazy-images/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
wp-embed.min.js
c0.wp.com/c/5.2.2/wp-includes/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webfontloader.js
0ffset.net/wp-content/themes/ubik/inc/customizer/kirki/modules/webfont-loader/vendor-typekit/ |
12 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
spin.min.js
c0.wp.com/p/jetpack/7.6/_inc/build/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery.spin.min.js
c0.wp.com/p/jetpack/7.6/_inc/build/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jetpack-carousel.min.js
c0.wp.com/p/jetpack/7.6/_inc/build/carousel/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
sharing.min.js
c0.wp.com/p/jetpack/7.6/_inc/build/sharedaddy/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e-201933.js
stats.wp.com/ |
9 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- c0.wp.com
- URL
- https://c0.wp.com/c/5.2.2/wp-includes/css/dist/block-library/style.min.css
- Domain
- c0.wp.com
- URL
- https://c0.wp.com/c/5.2.2/wp-includes/css/dist/block-library/theme.min.css
- Domain
- c0.wp.com
- URL
- https://c0.wp.com/p/jetpack/7.6/_inc/social-logos/social-logos.min.css
- Domain
- c0.wp.com
- URL
- https://c0.wp.com/p/jetpack/7.6/css/jetpack.css
- Domain
- c0.wp.com
- URL
- https://c0.wp.com/c/5.2.2/wp-includes/js/jquery/jquery.js
- Domain
- c0.wp.com
- URL
- https://c0.wp.com/c/5.2.2/wp-includes/js/jquery/jquery-migrate.min.js
- Domain
- c0.wp.com
- URL
- https://c0.wp.com/p/jetpack/7.6/_inc/build/related-posts/related-posts.min.js
- Domain
- use.fontawesome.com
- URL
- https://use.fontawesome.com/releases/v5.0.13/js/all.js?ver=1.0.7
- Domain
- c0.wp.com
- URL
- https://c0.wp.com/p/jetpack/7.6/_inc/build/photon/photon.min.js
- Domain
- c0.wp.com
- URL
- https://c0.wp.com/p/jetpack/7.6/modules/wpgroho.js
- Domain
- c0.wp.com
- URL
- https://c0.wp.com/c/5.2.2/wp-includes/js/comment-reply.min.js
- Domain
- c0.wp.com
- URL
- https://c0.wp.com/p/jetpack/7.6/_inc/build/lazy-images/js/lazy-images.min.js
- Domain
- c0.wp.com
- URL
- https://c0.wp.com/c/5.2.2/wp-includes/js/wp-embed.min.js
- Domain
- c0.wp.com
- URL
- https://c0.wp.com/p/jetpack/7.6/_inc/build/spin.min.js
- Domain
- c0.wp.com
- URL
- https://c0.wp.com/p/jetpack/7.6/_inc/build/jquery.spin.min.js
- Domain
- c0.wp.com
- URL
- https://c0.wp.com/p/jetpack/7.6/_inc/build/carousel/jetpack-carousel.min.js
- Domain
- c0.wp.com
- URL
- https://c0.wp.com/p/jetpack/7.6/_inc/build/sharedaddy/sharing.min.js
Verdicts & Comments Add Verdict or Comment
6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| _wpemojiSettings object| twemoji object| wp0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
0ffset.net
c0.wp.com
downloads.mailchimp.com
pagead2.googlesyndication.com
s0.wp.com
secure.gravatar.com
stats.wp.com
use.fontawesome.com
wp.me
z-na.amazon-adsystem.com
c0.wp.com
use.fontawesome.com
185.201.10.87
192.0.76.3
192.0.77.32
192.0.78.25
2a00:1450:4001:809::2002
2a04:fa87:fffe::c000:4902
52.85.184.123
54.230.95.180
011761b9ddfd9f0068b4c33f0b8050fca7a4b4027fb68c51b785e20148654c9c
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
70c580d5c7439e70c79832c5dd4746b103c3e3189d6ffc5d9c1e946702f9cd40
9c42615b9f87888a452f177c5ea19899fb8a835b8f6d0b458824e6c332a0adce
9ce666b199a774165f176523f3da973bf725283d150e2f7c300a1015244e058f
ca297c838630b521184321c48f6fcab1fdebdd6cfd46c83352e920ebb8a2ffb4
ca4b0d3d055c964de2731c5c24e0399f30889f6bf8772b8574b6d0bec4f0b850
cd41474879208e1d39b3f82ef878c22717b68238ac3b4b4adbf48d671deaa896
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f32d41f2099a0be20e6b57c5e0d1b71c079d3e1345827b0f5c5b97c6e5e3f78d
f42a5638b326002362bf4a208495f03e4e92306fcd0b37bec3646eb596c92b03
f4799ef2939b8377cf33f07b07b6d90a4a245adbf1c6eaf47ee3b0fcefcc07fe
f6fff327333c07c4c9cedd568665b743dec36a3603eb2ac3413e31234a81ecb3