www.threatdown.com
Open in
urlscan Pro
192.0.66.84
Public Scan
Submitted URL: https://u33254697.ct.sendgrid.net/ls/click?upn=u001.rfmZKoSIQF-2FqHrRaNSBoLzRFXf9MMnJGq0-2FZOpcv9Cs2fL0WoJYqcat-2BWbH3wddaPFZzc1Xk...
Effective URL: https://www.threatdown.com/blog/workersdevbackdoor-and-madmxshell-converge-in-malvertising-campaigns/
Submission: On July 15 via api from IL — Scanned from IL
Effective URL: https://www.threatdown.com/blog/workersdevbackdoor-and-madmxshell-converge-in-malvertising-campaigns/
Submission: On July 15 via api from IL — Scanned from IL
Summary
This website contacted 20 IPs
in 3 countries
across 20 domains to perform 80 HTTP transactions.
The main IP is 192.0.66.84, located in
San Francisco, United States and
belongs to AUTOMATTIC, US.
The main domain is www.threatdown.com.
TLS certificate: Issued by E6 on June 7th 2024. Valid for: 3 months.
This is the only time www.threatdown.com was scanned on urlscan.io!
TLS certificate: Issued by E6 on June 7th 2024. Valid for: 3 months.
This is the only time www.threatdown.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
1
167.89.118.35
(Las Vegas, United States)
ASN11377 (SENDGRID, US)
PTR: o16789118x35.outbound-mail.sendgrid.net
ASN11377 (SENDGRID, US)
PTR: o16789118x35.outbound-mail.sendgrid.net
| u33254697.ct.sendgrid.net |
1
142.250.185.202
(United States)
ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f10.1e100.net
ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f10.1e100.net
| fonts.googleapis.com |
6
34.96.102.137
(Kansas City, United States)
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com
| dev.visualwebsiteoptimizer.com |
2
172.217.18.8
(United States)
ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f8.1e100.net
ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f8.1e100.net
| www.googletagmanager.com |
5
172.217.18.3
(United States)
ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f3.1e100.net
ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f3.1e100.net
| fonts.gstatic.com |
1
44.208.16.154
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-44-208-16-154.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-44-208-16-154.compute-1.amazonaws.com
| genesis.malwarebytes.com |
3
13.227.219.113
(United States)
ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-113.ams54.r.cloudfront.net
ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-113.ams54.r.cloudfront.net
| js.driftt.com |
1
104.18.10.34
(None, )
ASN13335 (CLOUDFLARENET, US)
ASN13335 (CLOUDFLARENET, US)
| 185c650ccfd84b27aad189f19681365b.js.ubembed.com |
1
18.238.243.28
(United States)
ASN16509 (AMAZON-02, US)
PTR: server-18-238-243-28.ams58.r.cloudfront.net
ASN16509 (AMAZON-02, US)
PTR: server-18-238-243-28.ams58.r.cloudfront.net
| assets.ubembed.com |
2
23.197.137.224
(Frankfurt am Main, Germany)
ASN16625 (AKAMAI-AS, US)
PTR: a23-197-137-224.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a23-197-137-224.deploy.static.akamaitechnologies.com
| munchkin.marketo.net |
1
172.217.18.14
(United States)
ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f14.1e100.net
ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f14.1e100.net
| analytics.google.com |
1
64.233.184.155
(United States)
ASN15169 (GOOGLE, US)
PTR: wa-in-f155.1e100.net
ASN15169 (GOOGLE, US)
PTR: wa-in-f155.1e100.net
| stats.g.doubleclick.net |
1
142.250.74.195
(Plainview, United States)
ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f3.1e100.net
ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f3.1e100.net
| www.google.co.il |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 35 |
threatdown.com
1 redirects
www.threatdown.com |
865 KB |
| 9 |
cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 554 |
155 KB |
| 6 |
visualwebsiteoptimizer.com
dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 4988 |
108 KB |
| 5 |
gstatic.com
fonts.gstatic.com |
81 KB |
| 4 |
wp.com
stats.wp.com — Cisco Umbrella Rank: 4519 pixel.wp.com — Cisco Umbrella Rank: 4225 |
8 KB |
| 3 |
bing.com
bat.bing.com — Cisco Umbrella Rank: 534 |
15 KB |
| 3 |
driftt.com
js.driftt.com — Cisco Umbrella Rank: 17606 |
62 KB |
| 2 |
marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 8471 |
6 KB |
| 2 |
ubembed.com
185c650ccfd84b27aad189f19681365b.js.ubembed.com assets.ubembed.com — Cisco Umbrella Rank: 26103 |
51 KB |
| 2 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112 |
212 KB |
| 1 |
mktoresp.com
805-usg-300.mktoresp.com — Cisco Umbrella Rank: 526619 |
318 B |
| 1 |
google.co.il
www.google.co.il — Cisco Umbrella Rank: 18481 |
408 B |
| 1 |
doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 252 |
256 B |
| 1 |
google.com
analytics.google.com — Cisco Umbrella Rank: 238 |
|
| 1 |
onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 1019 |
307 B |
| 1 |
malwarebytes.com
genesis.malwarebytes.com — Cisco Umbrella Rank: 426823 |
572 B |
| 1 |
weglot.com
api.weglot.com — Cisco Umbrella Rank: 55127 |
1 KB |
| 1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110 |
1 KB |
| 1 |
sendgrid.net
1 redirects
u33254697.ct.sendgrid.net |
304 B |
| 0 |
company-target.com
Failed
api.company-target.com Failed |
|
| 80 | 20 |
| Domain | Requested by | |
|---|---|---|
| 35 | www.threatdown.com |
1 redirects
www.threatdown.com
|
| 9 | cdn.cookielaw.org |
www.threatdown.com
cdn.cookielaw.org |
| 6 | dev.visualwebsiteoptimizer.com |
www.threatdown.com
dev.visualwebsiteoptimizer.com |
| 5 | fonts.gstatic.com |
fonts.googleapis.com
|
| 3 | bat.bing.com |
www.googletagmanager.com
bat.bing.com |
| 3 | js.driftt.com |
www.threatdown.com
js.driftt.com |
| 2 | munchkin.marketo.net |
www.threatdown.com
munchkin.marketo.net |
| 2 | pixel.wp.com |
www.threatdown.com
|
| 2 | www.googletagmanager.com |
www.threatdown.com
www.googletagmanager.com |
| 2 | stats.wp.com |
www.threatdown.com
|
| 1 | 805-usg-300.mktoresp.com |
munchkin.marketo.net
|
| 1 | www.google.co.il | |
| 1 | stats.g.doubleclick.net |
www.googletagmanager.com
|
| 1 | analytics.google.com |
www.googletagmanager.com
|
| 1 | geolocation.onetrust.com |
cdn.cookielaw.org
|
| 1 | assets.ubembed.com |
185c650ccfd84b27aad189f19681365b.js.ubembed.com
|
| 1 | 185c650ccfd84b27aad189f19681365b.js.ubembed.com |
www.googletagmanager.com
|
| 1 | genesis.malwarebytes.com |
www.threatdown.com
|
| 1 | api.weglot.com |
www.threatdown.com
|
| 1 | fonts.googleapis.com |
www.threatdown.com
|
| 1 | u33254697.ct.sendgrid.net | 1 redirects |
| 0 | api.company-target.com Failed |
js.driftt.com
|
| 80 | 22 |
This site contains links to these domains. Also see Links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| www.threatdown.com E6 |
2024-06-07 - 2024-09-05 |
3 months | crt.sh |
| upload.video.google.com WR2 |
2024-06-24 - 2024-09-16 |
3 months | crt.sh |
| *.wp.com Sectigo ECC Domain Validation Secure Server CA |
2023-11-28 - 2024-12-28 |
a year | crt.sh |
| *.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2 |
2024-06-29 - 2025-07-31 |
a year | crt.sh |
| *.google-analytics.com WR2 |
2024-06-24 - 2024-09-16 |
3 months | crt.sh |
| *.gstatic.com WR2 |
2024-06-24 - 2024-09-16 |
3 months | crt.sh |
| api.weglot.com WE1 |
2024-07-01 - 2024-09-29 |
3 months | crt.sh |
| malwarebytes.com Amazon RSA 2048 M02 |
2023-09-05 - 2024-10-03 |
a year | crt.sh |
| cookielaw.org Cloudflare Inc ECC CA-3 |
2024-03-01 - 2024-12-31 |
10 months | crt.sh |
| drift.com Amazon RSA 2048 M02 |
2023-08-15 - 2024-09-11 |
a year | crt.sh |
| *.js.ubembed.com E6 |
2024-06-11 - 2024-09-09 |
3 months | crt.sh |
| assets.ubembed.com Amazon RSA 2048 M03 |
2023-12-06 - 2025-01-03 |
a year | crt.sh |
| onetrust.com Cloudflare Inc ECC CA-3 |
2023-11-13 - 2024-11-12 |
a year | crt.sh |
| www.bing.com Microsoft Azure RSA TLS Issuing CA 04 |
2024-06-19 - 2024-12-16 |
6 months | crt.sh |
| *.marketo.net DigiCert TLS RSA SHA256 2020 CA1 |
2023-12-08 - 2024-12-11 |
a year | crt.sh |
| *.google.com WR2 |
2024-06-24 - 2024-09-16 |
3 months | crt.sh |
| *.g.doubleclick.net WR2 |
2024-06-24 - 2024-09-16 |
3 months | crt.sh |
| *.google.co.il WR2 |
2024-06-24 - 2024-09-16 |
3 months | crt.sh |
| *.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-09-07 - 2024-10-07 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://www.threatdown.com/blog/workersdevbackdoor-and-madmxshell-converge-in-malvertising-campaigns/
Frame ID: DF7F56102DF3CF46D6BBA99B3E3AF3A0
Requests: 79 HTTP requests in this frame
Frame:
https://js.driftt.com/core?d=1&embedId=7ghicgw4nish&eId=7ghicgw4nish®ion=US&forceShow=false&skipCampaigns=false&sessionId=0b8b3bb2-4b5d-4c13-91da-4284e77cfe6b&sessionStarted=1721066041.294&campaignRefreshToken=f070c715-aee0-4b58-bdf0-45ca01c266f4&hideController=false&pageLoadStartTime=1721066039370&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fworkersdevbackdoor-and-madmxshell-converge-in-malvertising-campaigns%2F
Frame ID: 4D36629C8A4FD69CD6B3A5B0066212AF
Requests: 1 HTTP requests in this frame
Frame:
https://js.driftt.com/core/chat?d=1®ion=US&driftEnableLog=false&pageLoadStartTime=1721066039370
Frame ID: C2196CC90A4BA571D6794C37FDDFB9BD
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
WorkersDevBackdoor and MadMxShell converge in malvertising campaignsPage URL History Show full URLs
-
https://u33254697.ct.sendgrid.net/ls/click?upn=u001.rfmZKoSIQF-2FqHrRaNSBoLzRFXf9MMnJGq0-2FZOpcv9Cs2fL0WoJYqca...
HTTP 302
https://www.threatdown.com/blog/workersdevbackdoor-and-madmxshell-converge-in-malvertising-campaigns HTTP 301
https://www.threatdown.com/blog/workersdevbackdoor-and-madmxshell-converge-in-malvertising-campaigns/ Page URL
Detected technologies
WordPress
(CMS)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
- /wp-(?:content|includes)/
Unbounce
(Editors)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- ubembed\.com
Google Analytics
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
Google Tag Manager
(Tag Managers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- googletagmanager\.com/gtm\.js
- googletagmanager\.com/gtag/js
Marketo
(Marketing Automation)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js
OneTrust
(Cookie compliance)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- cdn\.cookielaw\.org
- otSDKStub\.js
Weglot
(Miscellaneous)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- wp-content/plugins/weglot
Page Statistics
19 Outgoing links
These are links going to different origins than the main page.
URL: https://partners.malwarebytes.com/English/
Title: Sign in to PXC >
Title: Sign in to PXC >
Search URL Search Domain Scan URL
URL: https://www.malwarebytes.com/jobs/
Title: Careers
Title: Careers
Search URL Search Domain Scan URL
URL: https://try.threatdown.com/2024-state-of-malware/?ref=nav
Title: Download now >
Title: Download now >
Search URL Search Domain Scan URL
URL: https://support.threatdown.com/hc/en-us
Title: Nebula Support
Title: Nebula Support
Search URL Search Domain Scan URL
URL: https://support.threatdown.com/hc/en-us/p/oneview
Title: OneView Support
Title: OneView Support
Search URL Search Domain Scan URL
URL: https://cloud.threatdown.com/auth/login
Title: Sign in >
Title: Sign in >
Search URL Search Domain Scan URL
URL: https://www.zscaler.com/blogs/security-research/malvertising-campaign-targeting-it-teams-madmxshell
Title: MadMxShell
Title: MadMxShell
Search URL Search Domain Scan URL
URL: https://www.esentire.com/blog/workersdevbackdoor-delivered-via-malvertising
Title: WorkersDevBackdoor
Title: WorkersDevBackdoor
Search URL Search Domain Scan URL
URL: https://rerednawyerg.github.io/posts/malwareanalysis/stealc_ipscanner/
Title: described by mithrandir
Title: described by mithrandir
Search URL Search Domain Scan URL
URL: https://github.com/Mr-Un1k0d3r/ThunderShell/tree/master?tab=readme-ov-file
Title: ThunderShell RAT
Title: ThunderShell RAT
Search URL Search Domain Scan URL
URL: https://www.connectwise.com/blog/cybersecurity/former-darkside-ransomware-affiliate-distributing-trojanized-installers-via-malvertising
Title: Parcel RAT
Title: Parcel RAT
Search URL Search Domain Scan URL
URL: https://www.virustotal.com/gui/file/a8b0e013bd0d350035f12fd6703f7760a87cb218803e68c0eb482753961f2a41
Title: collected
Title: collected
Search URL Search Domain Scan URL
URL: https://www.linkedin.com/company/threatdown.com/about/
Search URL Search Domain Scan URL
URL: https://twitter.com/threat_down
Search URL Search Domain Scan URL
URL: https://www.malwarebytes.com/resources/
Title: Resources
Title: Resources
Search URL Search Domain Scan URL
URL: https://support.threatdown.com/
Title: Support
Title: Support
Search URL Search Domain Scan URL
URL: https://jetpack.com/upgrade/search/?utm_source=poweredby
Title: Search powered by Jetpack
Title: Search powered by Jetpack
Search URL Search Domain Scan URL
URL: https://www.malwarebytes.com/legal/privacy-policy
Title: Privacy Policy
Title: Privacy Policy
Search URL Search Domain Scan URL
URL: https://www.onetrust.com/products/cookie-consent/
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u33254697.ct.sendgrid.net/ls/click?upn=u001.rfmZKoSIQF-2FqHrRaNSBoLzRFXf9MMnJGq0-2FZOpcv9Cs2fL0WoJYqcat-2BWbH3wddaPFZzc1XkMwxDhMbsa-2BSVU4IWM9gJvt-2F62DkKjrBx4ymXVZU1ed4SQGASQ2pzL4D-2F95K46fN9MG5u5qSirgTAow-3D-3D4urv_xe6fOXjz6id-2FgGyhTJI-2FmntAo0gAdry6sqehMjQCGvBSLMCxzGpoo2Gj60phgbHVL92J4WEfv4aZmTcfyEHoO-2Fcj2x4IWEs2HLqv7E6Jb2yVxfw3y8g8XTGU2wd3G2Bpg0S1jyfC3nAs722t0OHTx9IlAHtea-2FPn7VyeGpvZoBLSMdJ7oY-2BUlMewXt1FrCtTkCP8Pfi7RzRPH4CNGr5Jho5nIeKcLHgpA-2Bl33uI3bfI-3D
HTTP 302
https://www.threatdown.com/blog/workersdevbackdoor-and-madmxshell-converge-in-malvertising-campaigns HTTP 301
https://www.threatdown.com/blog/workersdevbackdoor-and-madmxshell-converge-in-malvertising-campaigns/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
80 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
www.threatdown.com/blog/workersdevbackdoor-and-madmxshell-converge-in-malvertising-campaigns/ Redirect Chain
|
141 KB 28 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.min.css
www.threatdown.com/wp-includes/css/dist/block-library/ |
111 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style-index.css
www.threatdown.com/wp-content/plugins/td-blocks-plugin/build/blocks/form-block/ |
2 KB 921 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style-index.css
www.threatdown.com/wp-content/plugins/td-blocks-plugin/build/blocks/hero-v2-block/ |
3 KB 950 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style-index.css
www.threatdown.com/wp-content/plugins/td-blocks-plugin/build/blocks/tab-area-block/ |
2 KB 703 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
www.threatdown.com/_static/ |
15 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
www.threatdown.com/_static/ |
142 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
www.threatdown.com/_static/ |
166 KB 55 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
www.threatdown.com/_static/ |
56 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
i18n.min.js
www.threatdown.com/wp-includes/js/dist/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
i18n-loader.js
www.threatdown.com/wp-content/mu-plugins/jetpack-13.5/jetpack_vendor/automattic/jetpack-assets/build/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
front-js.js
www.threatdown.com/wp-content/plugins/weglot/dist/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
www.threatdown.com/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css2
fonts.googleapis.com/ |
18 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo-header-threatdown-horizontal.svg
www.threatdown.com/wp-content/themes/mbc/images/ |
27 KB 10 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
product-menu-screen.webp
www.threatdown.com/wp-content/uploads/2023/11/ |
16 KB 16 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
px-center.png
www.threatdown.com/wp-content/uploads/2023/11/ |
17 KB 18 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
CORP_SOM_2024_Resource_TN_2.png
www.threatdown.com/wp-content/uploads/2024/02/ |
150 KB 151 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
nav-nebula_sign_in.png
www.threatdown.com/wp-content/uploads/2024/04/ |
30 KB 30 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
00b52870-7052-46a1-bca7-51c62102082e
https://www.threatdown.com/ |
1 KB 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
x-logo.svg
www.threatdown.com/wp-content/themes/mbc/images/ |
449 B 646 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
threatdown-logo.svg
www.threatdown.com/wp-content/themes/mbc/images/ |
28 KB 10 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
www.threatdown.com/_static/ |
67 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
url.min.js
www.threatdown.com/wp-includes/js/dist/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jp-search.js
www.threatdown.com/wp-content/mu-plugins/jetpack-13.5/jetpack_vendor/automattic/jetpack-search/build/instant-search/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
w.js
stats.wp.com/ |
13 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
script.min.js
www.threatdown.com/wp-content/themes/mbc/js/ |
95 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
e-202429.js
stats.wp.com/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
www.threatdown.com/_static/ |
99 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
j.php
dev.visualwebsiteoptimizer.com/ |
12 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gtm.js
www.googletagmanager.com/ |
318 KB 104 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
masterpage-svg.svg
www.threatdown.com/wp-content/themes/mbc/images/ |
70 KB 23 KB |
Other
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
indic-chevron-right.svg
www.threatdown.com/wp-content/themes/mbc/images/ |
572 B 578 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
fonts.gstatic.com/s/roboto/v30/ |
17 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v30/ |
17 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
31 KB 31 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
goodgoog1e.png
www.threatdown.com/wp-content/uploads/2024/07/ |
235 KB 236 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
image_6c7dc8.png
www.threatdown.com/wp-content/uploads/2024/07/ |
52 KB 52 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H3 |
pageviews
api.weglot.com/ |
2 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
tag-77a23d955e7e7df3537ed3bc276f37c2.js
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/ |
195 KB 54 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
v.gif
dev.visualwebsiteoptimizer.com/ |
35 B 144 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
g.gif
pixel.wp.com/ |
50 B 177 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
locate
genesis.malwarebytes.com/api/v1/ |
392 B 572 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
g.gif
pixel.wp.com/ |
50 B 177 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
wp-emoji-release.min.js
www.threatdown.com/wp-includes/js/ |
18 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jp-search.defaultVendors.js
www.threatdown.com/wp-content/mu-plugins/jetpack-13.5/jetpack_vendor/automattic/jetpack-search/build/instant-search/ |
74 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jp-search.chunk-main-payload.css
www.threatdown.com/wp-content/mu-plugins/jetpack-13.5/jetpack_vendor/automattic/jetpack-search/build/instant-search/ |
36 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jp-search.chunk-main-payload.js
www.threatdown.com/wp-content/mu-plugins/jetpack-13.5/jetpack_vendor/automattic/jetpack-search/build/instant-search/ |
74 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
tag-a5f3c461cbd2455759a1c81d262ffd65.js
dev.visualwebsiteoptimizer.com/web/djIkYTo0LjA6bm9qcXVlcnksdHI6Ny4w/ |
140 KB 35 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
settings.js
dev.visualwebsiteoptimizer.com/ |
2 KB 896 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
7ghicgw4nish.js
js.driftt.com/include/1721066100000/ |
221 KB 62 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
185c650ccfd84b27aad189f19681365b.js.ubembed.com/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
worker-70faafffa0475802f5ee03ca5ff74179.js
dev.visualwebsiteoptimizer.com/analysis/ |
47 KB 13 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
381d1392-b15b-49e3-9cf9-8a5e644c68da.json
cdn.cookielaw.org/consent/381d1392-b15b-49e3-9cf9-8a5e644c68da/ |
7 KB 2 KB |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bundle.js
assets.ubembed.com/universalscript/releases/v0.183.0/ |
183 KB 49 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ |
69 B 307 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
core
js.driftt.com/ Frame 4D36 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
chat
js.driftt.com/core/ Frame C219 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202403.1.0/ |
442 KB 107 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
en.json
cdn.cookielaw.org/consent/381d1392-b15b-49e3-9cf9-8a5e644c68da/018e8128-76c5-7d6e-84c2-7f2bf9e6b2ff/ |
39 KB 11 KB |
Fetch
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.googletagmanager.com/gtag/ |
336 KB 108 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bat.js
bat.bing.com/ |
49 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
munchkin.js
munchkin.marketo.net/ |
1 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
otPcPanel.json
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/v2/ |
64 KB 13 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202403.1.0/assets/ |
24 KB 4 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ |
497 B 517 B |
Fetch
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ThreatDown_Horizontal_Reverse_1.png
cdn.cookielaw.org/logos/4e1c8bc8-2743-413b-8699-aad2216e8616/85f0f7b8-8176-4fd4-8f7c-995c26a3cc8e/a525caf3-0c8c-4fa6-8ba9-3e55e388875b/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
collect
analytics.google.com/g/ |
0 0 |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
collect
stats.g.doubleclick.net/g/ |
0 256 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ga-audiences
www.google.co.il/ads/ |
42 B 408 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
25079300.js
bat.bing.com/p/action/ |
335 B 403 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
munchkin.js
munchkin.marketo.net/163/ |
11 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
0
bat.bing.com/action/ |
0 287 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
visitWebPage
805-usg-300.mktoresp.com/webevents/ |
2 B 318 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
favicon.svg
www.threatdown.com/wp-content/uploads/2023/11/ |
31 KB 31 KB |
Other
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
ip.json
api.company-target.com/api/v2/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- api.company-target.com
- URL
- https://api.company-target.com/api/v2/ip.json?key=f7HmeeHicOTWYyYV3aYt8PryRbQ6taulYUHfqU1D&page=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fworkersdevbackdoor-and-madmxshell-converge-in-malvertising-campaigns%2F&page_title=WorkersDevBackdoor%20and%20MadMxShell%20converge%20in%20malvertising%20campaigns&referrer=
Verdicts & Comments Add Verdict or Comment
116 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| _wpemojiSettings object| runtime object| regeneratorRuntime object| wp function| sprintf function| vsprintf object| code object| _vwo_code number| _vwo_settings_timer object| dataLayer object| JetpackInstantSearchOptions object| webpackChunkjetpack_search number| _vwo_acc_id object| vwoCode object| _vwo_style string| _vwo_css function| commonWrapper function| pushBasedCommonWrapper string| _vwo_cookieDomain string| _vwo_uuid number| _vwo_library_timer string| _vis_opt_file string| _vis_opt_lib string| _vwo_surveyAssetsBaseUrl object| _VWO string| _vwo_mt object| VWO object| vwo_iehack_queue object| _vwo_exp_ids object| _vwo_exp object| _vwo_pa object| VWOOmni string| _vwo_worker_cb object| wpcom object| _tkq object| _stq function| st_go function| linktracker_init function| jQuery function| vwo_$ string| _vwo_server_url object| _vis_opt_queue object| _vis_opt_check_segment object| _vwo_evq function| _vwo_ev boolean| DISABLE_NATIVE_CONSTANTS object| _vwo_t object| _vwo_editorOperationTracker function| _vwo_handleMutations object| _vwo_api_section_callback object| _vis_opt_comb_name function| _vwo_s object| _vwo_campaignData function| _vis_opt_top_initialize function| _vis_opt_bottom_initialize function| _vis_opt_goal_conversion function| _vis_opt_revenue_conversion function| _vis_opt_pause function| _vis_opt_readCookie function| _vis_opt_createCookie function| _vis_opt_element_loaded function| _vis_opt_GA_track function| _vis_opt_register_conversion function| _vis_opt_get_campaign_xPath object| twemoji object| google_tag_manager object| google_tag_data function| OptanonWrapper function| drift function| _typeof function| _defineProperty function| _toPropertyKey function| _toPrimitive object| utmValues object| utmParams function| populateUTMFieldsFromGTM function| checkForMarketoForms object| __nls number| ___vwo object| 3eiXJRXgVuLsYGH9303q object| _driftFrames object| __post_robot_10_0_46__ string| __DRIFT_ENV__ string| __DRIFT_BUILD_ID__ string| __DRIFT_BRANCH__ boolean| drift_invoked object| ube object| drift_event_listeners string| drift_display_mode string| drift_campaign_refresh number| drift_page_view_started number| drift_session_started string| drift_session_id object| drift_frameFactory object| drift_audio_context object| otStubData object| Optanon object| OneTrust function| gtag string| OnetrustActiveGroups string| OptanonActiveGroups function| onYouTubeIframeAPIReady object| gaGlobal string| vwo_ga4_uuid function| UET function| UET_init function| UET_push object| ueto_bcd2ba0f4c object| uetq function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin object| MunchkinTracker20 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .threatdown.com/ | Name: _vwo_uuid_v2 Value: D65096139F14CA4526696DC41B7C1F697|1c7b7aa6a34c3a57ed7cf186b7d102a9 |
|
| .www.threatdown.com/ | Name: ppc_last_visited_page Value: https://www.threatdown.com/blog/workersdevbackdoor-and-madmxshell-converge-in-malvertising-campaigns/ |
|
| .threatdown.com/ | Name: _vis_opt_s Value: 1%7C |
|
| .threatdown.com/ | Name: _vis_opt_test_cookie Value: 1 |
|
| .threatdown.com/ | Name: _vwo_uuid Value: D65096139F14CA4526696DC41B7C1F697 |
|
| .threatdown.com/ | Name: _vwo_sn Value: 0%3A1 |
|
| .threatdown.com/ | Name: tk_ai Value: Zl6u7qgOgoRQguVDqF0KSIEB |
|
| .threatdown.com/ | Name: _vwo_ds Value: 3%3At_0%2Ca_0%3A0%241721066038%3A72.84498246%3A%3A%3A37_0%2C4_0%3A0 |
|
| .js.ubembed.com/ | Name: __cf_bm Value: .dP8x2PoK840yQwK.WXUunnotmsqkAtwQCmjj9nYBmg-1721066040-1.0.1.1-ZOXPNBFAq8OyIFh3oejot1lL1HrL3ngfHnoXDz8agdMkpKHAbpAHEw9gQTrELiThwlX1gS_ha06Rsqtiklq2Ow |
|
| www.threatdown.com/ | Name: drift_campaign_refresh Value: f070c715-aee0-4b58-bdf0-45ca01c266f4 |
|
| .threatdown.com/ | Name: _gcl_au Value: 1.1.307772283.1721066042 |
|
| .threatdown.com/ | Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Mon+Jul+15+2024+20%3A54%3A02+GMT%2B0300+(%D7%A9%D7%A2%D7%95%D7%9F+%D7%99%D7%A9%D7%A8%D7%90%D7%9C+(%D7%A7%D7%99%D7%A5))&version=202403.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=d0ef5eea-14c8-40ab-8860-26a819e59b50&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fwww.threatdown.com%2Fblog%2Fworkersdevbackdoor-and-madmxshell-converge-in-malvertising-campaigns%2F&groups=BG75%3A1%2CC0001%3A1%2CC0003%3A1%2CC0002%3A1%2CC0004%3A1 |
|
| .threatdown.com/ | Name: _ga Value: GA1.1.110196362.1721066042 |
|
| .threatdown.com/ | Name: _ga_LTWDK0JK3Z Value: GS1.1.1721066042.1.0.1721066042.60.0.0 |
|
| .threatdown.com/ | Name: _uetsid Value: 3874d21042d311ef98626d27ade27c6e |
|
| .threatdown.com/ | Name: _uetvid Value: 3874fda042d311ef8b5bcfa8f8a3980d |
|
| .threatdown.com/ | Name: _mkto_trk Value: id:805-USG-300&token:_mch-threatdown.com-1721066042568-68496 |
|
| .bing.com/ | Name: MUID Value: 20453B056EA6637D11822FB86F366289 |
|
| www.threatdown.com/ | Name: drift_aid Value: da72841c-a407-4b5d-a384-c4350b8ec779 |
|
| www.threatdown.com/ | Name: driftt_aid Value: da72841c-a407-4b5d-a384-c4350b8ec779 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
185c650ccfd84b27aad189f19681365b.js.ubembed.com
805-usg-300.mktoresp.com
analytics.google.com
api.company-target.com
api.weglot.com
assets.ubembed.com
bat.bing.com
cdn.cookielaw.org
dev.visualwebsiteoptimizer.com
fonts.googleapis.com
fonts.gstatic.com
genesis.malwarebytes.com
geolocation.onetrust.com
js.driftt.com
munchkin.marketo.net
pixel.wp.com
stats.g.doubleclick.net
stats.wp.com
u33254697.ct.sendgrid.net
www.google.co.il
www.googletagmanager.com
www.threatdown.com
api.company-target.com
104.18.10.34
104.18.6.32
104.19.177.52
13.227.219.113
142.250.185.202
142.250.74.195
167.89.118.35
172.217.18.14
172.217.18.3
172.217.18.8
172.64.155.119
18.238.243.28
192.0.66.84
192.0.76.3
192.28.144.124
204.79.197.237
23.197.137.224
34.96.102.137
44.208.16.154
64.233.184.155
010abc1425a170a391af2a90f06ff1b98b92c43dc33523ed2c6dac45ac81e1ab
01bd6a76b1c046ae954b43977c216bad4c92fc8a3fbe05c281c486386ea786cb
06c0edbfc1b871fb45195265f5faad3e23191305f6ff2125557a9fbc287c8992
0882622822717ccc1fce4e10c491cc8d4b0904e68cfcb0763d324173895fef20
0c36618707eb18f6da95f7389e2c3cc60522299b27ea16a289fa9d9d703d95da
0ed759f9b0f407aa73df997bddf186c37a1927d2b0f8d2f7031067ecacf7581d
0f011bf86df22556a77fd7ac564fe465e34e6f540d1938ffdf262fb12adf36ff
12664dfc7031a2d992b7d493a488ad418a4a49521f6e7fcf24708de2005819fa
15de250a16ce58a10f84bebab59b9005ce36df4ec8e87c3bb1acc92726cfa971
2fc88556de1ebed9f55afb87d495d90d43f939a515f3afa5d59e953b8fc0ab20
3d2c10cf69410c10177fc6e56937d05151b182841fa6aee36f651d587d91fbb8
401ecabe49edb6c178ca34f04c4419aa0e8aa2a1ed4e4a642d0c7b282923b0c7
4662962f6a7ba6c6e423763f88ab9af3ec3fb17eeba90a673590984319c3e706
4dd117d2c92e7c493a6741ab1460b8248c512c3fbb15ea9a2bc5a7b0bfe16411
4e12045d7017ffa9d4a00d816226bbe954ae736f1ecb73bc2835e0b3b0e3e005
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
59b45aaae91aa9b0a985ddf3856eec9f9c837539a8e7a4fa09eae9a2b5e5a031
59e336f38655a792692fef039a6c0b97091c87ae720d223929e2fdde2f1df18c
5a9aa0112c5d786557feaa6cf96b3136219005f43dc46cd6c394b8d387006901
5b39e71e7fe44403126e76263daedbb0e7f37e4b91ad47405da3ab5d57fb911d
5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c
5badd609a51ede5bab5b89534fc3011a4dd1ab487cc7081d7cf38479bcbab855
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6b8e306a521a681e34648b13acea1eee731bb2cd0c968335dc6241a823a1043e
6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38
6bf2514d72c9fa4a4302b61fcf77edc48803d7af8f09575320e117d9889a23ff
6db83b2803fed3f9b574567755102b18c401904a374c8acf4c9a2e9b0159cb4f
78922b0efe6cdcace2fbb4f9e667cb896f9fe0bcfbb77a9ff479a54f4d7815a3
79ee837dd384ba3484203f513c56fe5fca731c9012d7d82e6a7f243078a1f71c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83714836d72c94d5b7c6467ae1ad8e8685699554305b0cc42e9452db46ab94ba
84f5f5aa795694fd24258c8dee7a6f36f94a505f6f0446e06515f6114864f037
9074f85330200d5b93dba5b2e3bc49be4e76a85a7de9a9f2947ec40a6ca77373
9450ed16b84657c7561148a1e433e4cdfba517c3bf758fceba269928ce2e81ca
98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20
9c4a9bf68c2a35ab04b812172ef359692a59480d44505580cd132295a4b08125
9da2bd1aa1b397eea1fa3b751fd50e0f624a33761a4e9e9fd660ed3d26f07f1b
9e36f834eeef0ed10ef8d2681c179af354758c4d329f3514ac4caae28a7310a9
9f377fff78979a9512f6620a50a44f96b2c2f3841d7a6d17adcceb11f1aae4ff
a823e98c44896060a5f7b883eebc7c513ee0bb0cd411d8c18c44c2dc9320b8b8
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
b608c6d22c3d46f808b99ce6d639e3eb64b9e07f31f4cc2e9166e283b00e49f9
ba41b6c14b21ef4de5f2c4545469e5f6e3f1ba51d82dbbbc977e5532ea691832
bbcc769c4704058d89afc024f24dde11deed8ec61b99f1d52ba935fad8614523
bc48f6d63c43b68b083b43a28928a8c79fa5a940b958f3c82e7cf9dfb20cc713
bf8b6eabee06732294708b4285c90c685bb297b55151f7efe37afd1ead1d3ab0
c0813b9627886c9fa1d6d57eb7a227747ab6e2629ab19bf1f646af9c7c3d79e0
c39fa609f4a9b43e493115c723b102147f9025008bd24841e7732c5f253edd51
c8c32294948f5448c2ac0bcdf5b98909dab4ee73ac854be06bfd4a13bce89363
c9e433acb7082694e1a6a861ad1bd4f218ea3cdd57fcbfff823a0967a2aa925e
d7e0089a92e7b0cfb1a43e5de51e60ea8c52b70b646494c274e1b1e58c2cf965
da146bc11056eb5b8964dc866a0a7c14e592dac765270b0dac66d6a07ab23650
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9
dca36621f8a8048241ad3c1a361d8cbd58fac66cca4596789744e209c59c68f4
dd1baa947acc124971b55ab5b9af29600df1e9ad835ac868be26a6a585a60764
e0c289faa80333eff728b8bdbbf10b11dec1a6e1938a444e1cc41be6744e96d2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3cc69a381981c2717f3a867f2d2449593a3f70dab0cd5db512cff9757f6acb0
e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4
ebc11b60b54d62445b4841976a70ae28242f30a2a7f39091728e87613ba1338a
ecf7723a32533007ede558c546fc8ba30f508283223b6e7f49c297b7c63c8b50
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f313d12ea6124bd28fc4a6b7163d253bb83d5aeab5edce594880c5c3df475cbc
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f65b0503fc49eec550d7e37e72a2f071177cfa32b220dd15ca3d8a20854549a1
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
fc39c07dd1d830c7d1bb3bdee75bd68b8b30d11b2ea3230ae4f1074c4b75c5a3
ff10c1fe39489bf9f57c9dc9e8ccc064dfdfd4dec949636d5deeba2a8f2da2f0