security-soup.net Open in urlscan Pro
107.180.58.51  Public Scan

20 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response security-soup.net/decoding-a-danabot-downloader/	65 KB 16 KB	716ms 343ms	Document text/html	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / PHP/8.0.16 Resource Hash 05ed947edd9239f9f03b7ef6e703eef96a5aaea45651c5f68cf0acecffe254ab Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers x-powered-by PHP/8.0.16 x-pingback https://security-soup.net/xmlrpc.php link <https://security-soup.net/wp-json/>; rel="https://api.w.org/", <https://security-soup.net/wp-json/wp/v2/posts/1678>; rel="alternate"; type="application/json", <https://wp.me/paC05P-r4>; rel=shortlink vary Accept-Encoding content-encoding br content-length 15464 content-type text/html; charset=UTF-8 date Wed, 16 Mar 2022 20:12:19 GMT server Apache
GET H2	200	style.min.css security-soup.net/wp-includes/css/dist/block-library/	79 KB 10 KB	107ms 105ms	Stylesheet text/css	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://security-soup.net/wp-includes/css/dist/block-library/style.min.css?ver=5.8.4 Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash 9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/decoding-a-danabot-downloader/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:19 GMT content-encoding br last-modified Wed, 01 Sep 2021 04:05:58 GMT server Apache etag "bc00e5a-13abe-5cae72efad580-br" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 9945
GET H2	200	font-awesome.min.css security-soup.net/wp-content/plugins/contact-widgets/assets/css/	30 KB 7 KB	104ms 102ms	Stylesheet text/css	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://security-soup.net/wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0 Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash 03dd4b22b7c6c6841f1df803d60d9a56a0b794c8f28b71705dfbb4ad052538d3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/decoding-a-danabot-downloader/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:19 GMT content-encoding br last-modified Sat, 18 Jul 2020 15:02:50 GMT server Apache etag "bc22bcf-777f-5aab891328ab0-br" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 6581
GET H2	200	shortcodes.css security-soup.net/wp-content/plugins/column-shortcodes//assets/css/	3 KB 684 B	101ms 99ms	Stylesheet text/css	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://security-soup.net/wp-content/plugins/column-shortcodes//assets/css/shortcodes.css?ver=1.0.1 Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash a2b52f4819c133bc281608895d14021d514a47cb8300a6d671226785319813f0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/decoding-a-danabot-downloader/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:19 GMT content-encoding br last-modified Wed, 18 Aug 2021 01:45:15 GMT server Apache etag "bbe06b1-c71-5c9cb95fbd3f9-br" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 603
GET H2	200	yadawiki.css security-soup.net/wp-content/plugins/yada-wiki/css/	3 KB 864 B	100ms 98ms	Stylesheet text/css	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://security-soup.net/wp-content/plugins/yada-wiki/css/yadawiki.css?ver=5.8.4 Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash bd84ea9082370b10fb03e2aa4dcf6ccc52b6d4a53269fb32f21c44638a02dce7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/decoding-a-danabot-downloader/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:19 GMT content-encoding br last-modified Sun, 15 Aug 2021 20:00:01 GMT server Apache etag "bbe059d-aec-5c99e87a52a21-br" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 784
GET H2	200	css fonts.googleapis.com/	3 KB 999 B	261ms 17ms	Stylesheet text/css	2a00:1450:4001:800::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Karla%3A400%2C400i%2C700%2C700i Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 612e670b4080094043dce5c290b5d86df27b27064eddddc1bd506ddc51abf632 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Wed, 16 Mar 2022 18:28:37 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Wed, 16 Mar 2022 20:12:19 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 16 Mar 2022 20:12:19 GMT
GET H2	200	style.css security-soup.net/wp-content/themes/blogfeedly/	34 KB 7 KB	105ms 103ms	Stylesheet text/css	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://security-soup.net/wp-content/themes/blogfeedly/style.css?ver=5.8.4 Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash fc8056f5eb7f648bbdc21a541061cc8401f22ba178e5caceec3c78fd33e208dc Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/decoding-a-danabot-downloader/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:19 GMT content-encoding br last-modified Mon, 25 Mar 2019 03:17:32 GMT server Apache etag "bbe0f35-88f4-584e2a52e51d0-br" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 7455
GET H2	200	style.min.css security-soup.net/wp-content/plugins/contact-widgets/assets/css/	1 KB 347 B	99ms 97ms	Stylesheet text/css	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://security-soup.net/wp-content/plugins/contact-widgets/assets/css/style.min.css?ver=1.0.1 Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash 10f91c693196f2c27af73a23adc69159567c43983cf273d0a81cf77d0caa8a9e Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/decoding-a-danabot-downloader/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:19 GMT content-encoding br last-modified Sat, 18 Jul 2020 15:02:50 GMT server Apache etag "bc22bd5-4c9-5aab89132d100-br" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 254
GET H2	200	style.css security-soup.net/wp-content/plugins/newsletter/	6 KB 1 KB	101ms 99ms	Stylesheet text/css	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://security-soup.net/wp-content/plugins/newsletter/style.css?ver=7.2.2 Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash ff7cbd7d791c0f01f1b7db211981bb0506701f663e9e41422586b9e625753ba3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/decoding-a-danabot-downloader/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:19 GMT content-encoding br last-modified Sun, 15 Aug 2021 20:09:51 GMT server Apache etag "bbe242a-188a-5c99eaad6a77b-br" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 1190
GET H2	200	jetpack.css security-soup.net/wp-content/plugins/jetpack/css/	72 KB 13 KB	107ms 105ms	Stylesheet text/css	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://security-soup.net/wp-content/plugins/jetpack/css/jetpack.css?ver=9.8.1 Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash a63e79b5a97bf477e7d6ad34b4f8be2e4e8c7f3162f7d58b156ff0557f65c312 Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/decoding-a-danabot-downloader/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:19 GMT content-encoding br last-modified Tue, 29 Jun 2021 03:39:20 GMT server Apache etag "bbe28ff-11f12-5c5df59f1a591-br" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 12683
GET H2	200	jquery.min.js Show response security-soup.net/wp-includes/js/jquery/	87 KB 30 KB	195ms 194ms	Script application/javascript	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://security-soup.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/decoding-a-danabot-downloader/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:19 GMT content-encoding br last-modified Wed, 10 Mar 2021 15:07:24 GMT server Apache etag "bc013dd-15db1-5bd3006388300-br" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 30311
GET H2	200	jquery-migrate.min.js Show response security-soup.net/wp-includes/js/jquery/	11 KB 4 KB	102ms 101ms	Script application/javascript	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://security-soup.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300 Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/decoding-a-danabot-downloader/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:19 GMT content-encoding br last-modified Wed, 18 Nov 2020 09:06:06 GMT server Apache etag "bc013d5-2bd8-5b45debe27b80-br" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 3998
GET H2	200	cropped-website_newlogo.png security-soup.net/wp-content/uploads/2019/02/	51 KB 51 KB	375ms 374ms	Image image/png	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL https://security-soup.net/wp-content/uploads/2019/02/cropped-website_newlogo.png Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash 32055bb809e41ed6400e7f13f288084901f884f3f58b74c3556dd958516f5ceb Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/decoding-a-danabot-downloader/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:20 GMT last-modified Sun, 17 Feb 2019 19:08:30 GMT server Apache accept-ranges bytes etag "bbe0dc8-cc1c-5821bbbd7c293" content-length 52252 content-type image/png
GET H2	200	comment-reply.min.js Show response security-soup.net/wp-includes/js/	3 KB 1 KB	331ms 331ms	Script application/javascript	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://security-soup.net/wp-includes/js/comment-reply.min.js?ver=5.8.4 Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash 143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103 Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/decoding-a-danabot-downloader/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:19 GMT content-encoding br last-modified Thu, 18 Mar 2021 17:48:23 GMT server Apache etag "bc012a9-ba8-5bdd334ac27c0-br" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 1230
GET H2	200	custom.js Show response security-soup.net/wp-content/themes/blogfeedly/js/	3 KB 1 KB	195ms 195ms	Script application/javascript	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://security-soup.net/wp-content/themes/blogfeedly/js/custom.js?ver=1.6.0 Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash 2f086baa21a9f6cb3ec29267c447315d245832410dc86ba340054f2205443c54 Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/decoding-a-danabot-downloader/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:20 GMT content-encoding br last-modified Mon, 25 Mar 2019 03:17:29 GMT server Apache etag "bbe0f07-bfb-584e2a4fc2dc7-br" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 1177
GET H2	200	wp-embed.min.js Show response security-soup.net/wp-includes/js/	1 KB 767 B	98ms 98ms	Script application/javascript	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://security-soup.net/wp-includes/js/wp-embed.min.js?ver=5.8.4 Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991 Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/decoding-a-danabot-downloader/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:20 GMT content-encoding br last-modified Wed, 06 Jan 2021 15:29:24 GMT server Apache etag "bc013b9-592-5b83cfce57d00-br" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 663
GET H2	200	e-202211.js Show response stats.wp.com/	9 KB 3 KB	41ms 12ms	Script application/javascript	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://stats.wp.com/e-202211.js Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302 Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers x-nc HIT ams date Wed, 16 Mar 2022 20:12:20 GMT content-encoding br server nginx etag W/"6197c5cf-3508" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 expires Mon, 06 Mar 2023 00:07:01 GMT
GET H2	200	wp-emoji-release.min.js Show response security-soup.net/wp-includes/js/	18 KB 5 KB	955ms 955ms	Script application/javascript	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://security-soup.net/wp-includes/js/wp-emoji-release.min.js?ver=5.8.4 Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/decoding-a-danabot-downloader/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:20 GMT content-encoding br last-modified Tue, 08 Jun 2021 22:15:12 GMT server Apache etag "bc014d3-4705-5c4487ddedc00-br" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 4542
GET H2	200	qkB9XvYC6trAT55ZBi1ueQVIjQTD-JrIH2G7nytkHRyQ8p4wUje6bg.woff2 fonts.gstatic.com/s/karla/v21/	21 KB 21 KB	32ms 8ms	Font font/woff2	2a00:1450:4001:803::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/karla/v21/qkB9XvYC6trAT55ZBi1ueQVIjQTD-JrIH2G7nytkHRyQ8p4wUje6bg.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Karla%3A400%2C400i%2C700%2C700i Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ff9ebdf44291f699348fd4dd9b9fbaacdd36186231f34ae0f71c888facdb3261 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://security-soup.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 15 Mar 2022 15:30:40 GMT x-content-type-options nosniff age 103300 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 21060 x-xss-protection 0 last-modified Thu, 03 Feb 2022 00:29:45 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Wed, 15 Mar 2023 15:30:40 GMT
GET H2	200	qkB_XvYC6trAT7RQNNK2EG7SIwPWMNlCVytER0IPh7KX59Z0CnSKbGkv.woff2 fonts.gstatic.com/s/karla/v21/	21 KB 21 KB	35ms 12ms	Font font/woff2	2a00:1450:4001:803::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/karla/v21/qkB_XvYC6trAT7RQNNK2EG7SIwPWMNlCVytER0IPh7KX59Z0CnSKbGkv.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Karla%3A400%2C400i%2C700%2C700i Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 58304b3eb3e3e2c9b0b008db9d09aac38f844858773ec381f8f73a31b0bd45f8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://security-soup.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 18:08:00 GMT x-content-type-options nosniff age 7460 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 21604 x-xss-protection 0 last-modified Thu, 03 Feb 2022 00:31:31 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Thu, 16 Mar 2023 18:08:00 GMT
GET H2	200	Screen-Shot-2019-02-22-at-12.04.13-AM.png security-soup.net/wp-content/uploads/2019/02/	46 KB 46 KB	1019ms 1018ms	Image image/png	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL https://security-soup.net/wp-content/uploads/2019/02/Screen-Shot-2019-02-22-at-12.04.13-AM.png Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash 7eeeb33e7663e083a823b29e2bed95b86064ca70727ae2aa9792f83c9212617b Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/decoding-a-danabot-downloader/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:20 GMT last-modified Fri, 22 Feb 2019 06:05:04 GMT server Apache accept-ranges bytes etag "bbe0f86-b772-582755f3dd31b" content-length 46962 content-type image/png
GET H2	200	Screen-Shot-2022-03-13-at-9.32.06-AM-1.png security-soup.net/wp-content/uploads/2022/03/	464 KB 467 KB	1058ms 1058ms	Image image/png	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL https://security-soup.net/wp-content/uploads/2022/03/Screen-Shot-2022-03-13-at-9.32.06-AM-1.png Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash 9c3ec96e1c6056239b20facc03f0862b814991be6bc45887b7f6605cadeb4bc4 Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/decoding-a-danabot-downloader/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:20 GMT last-modified Sun, 13 Mar 2022 14:35:45 GMT server Apache accept-ranges bytes etag "bbe0710-73e0a-5da1a7aaca08c" content-length 474634 content-type image/png
GET H2	200	danabot_drawing.png security-soup.net/wp-content/uploads/2022/03/	44 KB 44 KB	1951ms 1951ms	Image image/png	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL https://security-soup.net/wp-content/uploads/2022/03/danabot_drawing.png Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash a212873a8daa9042486fd983888190f04876ade673c3cc242a4ad8a36a6d9836 Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/decoding-a-danabot-downloader/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:21 GMT last-modified Mon, 14 Mar 2022 13:06:16 GMT server Apache accept-ranges bytes etag "bbe0594-aed7-5da2d58802157" content-length 44759 content-type image/png
GET H2	200	2022-03-14-22_25_10-money.png security-soup.net/wp-content/uploads/2022/03/	439 KB 442 KB	1951ms 1951ms	Image image/png	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL https://security-soup.net/wp-content/uploads/2022/03/2022-03-14-22_25_10-money.png Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash 0f664ea5588e172074a7f77d8e83498fe8a9ed52bee2451746e3ad51cffd3728 Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/decoding-a-danabot-downloader/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:21 GMT last-modified Tue, 15 Mar 2022 03:25:37 GMT server Apache accept-ranges bytes etag "bbe0750-6dd84-5da3959c45782" content-length 449924 content-type image/png
GET H2	200	fontawesome.ttf security-soup.net/wp-content/themes/blogfeedly/fonts/	4 KB 3 KB	1942ms 1941ms	Font font/ttf	107.180.58.51 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://security-soup.net/wp-content/themes/blogfeedly/fonts/fontawesome.ttf?m20g1t Requested by Host: security-soup.net URL: https://security-soup.net/wp-content/themes/blogfeedly/style.css?ver=5.8.4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 107.180.58.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-107-180-58-51.ip.secureserver.net Software Apache / Resource Hash 829c7c7117ff1251846c377c8f00c0816b645c16c7d9a2ccd844f16d182baedf Request headers Referer https://security-soup.net/wp-content/themes/blogfeedly/style.css?ver=5.8.4 Origin https://security-soup.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 20:12:21 GMT content-encoding br last-modified Mon, 25 Mar 2019 03:17:32 GMT server Apache etag "bbe0f39-11ec-584e2a52e55b8-br" vary Accept-Encoding content-type font/ttf accept-ranges bytes content-length 3088
GET H2	200	g.gif pixel.wp.com/	50 B 93 B	13ms 12ms	Image image/gif	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.wp.com/g.gif?v=ext&j=1%3A9.8.1&blog=156820185&post=1678&tz=0&srv=security-soup.net&host=security-soup.net&ref=&fcp=1393&rand=0.9231788441911872 Requested by Host: security-soup.net URL: https://security-soup.net/decoding-a-danabot-downloader/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1 Request headers Accept-Language de-DE,de;q=0.9 Referer https://security-soup.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers access-control-allow-origin * date Wed, 16 Mar 2022 20:12:20 GMT cache-control no-cache server nginx content-length 50 content-type image/gif

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored object| _wpemojiSettings undefined| $ function| jQuery object| addComment object| wp object| _stq function| st_go function| linktracker_init object| wpcom object| twemoji

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
pixel.wp.com
security-soup.net
stats.wp.com
107.180.58.51
192.0.76.3
2a00:1450:4001:800::200a
2a00:1450:4001:803::2003
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
03dd4b22b7c6c6841f1df803d60d9a56a0b794c8f28b71705dfbb4ad052538d3
05ed947edd9239f9f03b7ef6e703eef96a5aaea45651c5f68cf0acecffe254ab
0f664ea5588e172074a7f77d8e83498fe8a9ed52bee2451746e3ad51cffd3728
10f91c693196f2c27af73a23adc69159567c43983cf273d0a81cf77d0caa8a9e
143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103
2f086baa21a9f6cb3ec29267c447315d245832410dc86ba340054f2205443c54
32055bb809e41ed6400e7f13f288084901f884f3f58b74c3556dd958516f5ceb
58304b3eb3e3e2c9b0b008db9d09aac38f844858773ec381f8f73a31b0bd45f8
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
612e670b4080094043dce5c290b5d86df27b27064eddddc1bd506ddc51abf632
7eeeb33e7663e083a823b29e2bed95b86064ca70727ae2aa9792f83c9212617b
829c7c7117ff1251846c377c8f00c0816b645c16c7d9a2ccd844f16d182baedf
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
9c3ec96e1c6056239b20facc03f0862b814991be6bc45887b7f6605cadeb4bc4
a212873a8daa9042486fd983888190f04876ade673c3cc242a4ad8a36a6d9836
a2b52f4819c133bc281608895d14021d514a47cb8300a6d671226785319813f0
a63e79b5a97bf477e7d6ad34b4f8be2e4e8c7f3162f7d58b156ff0557f65c312
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bd84ea9082370b10fb03e2aa4dcf6ccc52b6d4a53269fb32f21c44638a02dce7
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
fc8056f5eb7f648bbdc21a541061cc8401f22ba178e5caceec3c78fd33e208dc
ff7cbd7d791c0f01f1b7db211981bb0506701f663e9e41422586b9e625753ba3
ff9ebdf44291f699348fd4dd9b9fbaacdd36186231f34ae0f71c888facdb3261