logrhythm.com Open in urlscan Pro
141.193.213.21 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Submission: On December 07 via api (December 7th 2022, 7:10:37 am UTC) from IN — Scanned from DE

Summary HTTP 153 Redirects Links 42 Behaviour Indicators

Summary

This website contacted 34 IPs in 4 countries across 26 domains to perform 153 HTTP transactions. The main IP is 141.193.213.21, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is logrhythm.com. The Cisco Umbrella rank of the primary domain is 425263.
TLS certificate: Issued by R3 on November 6th 2022. Valid for: 3 months.

This is the only time logrhythm.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
36	141.193.213.21 141.193.213.21	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
6	2a02:26f0:480... 2a02:26f0:480:f::213:7ec6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
20	2606:4700::68... 2606:4700::6812:1734	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	104.17.71.206 104.17.71.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:480... 2a02:26f0:480:f::213:7edb	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
2	199.232.196.134 199.232.196.134	54113 (FASTLY) (FASTLY)
2	23.205.237.4 23.205.237.4	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:14a0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a06:98c1:3122:: 2a06:98c1:3122::	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	13.32.99.82 13.32.99.82	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
4	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	2600:9000:225... 2600:9000:225e:da00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
14	2600:9000:236... 2600:9000:236e:d000:6:8656:f5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	151.101.128.134 151.101.128.134	54113 (FASTLY) (FASTLY)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
6	54.172.38.207 54.172.38.207	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	199.232.192.134 199.232.192.134	54113 (FASTLY) (FASTLY)
12	2600:9000:239... 2600:9000:2394:e200:f:7ae2:7780:93a1	16509 (AMAZON-02) (AMAZON-02)
1	52.222.213.67 52.222.213.67	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:249... 2600:9000:2490:c800:d:ed29:200:93a1	16509 (AMAZON-02) (AMAZON-02)
153	34

36 141.193.213.21 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

logrhythm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:26f0:480:f::213:7ec6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ka-p.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.17.71.206 (None, )

ASN13335 (CLOUDFLARENET, US)

ecrm.logrhythm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:f::213:7edb (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.196.134 (United States)

ASN54113 (FASTLY, US)

logrhythm-com.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.205.237.4 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-237-4.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:14a0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3122:: (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 13.32.99.82 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-82.fra60.r.cloudfront.net

cdn-app.pathfactory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:225e:da00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2600:9000:236e:d000:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.128.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

050-uwt-888.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.172.38.207 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-172-38-207.compute-1.amazonaws.com

jukebox.pathfactory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.192.134 (United States)

ASN54113 (FASTLY, US)

referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2600:9000:2394:e200:f:7ae2:7780:93a1 (United States)

ASN16509 (AMAZON-02, US)

logrhythm.widget.insent.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.213.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-213-67.fra56.r.cloudfront.net

js.pusher.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2490:c800:d:ed29:200:93a1 (United States)

ASN16509 (AMAZON-02, US)

attachments.insent.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	logrhythm.com logrhythm.com — Cisco Umbrella Rank: 425263 ecrm.logrhythm.com	653 KB
20	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 1664 ka-p.fontawesome.com — Cisco Umbrella Rank: 4297	589 KB
14	disquscdn.com c.disquscdn.com — Cisco Umbrella Rank: 4641	553 KB
14	pathfactory.com cdn-app.pathfactory.com — Cisco Umbrella Rank: 95917 jukebox.pathfactory.com — Cisco Umbrella Rank: 63778	129 KB
13	insent.ai logrhythm.widget.insent.ai attachments.insent.ai — Cisco Umbrella Rank: 236678	644 KB
8	disqus.com logrhythm-com.disqus.com disqus.com — Cisco Umbrella Rank: 1165 referrer.disqus.com — Cisco Umbrella Rank: 7051	71 KB
7	typekit.net use.typekit.net — Cisco Umbrella Rank: 532 p.typekit.net — Cisco Umbrella Rank: 696	60 KB
4	google.de www.google.de — Cisco Umbrella Rank: 5234	827 B
4	google.com www.google.com — Cisco Umbrella Rank: 2	827 B
4	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 39 stats.g.doubleclick.net — Cisco Umbrella Rank: 98	4 KB
2	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 458 px4.ads.linkedin.com — Cisco Umbrella Rank: 6742	1 KB
2	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1122	374 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 38	20 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 152	112 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 4085	7 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 65	167 KB
1	pusher.com js.pusher.com — Cisco Umbrella Rank: 15929	18 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 116	185 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 51	1 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 876	7 KB
1	mktoresp.com 050-uwt-888.mktoresp.com	318 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 613	395 B
1	t.co t.co — Cisco Umbrella Rank: 511	377 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 242	2 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 678	15 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 967	5 KB
153	26

	Domain	Requested by
36	logrhythm.com	logrhythm.com
17	ka-p.fontawesome.com	kit.fontawesome.com logrhythm.com
14	c.disquscdn.com	logrhythm-com.disqus.com disqus.com c.disquscdn.com logrhythm.com
12	logrhythm.widget.insent.ai	logrhythm.com logrhythm.widget.insent.ai
8	cdn-app.pathfactory.com	logrhythm.com cdn-app.pathfactory.com
8	ecrm.logrhythm.com	logrhythm.com ecrm.logrhythm.com
6	jukebox.pathfactory.com	cdn-app.pathfactory.com
6	use.typekit.net	logrhythm.com use.typekit.net
5	disqus.com	logrhythm-com.disqus.com c.disquscdn.com
4	www.google.de	logrhythm.com
4	www.google.com	logrhythm.com
3	googleads.g.doubleclick.net	www.googletagmanager.com
3	kit.fontawesome.com	logrhythm.com kit.fontawesome.com
2	cdn.linkedin.oribi.io	snap.licdn.com
2	www.google-analytics.com	www.googletagmanager.com logrhythm.com
2	connect.facebook.net	logrhythm.com connect.facebook.net
2	munchkin.marketo.net	logrhythm.com munchkin.marketo.net
2	logrhythm-com.disqus.com	logrhythm.com
2	www.googletagmanager.com	logrhythm.com www.googletagmanager.com
1	attachments.insent.ai
1	js.pusher.com	logrhythm.widget.insent.ai
1	referrer.disqus.com	logrhythm.com
1	www.facebook.com	logrhythm.com
1	fonts.googleapis.com	cdn-app.pathfactory.com
1	maxcdn.bootstrapcdn.com	cdn-app.pathfactory.com
1	050-uwt-888.mktoresp.com	munchkin.marketo.net
1	stats.g.doubleclick.net	www.google-analytics.com
1	px4.ads.linkedin.com	logrhythm.com
1	px.ads.linkedin.com	1 redirects
1	analytics.twitter.com	logrhythm.com
1	t.co	logrhythm.com
1	cdnjs.cloudflare.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	p.typekit.net	use.typekit.net
153	35

This site contains links to these domains. Also see Links.

Domain
logrhythmcommunity.force.com
community.logrhythm.com
explore.logrhythm.com
www.paloaltonetworks.com
researchcenter.paloaltonetworks.com
airbus-cyber-security.com
blog.trendmicro.com
go.crowdstrike.com
www.proofpoint.com
www.lastline.com
www.sophos.com
www.jpcert.or.jp
www.carbonblack.com
blog.jpcert.or.jp
gallery.logrhythm.com
www.linkedin.com
twitter.com
www.facebook.com
www.reddit.com
docs.logrhythm.com
www.g2.com
www.youtube.com
support.logrhythm.com
wordpress.org

Subject Issuer	Validity	Valid
logrhythm.com R3	`2022-11-06` - `2023-02-04`	3 months	crt.sh
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-14` - `2023-10-15`	a year	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-22` - `2023-12-23`	a year	crt.sh
ecrm.logrhythm.com Cloudflare Inc ECC CA-3	`2022-06-30` - `2023-06-30`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.disqus.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-20` - `2023-04-20`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2022-02-06` - `2023-02-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-09-15` - `2022-12-14`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.pathfactory.com Amazon	`2022-07-11` - `2023-08-09`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
linkedin.oribi.io Amazon	`2022-07-07` - `2023-08-06`	a year	crt.sh
a.disquscdn.com Amazon	`2022-09-30` - `2023-10-29`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-05` - `2023-11-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.widget.insent.ai Amazon	`2022-03-31` - `2023-04-29`	a year	crt.sh
js.pusher.com Amazon	`2022-05-13` - `2023-06-11`	a year	crt.sh
*.insent.ai Amazon	`2022-03-30` - `2023-04-27`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Frame ID: 852D08EC27DE191A87C486E5D13DC84D
Requests: 122 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
Frame ID: C8C111D2813607107B73340C8C4CB1AC
Requests: 16 HTTP requests in this frame

Frame: https://ecrm.logrhythm.com/index.php/form/XDFrame
Frame ID: 37E1E4B58C09AED339E5508FE65865B7
Requests: 2 HTTP requests in this frame

Frame: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=jn9s7pXxH1HIZMl&marketo_cookies=[%22_mch-logrhythm.com-1670397031874-50421%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Frame ID: 198374D455979B71F3173CD098DFEED8
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Take a Deep Dive into PlugX Malware - LogRhythm

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Elementor (Landing Page Builders) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href=(?:"|')[^"']*elementor/assets
<link [^>]*href=(?:"|')[^"']*uploads/elementor/css

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

153
Requests

99 %
HTTPS

59 %
IPv6

26
Domains

35
Subdomains

34
IPs

4
Countries

3060 kB
Transfer

8427 kB
Size

20
Cookies

42 Outgoing links

These are links going to different origins than the main page.

URL: https://logrhythmcommunity.force.com/
Title: Customer Portal

Search URL Search Domain Scan URL

URL: https://community.logrhythm.com/?utm_source=logrhythm-com-website
Title: LogRhythm Community

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-analyst-reports?utm_source=logrhythm-website&utm_content=nav-menu&utm_medium=pathfactory
Title: Analyst Reports

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-demos?utm_source=logrhythm-website&utm_content=nav-menu&utm_medium=pathfactory
Title: Product Demos

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-ebooks-whitepapers?utm_source=logrhythm-website&utm_content=nav-menu&utm_medium=pathfactory
Title: White Papers & e-Books

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-threat-research?utm_source=logrhythm-website&utm_content=nav-menu&utm_medium=pathfactory
Title: Threat Research

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/featured-content?utm_source=logrhythm-website&utm_content=mainNav
Title: Featured Content

Search URL Search Domain Scan URL

URL: https://www.paloaltonetworks.com/threat-research
Title: Palo Alto’s Unit 42 Threat Research

Search URL Search Domain Scan URL

URL: https://researchcenter.paloaltonetworks.com/2017/06/unit42-paranoid-plugx/
Title: blog post

Search URL Search Domain Scan URL

URL: https://airbus-cyber-security.com/latest-changes-plugx/
Title: builder for version one

Search URL Search Domain Scan URL

URL: https://blog.trendmicro.com/trendlabs-security-intelligence/plugx-new-tool-for-a-not-so-new-campaign/
Title: researchers at Trend Micro

Search URL Search Domain Scan URL

URL: https://go.crowdstrike.com/rs/281-OBQ-266/images/ReportGlobalThreatIntelligence.pdf
Title: Crowdstrike’s Global Threat Report

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/threat-insight/post/PlugX-in-Russia
Title: delivered via a phishing campaign

Search URL Search Domain Scan URL

URL: https://airbus-cyber-security.com/getting-plugx-builder/
Title: These samples represented

Search URL Search Domain Scan URL

URL: https://www.lastline.com/labsblog/an-analysis-of-plugx-malware
Title: researchers at Lastline

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/medialibrary/pdfs/technical%20papers/plugx-thenextgeneration.pdf
Title: Researchers at Sophos

Search URL Search Domain Scan URL

URL: https://www.jpcert.or.jp/magazine/acreport-plugx.html
Title: researchers from JPCERT

Search URL Search Domain Scan URL

URL: https://www.carbonblack.com/2015/09/04/threat-research-team-goes-beyond-the-exploit-in-search-of-payloads-from-ms15-093/
Title: Carbon Black detected an additional PlugX variant

Search URL Search Domain Scan URL

URL: http://blog.jpcert.or.jp/2017/02/plugx-poison-iv-919a.html
Title: researchers from JPCERT

Search URL Search Domain Scan URL

URL: https://gallery.logrhythm.com/supporting-documents/deep-dive-into-plugx-variants-mentioned.pdf
Title: Click here

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=1&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&title=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&source=https%3A%2F%2Flogrhythm.com
Title: Share on LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&via=LogRhythm&related=LogRhythm
Title: Share on Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F
Title: Share on Facebook

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F
Title: Share on Reddit

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-demos?utm_source=logrhythm-website&utm_content=footer&utm_medium=pathfactory
Title: Product Demos

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-ebooks-whitepapers?utm_source=logrhythm-website&utm_content=footer&utm_medium=pathfactory
Title: White Papers & e-Books

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-data-sheets?utm_source=logrhythm-website&utm_content=footer&utm_medium=pathfactory
Title: Product Data Sheets

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-analyst-reports?utm_source=logrhythm-website&utm_content=footer&utm_medium=pathfactory
Title: Analyst Reports

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-threat-research?utm_source=logrhythm-website&utm_content=footer&utm_medium=pathfactory
Title: Threat Research

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-infographics?utm_source=logrhythm-website&utm_content=footer&utm_medium=pathfactory
Title: Infographics

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-brochures?utm_source=logrhythm-website&utm_content=footer&utm_medium=pathfactory
Title: Brochures

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-joint-solution-briefs?utm_source=logrhythm-website
Title: Joint Solution Briefs

Search URL Search Domain Scan URL

URL: https://logrhythmcommunity.force.com/?utm_source=logrhythm-com-website
Title: Support

Search URL Search Domain Scan URL

URL: https://docs.logrhythm.com/docs/kb?utm_source=logrhythm-com-website
Title: Knowledge Base

Search URL Search Domain Scan URL

URL: https://docs.logrhythm.com/docs?utm_source=logrhythm-com-website
Title: Documentation

Search URL Search Domain Scan URL

URL: https://www.g2.com/products/logrhythm-nextgen-siem-platform/reviews?utm_source=rewards-badge

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/logrhythm/

Search URL Search Domain Scan URL

URL: https://twitter.com/LogRhythm

Search URL Search Domain Scan URL

URL: https://www.facebook.com/LogRhythmInc/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/LogRhythmInc

Search URL Search Domain Scan URL

URL: https://support.logrhythm.com/?utm_source=logrhythm-com-website
Title: Support

Search URL Search Domain Scan URL

URL: https://wordpress.org/plugins/gdpr-cookie-compliance/
Title: Powered by GDPR Cookie Compliance

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 91

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=74706&time=1670397031758&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=74706&time=1670397031758&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&e_ipv6=AQLVqLVxIEC-EwAAAYTra_XJzIFhjKp5xDHXrNmHRbe4AboktovsMC436H5lHWLkp3YqJ5c

153 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
logrhythm.com/blog/deep-dive-into-plugx-malware/ 143 KB
33 KB 710ms
668ms Document
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

617a7b2be5cc1feff5e5f0f6358206db43cb77328865cb588c35586f7f440b83

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 775b711ebd06bb97-FRA
content-encoding: br
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
content-type: text/html; charset=UTF-8
date: Wed, 07 Dec 2022 07:10:30 GMT
link: <https://logrhythm.com/wp-json/>; rel="https://api.w.org/" <https://logrhythm.com/wp-json/wp/v2/posts/2042>; rel="alternate"; type="application/json" <https://logrhythm.com/?p=2042>; rel=shortlink
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
referrer-policy: same-origin
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: MISS
x-cache-group: normal
x-cacheable: SHORT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: WP Engine
x-tec-api-origin: https://logrhythm.com
x-tec-api-root: https://logrhythm.com/wp-json/tribe/events/v1/
x-tec-api-version: v1
x-xss-protection: 1; mode=block

GET
H2 200 kan0mns.css
use.typekit.net/ 9 KB
1 KB 45ms
11ms Stylesheet
text/css 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/kan0mns.css

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

8dac98c3fc310b29e185176a0a8b6c0e1a21baffbde3ab41173b3bf44492f67f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Wed, 07 Dec 2022 07:10:30 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1114

GET
H2 200 frontend.css
logrhythm.com/wp-content/plugins/th-widget-pack/header-footer/inc/widgets-css/ 79 KB
12 KB 28ms
24ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/th-widget-pack/header-footer/inc/widgets-css/frontend.css?ver=2.2.1

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b47c6f613bff41662a4af43e11dd7a291ad7a1fbb2346cbcf6260fc2895c911

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23892
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 29 Nov 2022 18:06:21 GMT
server: cloudflare
etag: W/"63864a1d-13c18"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7122ee6ebb97-FRA

GET
H2 200 global.css
logrhythm.com/wp-content/plugins/th-widget-pack/css/ 3 KB
4 KB 37ms
33ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/th-widget-pack/css/global.css?ver=1669745181

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

70f3cc852c9c3849b93ab403bff853542df94d4421891b4f50aeacb24f9aeeef

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23892
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 29 Nov 2022 18:06:21 GMT
server: cloudflare
etag: W/"63864a1d-a3f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7122ee71bb97-FRA

GET
H2 200 classic-themes.min.css
logrhythm.com/wp-includes/css/ 217 B
3 KB 39ms
36ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-includes/css/classic-themes.min.css?ver=1

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23892
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 25 Oct 2022 13:45:16 GMT
server: cloudflare
etag: W/"6357e86c-d9"
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7122ee72bb97-FRA

GET
H2 200 scriptlesssocialsharing-style.css
logrhythm.com/wp-content/plugins/scriptless-social-sharing/includes/css/ 3 KB
4 KB 42ms
39ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/scriptless-social-sharing/includes/css/scriptlesssocialsharing-style.css?ver=3.2.1

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fd2d7eb59ac53d537480eaf6728e57f5311965a91cf7c5e0c6b98da73acf9dd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 20388
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Mon, 30 Aug 2021 18:17:03 GMT
server: cloudflare
etag: W/"612d209f-a1a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7122ee74bb97-FRA

GET
H2 200 header-footer-elementor.css
logrhythm.com/wp-content/plugins/th-widget-pack/header-footer/assets/css/ 1 KB
3 KB 37ms
34ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/th-widget-pack/header-footer/assets/css/header-footer-elementor.css?ver=2.2.1

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b37ebd2524191bf943476446276026a92083fe5bc43571eec11855c3872bd1af

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23892
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 29 Nov 2022 18:06:21 GMT
server: cloudflare
etag: W/"63864a1d-4c6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7122ee75bb97-FRA

GET
H2 200 frontend-legacy.min.css
logrhythm.com/wp-content/plugins/elementor/assets/css/ 13 KB
4 KB 31ms
29ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.8.1

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fde0d5a578eb6673d38d66dff152e36b610384b19954f0723e07f4302305592f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23892
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 16 Nov 2022 17:14:02 GMT
server: cloudflare
etag: W/"63751a5a-35ed"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7122ee76bb97-FRA

GET
H2 200 frontend.min.css
logrhythm.com/wp-content/plugins/elementor/assets/css/ 158 KB
23 KB 34ms
32ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.8.1

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b091fb04aeb43da4cec3392a4de451d0f6b97a91235e0dc68560bc271c2b83c8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23892
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 16 Nov 2022 17:14:02 GMT
server: cloudflare
etag: W/"63751a5a-27687"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7122ee78bb97-FRA

GET
H2 200 post-6608.css
logrhythm.com/wp-content/uploads/elementor/css/ 3 KB
4 KB 22ms
20ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/uploads/elementor/css/post-6608.css?ver=1669141810

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

adf8386242af9fe9ba1b0124aec9ef86a192eeadd06a03642fd24d9ffee4af86

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23892
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 22 Nov 2022 18:30:10 GMT
server: cloudflare
etag: W/"637d1532-d1d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7122ee7abb97-FRA

GET
H2 200 frontend.min.css
logrhythm.com/wp-content/plugins/elementor-pro/assets/css/ 483 KB
47 KB 67ms
65ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.8.2

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3b67ec1b48befcb446a701d41e607cd94abfc97e25a5da7ab163f368dd14c51

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23892
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 22 Nov 2022 18:29:36 GMT
server: cloudflare
etag: W/"637d1510-78c90"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7122ee7cbb97-FRA

GET
H2 200 app.css
logrhythm.com/wp-content/themes/stratusx/assets/css/ 284 KB
50 KB 66ms
64ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/themes/stratusx/assets/css/app.css?ver=1

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

677292abd3264e7a749be23ac07c2529f0ac499ca9f2030aa9446533496fc9eb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23892
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 23 Jun 2022 18:42:46 GMT
server: cloudflare
etag: W/"62b4b426-46e6f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7122ee7dbb97-FRA

GET
H2 200 style.css
logrhythm.com/wp-content/themes/logrhythm-child/ 347 B
3 KB 28ms
26ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/themes/logrhythm-child/style.css?ver=6.1.1

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1b33627d7bddf9d93dcf1e913bb6e53d97a99c5a7fc30f9aab824bf74707b35

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23892
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sun, 29 Mar 2020 18:29:03 GMT
server: cloudflare
etag: W/"5e80e8ef-15b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7122fe87bb97-FRA

GET
H2 200 app.min.css
logrhythm.com/wp-content/themes/logrhythm-child/dist/css/ 350 KB
37 KB 27ms
25ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/themes/logrhythm-child/dist/css/app.min.css?v=1003222

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc3dba9ce7c4c908fa9d16bf61e67daadfd0f09fe0775b3b4640ef8b1d9da7d1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23892
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 30 Nov 2022 20:30:23 GMT
server: cloudflare
etag: W/"6387bd5f-5777d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7122fe89bb97-FRA

GET
H2 200 gdpr-main-nf.css
logrhythm.com/wp-content/plugins/gdpr-cookie-compliance/dist/styles/ 80 KB
12 KB 36ms
34ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/gdpr-cookie-compliance/dist/styles/gdpr-main-nf.css?ver=4.9.6

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6afaebd21d451c238bcbe208566ffa45e27391111c5cd18ac2bdebb124e2cee

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23892
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Mon, 05 Dec 2022 18:20:17 GMT
server: cloudflare
etag: W/"638e3661-14059"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7122fe8abb97-FRA

GET
H2 200 jquery.min.js Show response
logrhythm.com/wp-includes/js/jquery/ 88 KB
34 KB 32ms
30ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23892
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Mon, 19 Sep 2022 14:16:24 GMT
server: cloudflare
etag: W/"632879b8-15e54"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7122fe8cbb97-FRA

GET
H2 200 jquery-migrate.min.js Show response
logrhythm.com/wp-includes/js/jquery/ 11 KB
7 KB 37ms
36ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23892
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
server: cloudflare
etag: W/"5fb4e3fe-2bd8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7122fe8dbb97-FRA

GET
H2 200 2f1bae2942.js Show response
kit.fontawesome.com/ 11 KB
4 KB 72ms
54ms Script
text/javascript 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/2f1bae2942.js

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e781c6a44b3fbb609eb70bf410bdef4755d7ce81374f687c70beda38067d7a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Referer
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=31536000; preload
content-encoding: gzip
cf-cache-status: REVALIDATED
server: cloudflare
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60, public, must-revalidate
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-ray: 775b71263a77bbbb-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: FyzMXYw0aoSZN6qfeNXi

GET
H2 200 forms2.min.js Show response
ecrm.logrhythm.com/js/forms2/js/ 208 KB
69 KB 499ms
154ms Script
application/x-javascript 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Tue, 04 Oct 2022 18:03:49 GMT
server: cloudflare
etag: "3c07f6-33e51-5ea394834ab40"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 775b71251e1cbb9d-FRA
expires: Wed, 07 Dec 2022 11:10:31 GMT

GET
H2 200 modernizr-custom.min.js Show response
logrhythm.com/wp-content/themes/logrhythm-child/dist/js/ 5 KB
5 KB 34ms
33ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/themes/logrhythm-child/dist/js/modernizr-custom.min.js

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c99f726f2a86c98e77f5f081280ff5e78252dbc6d6576828e5fde6c62a3051ed

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23892
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 01 Dec 2020 20:51:16 GMT
server: cloudflare
etag: W/"5fc6acc4-12ac"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7122fe8fbb97-FRA

GET
H3 200 logrhythm-logo-white.svg
logrhythm.com/wp-content/themes/logrhythm-child/dist/img/ 3 KB
5 KB 28ms
27ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logrhythm.com/wp-content/themes/logrhythm-child/dist/img/logrhythm-logo-white.svg

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0b427fb8a24a526d196dd476a027463dd3a1fed8af31f53919886ef7c21fb1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 20388
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Mon, 14 Feb 2022 01:53:42 GMT
server: cloudflare
etag: W/"6209b626-d4a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b71264dd19a18-FRA

GET
H3 200 deep-dive-into-plugx-malware-1.jpg
logrhythm.com/wp-content/uploads/2020/02/ 15 KB
18 KB 211ms
210ms Image
image/jpeg 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logrhythm.com/wp-content/uploads/2020/02/deep-dive-into-plugx-malware-1.jpg

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

382c257f12b68ddf9f8a9acaa9289cfb6304f091731e482a9831cbcf2a80accc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14980
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 07 Apr 2021 17:24:15 GMT
server: cloudflare
etag: "606deabf-3a84"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges: bytes
cf-ray: 775b71265dd49a18-FRA

GET
H3 200 deep-dive-into-plugx-malware-2_iaynji.jpg
logrhythm.com/wp-content/uploads/2020/02/ 9 KB
12 KB 157ms
156ms Image
image/jpeg 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logrhythm.com/wp-content/uploads/2020/02/deep-dive-into-plugx-malware-2_iaynji.jpg

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

51222392bf548c5fde2cac2b1a6db7f2312c64f836547b4567a1ddceba4399c7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9360
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 07 Apr 2021 17:24:04 GMT
server: cloudflare
etag: "606deab4-2490"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges: bytes
cf-ray: 775b71265dd69a18-FRA

GET
H3 200 deep-dive-into-plugx-malware-3.jpg
logrhythm.com/wp-content/uploads/2020/02/ 15 KB
19 KB 193ms
191ms Image
image/jpeg 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logrhythm.com/wp-content/uploads/2020/02/deep-dive-into-plugx-malware-3.jpg

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a569d19eb5d61a14942aa1f0df3b2108a8014f119937625182bc0ac547f4c70

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15759
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 07 Apr 2021 17:23:52 GMT
server: cloudflare
etag: "606deaa8-3d8f"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges: bytes
cf-ray: 775b71265dda9a18-FRA

GET
H3 200 deep-dive-into-plugx-malware-4.png
logrhythm.com/wp-content/uploads/2020/02/ 22 KB
25 KB 516ms
515ms Image
image/png 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logrhythm.com/wp-content/uploads/2020/02/deep-dive-into-plugx-malware-4.png

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9dabe432137803d3ecc162b6a3e5070f0831a7e60e34ae31a1079edbf22035a1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 22728
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 07 Apr 2021 17:23:41 GMT
server: cloudflare
etag: "606dea9d-58c8"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges: bytes
cf-ray: 775b71265ddd9a18-FRA

GET
H3 200 email-decode.min.js Show response
logrhythm.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
871 B 18ms
18ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 30 Nov 2022 18:31:41 GMT
server: cloudflare
etag: W/"6387a18d-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 775b71239ff69a18-FRA
expires: Fri, 09 Dec 2022 07:10:30 GMT

GET
H3 200 waypoints.min.js Show response
logrhythm.com/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
6 KB 44ms
44ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23893
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 16 Nov 2022 17:14:02 GMT
server: cloudflare
etag: W/"63751a5a-2fa6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7123b83b9a18-FRA

GET
H3 200 frontend.js Show response
logrhythm.com/wp-content/plugins/th-widget-pack/header-footer/inc/js/ 25 KB
7 KB 38ms
37ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/th-widget-pack/header-footer/inc/js/frontend.js?ver=2.2.1

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e92fb6dc00e3c04e1f9af5a1554a33e2b3f2b1d7f9a9266066863a932437f0b9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23892
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 29 Nov 2022 18:06:21 GMT
server: cloudflare
etag: W/"63864a1d-6384"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7123f8dc9a18-FRA

GET
H3 200 comment_count.js Show response
logrhythm.com/wp-content/plugins/disqus-comment-system/public/js/ 889 B
4 KB 64ms
64ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.22

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 20389
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 27 May 2021 16:40:52 GMT
server: cloudflare
etag: W/"60afcb94-379"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7124394c9a18-FRA

GET
H3 200 main.js Show response
logrhythm.com/wp-content/themes/stratusx/assets/js/ 10 KB
7 KB 34ms
34ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/themes/stratusx/assets/js/main.js?ver=1.3

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1120606d70171f70f1c92b702798a10dedacf4e5a3efd3b7cb7a649f524b50d2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23893
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 23 Jun 2022 18:42:46 GMT
server: cloudflare
etag: W/"62b4b426-2798"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7124aa3b9a18-FRA

GET
H3 200 app.min.js Show response
logrhythm.com/wp-content/themes/logrhythm-child/dist/js/ 101 KB
39 KB 23ms
22ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/themes/logrhythm-child/dist/js/app.min.js?ver=1

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b830faccf14d4753732c5d7c854ffb8092ecd49afc2d87b57e257021720c98b0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23893
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 15 Jul 2022 20:46:13 GMT
server: cloudflare
etag: W/"62d1d215-19568"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b71265ddf9a18-FRA

GET
H3 200 marketo-prefill.min.js Show response
logrhythm.com/wp-content/themes/logrhythm-child/dist/js/ 2 KB
4 KB 49ms
49ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/themes/logrhythm-child/dist/js/marketo-prefill.min.js?ver=6.1.1

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

087736c1739310dc04c47e35f7e654cd75479dbf764da09eea77eb29b63e7030

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23893
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 31 Mar 2022 20:03:47 GMT
server: cloudflare
etag: W/"62460923-620"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b7124ead49a18-FRA

GET
H3 200 themo-foot.js Show response
logrhythm.com/wp-content/plugins/th-widget-pack/js/ 11 KB
6 KB 30ms
30ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/th-widget-pack/js/themo-foot.js?ver=2.2.1

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

be557052880037a1c160050458fc687e95a193799d58686f0e2eefc8b39f4f42

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23893
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 29 Nov 2022 18:06:21 GMT
server: cloudflare
etag: W/"63864a1d-2b02"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b71252b629a18-FRA

GET
H3 200 comment-reply.min.js Show response
logrhythm.com/wp-includes/js/ 3 KB
5 KB 35ms
35ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-includes/js/comment-reply.min.js?ver=6.1.1

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 20388
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
server: cloudflare
etag: W/"625095f6-ba5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b71256bd09a18-FRA

GET
H3 200 vendor_footer.js Show response
logrhythm.com/wp-content/themes/stratusx/assets/js/vendor/ 117 KB
35 KB 59ms
59ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/themes/stratusx/assets/js/vendor/vendor_footer.js?ver=1.2

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

eaff775ad40803675c3df967fd79d70cfe3cca7b691c0c7a5e03bfdc0b2850ff

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23893
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 23 Jun 2022 18:42:46 GMT
server: cloudflare
etag: W/"62b4b426-1d211"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b71259c579a18-FRA

GET
H3 200 main.js Show response
logrhythm.com/wp-content/plugins/gdpr-cookie-compliance/dist/scripts/ 58 KB
17 KB 32ms
32ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/gdpr-cookie-compliance/dist/scripts/main.js?ver=4.9.6

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f88286348f13c9f6714951cf2616383b3d9de9852618712d254bbc8248f753e8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 23893
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Mon, 05 Dec 2022 18:20:17 GMT
server: cloudflare
etag: W/"638e3661-e819"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b71260d549a18-FRA

GET
H3 200 LogRhythm_TM_Logo_ForLightBackgrounds_RGB-1.svg
logrhythm.com/wp-content/uploads/2022/02/ 3 KB
5 KB 43ms
42ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logrhythm.com/wp-content/uploads/2022/02/LogRhythm_TM_Logo_ForLightBackgrounds_RGB-1.svg

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7baa8418eba4ee1e100cbea28c14678226d047e0f5563976f5a92c8a0aaac45f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status: HIT
age: 20388
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 11 Feb 2022 04:24:58 GMT
server: cloudflare
etag: W/"6205e51a-df7"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray: 775b71265de19a18-FRA

GET
H2 200 p.css
p.typekit.net/ 5 B
181 B 39ms
6ms Stylesheet
text/css 2a02:26f0:480:f::213:7edb
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=kan0mns&ht=tk&f=32226.32227.32230.32231.40407.40408.40409.40410.40411.40412.40415.40416&a=86739004&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/kan0mns.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7edb Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:30 GMT
last-modified: Sat, 16 Oct 2021 08:18:43 GMT
server: nginx
etag: "616a8ae3-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 l
use.typekit.net/af/74b049/00000000000000007735b97f/30/ 12 KB
12 KB 34ms
8ms Font
application/font-woff2 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/74b049/00000000000000007735b97f/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/kan0mns.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 3728afa1bf40c8ef2f820860a415da47f6bf118c1ccd856fd96926bc932a612a

Request headers

Referer: https://use.typekit.net/kan0mns.css
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
server: nginx
etag: "0725935a0405a101e1f63fb0d88e754d06e3e316"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11992

GET
DATA 200
OK truncated
/ 90 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 44 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 38 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 295 KB
91 KB 50ms
28ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d83b0efa07d1bf4b04039eee3b1be35809dca2d12ccc1b754038d4e460713a68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 92199
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 07 Dec 2022 07:10:31 GMT

GET
DATA 200
OK truncated
/ 82 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/webp

GET
H/1.1 200
OK embed.js Show response
logrhythm-com.disqus.com/ 78 KB
25 KB 275ms
227ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm-com.disqus.com/embed.js

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

1f2a9c2fbb83f2aafc3f7f82ab020b2a5d9f3d59a9c679fa85f128f7aa3c1c2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 07:10:31 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=300; includeSubdomains
Server: openresty
Age: 0
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 25623

GET
H2 200 l
use.typekit.net/af/dde969/00000000000000007735b995/30/ 12 KB
12 KB 15ms
8ms Font
application/font-woff2 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/dde969/00000000000000007735b995/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/kan0mns.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: b060b43ee8aa1a1a7d17f98215f3d920d4b8b48f1af0fdc392119b11de47b36e

Request headers

Referer: https://use.typekit.net/kan0mns.css
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
server: nginx
etag: "4499a6228bad8b85e09d5232a2e94be820faa664"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11864

GET
H2 200 l
use.typekit.net/af/1fe1ce/00000000000000007735aff6/30/ 12 KB
12 KB 20ms
13ms Font
application/font-woff2 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/1fe1ce/00000000000000007735aff6/30/l?primer=c279b7655ef133eefcdc8a0e82ce6967fcf4be86c88c3d3423b05eb1816318b7&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/kan0mns.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 3cc3108c864da12cea8db6a598d888e8073e1add0c16d6bf6208813ca4487344

Request headers

Referer: https://use.typekit.net/kan0mns.css
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
server: nginx
etag: "60544d9a92264c5bbf8c0bfe6da06aa456428460"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11892

GET
H2 200 l
use.typekit.net/af/34c58e/00000000000000007735b983/30/ 12 KB
12 KB 16ms
9ms Font
application/font-woff2 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/34c58e/00000000000000007735b983/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=i4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/kan0mns.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: e0688ce88275ad7c4f3035ceae4033f11020cae4c218d0396ccd1be3d503a2bc

Request headers

Referer: https://use.typekit.net/kan0mns.css
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
server: nginx
etag: "83f6a95b08faa058c1be7387d942a37f52c267cc"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 12392

GET
H2 200 l
use.typekit.net/af/c2b6e5/00000000000000007735afee/30/ 11 KB
11 KB 15ms
9ms Font
application/font-woff2 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/c2b6e5/00000000000000007735afee/30/l?primer=c279b7655ef133eefcdc8a0e82ce6967fcf4be86c88c3d3423b05eb1816318b7&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/kan0mns.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: d36a96e8719f0a7129b328047d19a9ebb2cf4e70f40e4c6db0b01216b80ab498

Request headers

Referer: https://use.typekit.net/kan0mns.css
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
server: nginx
etag: "3206fe244b32e4b776d3735b2b940afbba9642fc"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11036

GET
H/1.1 200
OK count.js Show response
logrhythm-com.disqus.com/ 1 KB
2 KB 22ms
6ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm-com.disqus.com/count.js

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.22

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 07:10:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=300; includeSubdomains
X-Amz-Cf-Pop: DFW3-C1
Age: 113
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Dec 2022 18:18:14 GMT
Server: nginx
ETag: "638e35e6-367"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id: bARQwIs7aCMo2DjwF6ght2P0UinTk1x1f7lwOtcWDUOGjDn_eUXo6A==

GET
H2 200 getForm Show response
ecrm.logrhythm.com/index.php/form/ 6 KB
2 KB 81ms
81ms Script
application/javascript 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ecrm.logrhythm.com/index.php/form/getForm?munchkinId=050-UWT-888&form=1920&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&callback=jQuery112405750860416813042_1670397031387&_=1670397031388
Requested by: Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b5143d30a1bb289682b2bd217edb88f32cf350cd07878973f5f2c88c2fb14d9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 775b7126fabdbb9d-FRA
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 pro.min.css Show response
ka-p.fontawesome.com/releases/v6.2.1/css/ 795 KB
172 KB 38ms
29ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/css/pro.min.css?token=2f1bae2942
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/2f1bae2942.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 766b624fa66325bb23a7f1bb4d0e5429dab3dde643ab89044967f0e1a2d0d172

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:06:08 GMT
server: cloudflare
age: 1863460
etag: "63725960-2b022"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 775b71271c45bbbb-FRA
content-length: 176162

GET
H2 200 pro-v4-shims.min.css Show response
ka-p.fontawesome.com/releases/v6.2.1/css/ 27 KB
4 KB 37ms
28ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/css/pro-v4-shims.min.css?token=2f1bae2942
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/2f1bae2942.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 23510391ff5b9984f27c28542f4111767ef24c091f5c2e32a723b4325e123f11

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:06:08 GMT
server: cloudflare
age: 1863460
etag: "63725960-10e7"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 775b71271c43bbbb-FRA
content-length: 4327

GET
H2 200 pro-v5-font-face.min.css Show response
ka-p.fontawesome.com/releases/v6.2.1/css/ 85 KB
12 KB 45ms
36ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/css/pro-v5-font-face.min.css?token=2f1bae2942
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/2f1bae2942.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 97ebbaec1afcc42335561d025651db0eba255ac91b054b29c5e15240b272e70c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:06:08 GMT
server: cloudflare
age: 478021
etag: "63725960-30ac"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 775b71271c4bbbbb-FRA
content-length: 12460

GET
H2 200 pro-v4-font-face.min.css Show response
ka-p.fontawesome.com/releases/v6.2.1/css/ 12 KB
2 KB 52ms
43ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/css/pro-v4-font-face.min.css?token=2f1bae2942
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/2f1bae2942.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8b3e6bf953a9cf55e65d934a285e6a47203e1e2e0cd3d0b1448a71f5e1075c1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:06:07 GMT
server: cloudflare
age: 1864896
etag: "6372595f-908"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 775b71271c48bbbb-FRA
content-length: 2312

GET
H2 200 kit-upload.css Show response
kit.fontawesome.com/2f1bae2942/46107999/ 450 B
400 B 44ms
44ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/2f1bae2942/46107999/kit-upload.css?token=2f1bae2942

Requested by

Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/2f1bae2942.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a7eb6424801ff903c28a448f39c942bcbfdd914bd88e21d7e3e0e590f33a8c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=31536000; preload
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 6596430
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926, public, must-revalidate
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-ray: 775b71270c27bbbb-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: FxcB1PAVqKkh27WWjYaB

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 46ms
15ms Script
application/x-javascript 23.205.237.4
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.237.4 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-237-4.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 07:10:31 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Sep 2022 01:18:39 GMT
Server: AkamaiNetStorage
ETag: "92b41a298690c047b0c4602dd843cba4:1662686319.691662"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 728

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1070386004/ 2 KB
1 KB 43ms
22ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1070386004/?random=1670397031566&cv=11&fst=1670397031566&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&auid=808892398.1670397032&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2592cf031129f6adeca5b863567f2c95a3881a38edf043392944f5d3d5517f4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 07:10:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 907
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/952414179/ 2 KB
1 KB 43ms
22ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/952414179/?random=1670397031571&cv=11&fst=1670397031571&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&auid=808892398.1670397032&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

729721536a4d0da5ab450a63fe39e93572ca0e7b26a109994bb4a1d5fe5bdc80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 07:10:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 906
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 50ms
15ms Script
application/x-javascript 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 641153b2ad78e5d095645419060a4ea0854b1b3ec5ff27e99644c9f8d461610c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 18:52:45 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=67916
accept-ranges: bytes
content-length: 4581

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/903108792/ 2 KB
1 KB 70ms
52ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/903108792/?random=1670397031573&cv=11&fst=1670397031573&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&auid=808892398.1670397032&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

93f7e9eb78d09bbd8c01fcf7ebd42af020f909e47f5d4fbb5ab8327f850ca891

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 07:10:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 907
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 24ms
6ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-hhn11534-HHN

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 103 KB
28 KB 27ms
9ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d5c905d7ce4679b183eb11f7c6811682ddffbf0f037590360ae2b1a84a51ef1b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 07 Dec 2022 07:10:31 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27340
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: Yjbmmz767JQABaifrIOv9v/uq+iSLMsY2Bc7pf36E37V29H6yH1QXQjBg4JCEIkK9uPzBCHsCmDUlHSuOXA3iA==
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 arrive.min.js Show response
cdnjs.cloudflare.com/ajax/libs/arrive/2.4.1/ 5 KB
2 KB 38ms
19ms Script
application/javascript 2a06:98c1:3122::
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/arrive/2.4.1/arrive.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3122:: , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5971de670aef1d6f90a63e6ed8d095ca22f95c455ffc0ceb60be62e30e1a4473

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 5284333
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1577
last-modified: Mon, 04 May 2020 16:05:50 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d5e-13e2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5poO8pNL1zjIkayw%2F8YZDBPdO7A4r7ZBpb5UzK39fX%2Fe91ROWSXVkR9IMGuyENKj0TqVlWbMYmnYmKqqbz77JEPTGSn3dzicfbqW3RKJhf1Z1s9YBd8UZMO%2B0Y%2FukcSpwzfF4JMiKHqn4nAut2P8qYvt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 775b71277fc591de-FRA
expires: Mon, 27 Nov 2023 07:10:31 GMT

GET
H2 200 jukebox.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 52 KB
17 KB 44ms
7ms Script
application/javascript 13.32.99.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-82.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee4c02d37362b21e8669e6af9714b105022a946c3afdd6b052556a3bf826313f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
via: 1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
date: Tue, 06 Dec 2022 20:02:13 GMT
last-modified: Wed, 09 Nov 2022 01:58:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P3
age: 40099
etag: W/"afa914a8869cfab2e4af2a6028a6f812"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: r7WkstFGp29WD0Uj0GD01gTgvJGqGz2ErJZnDbHpgRSqwyhamH25GA==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 224 KB
77 KB 42ms
26ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-1FE13FG8WE&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2c03772ad0765734566e24033a6705382f6661e88de45640fec08de946a79e4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78558
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 07 Dec 2022 07:10:31 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 29ms
6ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Dec 2022 05:24:40 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 6351
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Wed, 07 Dec 2022 07:24:40 GMT

GET
H2 200 pro-fa-duotone-900-d5bbe9.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 31 KB
32 KB 35ms
33ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-duotone-900-d5bbe9.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e57f489a95d5ea1dfddc6a558a8581db06eb2cc5a86c16a1bf013f4b5401619

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:24 GMT
server: cloudflare
age: 1863460
etag: "63725b8c-7da8"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 775b71280e9bbbbb-FRA
content-length: 32168

GET
H2 200 pro-fa-brands-400-f6b769.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 18 KB
18 KB 30ms
28ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-brands-400-f6b769.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2306dff2ad40394ccbab07a0ef3124e8a68cdfc4a5fc762a3ef6be86141e406b

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:24 GMT
server: cloudflare
age: 1863460
etag: "63725b8c-480c"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 775b71280e9ebbbb-FRA
content-length: 18444

GET
H2 200 pro-fa-brands-400-9a7529.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 45 KB
45 KB 34ms
32ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-brands-400-9a7529.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8af72523d3be5cd871bd15fe2058298c96cd9e034820cb4cbddd2b5fbc9c1ddc

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:24 GMT
server: cloudflare
age: 1863460
etag: "63725b8c-b400"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 775b71280ea1bbbb-FRA
content-length: 46080

GET
H2 200 pro-fa-regular-400-043e6a.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 31 KB
31 KB 38ms
37ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-regular-400-043e6a.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7a3427733f53594d3f1df02fce4598c8437f0408d4f92f75116af2a8d1d8883

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:26 GMT
server: cloudflare
age: 1863460
etag: "63725b8e-7cd4"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 775b71280ea6bbbb-FRA
content-length: 31956

GET
H2 200 pro-fa-duotone-900-e41116.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 26 KB
26 KB 88ms
87ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-duotone-900-e41116.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 275f46a89dfab288ed9948d6de85e09f56b7bcf7533bb2faaec3c2e931132529

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:24 GMT
server: cloudflare
age: 1863460
etag: "63725b8c-6640"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 775b71280ea7bbbb-FRA
content-length: 26176

GET
H2 200 pro-fa-solid-900-ea8718.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 26 KB
26 KB 32ms
31ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-solid-900-ea8718.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b20c70658d9bbd771280bdf4e65980318293501e5b629a37bffdb455eed2af5b

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:27 GMT
server: cloudflare
age: 1863460
etag: "63725b8f-67a0"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 775b71280eaabbbb-FRA
content-length: 26528

GET
H2 200 pro-fa-light-300-d5bbe9.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 31 KB
32 KB 28ms
27ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-light-300-d5bbe9.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9207520d3d84db359c0e859fca5a4ed800caf05a14f57d63eb442b5fa108c4d

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:25 GMT
server: cloudflare
age: 1858258
etag: "63725b8d-7dbc"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 775b71280eacbbbb-FRA
content-length: 32188

GET
H2 200 pro-fa-regular-400-2a5ebc.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 33 KB
33 KB 34ms
34ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-regular-400-2a5ebc.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f9a3b9945fc0496728ef27a8d7059b348845bdf678256db64e3d81352edd555

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:26 GMT
server: cloudflare
age: 1749745
etag: "63725b8e-8544"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 775b71280eaebbbb-FRA
content-length: 34116

GET
H2 200 kit-upload.woff2
kit.fontawesome.com/2f1bae2942/46107999/ 1 KB
1 KB 26ms
25ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/2f1bae2942/46107999/kit-upload.woff2

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70c37c5c69aafdf96bdb24968e981ec29eb4425dddae28b48b99e4f2cd3d570a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=31536000; preload
cf-cache-status: HIT
age: 6347472
content-length: 1132
x-request-id: FxfkQe4GJBYUeu14ihFC
server: cloudflare
etag: aa753db54e32fe77fb869f7a248f604e
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926, public, must-revalidate
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
accept-ranges: bytes
cf-ray: 775b71280eb1bbbb-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token

GET
H2 200 pro-fa-solid-900-4adefe.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 28 KB
28 KB 27ms
27ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-solid-900-4adefe.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f2362add6b2bc08cd994a79ee53537cfada5a1ea5f29a50e48881246239e8d3

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:27 GMT
server: cloudflare
age: 1863460
etag: "63725b8f-7054"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 775b71280eb4bbbb-FRA
content-length: 28756

GET
H2 200 pro-fa-solid-900-b909c1.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 25 KB
26 KB 26ms
26ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-solid-900-b909c1.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24e5ea2c2821b58c20e033f0cc7a514677efa9f6b0b7935d28e4c90009080612

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:27 GMT
server: cloudflare
age: 1749419
etag: "63725b8f-6580"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 775b71280ebfbbbb-FRA
content-length: 25984

GET
H2 200 pro-fa-solid-900-e5c668.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 26 KB
26 KB 29ms
28ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-solid-900-e5c668.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cec95eef7f7123a649f2b8cb17675010beb728f642234b7d490de6455d6fbe3b

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:27 GMT
server: cloudflare
age: 1863460
etag: "63725b8f-68d4"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 775b71281ecfbbbb-FRA
content-length: 26836

GET
H2 200 pro-fa-solid-900-a9f9c5.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 26 KB
26 KB 30ms
29ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-solid-900-a9f9c5.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e1a75ae56ff680133dae5820a9ff88109ccbf52cc494d1c5e9209baf0a8e05e2

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:27 GMT
server: cloudflare
age: 1863460
etag: "63725b8f-6790"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 775b71281ed0bbbb-FRA
content-length: 26512

GET
H2 200 pro-fa-brands-400-90d968.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 42 KB
43 KB 30ms
30ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-brands-400-90d968.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 566385adfd85859456b4836c334212a2b03d63104e0aeec2ce7e4a18c617ff27

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:22 GMT
server: cloudflare
age: 1863460
etag: "63725b8a-a9a4"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 775b71281ed6bbbb-FRA
content-length: 43428

GET
H2 200 forms2.css
ecrm.logrhythm.com/js/forms2/css/ 13 KB
3 KB 388ms
384ms Stylesheet
text/css 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ecrm.logrhythm.com/js/forms2/css/forms2.css

Requested by

Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:32 GMT
strict-transport-security: max-age=63072000;
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 04 Oct 2022 18:03:49 GMT
server: cloudflare
cf-cache-status: REVALIDATED
etag: "3c07f2-3437-5ea394834ab40"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 775b71283d59bb9d-FRA
content-length: 2623
expires: Wed, 07 Dec 2022 11:10:32 GMT

GET
H2 200 forms2-theme-simple.css
ecrm.logrhythm.com/js/forms2/css/ 826 B
352 B 131ms
127ms Stylesheet
text/css 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ecrm.logrhythm.com/js/forms2/css/forms2-theme-simple.css

Requested by

Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=63072000;
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 04 Oct 2022 18:03:49 GMT
server: cloudflare
cf-cache-status: REVALIDATED
etag: "3c07f1-33a-5ea394834ab40"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 775b71283d5ebb9d-FRA
content-length: 242
expires: Wed, 07 Dec 2022 11:10:31 GMT

GET
H2 200 adsct
t.co/i/ 43 B
377 B 129ms
112ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=d90a4157-5d2b-442b-bdba-a22f823913a7&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=1e14131c-7151-4291-957f-1e6a1c911e4c&tw_document_href=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nw4xr&type=javascript&version=2.3.29

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-response-time: 105
date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: af189b0b24c95c7e
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 33308e727a06d53adb7c29cc7d5a1f0f423c878090ff7495b04a47c38817fd15
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
395 B 124ms
108ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=d90a4157-5d2b-442b-bdba-a22f823913a7&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=1e14131c-7151-4291-957f-1e6a1c911e4c&tw_document_href=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nw4xr&type=javascript&version=2.3.29

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-response-time: 101
date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: d6edeb4aef055da8
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 01f3f8a7d298b641d6b31ae4fc6db7aabb691a6a7dbd08b143d5402e483f90be
content-length: 43

GET
H3 200 232919347190734 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 230ms
220ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/232919347190734?v=2.9.89&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

43d2942046ac38fb283d4cc25d461eb06e403bc8050f24ec6b15e31ae18b0449

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 07 Dec 2022 07:10:31 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: hcBlOGxJFnM9kKFU0Jf0w0O62fsIxxU1Npj6CaAEnrODM8qG/WfYu++SJ5Jgt3wpiN4GQ83z3WORMHSdBjM7Gw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/162/ 11 KB
5 KB 105ms
105ms Script
application/x-javascript 23.205.237.4
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/162/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.237.4 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-237-4.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 07:10:31 GMT
Content-Encoding: gzip
Last-Modified: Fri, 01 Jul 2022 00:59:12 GMT
Server: AkamaiNetStorage
ETag: "75daf56f6191efe42577301908659c29:1656637152.894482"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4677
Expires: Fri, 17 Mar 2023 07:10:31 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1070386004/ 42 B
548 B 60ms
19ms Image
image/gif 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1070386004/?random=1670397031566&cv=11&fst=1670396400000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&fmt=3&is_vtc=1&random=1528140182&rmt_tld=0&ipr=y

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 07:10:31 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1070386004/ 42 B
548 B 43ms
19ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1070386004/?random=1670397031566&cv=11&fst=1670396400000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&fmt=3&is_vtc=1&random=1528140182&rmt_tld=1&ipr=y

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 07:10:31 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/952414179/ 42 B
108 B 61ms
22ms Image
image/gif 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/952414179/?random=1670397031571&cv=11&fst=1670396400000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&fmt=3&is_vtc=1&random=2717444209&rmt_tld=0&ipr=y

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 07:10:31 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/952414179/ 42 B
108 B 45ms
22ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/952414179/?random=1670397031571&cv=11&fst=1670396400000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&fmt=3&is_vtc=1&random=2717444209&rmt_tld=1&ipr=y

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 07:10:31 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/74706/domain/logrhythm.com/ 36 B
374 B 7ms
7ms XHR
application/json 2600:9000:225e:da00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/74706/domain/logrhythm.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:da00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 07 Dec 2022 06:47:06 GMT
content-encoding: gzip
via: 1.1 b47ba5841a54cf2d19fc521c78e94514.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 1405
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: 7SDoeBSzS68-3uKIxd2rsidODQhpDIP8i9mpeePLu9ZImeh6cPnRXQ==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=74706&time=1670397031758&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=74706&time=1670397031758&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&e_ipv6=AQLVqLVxIEC-EwAAAYTra_XJzIFhjKp5xDHXrNmH...

0
264 B

210ms
194ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=74706&time=1670397031758&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&e_ipv6=AQLVqLVxIEC-EwAAAYTra_XJzIFhjKp5xDHXrNmHRbe4AboktovsMC436H5lHWLkp3YqJ5c
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: CE5B37913AA347DF946AFDE03876C29B Ref B: FRAEDGE1516 Ref C: 2022-12-07T07:10:31Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXvN527GvjahRpvaaVliQ==

Redirect headers

date: Wed, 07 Dec 2022 07:10:31 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: A25861E39C95482FB0814A83FD4B4B97 Ref B: FRAEDGE1705 Ref C: 2022-12-07T07:10:31Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=74706&time=1670397031758&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&e_ipv6=AQLVqLVxIEC-EwAAAYTra_XJzIFhjKp5xDHXrNmHRbe4AboktovsMC436H5lHWLkp3YqJ5c
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXvN5234KHAk636QoOEEg==

OPTIONS
H2 200 token
cdn.linkedin.oribi.io/partner/74706/domain/logrhythm.com/ Frame 0
0 27ms
9ms Preflight 2600:9000:225e:da00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/74706/domain/logrhythm.com/token
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:da00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://logrhythm.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 1800
age: 303
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Wed, 07 Dec 2022 07:05:28 GMT
via: 1.1 b47ba5841a54cf2d19fc521c78e94514.cloudfront.net (CloudFront)
x-amz-cf-id: rYwwGSthYEmUBRUvyMDAoEtIQ9TUvCFRETZavrrgpd0Ggmz1W4cDsA==
x-amz-cf-pop: FRA60-P4
x-cache: Hit from cloudfront

GET
H2 200 /
www.google.com/pagead/1p-user-list/903108792/ 42 B
108 B 37ms
20ms Image
image/gif 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/903108792/?random=1670397031573&cv=11&fst=1670396400000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&fmt=3&is_vtc=1&random=610038589&rmt_tld=0&ipr=y

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 07:10:31 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/903108792/ 42 B
108 B 22ms
21ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/903108792/?random=1670397031573&cv=11&fst=1670396400000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&fmt=3&is_vtc=1&random=610038589&rmt_tld=1&ipr=y

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 07:10:31 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 677.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 7 KB
3 KB 10ms
9ms Script
application/javascript 13.32.99.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/677.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-82.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3df5a486db3e76836ec8719a381a75402a190b04dd1eaf6af6b2108f24de5c79

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
via: 1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
date: Wed, 07 Dec 2022 05:19:21 GMT
last-modified: Wed, 09 Nov 2022 01:58:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P3
age: 6671
etag: W/"043d12ba7ffcd76c1d9cc1b0540df15a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: ucXF32PLi4JWB8KZLzJq7LBZRnqonui0e4F2VTVxFqqNUEGWkAlOyw==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
441 B 60ms
20ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-3420049-1&cid=1835606778.1670397032&jid=1778607957&gjid=693540638&_gid=140394368.1670397032&_u=YGBAgUABAAAAAEAAI~&z=444568498

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 07 Dec 2022 07:10:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://logrhythm.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 20ms
6ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&aip=1&a=1275694930&t=pageview&_s=1&dl=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&ul=en-us&de=UTF-8&dt=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgUABAAAAAAAAI~&jid=1778607957&gjid=693540638&cid=1835606778.1670397032&tid=UA-3420049-1&_gid=140394368.1670397032&gtm=2wgbu0N3MMPPN&z=275662296

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Dec 2022 09:42:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 77273
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 lounge.c0745c6021a8f18f6d2527a987edd4d3.css
c.disquscdn.com/next/embed/styles/ 0
30 KB 44ms
7ms Other
text/css 2600:9000:236e:d000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.c0745c6021a8f18f6d2527a987edd4d3.css

Requested by

Host: logrhythm-com.disqus.com
URL: https://logrhythm-com.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:236e:d000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-cache-hits: 0
date: Tue, 06 Dec 2022 22:30:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
age: 31193
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 30566
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 06 Dec 2022 22:10:19 GMT
server: nginx
etag: "638fbdcb-7766"
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: 5W_qr_xvLZ2ZZ36iQBTwQKH5aQQy7QaB4dAI8-Pv38qq284ZlA64zw==
expires: Wed, 06 Dec 2023 22:30:38 GMT

GET
H2 200 common.bundle.6dd0bd4924a2cd12ee7c955bcb3718e4.js
c.disquscdn.com/next/embed/ 0
93 KB 50ms
13ms Other
application/javascript 2600:9000:236e:d000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.6dd0bd4924a2cd12ee7c955bcb3718e4.js

Requested by

Host: logrhythm-com.disqus.com
URL: https://logrhythm-com.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:236e:d000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-cache-hits: 0
date: Thu, 01 Dec 2022 15:48:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
age: 487312
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94892
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 30 Nov 2022 00:18:36 GMT
server: nginx
etag: "6386a15c-172ac"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: dm0IeEnWwyNKmSp9O2eNpR-Qsj_Ys-0OeVmPwRg98mw2Xv6JUHxMQA==
expires: Fri, 01 Dec 2023 15:48:39 GMT

GET
H2 200 lounge.bundle.1605337b9165b7dcf974a798ff31b341.js
c.disquscdn.com/next/embed/ 0
126 KB 57ms
20ms Other
application/javascript 2600:9000:236e:d000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.1605337b9165b7dcf974a798ff31b341.js

Requested by

Host: logrhythm-com.disqus.com
URL: https://logrhythm-com.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:236e:d000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-cache-hits: 0
date: Tue, 06 Dec 2022 22:30:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
age: 31193
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 128710
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 06 Dec 2022 22:10:19 GMT
server: nginx
etag: "638fbdcb-1f6c6"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: 7jqFzlw39NtwqIhe6U9q_oMJSE9imBs5WuXV3b0EwFZbh2-lkGq4ww==
expires: Wed, 06 Dec 2023 22:30:38 GMT

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
17 KB 30ms
6ms Other
application/javascript 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: logrhythm-com.disqus.com
URL: https://logrhythm-com.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 07:10:31 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 32
X-Frame-Options: SAMEORIGIN
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 16895
X-XSS-Protection: 1; mode=block

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 35ms
18ms Image
image/gif 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-3420049-1&cid=1835606778.1670397032&jid=1778607957&_u=YGBAgUABAAAAAEAAI~&z=1734528680

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 07:10:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 33ms
17ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-3420049-1&cid=1835606778.1670397032&jid=1778607957&_u=YGBAgUABAAAAAEAAI~&z=1734528680

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 07:10:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK visitWebPage
050-uwt-888.mktoresp.com/webevents/ 2 B
318 B 944ms
93ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://050-uwt-888.mktoresp.com/webevents/visitWebPage?_mchNc=1670397031874&_mchCn=&_mchId=050-UWT-888&_mchTk=_mch-logrhythm.com-1670397031874-50421&_mchHo=logrhythm.com&_mchPo=&_mchRu=%2Fblog%2Fdeep-dive-into-plugx-malware%2F&_mchPc=https%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/162/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 07:10:32 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 3a0fd0c2-b3dc-49ea-ab0c-6f6d4c117b7a

OPTIONS
H2 200 init
jukebox.pathfactory.com/api/public/v1/ Frame 0
0 343ms
110ms Preflight 54.172.38.207
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/init?clientId=LB-72E778C0-10607&image=&title=&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.172.38.207 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-38-207.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://logrhythm.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://logrhythm.com
access-control-expose-headers
access-control-max-age: 7200
date: Wed, 07 Dec 2022 07:10:32 GMT

GET
H2 200 447.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 455 B
799 B 7ms
7ms Script
application/javascript 13.32.99.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/447.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-82.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3cb35269dc1be66fc58f5781d86f083118be8ea2098256832d28953616619bec

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 00:49:43 GMT
x-amz-version-id: null
via: 1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
last-modified: Wed, 09 Nov 2022 01:58:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P3
age: 22849
etag: "781595c1866f620f3ed659c17c4ba5cf"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 455
x-amz-cf-id: I4y_Um0-gmGcineiStyaVjogMQkLk8DFxTQWVylen0ib2jWZUnJX6Q==

GET
H2 200 init Show response
jukebox.pathfactory.com/api/public/v1/ 11 KB
4 KB 378ms
183ms XHR
application/json 54.172.38.207
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/init?clientId=LB-72E778C0-10607&image=&title=&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.172.38.207 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-172-38-207.compute-1.amazonaws.com

Software

Resource Hash

3fde201925fe9dc3d22400e9d50c14a5878e06f7ea3de7ba4e1b001c76f440c9

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 07 Dec 2022 07:10:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy
content-encoding: gzip
x-request-id: 88c2bef9-ad40-4d3d-9295-5d92059172fe
x-runtime: 0.078814
referrer-policy: no-referrer-when-downgrade
etag: W/"3fde201925fe9dc3d22400e9d50c14a5"
access-control-max-age: 7200
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://logrhythm.com
access-control-expose-headers
vary: Accept, Origin, Accept-Encoding
access-control-allow-credentials: true
cache-control: max-age=0, private, must-revalidate

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/ 28 KB
7 KB 42ms
26ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/447.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 632, 617, 617
age: 4888478
cdn-cachedat: 2021-06-08 21:36:06
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 0da3e6fa0421515cbcf5425517fc7012
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 775b71296d7f910a-FRA
cdn-requestpullsuccess: True

GET
H2 200 css
fonts.googleapis.com/ 4 KB
1 KB 37ms
15ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,700

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/447.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

099f342bcdd01d03cacd2d665bb82ed11b7110f74768ec40774de44140481a38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 07 Dec 2022 07:10:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 05:56:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 07 Dec 2022 07:10:31 GMT

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame C8C1 7 KB
4 KB 124ms
123ms Document
text/html 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default

Requested by

Host: logrhythm-com.disqus.com
URL: https://logrhythm-com.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6af60712f7268b1d6e119b045f90e79114cacc40442f4871d96235432bc1e3dd

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 0
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 2977
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 07 Dec 2022 07:10:32 GMT
ETag: W/"lounge:view:7945976954.5332c4969d76fb5f0a7aa5e3862a6ffe.2"
Last-Modified: Wed, 21 Sep 2022 15:32:29 GMT
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Referrer-Policy: no-referrer-when-downgrade
Server: nginx
Strict-Transport-Security: max-age=300; includeSubdomains
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"

GET
H2 200 lounge.load.4c4ed5f9c855358a26d5235a7c63f777.js Show response
c.disquscdn.com/next/embed/ Frame C8C1 958 B
1 KB 21ms
7ms Script
application/javascript 2600:9000:236e:d000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.4c4ed5f9c855358a26d5235a7c63f777.js

Requested by

Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:236e:d000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4093cb234c3178f43e5f022130a8090e5621e99047198e7d9d67c1328a5e4137

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-cache-hits: 0
date: Tue, 06 Dec 2022 22:30:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 5743d3ff81b625f69ad8b8e32fc9c412.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
age: 31193
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 495
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 06 Dec 2022 22:10:19 GMT
server: nginx
etag: "638fbdcb-1ef"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: PGjQctwXGprUGSPY8lCDI5V14nuEfTaUhx9C5erZHRjXbcwR0C1UOw==
expires: Wed, 06 Dec 2023 22:30:39 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 25ms
10ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=232919347190734&ev=PageView&dl=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&rl=&if=false&ts=1670397032075&sw=1600&sh=1200&v=2.9.89&r=stable&ec=0&o=29&fbp=fb.1.1670397032074.1770806891&it=1670397031732&coo=false&rqm=GET

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 07 Dec 2022 07:10:32 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 common.bundle.6dd0bd4924a2cd12ee7c955bcb3718e4.js Show response
c.disquscdn.com/next/embed/ Frame C8C1 282 KB
93 KB 7ms
7ms Script
application/javascript 2600:9000:236e:d000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.6dd0bd4924a2cd12ee7c955bcb3718e4.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.4c4ed5f9c855358a26d5235a7c63f777.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:236e:d000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

278f7c9d80a080385d0ac988d5dc97b7ec33d0ae378a4d8ae58afb6f03cb156d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-cache-hits: 0
date: Thu, 01 Dec 2022 15:48:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
age: 487313
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94892
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 30 Nov 2022 00:18:36 GMT
server: nginx
etag: "6386a15c-172ac"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: IKEPGo7G3MNU12ivZLytVhNlRIfuNpHkEGpRpYMMgPuCgLpyXokDRQ==
expires: Fri, 01 Dec 2023 15:48:39 GMT

GET
H2 200 lounge.c0745c6021a8f18f6d2527a987edd4d3.css
c.disquscdn.com/next/embed/styles/ Frame C8C1 201 KB
30 KB 7ms
7ms Stylesheet
text/css 2600:9000:236e:d000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.c0745c6021a8f18f6d2527a987edd4d3.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.6dd0bd4924a2cd12ee7c955bcb3718e4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:236e:d000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3a490b34ba8411afa03552d884cf5d7da8cb48d7d167946d7ab83b6d697132b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-cache-hits: 0
date: Tue, 06 Dec 2022 22:30:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
age: 31194
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 30566
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 06 Dec 2022 22:10:19 GMT
server: nginx
etag: "638fbdcb-7766"
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: YlaiOl7QTK7bBhlYL6tcEGRag0STXom6EoFRy1rj3N3fYHlTu9P48Q==
expires: Wed, 06 Dec 2023 22:30:38 GMT

GET
H2 200 getForm Show response
ecrm.logrhythm.com/index.php/form/ 6 KB
2 KB 60ms
60ms Script
application/javascript 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ecrm.logrhythm.com/index.php/form/getForm?munchkinId=050-UWT-888&form=1920&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&callback=jQuery112405750860416813042_1670397031387&_=1670397031389
Requested by: Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b5143d30a1bb289682b2bd217edb88f32cf350cd07878973f5f2c88c2fb14d9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:32 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 775b712aeb4cbb9d-FRA
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 lounge.bundle.1605337b9165b7dcf974a798ff31b341.js Show response
c.disquscdn.com/next/embed/ Frame C8C1 503 KB
126 KB 7ms
7ms Script
application/javascript 2600:9000:236e:d000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.1605337b9165b7dcf974a798ff31b341.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.6dd0bd4924a2cd12ee7c955bcb3718e4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:236e:d000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

db6ec323207ebb78fc70f93f0b6b250ec6f4d16a4bf2a7983122e6337db93323

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-cache-hits: 0
date: Tue, 06 Dec 2022 22:30:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
age: 31194
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 128710
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 06 Dec 2022 22:10:19 GMT
server: nginx
etag: "638fbdcb-1f6c6"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: XCBaTvYpoc9JJsHxkZ9jQDdB1oJK1YxL1b2mTFalK5WyB1Sibtl40g==
expires: Wed, 06 Dec 2023 22:30:38 GMT

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame C8C1 16 KB
17 KB 6ms
6ms Script
application/javascript 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.6dd0bd4924a2cd12ee7c955bcb3718e4.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

67af3e37e9bd319dfa5250a60e3849b2172a9727c2aa0e1cf27aac1a9f42b49a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 07:10:32 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 32
X-Frame-Options: SAMEORIGIN
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 16895
X-XSS-Protection: 1; mode=block

GET
H2 200 XDFrame Show response
ecrm.logrhythm.com/index.php/form/ Frame 37E1 2 KB
864 B 117ms
116ms Document
text/html 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ecrm.logrhythm.com/index.php/form/XDFrame

Requested by

Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a664bb15e3ef71f68c86f06d043539ac34c7797563ce54b5a6fd0b1b14fd1ea6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 775b712b0bd1bb9d-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 07 Dec 2022 07:10:32 GMT
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H3 200 admin-ajax.php Show response
logrhythm.com/wp-admin/ 60 B
3 KB 767ms
767ms XHR
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-admin/admin-ajax.php?action=marketo_prefill&_mkto_trk=id%3A050-UWT-888%26token%3A_mch-logrhythm.com-1670397031874-50421

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

bb4e930b47e44ce82c4a2569afaeba2e14d6952dac3879900e7fc9fd60870045

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-pass-why: wp-admin
date: Wed, 07 Dec 2022 07:10:32 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
x-cacheable: NO:Passed
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by: WP Engine
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
vary: Accept-Encoding, X-NR-SAMPLE-PERCENT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate, private
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
x-robots-tag: noindex
cf-ray: 775b712b181b9a18-FRA
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame C8C1 4 KB
4 KB 119ms
119ms XHR
application/json 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=logrhythm-com&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.6dd0bd4924a2cd12ee7c955bcb3718e4.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e4dfc73ad3d766065b9d441cc565c9aaafb520e9644d747cad1dd175177494f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 07:10:32 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Vary: Origin, Cookie
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/json
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 3623
X-XSS-Protection: 1; mode=block

GET
H2 200 getKnownLead Show response
ecrm.logrhythm.com/index.php/form/ 49 B
246 B 492ms
492ms Script
application/javascript 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ecrm.logrhythm.com/index.php/form/getKnownLead?form=1920&lpId=&munchkinId=050-UWT-888&filledFields=true&_mkt_trk=id%3A050-UWT-888%26token%3A_mch-logrhythm.com-1670397031874-50421&callback=jQuery112405750860416813042_1670397031387&_=1670397031390

Requested by

Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c6989fd6906a2c357a6d67af169b8d6c70c6da94fd240fe9f68624fbced3f34

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:32 GMT
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
server: cloudflare
content-type: application/javascript; charset=utf-8
cf-ray: 775b712bcd46bb9d-FRA

GET
H/1.1 200
OK loadReactions Show response
disqus.com/api/3.0/threadReactions/ Frame C8C1 931 B
1 KB 127ms
115ms XHR
application/json 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/threadReactions/loadReactions?thread=7945976954&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.6dd0bd4924a2cd12ee7c955bcb3718e4.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

39ea31b09d3b57e0009d5d59d6f64308b648682b78d9bd3223daac59018392bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 07:10:32 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Vary: Origin, Cookie
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/json
Cache-Control: stale-while-revalidate=30, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 931
X-XSS-Protection: 1; mode=block

GET
H2 200 forms2.min.js Show response
ecrm.logrhythm.com/js/forms2/js/ Frame 37E1 208 KB
69 KB 26ms
25ms Script
application/x-javascript 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js

Requested by

Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/index.php/form/XDFrame

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ecrm.logrhythm.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 04 Oct 2022 18:03:49 GMT
server: cloudflare
age: 1
etag: "3c07f6-33e51-5ea394834ab40"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 775b712bfdc5bb9d-FRA
expires: Wed, 07 Dec 2022 11:10:32 GMT

GET
H2 200 loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame C8C1 3 KB
3 KB 7ms
7ms Image
image/gif 2600:9000:236e:d000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.c0745c6021a8f18f6d2527a987edd4d3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:236e:d000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.c0745c6021a8f18f6d2527a987edd4d3.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-cache-hits: 0
date: Sat, 04 Jun 2022 12:47:57 GMT
via: 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P1
age: 16050155
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2971
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Fri, 03 Jun 2022 17:03:15 GMT
server: nginx
etag: "629a3ed3-b9b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 5fUlYl0EJ4U-eoFjA2esXkGA7oUEkqUcBMnn3vVsDRElTa6sBg3_eQ==
expires: Sun, 04 Jun 2023 12:47:57 GMT

GET
H2 200 sprite.ad630a07080a45451f139a7487853ff8.png
c.disquscdn.com/next/embed/assets/img/ Frame C8C1 2 KB
2 KB 7ms
7ms Image
image/png 2600:9000:236e:d000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.c0745c6021a8f18f6d2527a987edd4d3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:236e:d000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.c0745c6021a8f18f6d2527a987edd4d3.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-cache-hits: 0
date: Tue, 24 May 2022 11:26:57 GMT
via: 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P1
age: 17005415
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 1763
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Tue, 10 May 2022 13:06:19 GMT
server: nginx
etag: "627a634b-6e3"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: yTkhhi66OkC3OKyRdw74E1n8Mgn1gwOaJp2fKFrO3kstNoWyzNmRVg==
expires: Wed, 24 May 2023 11:26:57 GMT

GET
H2 200 icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame C8C1 8 KB
8 KB 7ms
7ms Font
application/octet-stream 2600:9000:236e:d000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.c0745c6021a8f18f6d2527a987edd4d3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:236e:d000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.c0745c6021a8f18f6d2527a987edd4d3.css
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-cache-hits: 0
date: Sun, 28 Aug 2022 00:45:29 GMT
via: 1.1 5743d3ff81b625f69ad8b8e32fc9c412.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P1
age: 8749503
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 7900
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Fri, 26 Aug 2022 22:07:42 GMT
server: nginx
etag: "6309442e-1edc"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: dB55AndIJaNkoq57lwJvWuGQWpTGxZ4o5c84Xeyat881rkRL2VvBrQ==
expires: Mon, 28 Aug 2023 00:45:29 GMT

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame C8C1 43 B
339 B 335ms
95ms Image
image/gif 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&integration=wordpress%203.0.22&load_time=226&event=init_embed&thread=7945976954&forum=logrhythm-com&forum_id=6036216&imp=acrl741a6e8lp&thread_slug=take_a_deep_dive_into_plugx_malware&user_type=anon&referrer=&theme=next&dnt=0&tracking_enabled=0&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=false

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 07:10:32 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H2 200 268.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 159 KB
54 KB 7ms
7ms Script
application/javascript 13.32.99.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/268.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-82.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 48f0d6da0d3e054ef913556d3a1f3b9a5816a4314c2932397293a2be0e55957f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
via: 1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
date: Wed, 07 Dec 2022 00:50:15 GMT
last-modified: Wed, 09 Nov 2022 01:58:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P3
age: 22974
etag: W/"f8beb658fe0e593a4d1f5718df136843"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: HtFKp4qDfckADpv1oSN6Hb5wTL0ZFmmu1tCac7cmFATUcqRJa6smMA==

GET
H2 200 689.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 16 KB
6 KB 16ms
15ms Script
application/javascript 13.32.99.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/689.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-82.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 05ff91703fa482062b851d83b00e7663ef9d2001e01eaa126430e417d8e28aaa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
via: 1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
date: Wed, 07 Dec 2022 07:06:49 GMT
last-modified: Wed, 09 Nov 2022 01:58:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P3
age: 224
etag: W/"c08943f25f0d30cb139fc315b9b5d615"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: 12DbFiMbiwjJMOjO_dGecHuHVdo7IyngV69DAlkh2YrefZB3Cd01rQ==

GET
H2 200 421.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 65 KB
16 KB 14ms
13ms Script
application/javascript 13.32.99.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/421.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-82.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 053ca68ac9ca11b316cb8159df519a8d4bf7cb3208f1a462387c49a3e786972c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
via: 1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
date: Tue, 06 Dec 2022 08:10:51 GMT
last-modified: Wed, 09 Nov 2022 01:58:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P3
age: 82782
etag: W/"5b7e50a6c9f58241e112c715584bfb4c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: rSsTIYFSgJT9DLHyv7V5-ZPLJPEKLlOl8lWhBz2FwZsSyxwNAsHu5w==

GET
H2 200 796.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 109 KB
25 KB 14ms
14ms Script
application/javascript 13.32.99.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/796.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-82.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 68b13232ce19f26b9d8f703f553a099da5c7aade297a430aff9caa2bb61b0497

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
via: 1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
date: Wed, 07 Dec 2022 04:52:17 GMT
last-modified: Wed, 09 Nov 2022 01:58:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P3
age: 8304
etag: W/"0b04be85436f36a9da57f375b753dc5e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: bxxB4ftAc_yQq5Whl3JssP4E9jFhazFsoFJQR2RZ_Go8AjO2IuGmQw==

GET
H2 200 605.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 3 KB
2 KB 14ms
13ms Script
application/javascript 13.32.99.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/605.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-82.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b1b7cad3662c797e3e91b18c0aceaf92bbcb53be6b0b1d1fa8d9ca55fbc76f36

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
via: 1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
date: Wed, 07 Dec 2022 02:52:25 GMT
last-modified: Wed, 09 Nov 2022 01:58:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P3
age: 15488
etag: W/"1832a9b4ac200c1e1a1a68a20bd26cb6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: Jmw8URp5X_bOt1lz52SgY1ZHmrdb_poEPINOCOQqFoF847o1Muv1yw==

GET
H2 204 website_forms Show response
jukebox.pathfactory.com/api/public/v1/ 0
684 B 111ms
111ms XHR
text/plain 54.172.38.207
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/website_forms?clientId=LB-72E778C0-10607&visitorUuid=&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.172.38.207 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-172-38-207.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/json

Response headers

x-runtime: 0.009203
date: Wed, 07 Dec 2022 07:10:32 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
access-control-max-age: 7200
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://logrhythm.com
access-control-expose-headers
cache-control: no-cache
access-control-allow-credentials: true
vary: Origin
x-request-id: 95acbf59-d84f-4ded-b2d1-316d3f2ec12e

OPTIONS
H2 200 website_forms
jukebox.pathfactory.com/api/public/v1/ Frame 0
0 111ms
110ms Preflight 54.172.38.207
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/website_forms?clientId=LB-72E778C0-10607&visitorUuid=&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.172.38.207 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-38-207.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://logrhythm.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://logrhythm.com
access-control-expose-headers
access-control-max-age: 7200
date: Wed, 07 Dec 2022 07:10:32 GMT

GET
H2 200 upvote-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame C8C1 8 KB
8 KB 7ms
7ms Image
image/png 2600:9000:236e:d000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/upvote-512x512.png

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:236e:d000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 07 Dec 2022 07:10:23 GMT
via: 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P1
age: 10
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8170
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Tue, 06 Dec 2022 22:10:19 GMT
server: nginx
etag: "638fbdcb-1fea"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: Wf6H8WOKFMrR1tfLMmJ6If89yGVKiVl-ZZc9k_bEn9KI3FFS7x6wSA==
expires: Wed, 07 Dec 2022 07:15:22 GMT

GET
H2 200 funny-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame C8C1 9 KB
9 KB 8ms
7ms Image
image/png 2600:9000:236e:d000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/funny-512x512.png

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:236e:d000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 07 Dec 2022 07:06:01 GMT
via: 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P1
age: 271
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8883
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Tue, 06 Dec 2022 22:10:19 GMT
server: nginx
etag: "638fbdcb-22b3"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: ra9W7e4oF8hjQ59ODRd8gjMBFzkGFSx4I40vnSa5hYHNMhnZ5zdcQQ==
expires: Wed, 07 Dec 2022 07:11:01 GMT

GET
H2 200 love-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame C8C1 12 KB
12 KB 9ms
9ms Image
image/png 2600:9000:236e:d000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/love-512x512.png

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:236e:d000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 07 Dec 2022 07:06:51 GMT
via: 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P1
age: 221
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 11910
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Tue, 06 Dec 2022 22:10:19 GMT
server: nginx
etag: "638fbdcb-2e86"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: vF79BIgwLIQpWnfmw9RRIwMGh8pC9r7cr9rOXcg2_nS3EgK1ji-YGg==
expires: Wed, 07 Dec 2022 07:11:51 GMT

GET
H2 200 surprised-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame C8C1 7 KB
8 KB 10ms
9ms Image
image/png 2600:9000:236e:d000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/surprised-512x512.png

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:236e:d000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4e14ce1bd0d4433eee84cbb16196a7a051126f07af888ef7f9d252120f32f907

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 07 Dec 2022 07:10:19 GMT
via: 1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P1
age: 13
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 7308
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Tue, 06 Dec 2022 22:10:19 GMT
server: nginx
etag: "638fbdcb-1c8c"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: xLIJhts9pfZv6C4LJQh3qWLkE1vYPBCGsG0grS6DqKnkOUP721Jafg==
expires: Wed, 07 Dec 2022 07:15:19 GMT

OPTIONS
H2 200 page_views
jukebox.pathfactory.com/api/public/v1/ Frame 0
0 117ms
116ms Preflight 54.172.38.207
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/page_views
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.172.38.207 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-38-207.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://logrhythm.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://logrhythm.com
access-control-expose-headers
access-control-max-age: 7200
date: Wed, 07 Dec 2022 07:10:32 GMT

POST
H2 200 page_views Show response
jukebox.pathfactory.com/api/public/v1/ 153 B
1 KB 149ms
149ms XHR
application/json 54.172.38.207
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/page_views

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.172.38.207 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-172-38-207.compute-1.amazonaws.com

Software

Resource Hash

e76343654aabb8c3ddd6032cf5ef9e80d34e2cc1497f208ff97ed9c2c8b5d56c

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 07 Dec 2022 07:10:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy
content-encoding: gzip
x-request-id: b69a1190-bd02-4b54-93c2-a6642f3ff286
x-runtime: 0.046326
referrer-policy: no-referrer-when-downgrade
etag: W/"e76343654aabb8c3ddd6032cf5ef9e80"
access-control-max-age: 7200
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://logrhythm.com
access-control-expose-headers
vary: Accept, Origin, Accept-Encoding
access-control-allow-credentials: true
cache-control: max-age=0, private, must-revalidate

GET
H2 200 insent Show response
logrhythm.widget.insent.ai/ 79 KB
23 KB 81ms
15ms Script
binary/octet-stream 2600:9000:2394:e200:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/insent
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2394:e200:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 277918c7454d0ea51b32b5a74669b0819f3bfd7afaa51320cc48f53d479e8eb4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-amz-version-id: Yn1o3BBnv0DGvDEAfjjNNzA0mWj6sd6s
content-encoding: gzip
via: 1.1 4a3271596b4750a635e84d92a47448bc.cloudfront.net (CloudFront)
date: Tue, 06 Dec 2022 22:20:04 GMT
last-modified: Mon, 28 Nov 2022 04:38:50 GMT
server: AmazonS3
x-amz-cf-pop: AMS1-P2
age: 31831
etag: "856b851867bd1cee994bcf5ad17137fb"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: binary/octet-stream
content-length: 22897
x-amz-cf-id: aVn_-fQ-lqXdqQY8wRcHQ_i_SZ8CsDKeu8-m6R4-9oQ1lPye_i7k3g==

GET
H3 200 admin-ajax.php Show response
logrhythm.com/wp-admin/ 59 B
3 KB 806ms
806ms XHR
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-admin/admin-ajax.php?action=marketo_prefill&_mkto_trk=id%3A050-UWT-888%26token%3A_mch-logrhythm.com-1670397031874-50421

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

f85fd3cf44a450d8d21f8bb65c5e517377582352199dbc19237e3eeeb49640c0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-pass-why: wp-admin
date: Wed, 07 Dec 2022 07:10:33 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
x-cacheable: NO:Passed
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by: WP Engine
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
vary: Accept-Encoding, X-NR-SAMPLE-PERCENT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate, private
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
x-robots-tag: noindex
cf-ray: 775b712f08d99a18-FRA
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 / Show response
logrhythm.widget.insent.ai/ Frame 1983 3 KB
2 KB 14ms
13ms Document
text/html 2600:9000:2394:e200:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=jn9s7pXxH1HIZMl&marketo_cookies=[%22_mch-logrhythm.com-1670397031874-50421%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Requested by: Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/insent
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2394:e200:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a2b4067b78cc88aec157fab551eefbe2984400788ab5d0c21ffdec201940a79d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 786692
cache-control: max-age=31536000
content-encoding: gzip
content-type: text/html
date: Mon, 28 Nov 2022 04:39:01 GMT
etag: W/"90180da28fd3d7ffeadd9ad19c2419ab"
last-modified: Mon, 28 Nov 2022 04:38:54 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 4a3271596b4750a635e84d92a47448bc.cloudfront.net (CloudFront)
x-amz-cf-id: Q8COJXv3AYqD7V5Gq1GpjXKPgSxlXLwmZ24rRr_11nS56nil1Li2oA==
x-amz-cf-pop: AMS1-P2
x-amz-version-id: loiy4DXRF3Oix.mCtsPym1bPphkV6p4c
x-cache: Error from cloudfront

GET
H2 200 env.js Show response
logrhythm.widget.insent.ai/ Frame 1983 378 B
748 B 14ms
13ms Script
application/javascript 2600:9000:2394:e200:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/env.js
Requested by: Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=jn9s7pXxH1HIZMl&marketo_cookies=[%22_mch-logrhythm.com-1670397031874-50421%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2394:e200:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 89a36badc95907fd50278438a72934c399417a57418c19e6a3720750df9f40c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=jn9s7pXxH1HIZMl&marketo_cookies=[%22_mch-logrhythm.com-1670397031874-50421%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-amz-version-id: 7l0DNtUH75hgZ0ODtYgwUTux2BGbJfgS
date: Tue, 06 Dec 2022 15:25:32 GMT
via: 1.1 4a3271596b4750a635e84d92a47448bc.cloudfront.net (CloudFront)
last-modified: Mon, 28 Mar 2022 10:28:10 GMT
server: AmazonS3
x-amz-cf-pop: AMS1-P2
age: 56702
etag: "e711f85de9dc5aa30577052ddc69b53b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
content-length: 378
x-amz-cf-id: UWk2EoCkx9yx09BOUNAnS8PnjOldQThnSFGqRwDRGVUfInUTWcjq3w==

GET
H2 200 pusher.min.js Show response
js.pusher.com/6.0/ Frame 1983 64 KB
18 KB 46ms
7ms Script
application/javascript 52.222.213.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.pusher.com/6.0/pusher.min.js
Requested by: Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=jn9s7pXxH1HIZMl&marketo_cookies=[%22_mch-logrhythm.com-1670397031874-50421%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.213.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-213-67.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d9f69c562fa39d1b002af05da1c6b99247e69c14a48e67b35d8a8b0efd739128

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.widget.insent.ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 01:54:03 GMT
content-encoding: gzip
via: 1.1 63f629236e2f93bf1af732a50e42e586.cloudfront.net (CloudFront)
last-modified: Thu, 14 May 2020 14:40:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 794898
etag: W/"ba16a869e0473ee0ff7636f71e340c60"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=2592000
x-amz-cf-id: 6bF-S2TkgW2biFraxBwWmH_ahfIjSXSoGYpTJR0ETrg9FpJmkXd8Aw==

GET
H2 200 vendors.be11603f.js Show response
logrhythm.widget.insent.ai/static/js/ Frame 1983 1 MB
350 KB 14ms
14ms Script
application/javascript 2600:9000:2394:e200:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/static/js/vendors.be11603f.js
Requested by: Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=jn9s7pXxH1HIZMl&marketo_cookies=[%22_mch-logrhythm.com-1670397031874-50421%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2394:e200:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 078ea1b7c4d83a197981a394b7a24628624565601cda2cda0af7a8df9c59412d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=jn9s7pXxH1HIZMl&marketo_cookies=[%22_mch-logrhythm.com-1670397031874-50421%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:39:01 GMT
content-encoding: gzip
via: 1.1 4a3271596b4750a635e84d92a47448bc.cloudfront.net (CloudFront)
x-amz-version-id: AZGY9E1w9UmcDaACfK2HtSHLgkZrjFb8
last-modified: Mon, 28 Nov 2022 04:38:54 GMT
server: AmazonS3
x-amz-cf-pop: AMS1-P2
age: 786693
etag: W/"20033b6b5f0ededdea73d78da0291525"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: R9-QM7NGwKt0styQ9Ib-p36KH1d_mfR0wvxLCaAmMbV-t7vsUUwpIw==

GET
H2 200 commons.e2ef3dbf.js Show response
logrhythm.widget.insent.ai/static/js/ Frame 1983 211 KB
57 KB 56ms
55ms Script
application/javascript 2600:9000:2394:e200:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/static/js/commons.e2ef3dbf.js
Requested by: Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=jn9s7pXxH1HIZMl&marketo_cookies=[%22_mch-logrhythm.com-1670397031874-50421%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2394:e200:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6fd7e6f55776c1eaf3fb9fb8f10c0246d4d8ae714f0a257fd17d319475acb42c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=jn9s7pXxH1HIZMl&marketo_cookies=[%22_mch-logrhythm.com-1670397031874-50421%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:39:01 GMT
content-encoding: gzip
via: 1.1 4a3271596b4750a635e84d92a47448bc.cloudfront.net (CloudFront)
x-amz-version-id: jea8AgQjeQXK65pBh_SurQiX7BH6_xix
last-modified: Mon, 28 Nov 2022 04:38:54 GMT
server: AmazonS3
x-amz-cf-pop: AMS1-P2
age: 786693
etag: W/"5399e0ae18bc0f2b72eb159aea4d5c5d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: B3VUlRlvu6tYWCDDMXJmpxtnXZPK9bxu6ZgfqrnadPwjASHH0ZW0rA==

GET
H2 200 reduxComponents.b056f867.js Show response
logrhythm.widget.insent.ai/static/js/ Frame 1983 51 KB
12 KB 63ms
62ms Script
application/javascript 2600:9000:2394:e200:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/static/js/reduxComponents.b056f867.js
Requested by: Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=jn9s7pXxH1HIZMl&marketo_cookies=[%22_mch-logrhythm.com-1670397031874-50421%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2394:e200:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c22e3b71e56ae1ec1fc4540f32721754b9b90920e9711ba66c7c95664929e10c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=jn9s7pXxH1HIZMl&marketo_cookies=[%22_mch-logrhythm.com-1670397031874-50421%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:39:01 GMT
content-encoding: gzip
via: 1.1 4a3271596b4750a635e84d92a47448bc.cloudfront.net (CloudFront)
x-amz-version-id: WkRS1Y0KyIkGC4h4FouzL9bdG6.4yHrp
last-modified: Mon, 28 Nov 2022 04:38:54 GMT
server: AmazonS3
x-amz-cf-pop: AMS1-P2
age: 786692
etag: W/"68dab562efa82db7494f930c219b255a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: QvBnu7SsXCXsWkHfN77gS9Ced5PwONyUDzkWzPrCWxN_Ud-db5tFwg==

GET
H2 200 main.a4fb41e0.chunk.js Show response
logrhythm.widget.insent.ai/static/js/ Frame 1983 115 KB
28 KB 66ms
66ms Script
application/javascript 2600:9000:2394:e200:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/static/js/main.a4fb41e0.chunk.js
Requested by: Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=jn9s7pXxH1HIZMl&marketo_cookies=[%22_mch-logrhythm.com-1670397031874-50421%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2394:e200:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f85c6a8b42b81a8fe0409c07afb5d04808a5783b951b891020c829bbff7f3afd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=jn9s7pXxH1HIZMl&marketo_cookies=[%22_mch-logrhythm.com-1670397031874-50421%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:39:02 GMT
content-encoding: gzip
via: 1.1 4a3271596b4750a635e84d92a47448bc.cloudfront.net (CloudFront)
x-amz-version-id: _MbI7CJumLBAnexF1OS30KiAkkDVs0my
last-modified: Mon, 28 Nov 2022 04:38:54 GMT
server: AmazonS3
x-amz-cf-pop: AMS1-P2
age: 786692
etag: W/"cdf23211df2cf594c33b108e5239df22"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: ETu4iGj3x4ofZiYx3uNfQWtfv9jDdY1NBWm8MUm6t9Mq7uCuqw0IWg==

GET
H2 200 english.json Show response
logrhythm.widget.insent.ai/ Frame 1983 6 KB
2 KB 13ms
12ms XHR
application/json 2600:9000:2394:e200:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/english.json
Requested by: Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/static/js/vendors.be11603f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2394:e200:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 05c580da7227f1f1038b071466c09ff25dfaa681d82e4a71ed58beadf63e8670

Request headers

Accept: application/json, text/plain, */*
Cache-Control: max-age=31536000
Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=jn9s7pXxH1HIZMl&marketo_cookies=[%22_mch-logrhythm.com-1670397031874-50421%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:39:12 GMT
content-encoding: gzip
via: 1.1 4a3271596b4750a635e84d92a47448bc.cloudfront.net (CloudFront)
x-amz-version-id: S49kXnP_JqWLl0_EUtrVKBIfxc6jMh3f
last-modified: Mon, 28 Nov 2022 04:38:52 GMT
server: AmazonS3
x-amz-cf-pop: AMS1-P2
age: 786682
etag: W/"05d6f056048cdc28c10284bd31bf2c30"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/json
cache-control: max-age=31536000
x-amz-cf-id: _1h1rNZqwWnRMBv1qGhSPaHM6BdY0dnNIthJSePesK6fuNYrqyly6A==

GET
H2 200 getuser Show response
logrhythm.widget.insent.ai/ Frame 1983 1 KB
1 KB 1055ms
1055ms XHR
application/json 2600:9000:2394:e200:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.widget.insent.ai/getuser?url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F

Requested by

Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/static/js/vendors.be11603f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2394:e200:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

3c40b6480f48ff6d00aad3a8c4b66d1d0eca51ee73bea77da64ad7430980cda3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
marketoCookies: ["_mch-logrhythm.com-1670397031874-50421"]
Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=jn9s7pXxH1HIZMl&marketo_cookies=[%22_mch-logrhythm.com-1670397031874-50421%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
accept-language: de-DE,de;q=0.9
Authorization: Bearer eCHZJAVbbvK7Q39sF6oo
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:10:34 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
via: 1.1 4a3271596b4750a635e84d92a47448bc.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P2
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
apigw-requestid: cw5gih9OCYcEYFw=
x-xss-protection: 1; mode=block
etag: W/"4f1-uboF8yhl47UoYwzSQM/YxxxDwsU"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
x-amz-cf-id: p64ol4B_tXNE1cO8gsXrhVD_rVT9R6V75b1S11tW1E4DxraNwqbM-w==

GET
H2 200 logo-logrhythm-1657126227445
attachments.insent.ai/logrhythm/ Frame 1983 48 KB
49 KB 67ms
7ms Image
application/octet-stream 2600:9000:2490:c800:d:ed29:200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attachments.insent.ai/logrhythm/logo-logrhythm-1657126227445?1657126227539
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:c800:d:ed29:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d4f4d52cfda3e0e099e88af5c322a704352db9b322cb6b9cfef5b480a1b9d175

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.widget.insent.ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-amz-version-id: sfeZrNLqb4gIiwm5N9rLdUjzi29G0w89
date: Tue, 06 Dec 2022 11:26:45 GMT
via: 1.1 e016ea20838aeed1d878a5244c9e2552.cloudfront.net (CloudFront)
last-modified: Wed, 06 Jul 2022 16:50:28 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P6
age: 71030
x-amz-server-side-encryption: AES256
etag: "3d0923f7b3d6f404d6f98e30984ecaa7"
x-cache: Hit from cloudfront
content-type: application/octet-stream
accept-ranges: bytes
content-length: 49214
x-amz-cf-id: 7S1CYS4eeipa93j_Vvr4Fgb2nCRzMKRefs_sUDoXa-fn3NaCIvFRvA==

GET
H2 200 close.ec75d473.svg
logrhythm.widget.insent.ai/static/media/ Frame 1983 340 B
709 B 13ms
13ms Image
image/svg+xml 2600:9000:2394:e200:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logrhythm.widget.insent.ai/static/media/close.ec75d473.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2394:e200:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 825b6e088ed40f0fb6b08608d52992bd7641b9ec0065c97ac6c957c7991a3d48

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=jn9s7pXxH1HIZMl&marketo_cookies=[%22_mch-logrhythm.com-1670397031874-50421%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:39:18 GMT
x-amz-version-id: k_yeaMiUet2Iy3PGKZ81VGh7HVXnEhxn
via: 1.1 4a3271596b4750a635e84d92a47448bc.cloudfront.net (CloudFront)
last-modified: Mon, 28 Nov 2022 04:38:54 GMT
server: AmazonS3
x-amz-cf-pop: AMS1-P2
age: 786677
etag: "28a1e152bc15dc1dba7aeb152b263167"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: max-age=31536000
content-length: 340
x-amz-cf-id: tE6OToEADVA3wr6e85dXY_UAaSiQUnmyFSNUQ6yKeVqfzBh3OscCog==

GET
H2 200 Rubik.woff2
logrhythm.widget.insent.ai/ Frame 1983 33 KB
33 KB 13ms
13ms Font
font/woff2 2600:9000:2394:e200:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/Rubik.woff2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2394:e200:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 815772b443b23ef0ef0929fd6305b13cae6a6345c7d55613a9d8d03e2f9efdb8

Request headers

Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=jn9s7pXxH1HIZMl&marketo_cookies=[%22_mch-logrhythm.com-1670397031874-50421%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Origin: https://logrhythm.widget.insent.ai
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:39:19 GMT
x-amz-version-id: 2BSDIjEGS3we943g3fd7InTpyA6zj2U3
via: 1.1 4a3271596b4750a635e84d92a47448bc.cloudfront.net (CloudFront)
last-modified: Mon, 28 Nov 2022 04:38:54 GMT
server: AmazonS3
x-amz-cf-pop: AMS1-P2
age: 786677
etag: "39bafb777ff83e2b3520d39f9d01ed95"
x-cache: Hit from cloudfront
content-type: font/woff2
cache-control: max-age=31536000
content-length: 33620
x-amz-cf-id: LThpN1IIN93e9-Lceq_4D40WEPXoujrr80yYyt2cxaj7zblVebA4lA==

GET
H2 206 definite.9606d071.wav
logrhythm.widget.insent.ai/static/media/ Frame 1983 86 KB
86 KB 14ms
13ms Media
audio/x-wav 2600:9000:2394:e200:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/static/media/definite.9606d071.wav
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2394:e200:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4c33f4e9f6ff8978c0c2f06d93068909edb0e7b7867915e548492ba0ee266f03

Request headers

Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=jn9s7pXxH1HIZMl&marketo_cookies=[%22_mch-logrhythm.com-1670397031874-50421%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Range: bytes=0-

Response headers

date: Mon, 28 Nov 2022 04:39:20 GMT
x-amz-version-id: 03jpcSeGewsi4.xbjKbRyJvHuzEWT2CE
via: 1.1 4a3271596b4750a635e84d92a47448bc.cloudfront.net (CloudFront)
last-modified: Mon, 28 Nov 2022 04:38:54 GMT
server: AmazonS3
x-amz-cf-pop: AMS1-P2
age: 786676
etag: "3d648870caaca84fd9f81e0b0bba3d48"
x-cache: Hit from cloudfront
content-type: audio/x-wav
Content-Range: bytes 0-87675/87676
cache-control: max-age=31536000
x-amz-cf-id: 9J8QVHy0k-W8zPNchJZ_OhuOsv9tAFQEKL-LiWCZvkMot_iUXO-jsA==
Content-Length: 87676

Verdicts & Comments Add Verdict or Comment

104 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

20 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.ecrm.logrhythm.com/	1970-01-20 07:59:58	Name: __cf_bm Value: oTipmZyVwcGakRLcfZ3Xj.TSCLcWN0B.Xpk9uHO6Btw-1670397031-0-AVItY02fbKM7AZrWShJRmv64JF+O2MUz/E+r5k5H3cBVw2tMWjTErlEvJHA0fwpU01oM5AD8Ret40Xdg59ByaLM=
.logrhythm.com/	1970-01-20 10:09:33	Name: _gcl_au Value: 1.1.808892398.1670397032
.doubleclick.net/	1970-01-20 07:59:57	Name: test_cookie Value: CheckForPermission
.logrhythm.com/	1970-01-20 08:01:23	Name: _gid Value: GA1.2.140394368.1670397032
.logrhythm.com/	1970-01-20 07:59:57	Name: _dc_gtm_UA-3420049-1 Value: 1
.logrhythm.com/	1970-01-20 17:35:57	Name: _ga Value: GA1.1.1835606778.1670397032
.twitter.com/	1970-01-20 17:35:57	Name: personalization_id Value: "v1_SRXaCxMv9pVH3PiT5gDVCA=="
.t.co/	1970-01-20 17:35:57	Name: muc_ads Value: 00cf33fa-3921-43c6-8ae7-03215c05c913
.logrhythm.com/	1970-01-20 08:01:23	Name: ln_or Value: d
.logrhythm.com/	1970-01-20 17:35:57	Name: _mkto_trk Value: id:050-UWT-888&token:_mch-logrhythm.com-1670397031874-50421
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 16:45:33	Name: bcookie Value: "v=2&1ffd8b44-1472-4615-8767-fb3f7b27ae5c"
.linkedin.com/	1970-01-20 12:19:09	Name: li_gc Value: MTswOzE2NzAzOTcwMzE7MjswMjHwUapkwSlKqDlgY4FudFUwH6jVKbpqKgyTfYVO6leorw==
.linkedin.com/	1970-01-20 08:01:23	Name: lidc Value: "b=OGST07:s=O:r=O:a=O:p=O:g=2433:u=1:x=1:i=1670397031:t=1670483431:v=2:sig=AQG8uCQ-BasgrbI5IAY1xpW_ct-ggyPK"
.logrhythm.com/	1970-01-20 10:09:33	Name: _fbp Value: fb.1.1670397032074.1770806891
.logrhythm.com/	1970-01-20 17:35:57	Name: _ga_1FE13FG8WE Value: GS1.1.1670397031.1.0.1670397032.0.0.0
.logrhythm.com/	1970-01-20 17:35:57	Name: vid Value: d80a8949-d394-4b35-ba01-10e5227ddfb6
ecrm.logrhythm.com/	1969-12-31 23:59:59	Name: BIGipServerabcweb-nginx-app_https Value: !sEkA/LcDVVcniojn/+ZT2Dlakae2C/ltm8M2K3ch39Jnw7wOsyGi9jvqdt1myTn1smuuL2aUjR2wOw==
jukebox.pathfactory.com/	1970-01-20 17:35:57	Name: _session_id Value: MU5lYU9Gem4xQzZjcklONnVVS1JkM1lDRmRhNWhqc1V4NU9ia3kwUHQwN0JaTGRvU0Q3MllzWjY4NGUwczdDS1B6bnJkTlVOSVJSc01SNTRTTmxKVlFDSE9lbFBHTFJRRUJSU0s1Yjk3b25nZVR5VXByREdQeUkva0Z0R2ZFSDhCdHBYVjNRY0J5UFpTeVlhQWxtenBvTmdNenpsWWtqcFg3R1R5ZGxsR0ViQVBoUm04SUhHVkpYN1VtUG4yb0FyLS1xQjVvWnl2ODB1a0hMQmx1U05yMHd3PT0%3D--0ef92fdc5ec09119c0dea160ec335dae6605daf1
.logrhythm.com/	1970-01-20 17:35:57	Name: insent-user-id Value: jvMxLJYrHNK8IGRhs1670397033657

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-1FE13FG8WE&l=dataLayer&cx=c(Line 50) Message: Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-1FE13FG8WE&gtm=2oebu0&_p=1275694930&cid=1835606778.1670397032&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1670397031&sct=1&seg=0&dl=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&dt=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&en=page_view&_fv=1&_ss=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-1FE13FG8WE&l=dataLayer&cx=c(Line 373) Message: Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-1FE13FG8WE&gtm=2oebu0&_p=1275694930&cid=1835606778.1670397032&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&sid=1670397031&sct=1&seg=0&dl=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&dt=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&_s=2' because it violates the following Content Security Policy directive: "connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://adservice.google.com https://cdn.linkedin.oribi.io https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://shortpixel.com https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

050-uwt-888.mktoresp.com
analytics.twitter.com
attachments.insent.ai
c.disquscdn.com
cdn-app.pathfactory.com
cdn.linkedin.oribi.io
cdnjs.cloudflare.com
connect.facebook.net
disqus.com
ecrm.logrhythm.com
fonts.googleapis.com
googleads.g.doubleclick.net
js.pusher.com
jukebox.pathfactory.com
ka-p.fontawesome.com
kit.fontawesome.com
logrhythm-com.disqus.com
logrhythm.com
logrhythm.widget.insent.ai
maxcdn.bootstrapcdn.com
munchkin.marketo.net
p.typekit.net
px.ads.linkedin.com
px4.ads.linkedin.com
referrer.disqus.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
use.typekit.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
104.17.71.206
104.244.42.67
104.244.42.69
13.107.42.14
13.32.99.82
141.193.213.21
151.101.128.134
192.28.144.124
199.232.136.157
199.232.192.134
199.232.196.134
23.205.237.4
2600:9000:225e:da00:2:53b2:240:93a1
2600:9000:236e:d000:6:8656:f5c0:93a1
2600:9000:2394:e200:f:7ae2:7780:93a1
2600:9000:2490:c800:d:ed29:200:93a1
2606:4700::6812:1734
2606:4700::6812:acf
2620:1ec:21::14
2a00:1450:4001:802::200a
2a00:1450:4001:80e::200e
2a00:1450:4001:810::2002
2a00:1450:4001:829::2004
2a00:1450:4001:830::2003
2a00:1450:4001:830::2008
2a00:1450:400c:c00::9a
2a02:26f0:3500:16::215:14a0
2a02:26f0:480:f::213:7ec6
2a02:26f0:480:f::213:7edb
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a06:98c1:3122::
52.222.213.67
54.172.38.207
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
053ca68ac9ca11b316cb8159df519a8d4bf7cb3208f1a462387c49a3e786972c
05c580da7227f1f1038b071466c09ff25dfaa681d82e4a71ed58beadf63e8670
05ff91703fa482062b851d83b00e7663ef9d2001e01eaa126430e417d8e28aaa
0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849
078ea1b7c4d83a197981a394b7a24628624565601cda2cda0af7a8df9c59412d
087736c1739310dc04c47e35f7e654cd75479dbf764da09eea77eb29b63e7030
099f342bcdd01d03cacd2d665bb82ed11b7110f74768ec40774de44140481a38
0b47c6f613bff41662a4af43e11dd7a291ad7a1fbb2346cbcf6260fc2895c911
0c6989fd6906a2c357a6d67af169b8d6c70c6da94fd240fe9f68624fbced3f34
0f2362add6b2bc08cd994a79ee53537cfada5a1ea5f29a50e48881246239e8d3
1120606d70171f70f1c92b702798a10dedacf4e5a3efd3b7cb7a649f524b50d2
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
1a569d19eb5d61a14942aa1f0df3b2108a8014f119937625182bc0ac547f4c70
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1f2a9c2fbb83f2aafc3f7f82ab020b2a5d9f3d59a9c679fa85f128f7aa3c1c2a
20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
2306dff2ad40394ccbab07a0ef3124e8a68cdfc4a5fc762a3ef6be86141e406b
23510391ff5b9984f27c28542f4111767ef24c091f5c2e32a723b4325e123f11
24e5ea2c2821b58c20e033f0cc7a514677efa9f6b0b7935d28e4c90009080612
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2592cf031129f6adeca5b863567f2c95a3881a38edf043392944f5d3d5517f4b
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
275f46a89dfab288ed9948d6de85e09f56b7bcf7533bb2faaec3c2e931132529
277918c7454d0ea51b32b5a74669b0819f3bfd7afaa51320cc48f53d479e8eb4
278f7c9d80a080385d0ac988d5dc97b7ec33d0ae378a4d8ae58afb6f03cb156d
2c03772ad0765734566e24033a6705382f6661e88de45640fec08de946a79e4b
345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
3728afa1bf40c8ef2f820860a415da47f6bf118c1ccd856fd96926bc932a612a
382c257f12b68ddf9f8a9acaa9289cfb6304f091731e482a9831cbcf2a80accc
39ea31b09d3b57e0009d5d59d6f64308b648682b78d9bd3223daac59018392bd
3a490b34ba8411afa03552d884cf5d7da8cb48d7d167946d7ab83b6d697132b6
3b5143d30a1bb289682b2bd217edb88f32cf350cd07878973f5f2c88c2fb14d9
3c40b6480f48ff6d00aad3a8c4b66d1d0eca51ee73bea77da64ad7430980cda3
3cb35269dc1be66fc58f5781d86f083118be8ea2098256832d28953616619bec
3cc3108c864da12cea8db6a598d888e8073e1add0c16d6bf6208813ca4487344
3df5a486db3e76836ec8719a381a75402a190b04dd1eaf6af6b2108f24de5c79
3fde201925fe9dc3d22400e9d50c14a5878e06f7ea3de7ba4e1b001c76f440c9
4093cb234c3178f43e5f022130a8090e5621e99047198e7d9d67c1328a5e4137
43d2942046ac38fb283d4cc25d461eb06e403bc8050f24ec6b15e31ae18b0449
48f0d6da0d3e054ef913556d3a1f3b9a5816a4314c2932397293a2be0e55957f
4c33f4e9f6ff8978c0c2f06d93068909edb0e7b7867915e548492ba0ee266f03
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
4e14ce1bd0d4433eee84cbb16196a7a051126f07af888ef7f9d252120f32f907
4e57f489a95d5ea1dfddc6a558a8581db06eb2cc5a86c16a1bf013f4b5401619
4f9a3b9945fc0496728ef27a8d7059b348845bdf678256db64e3d81352edd555
51222392bf548c5fde2cac2b1a6db7f2312c64f836547b4567a1ddceba4399c7
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
566385adfd85859456b4836c334212a2b03d63104e0aeec2ce7e4a18c617ff27
5971de670aef1d6f90a63e6ed8d095ca22f95c455ffc0ceb60be62e30e1a4473
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57
5fd2d7eb59ac53d537480eaf6728e57f5311965a91cf7c5e0c6b98da73acf9dd
617a7b2be5cc1feff5e5f0f6358206db43cb77328865cb588c35586f7f440b83
641153b2ad78e5d095645419060a4ea0854b1b3ec5ff27e99644c9f8d461610c
677292abd3264e7a749be23ac07c2529f0ac499ca9f2030aa9446533496fc9eb
67af3e37e9bd319dfa5250a60e3849b2172a9727c2aa0e1cf27aac1a9f42b49a
68b13232ce19f26b9d8f703f553a099da5c7aade297a430aff9caa2bb61b0497
6af60712f7268b1d6e119b045f90e79114cacc40442f4871d96235432bc1e3dd
6fd7e6f55776c1eaf3fb9fb8f10c0246d4d8ae714f0a257fd17d319475acb42c
70c37c5c69aafdf96bdb24968e981ec29eb4425dddae28b48b99e4f2cd3d570a
70f3cc852c9c3849b93ab403bff853542df94d4421891b4f50aeacb24f9aeeef
729721536a4d0da5ab450a63fe39e93572ca0e7b26a109994bb4a1d5fe5bdc80
766b624fa66325bb23a7f1bb4d0e5429dab3dde643ab89044967f0e1a2d0d172
7a7eb6424801ff903c28a448f39c942bcbfdd914bd88e21d7e3e0e590f33a8c8
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7baa8418eba4ee1e100cbea28c14678226d047e0f5563976f5a92c8a0aaac45f
7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551
7e0b427fb8a24a526d196dd476a027463dd3a1fed8af31f53919886ef7c21fb1
815772b443b23ef0ef0929fd6305b13cae6a6345c7d55613a9d8d03e2f9efdb8
825b6e088ed40f0fb6b08608d52992bd7641b9ec0065c97ac6c957c7991a3d48
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
89a36badc95907fd50278438a72934c399417a57418c19e6a3720750df9f40c9
8af72523d3be5cd871bd15fe2058298c96cd9e034820cb4cbddd2b5fbc9c1ddc
8dac98c3fc310b29e185176a0a8b6c0e1a21baffbde3ab41173b3bf44492f67f
8e781c6a44b3fbb609eb70bf410bdef4755d7ce81374f687c70beda38067d7a7
91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc
93f7e9eb78d09bbd8c01fcf7ebd42af020f909e47f5d4fbb5ab8327f850ca891
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
97ebbaec1afcc42335561d025651db0eba255ac91b054b29c5e15240b272e70c
9dabe432137803d3ecc162b6a3e5070f0831a7e60e34ae31a1079edbf22035a1
a2b4067b78cc88aec157fab551eefbe2984400788ab5d0c21ffdec201940a79d
a664bb15e3ef71f68c86f06d043539ac34c7797563ce54b5a6fd0b1b14fd1ea6
a8b3e6bf953a9cf55e65d934a285e6a47203e1e2e0cd3d0b1448a71f5e1075c1
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
adf8386242af9fe9ba1b0124aec9ef86a192eeadd06a03642fd24d9ffee4af86
b060b43ee8aa1a1a7d17f98215f3d920d4b8b48f1af0fdc392119b11de47b36e
b091fb04aeb43da4cec3392a4de451d0f6b97a91235e0dc68560bc271c2b83c8
b1b33627d7bddf9d93dcf1e913bb6e53d97a99c5a7fc30f9aab824bf74707b35
b1b7cad3662c797e3e91b18c0aceaf92bbcb53be6b0b1d1fa8d9ca55fbc76f36
b20c70658d9bbd771280bdf4e65980318293501e5b629a37bffdb455eed2af5b
b37ebd2524191bf943476446276026a92083fe5bc43571eec11855c3872bd1af
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d
b830faccf14d4753732c5d7c854ffb8092ecd49afc2d87b57e257021720c98b0
bb4e930b47e44ce82c4a2569afaeba2e14d6952dac3879900e7fc9fd60870045
bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6
be557052880037a1c160050458fc687e95a193799d58686f0e2eefc8b39f4f42
c22e3b71e56ae1ec1fc4540f32721754b9b90920e9711ba66c7c95664929e10c
c3b67ec1b48befcb446a701d41e607cd94abfc97e25a5da7ab163f368dd14c51
c7a3427733f53594d3f1df02fce4598c8437f0408d4f92f75116af2a8d1d8883
c9207520d3d84db359c0e859fca5a4ed800caf05a14f57d63eb442b5fa108c4d
c99f726f2a86c98e77f5f081280ff5e78252dbc6d6576828e5fde6c62a3051ed
cc3dba9ce7c4c908fa9d16bf61e67daadfd0f09fe0775b3b4640ef8b1d9da7d1
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e
cec95eef7f7123a649f2b8cb17675010beb728f642234b7d490de6455d6fbe3b
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d36a96e8719f0a7129b328047d19a9ebb2cf4e70f40e4c6db0b01216b80ab498
d4f4d52cfda3e0e099e88af5c322a704352db9b322cb6b9cfef5b480a1b9d175
d5c905d7ce4679b183eb11f7c6811682ddffbf0f037590360ae2b1a84a51ef1b
d83b0efa07d1bf4b04039eee3b1be35809dca2d12ccc1b754038d4e460713a68
d9f69c562fa39d1b002af05da1c6b99247e69c14a48e67b35d8a8b0efd739128
db6ec323207ebb78fc70f93f0b6b250ec6f4d16a4bf2a7983122e6337db93323
ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018
e0688ce88275ad7c4f3035ceae4033f11020cae4c218d0396ccd1be3d503a2bc
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e1a75ae56ff680133dae5820a9ff88109ccbf52cc494d1c5e9209baf0a8e05e2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33
e4dfc73ad3d766065b9d441cc565c9aaafb520e9644d747cad1dd175177494f4
e6afaebd21d451c238bcbe208566ffa45e27391111c5cd18ac2bdebb124e2cee
e76343654aabb8c3ddd6032cf5ef9e80d34e2cc1497f208ff97ed9c2c8b5d56c
e92fb6dc00e3c04e1f9af5a1554a33e2b3f2b1d7f9a9266066863a932437f0b9
eaff775ad40803675c3df967fd79d70cfe3cca7b691c0c7a5e03bfdc0b2850ff
ee4c02d37362b21e8669e6af9714b105022a946c3afdd6b052556a3bf826313f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f85c6a8b42b81a8fe0409c07afb5d04808a5783b951b891020c829bbff7f3afd
f85fd3cf44a450d8d21f8bb65c5e517377582352199dbc19237e3eeeb49640c0
f88286348f13c9f6714951cf2616383b3d9de9852618712d254bbc8248f753e8
fde0d5a578eb6673d38d66dff152e36b610384b19954f0723e07f4302305592f

logrhythm.com Open in urlscan Pro 141.193.213.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

153 Requests

99 %HTTPS

59 %IPv6

26 Domains

35 Subdomains

34 IPs

4 Countries

3060 kBTransfer

8427 kBSize

20 Cookies

42 Outgoing links

Redirected requests

153 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

logrhythm.com Open in urlscan Pro
141.193.213.21 Public Scan

Screenshot
Live screenshot

Full Image

153
Requests

99 %
HTTPS

59 %
IPv6

26
Domains

35
Subdomains

34
IPs

4
Countries

3060 kB
Transfer

8427 kB
Size

20
Cookies

153 HTTP transactions
4 data transactions