blog.wpscan.com Open in urlscan Pro
192.0.78.164 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
Submission: On July 03 via api (July 3rd 2023, 10:22:22 am UTC) from IN — Scanned from DE

Summary HTTP 55 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 8 IPs in 2 countries across 5 domains to perform 55 HTTP transactions. The main IP is 192.0.78.164, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is blog.wpscan.com.
TLS certificate: Issued by R3 on May 12th 2023. Valid for: 3 months.

This is the only time blog.wpscan.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26	192.0.78.164 192.0.78.164	2635 (AUTOMATTIC) (AUTOMATTIC)
18	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
5	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
3	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	192.0.78.33 192.0.78.33	2635 (AUTOMATTIC) (AUTOMATTIC)
1	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
1	192.0.78.23 192.0.78.23	2635 (AUTOMATTIC) (AUTOMATTIC)
55	8

26 192.0.78.164 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

blog.wpscan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

fonts-api.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widgets.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
1.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.33 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

jetpack.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.23 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

public-api.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	wpscan.com blog.wpscan.com	355 KB
21	wp.com fonts-api.wp.com — Cisco Umbrella Rank: 18035 s0.wp.com — Cisco Umbrella Rank: 7746 stats.wp.com — Cisco Umbrella Rank: 2759 widgets.wp.com — Cisco Umbrella Rank: 11892 pixel.wp.com — Cisco Umbrella Rank: 2584 fonts.wp.com — Cisco Umbrella Rank: 18595	149 KB
5	gravatar.com secure.gravatar.com — Cisco Umbrella Rank: 2002 1.gravatar.com — Cisco Umbrella Rank: 9175 0.gravatar.com — Cisco Umbrella Rank: 9003	22 KB
2	wordpress.com jetpack.wordpress.com — Cisco Umbrella Rank: 15050 public-api.wordpress.com — Cisco Umbrella Rank: 9254	11 KB
1	w.org s.w.org — Cisco Umbrella Rank: 2199	537 B
55	5

	Domain	Requested by
26	blog.wpscan.com	blog.wpscan.com
11	s0.wp.com	blog.wpscan.com widgets.wp.com jetpack.wordpress.com s0.wp.com public-api.wordpress.com
4	fonts.wp.com	fonts-api.wp.com
3	0.gravatar.com	jetpack.wordpress.com 0.gravatar.com
2	pixel.wp.com	blog.wpscan.com
2	fonts-api.wp.com	blog.wpscan.com
1	1.gravatar.com	jetpack.wordpress.com
1	public-api.wordpress.com	s0.wp.com
1	s.w.org	blog.wpscan.com
1	widgets.wp.com	blog.wpscan.com
1	jetpack.wordpress.com	blog.wpscan.com
1	stats.wp.com	blog.wpscan.com
1	secure.gravatar.com	blog.wpscan.com
55	13

This site contains links to these domains. Also see Links.

Domain
wp.cloud
pressable.com
wordpress.org
ultimatemember.com
cve.mitre.org
wpscan.com
www.first.org
goode.pro
wordpress.com
jetpack.com
www.mariussonnentag.de

Subject Issuer	Validity	Valid
tls.automattic.com R3	`2023-05-12` - `2023-08-10`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-14` - `2023-12-15`	a year	crt.sh
*.gravatar.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-23` - `2023-12-24`	a year	crt.sh
*.wordpress.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-23` - `2023-12-24`	a year	crt.sh
*.w.org Sectigo ECC Domain Validation Secure Server CA	`2022-12-06` - `2024-01-06`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
Frame ID: 36AABBEB54688BD5D960B4EC73D70809
Requests: 43 HTTP requests in this frame

Frame: https://jetpack.wordpress.com/jetpack-comment/?blogid=195017074&postid=1294&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=e3f3c02240&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.3-beta&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=1a0ce4c61a6c67ed66d9635bacd5d10c17099f28
Frame ID: 56BD22EB6EB2D8E10E7B83ED28C5062B
Requests: 12 HTTP requests in this frame

Frame: https://widgets.wp.com/likes/master.html?ver=202327
Frame ID: 77800E8868D04109AC20B4BCDE800EAC
Requests: 3 HTTP requests in this frame

Frame: https://public-api.wordpress.com/wp-admin/rest-proxy/
Frame ID: 1901A97355AEFA559D8A92FCC7FCB780
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Hacking Campaign Actively Exploiting Ultimate Member Plugin - WPScan WordPress Security

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Lodash (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

lodash.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

55
Requests

100 %
HTTPS

14 %
IPv6

5
Domains

13
Subdomains

8
IPs

2
Countries

543 kB
Transfer

2102 kB
Size

0
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://wp.cloud/
Title: WP.cloud

Search URL Search Domain Scan URL

URL: https://pressable.com/
Title: Pressable.com

Search URL Search Domain Scan URL

URL: https://wordpress.org/support/users/madhazelnut/
Title: Slavic Dragovtev

Search URL Search Domain Scan URL

URL: http://wordpress.org/support/topic/possible-priv-esc-vulnerability/
Title: a Privilege Escalation vulnerability

Search URL Search Domain Scan URL

URL: https://wordpress.org/plugins/ultimate-member/
Title: Ultimate Member plugin

Search URL Search Domain Scan URL

URL: https://wordpress.org/support/topic/register-role-ignored-and-user-became-an-admin/
Title: actively exploited by malicious actors

Search URL Search Domain Scan URL

URL: https://ultimatemember.com/
Title: https://ultimatemember.com/

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3460
Title: CVE-2023-3460

Search URL Search Domain Scan URL

URL: https://wpscan.com/vulnerability/694235c7-4469-4ffd-a722-9225b19e98d7
Title: 694235c7-4469-4ffd-a722-9225b19e98d7

Search URL Search Domain Scan URL

URL: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Title: 9.8

Search URL Search Domain Scan URL

URL: https://wordpress.org/support/topic/possible-priv-esc-vulnerability/
Title: reports a potential privilege escalation vulnerability

Search URL Search Domain Scan URL

URL: https://goode.pro/
Title: Joshua Goode

Search URL Search Domain Scan URL

URL: https://wordpress.com/
Title: WordPress.com

Search URL Search Domain Scan URL

URL: https://jetpack.com/features/security/
Title: Jetpack offers a comprehensive solution

Search URL Search Domain Scan URL

URL: https://www.mariussonnentag.de/
Title: Marius

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

55 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ 77 KB
20 KB 239ms
163ms Document
text/html 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

cd63b1757bbd26794e58cb0c8a33f96a8dc544181d45530f4cd645a2858bcbee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=3, must-revalidate
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 03 Jul 2023 10:22:17 GMT
host-header: WordPress.com
last-modified: Mon, 03 Jul 2023 10:17:20 GMT
link: <https://blog.wpscan.com/wp-json/>; rel="https://api.w.org/" <https://blog.wpscan.com/wp-json/wp/v2/posts/1294>; rel="alternate"; type="application/json" <https://wp.me/pdcgQG-kS>; rel=shortlink
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding Cookie
x-ac: 2.hhn _atomic_ams BYPASS
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
x-nananana: Batcache-Hit

GET
H2 200 wp-emoji-release.min.js Show response
blog.wpscan.com/wp-includes/js/ 18 KB
5 KB 154ms
154ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/wp-includes/js/wp-emoji-release.min.js?ver=6.2.2

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 02 Feb 2023 00:53:25 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"63db0985-4904"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 /
blog.wpscan.com/_jb_static/ 840 KB
121 KB 208ms
208ms Stylesheet
text/css 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/_jb_static/??-eJytUttOwzAM/SFCNAFjL4iXSXwAHzC5iUnN0qSK047+Pe66Trto7YR4aePkHPvYx7tamRgyhqxr3zgKrF0jYYHJ6aIhb3Xho9kqT0WC1GnOncdHw/ywu6Z66GKTlUtkp4HfmGsw2/G/aTHYmDQ0OVaQM5nxRbVkMdYJmc/koKUshH3Aeg+SL+7GghSMbyxKJdaVgAE9Vr2C06AWvZiURweme6wozLLl7TQ+5Vy2aOJBnCXOwzTUeKcWf2Lhj2CZYuAroRJr44GZjMqliOMpbZcWm1jVMQiCp207qjvWXWMt1mEwJMFHXIO1nf7sc4x+ecjIeW4RqmibnuNpizdEDG1pRrQe810YkSmWSXfqn7aREZIpNSfJS9ZhHiY/XKvhSn2lfX57S1wt6BLB6hYSQSFt349UFtJ2Fj45myMqQEsOsuzTve5wCQnt3uP+SMHNMTe9BRwNgVc+ushnwdSOjhn6+R7OPfS9elssV6vFy9Pz8vUXZxDSHA==

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

458cc094aa642c34eb176e29efdb1cefcb6b57acc5a382ae033190ba881adae1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nananana: Batcache-Hit
date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
last-modified: Fri, 30 Jun 2023 19:31:07 GMT
server: nginx
content-encoding: br
x-page-optimize: uncached
etag: W/"44eaddcd8b01e213da861c6318d33be2"
vary: Accept-Encoding, Cookie
content-type: text/css;charset=utf-8
x-ac: 2.hhn _atomic_ams BYPASS
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 200 print.css
blog.wpscan.com/wp-content/themes/seedlet/assets/css/ 4 KB
1 KB 156ms
156ms Stylesheet
text/css 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/wp-content/themes/seedlet/assets/css/print.css?m=1621587777

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

96f2da12c025e217eabfa01ae7ccbc6d77b593da8795b4a266d35280d89215d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 21 May 2021 09:02:57 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"60a77741-f34"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 dashicons.min.css
blog.wpscan.com/wp-includes/css/ 58 KB
34 KB 162ms
155ms Stylesheet
text/css 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/wp-includes/css/dashicons.min.css?ver=6.2.2

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 03 Mar 2021 21:16:22 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"603ffca6-e688"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts-api.wp.com/ 11 KB
1 KB 89ms
39ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Fira+Sans%3Aital%2Cwght%400%2C400%3B0%2C500%3B1%2C400%7CPlayfair+Display%3Aital%2Cwght%400%2C400%3B0%2C700%3B1%2C400&subset=latin%2Clatin-ext

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

503d5bf134127271e87644fe19c0b439a34369a6ea04278573a0cea3df7671c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
x-xss-protection: 0
x-nc: BYPASS hhn 1
last-modified: Mon, 03 Jul 2023 10:16:33 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 css2
fonts-api.wp.com/ 11 KB
871 B 92ms
42ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css2?family=Libre+Franklin:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&family=IBM+Plex+Mono:wght@400;700&display=swap

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

36e4f9b2caaa2e23a37448bbfae7ff1f7b6867c5c771f7bb531aa5441fbe8791

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
x-xss-protection: 0
x-nc: BYPASS hhn 1
last-modified: Mon, 03 Jul 2023 10:22:18 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 lodash.min.js Show response
blog.wpscan.com/wp-includes/js/dist/vendor/ 69 KB
25 KB 176ms
168ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/wp-includes/js/dist/vendor/lodash.min.js?ver=4.17.19

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

be7a8a75a7a589c5a1747ea85846bded2393219f42478979c91b86d2ebbea94a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 11 Apr 2022 12:04:30 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"6254194e-115ba"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 /
blog.wpscan.com/_jb_static/ 48 KB
0 178ms
171ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/_jb_static/??-eJydj9EKwjAMRX/IWsSx+SJ+S7tmJTNLS9o69estIjIfBOdjyD33JHNUyD0VB0mPSTtMWV+AXRA9RxUD3QYkqhmQvJ2Qt2PazN8ZAQ81anIQJYUzTrCg+sAZOOtIxSMn7UsdLYjXtiC5V0nST9tb/oN2ceoKnSk5xCpzcF1BWQr2H6g/qwSChvBuMgZWDgZTqP5ppC4+Kk/Tcdce2q5p9l3zAO9HnuY=

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nananana: Batcache-Hit
date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
last-modified: Wed, 14 Jun 2023 12:06:14 GMT
server: nginx
content-encoding: br
x-page-optimize: uncached
etag: W/"c8f1bb7f268b9f97ee7788b6772e7b69"
vary: Accept-Encoding, Cookie
content-type: application/javascript
x-ac: 2.hhn _atomic_ams BYPASS
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 200 react.min.js Show response
blog.wpscan.com/wp-content/plugins/gutenberg/build/vendors/ 10 KB
4 KB 158ms
152ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/wp-content/plugins/gutenberg/build/vendors/react.min.js?ver=18

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a851ac2edc584a3b08c0a057bb2d0c08ac95c4de2cc453e22a2c83305cce3694

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 21 Dec 2022 17:24:44 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"63a3415c-2884"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 /
blog.wpscan.com/_jb_static/ 17 KB
0 179ms
172ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/_jb_static/??-eJyVyzkOgCAQAMAPKRsjARvjW0Q2iMJCOILP19bKWE4xLfZboIJUILpqLGUw9aHCZEBV6zTsIZwZLGm8mLfEjty176UxJtzWgvp/Df51Fj8PYhKS81HyG7PlQfU=

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nananana: Batcache-Hit
date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
last-modified: Wed, 14 Jun 2023 12:06:14 GMT
server: nginx
content-encoding: br
x-page-optimize: uncached
etag: W/"9ddc11c601f53279ec74ffc4286aa1fc"
vary: Accept-Encoding, Cookie
content-type: application/javascript
x-ac: 2.hhn _atomic_ams BYPASS
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 200 react-dom.min.js Show response
blog.wpscan.com/wp-content/plugins/gutenberg/build/vendors/ 126 KB
41 KB 186ms
180ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/wp-content/plugins/gutenberg/build/vendors/react-dom.min.js?ver=18

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

dbba6c1c59954873629e196b8009f0a8256e66d755f889cf6c8ac4f1164d10c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 14 Jun 2023 12:06:14 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"6489ad36-1f878"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 /
blog.wpscan.com/_jb_static/ 0
0 175ms
169ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/_jb_static/??-eJyVjUEKhDAMAD9kDWLRvYhvqRpqljRW01Kfrx697R6HYZgSzbxJQkkQOXsSBZ9vnPDwMGXiBVBnF9GsKTCQLHjWgaT+alV+aBnD4//tSI2ujnkrBvfs3uMxDE336Xpr295eGUBIBQ==

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nananana: Batcache-Hit
date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
last-modified: Wed, 14 Jun 2023 12:06:14 GMT
server: nginx
content-encoding: br
x-page-optimize: uncached
etag: W/"d4c98f8b8d0be31b69961639ea125431"
vary: Accept-Encoding, Cookie
content-type: application/javascript
x-ac: 2.hhn _atomic_ams BYPASS
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 200 index.min.js Show response
blog.wpscan.com/wp-content/plugins/gutenberg/build/i18n/ 9 KB
4 KB 296ms
291ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/wp-content/plugins/gutenberg/build/i18n/index.min.js?ver=5baa98e4345eccc97e24

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d743ad07240fdc75d2e2a357b4ff44b334f6d4c53683e31e824aaf61d3bad0c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 14 Jun 2023 12:06:14 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"6489ad36-227d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 index.min.js Show response
blog.wpscan.com/wp-content/plugins/gutenberg/build/keycodes/ 4 KB
2 KB 186ms
181ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/wp-content/plugins/gutenberg/build/keycodes/index.min.js?ver=7171cd5686d225d3012e

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c7eae60c689db5de4a3b330e9eb1514f9dae50f92d10ea6f7f1a0e547589bd71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 14 Jun 2023 12:06:14 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"6489ad36-e9f"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 /
blog.wpscan.com/_jb_static/ 50 KB
0 195ms
190ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/_jb_static/??-eJyVzcEOgjAMgOEXcjTGBbwYnwVYs9SwdnatwNvL1ZPh+B++/GsNs7AhG9TFM3GD7EdOqBkmpyVBVRIl28Pb0RGIE25dIe5e7bL+57OUKu28O7af0TCMldpprJh8CypuxL/rZ3lc+3s/xHgb4hf19mAK

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nananana: Batcache-Hit
date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
last-modified: Wed, 14 Jun 2023 12:06:14 GMT
server: nginx
content-encoding: br
x-page-optimize: uncached
etag: W/"b580af9cadb3a3277e35fc7631b23109"
vary: Accept-Encoding, Cookie
content-type: application/javascript
x-ac: 2.hhn _atomic_ams BYPASS
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 200 index.min.js Show response
blog.wpscan.com/wp-content/plugins/gutenberg/build/data/ 24 KB
8 KB 186ms
181ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/wp-content/plugins/gutenberg/build/data/index.min.js?ver=16f144585d33a494a980

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0b916d09638b0cf0403bd510e2549a0d78d472d3edac5757fd65e1fc3203e5fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 14 Jun 2023 12:06:14 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"6489ad36-5f4a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 /
blog.wpscan.com/_jb_static/ 0
0 193ms
189ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/_jb_static/??-eJyFy0EKgCAQQNELVUMk2ia6iznohI6hI3X83LZq+eG/+xqPzIIscMXmiSv41tNi8WAbRQdBUhz7QEJYgdjhMyXi6azD/a9ryEWO7PAj97TNetVGqcWoF0PJMQI=

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nananana: Batcache-Hit
date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
last-modified: Wed, 14 Jun 2023 12:06:14 GMT
server: nginx
content-encoding: br
x-page-optimize: uncached
etag: W/"b315502e95fe8178c7405864ce7812fc"
vary: Accept-Encoding, Cookie
content-type: application/javascript
x-ac: 2.hhn _atomic_ams BYPASS
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 200 index.min.js Show response
blog.wpscan.com/wp-content/plugins/gutenberg/build/blocks/ 157 KB
50 KB 194ms
190ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/wp-content/plugins/gutenberg/build/blocks/index.min.js?ver=42530a18270fd7554276

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

734e98f2e9b67a75bb5d0d2becc307ff227050aef67b5339ce08b99b066e4fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 14 Jun 2023 12:06:14 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"6489ad36-27308"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bilmur.min.js Show response
s0.wp.com/wp-content/js/ 7 KB
3 KB 25ms
19ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/bilmur.min.js?m=202327
Requested by: Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: e0f724e7902c0b2186d8395984c312696dc8be9ae0c187792f032fb0955fcf9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 03 Jul 2023 10:22:18 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
last-modified: Thu, 29 Jun 2023 15:07:20 GMT
server: nginx
etag: W/"649d9e28-1bf2"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 02 Jul 2024 00:00:01 GMT

GET
H2 200 thickbox.css
blog.wpscan.com/wp-includes/js/thickbox/ 3 KB
996 B 155ms
151ms Stylesheet
text/css 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/wp-includes/js/thickbox/thickbox.css?m=1603679109

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b390a3efe231d9f38b3a706a5765a2a2f0817e761f60a27556171e9a276980e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 26 Oct 2020 02:25:09 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"5f963385-a63"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 /
blog.wpscan.com/_jb_static/ 0
0 193ms
189ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/_jb_static/??-eJyVjEEKwjAQRS9kDFKsdSEeRaaTUCZNZkIzNejpDYh14crl+7z3azYorJ7V5rhOxMUGrxlwNqNI0Q/d7p6dLBZWlQSqhJtHCSZv0LF11IIN96Hs6u89yhgF5/K2w3cwwK1Vkv9LJX6UStkvhpiUINLTL+3mmi6Hfhi607Hvzi8lHVlF

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nananana: Batcache-Hit
date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
last-modified: Mon, 03 Jul 2023 09:13:59 GMT
server: nginx
content-encoding: br
x-page-optimize: uncached
etag: W/"500b6487f3d02d5a2ea4115f64aba54c"
vary: Accept-Encoding, Cookie
content-type: application/javascript
x-ac: 2.hhn _atomic_ams BYPASS
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 200 gprofiles.js Show response
secure.gravatar.com/js/ 26 KB
9 KB 72ms
20ms Script
application/javascript 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gravatar.com/js/gprofiles.js?ver=202327
Requested by: Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
content-encoding: br
last-modified: Thu, 01 Jun 2023 11:07:36 GMT
server: nginx
etag: W/"64787bf8-6611"
content-type: application/javascript
cache-control: max-age=604800
expires: Mon, 10 Jul 2023 10:22:18 GMT

GET
H2 200 /
blog.wpscan.com/_jb_static/ 0
0 185ms
181ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/_jb_static/??wp-content/plugins/jetpack/modules/wpgroho.js,wp-includes/js/comment-reply.min.js,wp-content/themes/seedlet/assets/js/primary-navigation.js?m=1649448438

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nananana: Batcache-Hit
date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
server: nginx
content-encoding: br
x-page-optimize: uncached
etag: W/"c158eba2a7262e6f812c0ca737fa6b56"
vary: Accept-Encoding, Cookie
content-type: application/javascript
x-ac: 2.hhn _atomic_ams BYPASS
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 200 search-widget.js Show response
blog.wpscan.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/src/widgets/js/ 1 KB
648 B 190ms
186ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/src/widgets/js/search-widget.js?minify=false&ver=1645029952

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5cdb1cad298e924cb4a212a8884ff50f3edc8a98ac8ad80d76d9de8eb16be69e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 16 Feb 2022 16:45:52 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"620d2a40-5d0"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 /
blog.wpscan.com/_jb_static/ 17 KB
0 193ms
190ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/_jb_static/??-eJy1jsEOwjAMQ3+IEqGJMQ6IT5m6NhrZ2mS06Sb4enoBceLG0Zaf7W0xTliRFZZQRuIME+pi3WwGkaxv1a/IXhLYohKtKrlPLtjnw1C0I2bwVBGqfSmjUxI2MmRMK6b9lHfbH8a+jN8T0BM7GAoFD4Hmyt8LFrxZ9qHei8SVv8bLoe265nRsm/MLuNpsTQ==

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nananana: Batcache-Hit
date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
last-modified: Mon, 03 Jul 2023 09:13:59 GMT
server: nginx
content-encoding: br
x-page-optimize: uncached
etag: W/"4fb9c47b1beaf9c5573a09927ba36731"
vary: Accept-Encoding, Cookie
content-type: application/javascript
x-ac: 2.hhn _atomic_ams BYPASS
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 200 e-202327.js Show response
stats.wp.com/ 7 KB
3 KB 66ms
18ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202327.js
Requested by: Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn
date: Mon, 03 Jul 2023 10:22:18 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/13576-1684461103136.7104
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 01 Jul 2024 11:39:33 GMT

GET
H2 200 akismet-frontend.js Show response
blog.wpscan.com/wp-content/plugins/akismet/_inc/ 10 KB
3 KB 154ms
154ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?m=1666634240

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5734f1b66dcb622529d435aba20990813d43553f949bc0813719b4e7d1252527

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 24 Oct 2022 17:57:20 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"6356d200-29ed"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
blog.wpscan.com/wp-includes/js/jquery/ 88 KB
31 KB 192ms
189ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 08 Mar 2023 18:37:33 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"6408d5ed-15ed7"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 /
blog.wpscan.com/_jb_static/ 29 KB
0 185ms
181ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/_jb_static/??-eJxdje0KwjAMRV/ILQi27I/4KNKPULP1y7Zx29vbH0NUCNxcOCdZ80DReLZYYe7zZCz7EUMgV1TDMVAc53paf9n2ILPotH2WgzEpNowNsmdHsYLjXjUWB5rJW7ApDAWV3YGixe3r+r85Y8vKLHDvb0H7ZJYKlXU1hXKj1IkX4drlW7ie5STERUoxvQGEYE8s

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nananana: Batcache-Hit
date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
last-modified: Wed, 31 May 2023 15:24:18 GMT
server: nginx
content-encoding: br
x-page-optimize: uncached
etag: W/"52d9c97f757bc0d1e9a5670805b8063d"
vary: Accept-Encoding, Cookie
content-type: application/javascript
x-ac: 2.hhn _atomic_ams BYPASS
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 200 sharing.min.js Show response
blog.wpscan.com/wp-content/plugins/jetpack/_inc/build/sharedaddy/ 9 KB
3 KB 190ms
187ms Script
application/javascript 192.0.78.164
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.wpscan.com/wp-content/plugins/jetpack/_inc/build/sharedaddy/sharing.min.js?ver=12.3-beta

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9e1dae23d3ad3212f67d09ca79a50003c32953c36bab976f634c9b38d8a8c6dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 07 Mar 2023 19:14:38 GMT
server: nginx
x-ac: 2.hhn _atomic_ams BYPASS
etag: W/"64078d1e-2259"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 / Show response
jetpack.wordpress.com/jetpack-comment/ Frame 56BD 25 KB
7 KB 258ms
201ms Document
text/html 192.0.78.33
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://jetpack.wordpress.com/jetpack-comment/?blogid=195017074&postid=1294&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=e3f3c02240&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.3-beta&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=1a0ce4c61a6c67ed66d9635bacd5d10c17099f28

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.33 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ec2e2f5a8898fd24252a4f4012b022ebcaa2ba2e89d338313432bc63b4face88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://blog.wpscan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 03 Jul 2023 10:22:18 GMT
host-header: WordPress.com
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding accept, content-type
x-ac: 2.hhn _dca EXPIRED
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 master.html Show response
widgets.wp.com/likes/ Frame 7780 3 KB
1 KB 27ms
19ms Document
text/html 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.wp.com/likes/master.html?ver=202327
Requested by: Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 32cf39fdd1cd09157852ef8193ff69bc05364c447e0fbbf2271bd963b30ebd7c

Request headers

Referer: https://blog.wpscan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-encoding: br
content-type: text/html
date: Mon, 03 Jul 2023 10:22:18 GMT
etag: W/"6408e4c4-ae1"
last-modified: Wed, 08 Mar 2023 19:40:52 GMT
server: nginx
timing-allow-origin: *
vary: Accept-Encoding
x-ac: 2.hhn _dca MISS
x-nc: HIT hhn 1

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 26ms
19ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=195017074&post=1294&tz=2&srv=blog.wpscan.com&hp=atomic&ac=2&amp=0&j=1%3A12.3-beta&host=blog.wpscan.com&ref=&fcp=0&rand=0.050023351756399714
Requested by: Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 03 Jul 2023 10:22:18 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
DATA 200
OK truncated
/ 351 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f8dbcb0d906325ea81fbaca5be475a10eaf975fa2b3c835b9860c6b3445db16e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 225 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d91045d9b974feac67afeb398dd1f99c3a5523e30d9b982e5a0810d6f67e324

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 325 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5905c15570060e567d99ff9787345543f85fd0e82c5e15f42462d10ada386e3f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 jizDREVItHgc8qDIbSTKq4XkRiUf2zc.woff2
fonts.wp.com/s/librefranklin/v13/ 27 KB
27 KB 68ms
21ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/librefranklin/v13/jizDREVItHgc8qDIbSTKq4XkRiUf2zc.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css2?family=Libre+Franklin:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&family=IBM+Plex+Mono:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

0c5b68b3ae23054815d89c5a2230ad7edf2d4b68732b4463d6be74cacb974055

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://blog.wpscan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 03 Jul 2023 10:22:18 GMT
x-content-type-options: nosniff
last-modified: Mon, 11 Jul 2022 18:56:23 GMT
server: nginx
age: 381104
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 27268
x-xss-protection: 0

GET
H2 200 -F63fjptAgt5VM-kVkqdyU8n1i8q1w.woff2
fonts.wp.com/s/ibmplexmono/v19/ 14 KB
15 KB 66ms
21ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/ibmplexmono/v19/-F63fjptAgt5VM-kVkqdyU8n1i8q1w.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css2?family=Libre+Franklin:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&family=IBM+Plex+Mono:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

3c5a451f9ec27a354b0c2bcca636c6ec17a651281aabf29f8427e210a1d31e85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://blog.wpscan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 03 Jul 2023 10:22:18 GMT
x-content-type-options: nosniff
last-modified: Thu, 27 Apr 2023 00:17:55 GMT
server: nginx
age: 15219
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 14812
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b672850aad14669fbcf95e2b49e71dab446a29fd5857934c074b84173cb89b0

Request headers

Referer
Origin: https://blog.wpscan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: application/octet-stream

GET
H2 200 jizBREVItHgc8qDIbSTKq4XkRiUa6zUTjg.woff2
fonts.wp.com/s/librefranklin/v13/ 30 KB
30 KB 66ms
21ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/librefranklin/v13/jizBREVItHgc8qDIbSTKq4XkRiUa6zUTjg.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css2?family=Libre+Franklin:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&family=IBM+Plex+Mono:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

efe16fd64edb961d670fd35ee4a211ec22cb9e2fa6850cbbf13464dace1b39e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://blog.wpscan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 03 Jul 2023 10:22:18 GMT
x-content-type-options: nosniff
last-modified: Mon, 11 Jul 2022 18:55:36 GMT
server: nginx
age: 323495
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 30628
x-xss-protection: 0

GET
H2 200 -F6qfjptAgt5VM-kVkqdyU8n3pQPwlBFgg.woff2
fonts.wp.com/s/ibmplexmono/v19/ 15 KB
15 KB 66ms
22ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/ibmplexmono/v19/-F6qfjptAgt5VM-kVkqdyU8n3pQPwlBFgg.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css2?family=Libre+Franklin:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&family=IBM+Plex+Mono:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

a51b6594bdda5d76e047259fb1fcaf7af2eb227cac553b4eb1cffa8328784c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://blog.wpscan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 03 Jul 2023 10:22:18 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Apr 2023 23:36:35 GMT
server: nginx
age: 17830
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 14956
x-xss-protection: 0

GET
H2 200 rlt-proxy.js Show response
s0.wp.com/wp-content/js/ Frame 7780 3 KB
1 KB 19ms
18ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122
Requested by: Host: widgets.wp.com
URL: https://widgets.wp.com/likes/master.html?ver=202327
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: f72ea1589b707feb0d369c239e89cc4ca754d70645c76e3a61ba0af9d69bba8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widgets.wp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn 1
date: Mon, 03 Jul 2023 10:22:18 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
server: nginx
x-minify: t
etag: W/7325-1684461116096.7104
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 30 May 2024 14:44:30 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 7780 81 KB
20 KB 19ms
19ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20230308
Requested by: Host: widgets.wp.com
URL: https://widgets.wp.com/likes/master.html?ver=202327
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: a38aca823bb17c7335f249bb6194adbc333694c11ffa76563b4cba3a033cd99c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widgets.wp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 03 Jul 2023 10:22:18 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
last-modified: Wed, 15 Feb 2023 09:58:05 GMT
server: nginx
etag: W/"63ecacad-1430c"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 07 Mar 2024 19:41:06 GMT

GET
H2 200 1f641.svg
s.w.org/images/core/emoji/14.0.0/svg/ 512 B
537 B 66ms
18ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/14.0.0/svg/1f641.svg

Requested by

Host: blog.wpscan.com
URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

87bcc22d43cfa00bd1cf5e3a35aad79150b4ce804899db3ea93efe57eeb6dbf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 03 Jul 2023 10:22:18 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Tue, 12 Apr 2022 03:50:59 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 / Show response
public-api.wordpress.com/wp-admin/rest-proxy/ Frame 1901 8 KB
4 KB 156ms
109ms Document
text/html 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/wp-admin/rest-proxy/

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20230308

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

82d7db2beaf0bed1398411ac2509f5fb4ca0564af181a066c77bec4b835b93bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://widgets.wp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 03 Jul 2023 10:22:18 GMT
p3p: CP="CAO PSA OUR"
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-ac: 1.hhn _dca BYPASS

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 56BD 19 KB
4 KB 20ms
20ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/mobile-useragent-info.js,/wp-content/js/rlt-proxy.js?m=1637704497j
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=195017074&postid=1294&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=e3f3c02240&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.3-beta&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=1a0ce4c61a6c67ed66d9635bacd5d10c17099f28
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 7551cbecbf078a66df8f9d246d8b11c773247921f5ff0bbe601f0cf67e1e287b

Request headers

Referer: https://jetpack.wordpress.com/
Origin: https://jetpack.wordpress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 03 Jul 2023 10:22:18 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Tue, 23 Nov 2021 21:55:38 GMT
server: nginx
etag: W/"619d635a-4b6b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 23 Nov 2023 21:55:43 GMT

GET
H2 200 style.css
s0.wp.com/wp-content/mu-plugins/highlander-comments/ Frame 56BD 15 KB
3 KB 19ms
19ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1686950158i&cssminify=yes
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=195017074&postid=1294&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=e3f3c02240&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.3-beta&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=1a0ce4c61a6c67ed66d9635bacd5d10c17099f28
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: ae2e2ce4e754233246589f8d6986deb99cec57327ae7294cf2a323a9af92b3c2

Request headers

Referer: https://jetpack.wordpress.com/
Origin: https://jetpack.wordpress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn 1
date: Mon, 03 Jul 2023 10:22:18 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
server: nginx
x-minify: t
etag: W/17450-1686950168915.217
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Sat, 15 Jun 2024 21:16:13 GMT

GET
H2 200 ad516503a11cd5ca435acc9bb6523536
1.gravatar.com/avatar/ Frame 56BD 1 KB
2 KB 30ms
20ms Image
image/png 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=identicon&forcedefault=y&r=G
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=195017074&postid=1294&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=e3f3c02240&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.3-beta&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=1a0ce4c61a6c67ed66d9635bacd5d10c17099f28
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 3086aaa2e8d2138d1ef45b3747e966b8f0056f2edb6786616da1a8928cf1c018

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://jetpack.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 03 Jul 2023 10:22:18 GMT
last-modified: Sat, 01 Mar 2008 02:44:06 GMT
server: nginx
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=identicon&forcedefault=y&r=G>; rel="canonical"
content-length: 1485
expires: Mon, 03 Jul 2023 10:27:18 GMT

GET
H2 200 gprofiles.js Show response
0.gravatar.com/js/ Frame 56BD 26 KB
9 KB 35ms
20ms Script
application/javascript 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://0.gravatar.com/js/gprofiles.js?ver=202327a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=195017074&postid=1294&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=e3f3c02240&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.3-beta&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=1a0ce4c61a6c67ed66d9635bacd5d10c17099f28
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://jetpack.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
content-encoding: br
last-modified: Thu, 01 Jun 2023 11:07:36 GMT
server: nginx
etag: W/"64787bf8-6611"
content-type: application/javascript
cache-control: max-age=604800
expires: Mon, 10 Jul 2023 10:22:18 GMT

GET
H2 200 wpgroho.js Show response
s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/ Frame 56BD 655 B
446 B 20ms
20ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240i
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=195017074&postid=1294&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=e3f3c02240&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.3-beta&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=1a0ce4c61a6c67ed66d9635bacd5d10c17099f28
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: b6e4492d3b8358a81b80908b1f84e6bd2f64a7a46d48793af99d27bf29f4c2e8

Request headers

Referer: https://jetpack.wordpress.com/
Origin: https://jetpack.wordpress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn 1
date: Mon, 03 Jul 2023 10:22:18 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
server: nginx
x-minify: t
etag: W/1125-1684465005221.1526
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 30 May 2024 20:22:44 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 56BD 41 KB
11 KB 21ms
21ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/textarea-autosize.min.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1663141412j
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=195017074&postid=1294&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=e3f3c02240&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.3-beta&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=1a0ce4c61a6c67ed66d9635bacd5d10c17099f28
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 822183b6912f8ef43349d897aa66f65f840a059a488c1dae834f2e1b4d847c1c

Request headers

Referer: https://jetpack.wordpress.com/
Origin: https://jetpack.wordpress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 03 Jul 2023 10:22:18 GMT
content-encoding: br
x-ac: 2.hhn _dca
last-modified: Wed, 14 Sep 2022 07:43:45 GMT
server: nginx
etag: W/"63218631-a4f5"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 14 Sep 2023 07:43:50 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 56BD 24 KB
7 KB 22ms
21ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/mu-plugins/likes/queuehandler.js,/wp-content/mu-plugins/akismet-3.0/_inc/akismet-frontend.js?m=1683897436j
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=195017074&postid=1294&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=e3f3c02240&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.3-beta&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=1a0ce4c61a6c67ed66d9635bacd5d10c17099f28
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 780b61f483cfb44ee9881cbd362d41cf89609d401d12e9726e1471530ab14738

Request headers

Referer: https://jetpack.wordpress.com/
Origin: https://jetpack.wordpress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 03 Jul 2023 10:22:18 GMT
content-encoding: br
x-ac: 2.hhn _dca BYPASS
last-modified: Fri, 12 May 2023 13:17:23 GMT
server: nginx
etag: W/"645e3c63-5e76"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Sat, 11 May 2024 13:17:31 GMT

GET
H2 200 wp-emoji-release.min.js Show response
s0.wp.com/wp-includes/js/ Frame 56BD 18 KB
5 KB 24ms
23ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1677072837i&ver=6.3-alpha-56011
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=195017074&postid=1294&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=e3f3c02240&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.3-beta&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=1a0ce4c61a6c67ed66d9635bacd5d10c17099f28
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://jetpack.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 03 Jul 2023 10:22:18 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
last-modified: Fri, 19 May 2023 02:58:32 GMT
server: nginx
etag: W/"6466e5d8-4904"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Fri, 28 Jun 2024 14:06:28 GMT

GET
H2 200 button-back.gif
s0.wp.com/wp-content/mu-plugins/highlander-comments/images/ Frame 56BD 1 KB
1 KB 23ms
22ms Image
image/gif 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/images/button-back.gif
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1686950158i&cssminify=yes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 0dab369eac5fd3a06420395d02d292bc3e3ab0bf62add857c72804fd9f4edd35

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1686950158i&cssminify=yes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 03 Jul 2023 10:22:18 GMT
x-ac: 2.hhn _dca BYPASS
last-modified: Wed, 28 Nov 2018 18:49:03 GMT
server: nginx
etag: "5bfee31f-4d0"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 1232
expires: Fri, 10 Nov 2023 15:12:14 GMT

GET
H2 200 rlt-proxy.js Show response
s0.wp.com/wp-content/js/ Frame 1901 3 KB
1 KB 20ms
19ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122
Requested by: Host: public-api.wordpress.com
URL: https://public-api.wordpress.com/wp-admin/rest-proxy/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: f72ea1589b707feb0d369c239e89cc4ca754d70645c76e3a61ba0af9d69bba8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public-api.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn 1
date: Mon, 03 Jul 2023 10:22:18 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
server: nginx
x-minify: t
etag: W/7325-1684461116096.7104
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 30 May 2024 14:44:30 GMT

GET
H2 200 hovercard.min.css
0.gravatar.com/dist/css/ Frame 56BD 8 KB
2 KB 20ms
20ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://0.gravatar.com/dist/css/hovercard.min.css?ver=202327a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e
Requested by: Host: 0.gravatar.com
URL: https://0.gravatar.com/js/gprofiles.js?ver=202327a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: b6430eb74818a1eda8c688c967c3ccf00b2139dd175e868f6c5658d58f3abd11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://jetpack.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
content-encoding: br
last-modified: Fri, 19 May 2023 08:02:31 GMT
server: nginx
etag: W/"64672d17-2067"
content-type: text/css
cache-control: max-age=604800
expires: Mon, 10 Jul 2023 10:22:18 GMT

GET
H2 200 services.min.css
0.gravatar.com/dist/css/ Frame 56BD 3 KB
736 B 21ms
21ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://0.gravatar.com/dist/css/services.min.css?ver=202327a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e
Requested by: Host: 0.gravatar.com
URL: https://0.gravatar.com/js/gprofiles.js?ver=202327a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 28256c0a68f5a8b099fdc6aef91cbd61591585447f54b8554cddeeabf6d368d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://jetpack.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 10:22:18 GMT
content-encoding: br
last-modified: Wed, 21 Jun 2023 20:08:04 GMT
server: nginx
etag: W/"649358a4-d7b"
content-type: text/css
cache-control: max-age=604800
expires: Mon, 10 Jul 2023 10:22:18 GMT

GET
H2 204 boom.gif
pixel.wp.com/ 0
37 B 19ms
18ms Image
text/plain 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/boom.gif?bilmur=1&cumulative_layout_shift=0.105&largest_contentful_paint=880&batcache_hit=0&provider=wordpress.com&service=atomic&custom_properties=%7B%22devicepx%22%3A%220%22%7D&effective_connection_type=4g&rtt=0&downlink=9700&host_name=blog.wpscan.com&url_path=%2Fhacking-campaign-actively-exploiting-ultimate-member-plugin%2F&nt_fetchStart=0&nt_domainLookupStart=1&nt_domainLookupEnd=34&nt_connectStart=34&nt_connectEnd=76&nt_secureConnectionStart=53&nt_requestStart=76&nt_responseStart=239&nt_responseEnd=272&nt_domLoading=244&nt_domInteractive=800&nt_domContentLoadedEventStart=871&nt_domContentLoadedEventEnd=875&nt_domComplete=1146&nt_loadEventStart=1146&nt_loadEventEnd=1146&nt_redirectCount=0&nt_nextHopProtocol=h2&nt_api_level=2&start_render=880&first_contentful_paint=880&resource_size=1656957&resource_transferred=406874&js_size=709882&js_transferred=242923&resource_cache_percent=0&js_cache_percent=0&last_resource_end=1146
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.wpscan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 03 Jul 2023 10:22:20 GMT
cache-control: no-cache
server: nginx

Verdicts & Comments Add Verdict or Comment

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://blog.wpscan.com/_jb_static/??-eJyVjUEKhDAMAD9kDWLRvYhvqRpqljRW01Kfrx697R6HYZgSzbxJQkkQOXsSBZ9vnPDwMGXiBVBnF9GsKTCQLHjWgaT+alV+aBnD4//tSI2ujnkrBvfs3uMxDE336Xpr295eGUBIBQ== Message: Failed to load resource: net::ERR_HTTP2_PROTOCOL_ERROR
network	error	URL: https://blog.wpscan.com/_jb_static/??-eJyVyzkOgCAQAMAPKRsjARvjW0Q2iMJCOILP19bKWE4xLfZboIJUILpqLGUw9aHCZEBV6zTsIZwZLGm8mLfEjty176UxJtzWgvp/Df51Fj8PYhKS81HyG7PlQfU= Message: Failed to load resource: net::ERR_HTTP2_PROTOCOL_ERROR
network	error	URL: https://blog.wpscan.com/_jb_static/??-eJydj9EKwjAMRX/IWsSx+SJ+S7tmJTNLS9o69estIjIfBOdjyD33JHNUyD0VB0mPSTtMWV+AXRA9RxUD3QYkqhmQvJ2Qt2PazN8ZAQ81anIQJYUzTrCg+sAZOOtIxSMn7UsdLYjXtiC5V0nST9tb/oN2ceoKnSk5xCpzcF1BWQr2H6g/qwSChvBuMgZWDgZTqP5ppC4+Kk/Tcdce2q5p9l3zAO9HnuY= Message: Failed to load resource: net::ERR_HTTP2_PROTOCOL_ERROR
network	error	URL: https://blog.wpscan.com/_jb_static/??-eJyFy0EKgCAQQNELVUMk2ia6iznohI6hI3X83LZq+eG/+xqPzIIscMXmiSv41tNi8WAbRQdBUhz7QEJYgdjhMyXi6azD/a9ryEWO7PAj97TNetVGqcWoF0PJMQI= Message: Failed to load resource: net::ERR_HTTP2_PROTOCOL_ERROR
network	error	URL: https://blog.wpscan.com/_jb_static/??-eJyVjEEKwjAQRS9kDFKsdSEeRaaTUCZNZkIzNejpDYh14crl+7z3azYorJ7V5rhOxMUGrxlwNqNI0Q/d7p6dLBZWlQSqhJtHCSZv0LF11IIN96Hs6u89yhgF5/K2w3cwwK1Vkv9LJX6UStkvhpiUINLTL+3mmi6Hfhi607Hvzi8lHVlF Message: Failed to load resource: net::ERR_HTTP2_PROTOCOL_ERROR
network	error	URL: https://blog.wpscan.com/_jb_static/??wp-content/plugins/jetpack/modules/wpgroho.js,wp-includes/js/comment-reply.min.js,wp-content/themes/seedlet/assets/js/primary-navigation.js?m=1649448438 Message: Failed to load resource: net::ERR_HTTP2_PROTOCOL_ERROR
network	error	URL: https://blog.wpscan.com/_jb_static/??-eJy1jsEOwjAMQ3+IEqGJMQ6IT5m6NhrZ2mS06Sb4enoBceLG0Zaf7W0xTliRFZZQRuIME+pi3WwGkaxv1a/IXhLYohKtKrlPLtjnw1C0I2bwVBGqfSmjUxI2MmRMK6b9lHfbH8a+jN8T0BM7GAoFD4Hmyt8LFrxZ9qHei8SVv8bLoe265nRsm/MLuNpsTQ== Message: Failed to load resource: net::ERR_HTTP2_PROTOCOL_ERROR
network	error	URL: https://blog.wpscan.com/_jb_static/??-eJxdje0KwjAMRV/ILQi27I/4KNKPULP1y7Zx29vbH0NUCNxcOCdZ80DReLZYYe7zZCz7EUMgV1TDMVAc53paf9n2ILPotH2WgzEpNowNsmdHsYLjXjUWB5rJW7ApDAWV3YGixe3r+r85Y8vKLHDvb0H7ZJYKlXU1hXKj1IkX4drlW7ie5STERUoxvQGEYE8s Message: Failed to load resource: net::ERR_HTTP2_PROTOCOL_ERROR
network	error	URL: https://blog.wpscan.com/_jb_static/??-eJyVzcEOgjAMgOEXcjTGBbwYnwVYs9SwdnatwNvL1ZPh+B++/GsNs7AhG9TFM3GD7EdOqBkmpyVBVRIl28Pb0RGIE25dIe5e7bL+57OUKu28O7af0TCMldpprJh8CypuxL/rZ3lc+3s/xHgb4hf19mAK Message: Failed to load resource: net::ERR_HTTP2_PROTOCOL_ERROR

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.gravatar.com
1.gravatar.com
blog.wpscan.com
fonts-api.wp.com
fonts.wp.com
jetpack.wordpress.com
pixel.wp.com
public-api.wordpress.com
s.w.org
s0.wp.com
secure.gravatar.com
stats.wp.com
widgets.wp.com
192.0.76.3
192.0.77.32
192.0.77.48
192.0.78.164
192.0.78.23
192.0.78.33
2a04:fa87:fffe::c000:4902
0b916d09638b0cf0403bd510e2549a0d78d472d3edac5757fd65e1fc3203e5fc
0c5b68b3ae23054815d89c5a2230ad7edf2d4b68732b4463d6be74cacb974055
0dab369eac5fd3a06420395d02d292bc3e3ab0bf62add857c72804fd9f4edd35
1d91045d9b974feac67afeb398dd1f99c3a5523e30d9b982e5a0810d6f67e324
28256c0a68f5a8b099fdc6aef91cbd61591585447f54b8554cddeeabf6d368d0
3086aaa2e8d2138d1ef45b3747e966b8f0056f2edb6786616da1a8928cf1c018
32cf39fdd1cd09157852ef8193ff69bc05364c447e0fbbf2271bd963b30ebd7c
36e4f9b2caaa2e23a37448bbfae7ff1f7b6867c5c771f7bb531aa5441fbe8791
3c5a451f9ec27a354b0c2bcca636c6ec17a651281aabf29f8427e210a1d31e85
458cc094aa642c34eb176e29efdb1cefcb6b57acc5a382ae033190ba881adae1
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
503d5bf134127271e87644fe19c0b439a34369a6ea04278573a0cea3df7671c4
5734f1b66dcb622529d435aba20990813d43553f949bc0813719b4e7d1252527
5905c15570060e567d99ff9787345543f85fd0e82c5e15f42462d10ada386e3f
5cdb1cad298e924cb4a212a8884ff50f3edc8a98ac8ad80d76d9de8eb16be69e
734e98f2e9b67a75bb5d0d2becc307ff227050aef67b5339ce08b99b066e4fd4
7551cbecbf078a66df8f9d246d8b11c773247921f5ff0bbe601f0cf67e1e287b
780b61f483cfb44ee9881cbd362d41cf89609d401d12e9726e1471530ab14738
822183b6912f8ef43349d897aa66f65f840a059a488c1dae834f2e1b4d847c1c
82d7db2beaf0bed1398411ac2509f5fb4ca0564af181a066c77bec4b835b93bb
87bcc22d43cfa00bd1cf5e3a35aad79150b4ce804899db3ea93efe57eeb6dbf7
8b672850aad14669fbcf95e2b49e71dab446a29fd5857934c074b84173cb89b0
96f2da12c025e217eabfa01ae7ccbc6d77b593da8795b4a266d35280d89215d9
9e1dae23d3ad3212f67d09ca79a50003c32953c36bab976f634c9b38d8a8c6dc
a38aca823bb17c7335f249bb6194adbc333694c11ffa76563b4cba3a033cd99c
a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e
a51b6594bdda5d76e047259fb1fcaf7af2eb227cac553b4eb1cffa8328784c9c
a851ac2edc584a3b08c0a057bb2d0c08ac95c4de2cc453e22a2c83305cce3694
ae2e2ce4e754233246589f8d6986deb99cec57327ae7294cf2a323a9af92b3c2
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
b390a3efe231d9f38b3a706a5765a2a2f0817e761f60a27556171e9a276980e3
b6430eb74818a1eda8c688c967c3ccf00b2139dd175e868f6c5658d58f3abd11
b6e4492d3b8358a81b80908b1f84e6bd2f64a7a46d48793af99d27bf29f4c2e8
be7a8a75a7a589c5a1747ea85846bded2393219f42478979c91b86d2ebbea94a
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c7eae60c689db5de4a3b330e9eb1514f9dae50f92d10ea6f7f1a0e547589bd71
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258
cd63b1757bbd26794e58cb0c8a33f96a8dc544181d45530f4cd645a2858bcbee
d743ad07240fdc75d2e2a357b4ff44b334f6d4c53683e31e824aaf61d3bad0c9
dbba6c1c59954873629e196b8009f0a8256e66d755f889cf6c8ac4f1164d10c2
e0f724e7902c0b2186d8395984c312696dc8be9ae0c187792f032fb0955fcf9a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec2e2f5a8898fd24252a4f4012b022ebcaa2ba2e89d338313432bc63b4face88
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efe16fd64edb961d670fd35ee4a211ec22cb9e2fa6850cbbf13464dace1b39e2
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f72ea1589b707feb0d369c239e89cc4ca754d70645c76e3a61ba0af9d69bba8c
f8dbcb0d906325ea81fbaca5be475a10eaf975fa2b3c835b9860c6b3445db16e

blog.wpscan.com Open in urlscan Pro 192.0.78.164 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

55 Requests

100 %HTTPS

14 %IPv6

5 Domains

13 Subdomains

8 IPs

2 Countries

543 kBTransfer

2102 kBSize

0 Cookies

15 Outgoing links

Redirected requests

55 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.wpscan.com Open in urlscan Pro
192.0.78.164 Public Scan

Screenshot
Live screenshot

Full Image

55
Requests

100 %
HTTPS

14 %
IPv6

5
Domains

13
Subdomains

8
IPs

2
Countries

543 kB
Transfer

2102 kB
Size

0
Cookies

55 HTTP transactions
5 data transactions