www.ihash.eu Open in urlscan Pro
2606:4700:30::681c:1b06 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
Submission: On July 26 via api (July 26th 2019, 1:17:49 pm UTC) from US

Summary HTTP 34 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 8 domains to perform 34 HTTP transactions. The main IP is 2606:4700:30::681c:1b06, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.ihash.eu.

This is the only time www.ihash.eu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	2606:4700:30:... 2606:4700:30::681c:1b06	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
6	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
2	2a00:1450:400... 2a00:1450:4001:817::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2606:4700::68... 2606:4700::6813:c797	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
5	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:400c:c0a::9c	15169 (GOOGLE) (GOOGLE - Google LLC)
34	8

11 2606:4700:30::681c:1b06 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.ihash.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
PTR: i1.wp.com

i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:c797 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

ajax.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0a::9c (Brussels, Belgium)

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	ihash.eu www.ihash.eu	97 KB
6	wp.com c0.wp.com Failed i1.wp.com i0.wp.com	53 KB
5	gstatic.com fonts.gstatic.com	63 KB
2	google-analytics.com www.google-analytics.com	18 KB
1	doubleclick.net stats.g.doubleclick.net	303 B
1	cloudflare.com ajax.cloudflare.com	4 KB
1	googleapis.com fonts.googleapis.com	1 KB
0	wordpress.com Failed jetpack.wordpress.com Failed
34	8

	Domain	Requested by
11	www.ihash.eu	www.ihash.eu www.google-analytics.com
5	fonts.gstatic.com	www.google-analytics.com
4	i1.wp.com	www.ihash.eu
2	www.google-analytics.com	www.ihash.eu
2	i0.wp.com	www.ihash.eu
1	stats.g.doubleclick.net	www.ihash.eu
1	ajax.cloudflare.com	www.ihash.eu
1	fonts.googleapis.com	www.ihash.eu
0	jetpack.wordpress.com Failed	www.ihash.eu
0	c0.wp.com Failed	www.ihash.eu
34	10

This site contains links to these domains. Also see Links.

Domain
ihash.eu
www.blogger.com
blog.talosintelligence.com
blogs.cisco.com
akismet.com
www.linkev.com

Subject Issuer	Validity	Valid
	`1970-01-01` - `1970-01-01`	a few seconds	crt.sh
*.wp.com Go Daddy Secure Certificate Authority - G2	`2018-04-10` - `2020-05-11`	2 years	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-06-18` - `2019-09-10`	3 months	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-03-02` - `2019-09-08`	6 months	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2019-06-18` - `2019-09-10`	3 months	crt.sh

This page contains 2 frames:

Primary Page: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
Frame ID: 9674D93355A631DE7B628F7DC8C89F49
Requests: 34 HTTP requests in this frame

Frame: http://jetpack.wordpress.com/jetpack-comment/?blogid=51197186&postid=45607&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=0&avatar_default=blank&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=7.5.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=882986d682df8efc7c1f877096aff5aeb745694f
Frame ID: F26CBF13090A0AACC3F19F5BFB1EAB31
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
html /<link[^>]+s\d+\.wp\.com/i
script /\/wp-(?:content|includes)\//i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
html /<link[^>]+s\d+\.wp\.com/i
script /\/wp-(?:content|includes)\//i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
html /<link[^>]+s\d+\.wp\.com/i
script /\/wp-(?:content|includes)\//i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

Page Statistics

34
Requests

29 %
HTTPS

86 %
IPv6

8
Domains

10
Subdomains

8
IPs

3
Countries

237 kB
Transfer

499 kB
Size

0
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: http://ihash.eu/tag/free-apps/
Title: Free Apps

Search URL Search Domain Scan URL

URL: http://ihash.eu/tag/how-to
Title: Other

Search URL Search Domain Scan URL

URL: https://www.blogger.com/profile/10442669663667294759
Title: Edmund Brumaghin

Search URL Search Domain Scan URL

URL: https://blog.talosintelligence.com/2018/10/old-dog-new-tricks-analysing-new-rtf_15.html
Title: what we’ve seen in the past

Search URL Search Domain Scan URL

URL: https://blog.talosintelligence.com/2019/07/sweed-agent-tesla.html
Title: Read More >>

Search URL Search Domain Scan URL

URL: https://blogs.cisco.com/security/talos/sweed-exposing-years-of-agent-tesla-campaigns
Title: Source link

Search URL Search Domain Scan URL

URL: https://akismet.com/privacy/
Title: Learn how your comment data is processed

Search URL Search Domain Scan URL

URL: https://www.linkev.com/?a_aid=lotr3s5
Title: <img class="aligncenter size-full wp-image-44625" src="https://i2.wp.com/www.ihash.eu/wp-content/uploads/2019/05/expressVPN.gif?resize=300%2C250&ssl=1" alt="" width="300" height="250" data-recalc-dims="1" />

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

34 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set / Show response
www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/ 76 KB
16 KB 301ms
287ms Document
text/html 2606:4700:30::681c:1b06
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
Protocol: HTTP/1.1
Server: 2606:4700:30::681c:1b06 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49f0bfaf143f21e5b11ae17c75ca3911b4c74ae1fbc45cb8dfe8cb149da50f34

Request headers

Host: www.ihash.eu
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date: Fri, 26 Jul 2019 13:17:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d183e7febad91314c08761f35c9be319c1564147031; expires=Sat, 25-Jul-20 13:17:11 GMT; path=/; domain=.ihash.eu; HttpOnly
Vary: User-Agent,Accept-Encoding
Last-Modified: Fri, 26 Jul 2019 10:59:32 GMT
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Mon, 29 Oct 1923 20:30:00 GMT
CF-Cache-Status: MISS
Server: cloudflare
CF-RAY: 4fc6a7027980d6d5-FRA
Content-Encoding: gzip

GET
H/1.1 200
OK dgz9y.css
www.ihash.eu/wp-content/cache/wpfc-minified/ma5moh1r/ 33 KB
7 KB 16ms
11ms Stylesheet
text/css 2606:4700:30::681c:1b06
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://www.ihash.eu/wp-content/cache/wpfc-minified/ma5moh1r/dgz9y.css
Requested by: Host: www.ihash.eu
URL: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681c:1b06 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b661b91f9a48767038b0546c9c7dd5088173081654d98cbf7a6789874777f8e

Request headers

Referer: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date: Fri, 26 Jul 2019 13:17:11 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Sun, 21 Jul 2019 14:20:12 GMT
Server: cloudflare
Age: 56554
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=10368000
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 4fc6a7046ed4d6d5-FRA
Content-Length: 6666
Expires: Sat, 23 Nov 2019 13:17:11 GMT

GET style.min.css
c0.wp.com/c/5.2.2/wp-includes/css/dist/block-library/ 0
0

GET
H/1.1 200
OK dgzb4.css
www.ihash.eu/wp-content/cache/wpfc-minified/qve9pxfe/ 32 KB
6 KB 27ms
17ms Stylesheet
text/css 2606:4700:30::681c:1b06
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://www.ihash.eu/wp-content/cache/wpfc-minified/qve9pxfe/dgzb4.css
Requested by: Host: www.ihash.eu
URL: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681c:1b06 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1fcaac1ff21b29886b1757efe24bacd73797a7c7c3bfd252d3a879b8e55b42e8

Request headers

Referer: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date: Fri, 26 Jul 2019 13:17:11 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Sun, 21 Jul 2019 14:20:34 GMT
Server: cloudflare
Age: 415595
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=10368000
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 4fc6a7047cb8d6fd-FRA
Content-Length: 5749
Expires: Sat, 23 Nov 2019 13:17:11 GMT

GET dashicons.min.css
c0.wp.com/c/5.2.2/wp-includes/css/ 0
0

GET
H/1.1 200
OK css
fonts.googleapis.com/ 7 KB
1 KB 27ms
16ms Stylesheet
text/css 2a00:1450:4001:808::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.googleapis.com/css?family=Roboto%3A300%2C400%7CRaleway%3A400%2C500%2C900&ver=3.2.4

Requested by

Host: www.ihash.eu
URL: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/

Protocol

HTTP/1.1

Security

, ,

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

697b839fbb1bddf8f8c7eeeb47e1f6ad5d431a4a285a66d9b37f37779967fb52

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
Origin: http://www.ihash.eu

Response headers

Date: Fri, 26 Jul 2019 13:17:11 GMT
Content-Encoding: gzip
Last-Modified: Fri, 26 Jul 2019 13:17:11 GMT
Server: ESF
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Transfer-Encoding: chunked
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
X-XSS-Protection: 0
Expires: Fri, 26 Jul 2019 13:17:11 GMT

GET
H/1.1 200
OK dgz9y.css
www.ihash.eu/wp-content/cache/wpfc-minified/rbkh9al/ 141 KB
42 KB 25ms
14ms Stylesheet
text/css 2606:4700:30::681c:1b06
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://www.ihash.eu/wp-content/cache/wpfc-minified/rbkh9al/dgz9y.css
Requested by: Host: www.ihash.eu
URL: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681c:1b06 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03fdf74fe6b7e30ade525326a5eae897ff4a1e961e6e6aa0bbd94159849981ae

Request headers

Referer: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date: Fri, 26 Jul 2019 13:17:11 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Sun, 21 Jul 2019 14:20:12 GMT
Server: cloudflare
Age: 56554
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=10368000
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 4fc6a7047f6cdfd7-FRA
Expires: Sat, 23 Nov 2019 13:17:11 GMT

GET social-logos.min.css
c0.wp.com/p/jetpack/7.5.3/_inc/social-logos/ 0
0

GET jetpack.css
c0.wp.com/p/jetpack/7.5.3/css/ 0
0

GET
H/1.1 200
OK dgz9y.css
www.ihash.eu/wp-content/cache/wpfc-minified/f69z9n9q/ 3 KB
1 KB 31ms
21ms Stylesheet
text/css 2606:4700:30::681c:1b06
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://www.ihash.eu/wp-content/cache/wpfc-minified/f69z9n9q/dgz9y.css
Requested by: Host: www.ihash.eu
URL: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681c:1b06 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a56e24c98341fbdc7587c6f8142d813dc535c0d75e1d8b5e50ebd6ff30a0d16

Request headers

Referer: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date: Fri, 26 Jul 2019 13:17:11 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Sun, 21 Jul 2019 14:20:12 GMT
Server: cloudflare
Age: 415595
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=10368000
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 4fc6a70478cf96b6-FRA
Content-Length: 1050
Expires: Sat, 23 Nov 2019 13:17:11 GMT

GET
H2 200 ThunderDrive-Cloud-Storage-Lifetime-Subscription-for-59.jpg
i1.wp.com/www.ihash.eu/wp-content/uploads/2019/07/ 28 KB
28 KB 2161ms
13ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.ihash.eu/wp-content/uploads/2019/07/ThunderDrive-Cloud-Storage-Lifetime-Subscription-for-59.jpg?resize=630%2C420

Requested by

Host: www.ihash.eu
URL: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

fa7d188967c96df7d2e1d46c9a309e066fbcad9818322100a6dc40968f902b5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

x-nc: HIT fra 1
date: Fri, 26 Jul 2019 13:17:13 GMT
x-content-type-options: nosniff
x-bytes-saved: 45608
last-modified: Fri, 26 Jul 2019 07:38:32 GMT
server: nginx
etag: "f8901d44bc80a800"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <http://www.ihash.eu/wp-content/uploads/2019/07/ThunderDrive-Cloud-Storage-Lifetime-Subscription-for-59.jpg>; rel="canonical"
content-length: 28760
expires: Sun, 25 Jul 2021 19:38:32 GMT

GET
H2 200 Google-Analytics-Certification-Get-Certified-In-2-Days-for-13.jpg
i0.wp.com/www.ihash.eu/wp-content/uploads/2019/07/ 8 KB
8 KB 3050ms
7ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.ihash.eu/wp-content/uploads/2019/07/Google-Analytics-Certification-Get-Certified-In-2-Days-for-13.jpg?resize=630%2C420

Requested by

Host: www.ihash.eu
URL: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

abbc5c735bf4de0c6b75b365044be8cadee3d1a3d44cbe2e01df8622a8054dff

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Fri, 26 Jul 2019 13:17:14 GMT
x-content-type-options: nosniff
x-bytes-saved: 8935
last-modified: Fri, 26 Jul 2019 07:38:32 GMT
server: nginx
etag: "45d46012440c092b"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <http://www.ihash.eu/wp-content/uploads/2019/07/Google-Analytics-Certification-Get-Certified-In-2-Days-for-13.jpg>; rel="canonical"
content-length: 7740
expires: Sun, 25 Jul 2021 19:38:32 GMT

GET
H2 200 KeepSolid-VPN-Unlimited-Lifetime-Subscription-for-39.jpg
i0.wp.com/www.ihash.eu/wp-content/uploads/2019/07/ 14 KB
15 KB 7287ms
17ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.ihash.eu/wp-content/uploads/2019/07/KeepSolid-VPN-Unlimited-Lifetime-Subscription-for-39.jpg?resize=630%2C420

Requested by

Host: www.ihash.eu
URL: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

b1cda2af2096f8a34a2b46e13ba1f3a276ce23312da826c4c95c70dde55027c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Fri, 26 Jul 2019 13:17:19 GMT
x-content-type-options: nosniff
x-bytes-saved: 18606
last-modified: Thu, 25 Jul 2019 19:36:24 GMT
server: nginx
etag: "b715f1fb535c81d3"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <http://www.ihash.eu/wp-content/uploads/2019/07/KeepSolid-VPN-Unlimited-Lifetime-Subscription-for-39.jpg>; rel="canonical"
content-length: 14620
expires: Sun, 25 Jul 2021 07:36:24 GMT

GET The-Complete-SEO-amp-Digital-Mega-Marketing-Bundle-for-49.jpg
i0.wp.com/www.ihash.eu/wp-content/uploads/2019/07/ 0
0

GET The-Complete-Entrepreneurship-Mastery-Bundle-for-29.jpg
i0.wp.com/www.ihash.eu/wp-content/uploads/2019/07/ 0
0

GET
H2 200 mac-video.jpg
i1.wp.com/www.ihash.eu/wp-content/uploads/2017/08/ 236 B
508 B 2143ms
7ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.ihash.eu/wp-content/uploads/2017/08/mac-video.jpg?fit=50%2C28

Requested by

Host: www.ihash.eu
URL: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

c40d3345d6a980641b3e2ad539fd6d9e8e610a0784556246a59e821661a63348

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

x-nc: HIT fra 2
date: Fri, 26 Jul 2019 13:17:13 GMT
x-content-type-options: nosniff
x-bytes-saved: 423
last-modified: Sun, 19 May 2019 18:19:23 GMT
server: nginx
etag: "47554ea717ea7a5c"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <http://www.ihash.eu/wp-content/uploads/2017/08/mac-video.jpg>; rel="canonical"
content-length: 236
expires: Wed, 19 May 2021 06:19:23 GMT

GET
H2 200 optimus-head-logo1.jpg
i1.wp.com/www.ihash.eu/wp-content/uploads/2015/11/ 744 B
913 B 2144ms
8ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.ihash.eu/wp-content/uploads/2015/11/optimus-head-logo1.jpg?fit=44%2C50

Requested by

Host: www.ihash.eu
URL: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

34c1b808f7ea861c7ad7e76e24d04100e4ecfef3bcdafa04150925707b486abf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

x-nc: HIT fra 2
date: Fri, 26 Jul 2019 13:17:13 GMT
x-content-type-options: nosniff
x-bytes-saved: 559
last-modified: Wed, 17 Jul 2019 06:55:01 GMT
server: nginx
etag: "cfd04b1747a673aa"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <http://www.ihash.eu/wp-content/uploads/2015/11/optimus-head-logo1.jpg>; rel="canonical"
content-length: 744
expires: Fri, 16 Jul 2021 18:55:01 GMT

GET
H2 200 pst-mbox-mac-box.png
i1.wp.com/www.ihash.eu/wp-content/uploads/2015/02/ 970 B
1 KB 2143ms
8ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.ihash.eu/wp-content/uploads/2015/02/pst-mbox-mac-box.png?fit=37%2C50

Requested by

Host: www.ihash.eu
URL: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

8ac5109a7679fbaafa4f4ddb78ba897c0b270020dc94f08d6238a19cd066acfd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

x-nc: HIT fra 4
date: Fri, 26 Jul 2019 13:17:13 GMT
x-content-type-options: nosniff
x-bytes-saved: 3945
last-modified: Sun, 19 May 2019 18:19:23 GMT
server: nginx
etag: "53961a848a94d617"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <http://www.ihash.eu/wp-content/uploads/2015/02/pst-mbox-mac-box.png>; rel="canonical"
content-length: 970
expires: Wed, 19 May 2021 06:19:23 GMT

GET
H/1.1 200
OK dgz9y.css
www.ihash.eu/wp-content/cache/wpfc-minified/1xxnsz0/ 21 KB
5 KB 23ms
10ms Stylesheet
text/css 2606:4700:30::681c:1b06
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://www.ihash.eu/wp-content/cache/wpfc-minified/1xxnsz0/dgz9y.css
Requested by: Host: www.ihash.eu
URL: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681c:1b06 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 59eeaa71deba88027ee9b327c67f38051b720e0d5d6354b1f7c87f1e36a9d18a

Request headers

Referer: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date: Fri, 26 Jul 2019 13:17:11 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Sun, 21 Jul 2019 14:20:12 GMT
Server: cloudflare
Age: 415595
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=10368000
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 4fc6a7048f2fd6d5-FRA
Content-Length: 4513
Expires: Sat, 23 Nov 2019 13:17:11 GMT

GET
H2

200

analytics.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/analytics.js
https://www.google-analytics.com/analytics.js

43 KB
18 KB

1104ms
6ms

Script
text/javascript

2a00:1450:4001:817::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.ihash.eu
URL: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a4883cce814b6793c5bd6dd3639d6048ecab39a93a90b560d39a9fd0aff6e263

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 20 Jun 2019 21:35:04 GMT
server: Golfe2
age: 1804
date: Fri, 26 Jul 2019 12:47:08 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 17707
expires: Fri, 26 Jul 2019 14:47:08 GMT

Redirect headers

Location: https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason: HSTS

GET /
jetpack.wordpress.com/jetpack-comment/ Frame F26C 0
0

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 rocket-loader.min.js Show response
ajax.cloudflare.com/cdn-cgi/scripts/95c75768/cloudflare-static/ 12 KB
4 KB 36ms
14ms Script
application/javascript 2606:4700::6813:c797
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.cloudflare.com/cdn-cgi/scripts/95c75768/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.ihash.eu
URL: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:c797 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ebb1042972496d60bb6555b9622f7e23201bbfe5d25b33d1096f1b61d659045

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

date: Fri, 26 Jul 2019 13:17:11 GMT
content-encoding: gzip
last-modified: Wed, 24 Jul 2019 16:41:58 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5d388a56-2fb5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=172800, public
strict-transport-security: max-age=15780000; includeSubDomains
cf-ray: 4fc6a704beb1dfad-FRA
expires: Sun, 28 Jul 2019 13:17:11 GMT

GET
H/1.1 200
OK ihash_logo3-300x100.png
www.ihash.eu/wp-content/uploads/2014/11/ 7 KB
7 KB 29ms
24ms Image
image/png 2606:4700:30::681c:1b06
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.ihash.eu/wp-content/uploads/2014/11/ihash_logo3-300x100.png
Requested by: Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681c:1b06 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 202ed1c38d81f38fdb5445a2705b0d571b5fe42b67cda100c63103ad0d0d0505

Request headers

Referer: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date: Fri, 26 Jul 2019 13:17:12 GMT
CF-Cache-Status: HIT
Last-Modified: Thu, 07 Sep 2017 05:02:40 GMT
Server: cloudflare
Age: 3644683
Vary: Accept, Accept-Encoding
Content-Type: image/png
Cache-Control: public, max-age=10368000
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 4fc6a70b9c2d274e-FRA
Content-Length: 6797
Expires: Sat, 23 Nov 2019 13:17:12 GMT

GET
H/1.1 200
OK 1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2
fonts.gstatic.com/s/raleway/v14/ 13 KB
13 KB 284ms
6ms Font
font/woff2 2a00:1450:4001:806::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/raleway/v14/1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

, ,

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

7e347b66fb1145f780600551e06778b33ecaca5c45897ac90eb96eb4b6afd082

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer: http://fonts.googleapis.com/css?family=Roboto%3A300%2C400%7CRaleway%3A400%2C500%2C900&ver=3.2.4
Origin: http://www.ihash.eu

Response headers

Date: Tue, 23 Jul 2019 05:40:24 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 23 Jul 2019 03:48:04 GMT
Server: sffe
Age: 286609
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 13428
X-XSS-Protection: 0
Expires: Wed, 22 Jul 2020 05:40:24 GMT

GET
H/1.1 200
OK close.png
www.ihash.eu/wp-content/plugins/wp-product-review/assets/img/ 280 B
850 B 226ms
202ms Image
image/png 2606:4700:30::681c:1b06
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.ihash.eu/wp-content/plugins/wp-product-review/assets/img/close.png
Requested by: Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681c:1b06 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d62e6c90005bfb71f6abb440f9e4753681cb23bbd5e60477ab6f442d2f0e69c

Request headers

Referer: http://www.ihash.eu/wp-content/cache/wpfc-minified/1xxnsz0/dgz9y.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 26 Jul 2019 13:17:13 GMT
CF-Cache-Status: MISS
Last-Modified: Sun, 21 Jul 2019 12:03:40 GMT
Server: cloudflare
Accept-Ranges: bytes
Vary: Accept, Accept-Encoding
Content-Type: image/png
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection: keep-alive
X-WebP-Convert-Log: Converting (there were no file at destination), None of the converters in the stack could convert the image., Performing fail action: original
CF-RAY: 4fc6a70bcc3b274e-FRA
Content-Length: 280

GET
H/1.1 200
OK loading.gif
www.ihash.eu/wp-content/plugins/wp-product-review/assets/img/ 8 KB
9 KB 216ms
14ms Image
image/gif 2606:4700:30::681c:1b06
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.ihash.eu/wp-content/plugins/wp-product-review/assets/img/loading.gif
Requested by: Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681c:1b06 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 225aa88b6ab02c06222ec9468d62e15fa188e39cdb9431d1f55401ad380753ed

Request headers

Referer: http://www.ihash.eu/wp-content/cache/wpfc-minified/1xxnsz0/dgz9y.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Date: Fri, 26 Jul 2019 13:17:13 GMT
CF-Cache-Status: HIT
Last-Modified: Sun, 21 Jul 2019 12:03:40 GMT
Server: cloudflare
Age: 56555
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: public, max-age=10368000
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 4fc6a70d0d04274e-FRA
Content-Length: 8476
Expires: Sat, 23 Nov 2019 13:17:13 GMT

GET
H/1.1 200
OK prev.png
www.ihash.eu/wp-content/plugins/wp-product-review/assets/img/ 1 KB
2 KB 232ms
218ms Image
image/png 2606:4700:30::681c:1b06
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.ihash.eu/wp-content/plugins/wp-product-review/assets/img/prev.png
Requested by: Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681c:1b06 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7fd9273f20fdb1229c224341271a119020a5eee74ccf6b4605730917c864caf2

Request headers

Referer: http://www.ihash.eu/wp-content/cache/wpfc-minified/1xxnsz0/dgz9y.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 26 Jul 2019 13:17:13 GMT
CF-Cache-Status: MISS
Last-Modified: Sun, 21 Jul 2019 12:03:40 GMT
Server: cloudflare
Accept-Ranges: bytes
Vary: Accept, Accept-Encoding
Content-Type: image/png
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection: keep-alive
X-WebP-Convert-Log: Converting (there were no file at destination), None of the converters in the stack could convert the image., Performing fail action: original
CF-RAY: 4fc6a70d1d12274e-FRA
Content-Length: 1360

GET
H/1.1 200
OK next.png
www.ihash.eu/wp-content/plugins/wp-product-review/assets/img/ 1 KB
2 KB 290ms
209ms Image
image/png 2606:4700:30::681c:1b06
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.ihash.eu/wp-content/plugins/wp-product-review/assets/img/next.png
Requested by: Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol: HTTP/1.1
Security: , ,
Server: 2606:4700:30::681c:1b06 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 15b869b02c6fbaa8c6c26445a2dd2d9bad80fd27b1409f8179e5dd89dc89d90a

Request headers

Referer: http://www.ihash.eu/wp-content/cache/wpfc-minified/1xxnsz0/dgz9y.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 26 Jul 2019 13:17:13 GMT
CF-Cache-Status: MISS
Last-Modified: Sun, 21 Jul 2019 12:03:40 GMT
Server: cloudflare
Accept-Ranges: bytes
Vary: Accept, Accept-Encoding
Content-Type: image/png
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection: keep-alive
X-WebP-Convert-Log: Converting (there were no file at destination), None of the converters in the stack could convert the image., Performing fail action: original
CF-RAY: 4fc6a70d9e31d6c1-FRA
Content-Length: 1350

GET
H/1.1 200
OK KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 293ms
6ms Font
font/woff2 2a00:1450:4001:806::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

, ,

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer: http://fonts.googleapis.com/css?family=Roboto%3A300%2C400%7CRaleway%3A400%2C500%2C900&ver=3.2.4
Origin: http://www.ihash.eu

Response headers

Date: Wed, 24 Jul 2019 01:35:08 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 24 Jul 2019 01:18:50 GMT
Server: sffe
Age: 214925
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 11016
X-XSS-Protection: 0
Expires: Thu, 23 Jul 2020 01:35:08 GMT

GET
H/1.1 200
OK 1Ptrg8zYS_SKggPNwK4vWqZPANqczVs.woff2
fonts.gstatic.com/s/raleway/v14/ 13 KB
14 KB 299ms
6ms Font
font/woff2 2a00:1450:4001:806::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/raleway/v14/1Ptrg8zYS_SKggPNwK4vWqZPANqczVs.woff2

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

, ,

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

9c695acb1fb9e1a8739e6ae5621d41fc1ff3d13bbf370ea9c1fc95e879109890

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer: http://fonts.googleapis.com/css?family=Roboto%3A300%2C400%7CRaleway%3A400%2C500%2C900&ver=3.2.4
Origin: http://www.ihash.eu

Response headers

Date: Tue, 23 Jul 2019 06:00:19 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 23 Jul 2019 03:47:41 GMT
Server: sffe
Age: 285414
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 13564
X-XSS-Protection: 0
Expires: Wed, 22 Jul 2020 06:00:19 GMT

GET
H/1.1 200
OK KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 305ms
6ms Font
font/woff2 2a00:1450:4001:806::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

, ,

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer: http://fonts.googleapis.com/css?family=Roboto%3A300%2C400%7CRaleway%3A400%2C500%2C900&ver=3.2.4
Origin: http://www.ihash.eu

Response headers

Date: Wed, 24 Jul 2019 03:21:25 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 24 Jul 2019 01:18:52 GMT
Server: sffe
Age: 208548
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 11180
X-XSS-Protection: 0
Expires: Thu, 23 Jul 2020 03:21:25 GMT

GET
H/1.1 200
OK 1Ptrg8zYS_SKggPNwN4rWqZPANqczVs.woff2
fonts.gstatic.com/s/raleway/v14/ 13 KB
14 KB 312ms
6ms Font
font/woff2 2a00:1450:4001:806::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/raleway/v14/1Ptrg8zYS_SKggPNwN4rWqZPANqczVs.woff2

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

, ,

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

046fa5c62e3b17b46ea2f8c601465dacfd5c153aee7a71754a9be582de74a385

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer: http://fonts.googleapis.com/css?family=Roboto%3A300%2C400%7CRaleway%3A400%2C500%2C900&ver=3.2.4
Origin: http://www.ihash.eu

Response headers

Date: Tue, 23 Jul 2019 05:40:24 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 23 Jul 2019 03:47:47 GMT
Server: sffe
Age: 286609
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 13752
X-XSS-Protection: 0
Expires: Wed, 22 Jul 2020 05:40:24 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
267 B 405ms
6ms Image
image/gif 2a00:1450:4001:817::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j77&a=839957700&t=pageview&_s=1&dl=http%3A%2F%2Fwww.ihash.eu%2F2019%2F07%2Fsweed-exposing-years-of-agent-tesla-campaigns%2F&ul=en-us&de=UTF-8&dt=SWEED%3A%20Exposing%20years%20of%20Agent%20Tesla%20campaigns%20-%20iHash&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YGBAgUABC~&jid=538752950&gjid=296542471&cid=330150201.1564147033&tid=UA-40491499-1&_gid=1139655010.1564147033&z=2039153550

Requested by

Host: www.ihash.eu
URL: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2019 02:02:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1509284
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
stats.g.doubleclick.net/r/ 35 B
303 B 47ms
15ms Image
image/gif 2a00:1450:400c:c0a::9c
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j77&tid=UA-40491499-1&cid=330150201.1564147033&jid=538752950&gjid=296542471&_gid=1139655010.1564147033&_u=YGBAgUABC~&z=236250239

Requested by

Host: www.ihash.eu
URL: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9c Brussels, Belgium, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.ihash.eu/2019/07/sweed-exposing-years-of-agent-tesla-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
date: Fri, 26 Jul 2019 13:17:13 GMT
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: c0.wp.com
URL: https://c0.wp.com/c/5.2.2/wp-includes/css/dist/block-library/style.min.css

Domain: c0.wp.com
URL: https://c0.wp.com/c/5.2.2/wp-includes/css/dashicons.min.css

Domain: c0.wp.com
URL: https://c0.wp.com/p/jetpack/7.5.3/_inc/social-logos/social-logos.min.css

Domain: c0.wp.com
URL: https://c0.wp.com/p/jetpack/7.5.3/css/jetpack.css

Domain: i0.wp.com
URL: https://i0.wp.com/www.ihash.eu/wp-content/uploads/2019/07/The-Complete-SEO-amp-Digital-Mega-Marketing-Bundle-for-49.jpg?resize=630%2C420

Domain: i0.wp.com
URL: https://i0.wp.com/www.ihash.eu/wp-content/uploads/2019/07/The-Complete-Entrepreneurship-Mastery-Bundle-for-29.jpg?resize=630%2C420

Domain: jetpack.wordpress.com
URL: http://jetpack.wordpress.com/jetpack-comment/?blogid=51197186&postid=45607&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=0&avatar_default=blank&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=7.5.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=882986d682df8efc7c1f877096aff5aeb745694f

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.cloudflare.com
c0.wp.com
fonts.googleapis.com
fonts.gstatic.com
i0.wp.com
i1.wp.com
jetpack.wordpress.com
stats.g.doubleclick.net
www.google-analytics.com
www.ihash.eu
c0.wp.com
i0.wp.com
jetpack.wordpress.com
192.0.77.2
2606:4700:30::681c:1b06
2606:4700::6813:c797
2a00:1450:4001:806::2003
2a00:1450:4001:808::200a
2a00:1450:4001:817::200e
2a00:1450:400c:c0a::9c
03fdf74fe6b7e30ade525326a5eae897ff4a1e961e6e6aa0bbd94159849981ae
046fa5c62e3b17b46ea2f8c601465dacfd5c153aee7a71754a9be582de74a385
15b869b02c6fbaa8c6c26445a2dd2d9bad80fd27b1409f8179e5dd89dc89d90a
1fcaac1ff21b29886b1757efe24bacd73797a7c7c3bfd252d3a879b8e55b42e8
202ed1c38d81f38fdb5445a2705b0d571b5fe42b67cda100c63103ad0d0d0505
225aa88b6ab02c06222ec9468d62e15fa188e39cdb9431d1f55401ad380753ed
34c1b808f7ea861c7ad7e76e24d04100e4ecfef3bcdafa04150925707b486abf
49f0bfaf143f21e5b11ae17c75ca3911b4c74ae1fbc45cb8dfe8cb149da50f34
59eeaa71deba88027ee9b327c67f38051b720e0d5d6354b1f7c87f1e36a9d18a
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5d62e6c90005bfb71f6abb440f9e4753681cb23bbd5e60477ab6f442d2f0e69c
697b839fbb1bddf8f8c7eeeb47e1f6ad5d431a4a285a66d9b37f37779967fb52
6a56e24c98341fbdc7587c6f8142d813dc535c0d75e1d8b5e50ebd6ff30a0d16
7b661b91f9a48767038b0546c9c7dd5088173081654d98cbf7a6789874777f8e
7e347b66fb1145f780600551e06778b33ecaca5c45897ac90eb96eb4b6afd082
7ebb1042972496d60bb6555b9622f7e23201bbfe5d25b33d1096f1b61d659045
7fd9273f20fdb1229c224341271a119020a5eee74ccf6b4605730917c864caf2
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8ac5109a7679fbaafa4f4ddb78ba897c0b270020dc94f08d6238a19cd066acfd
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
9c695acb1fb9e1a8739e6ae5621d41fc1ff3d13bbf370ea9c1fc95e879109890
a4883cce814b6793c5bd6dd3639d6048ecab39a93a90b560d39a9fd0aff6e263
abbc5c735bf4de0c6b75b365044be8cadee3d1a3d44cbe2e01df8622a8054dff
b1cda2af2096f8a34a2b46e13ba1f3a276ce23312da826c4c95c70dde55027c8
c40d3345d6a980641b3e2ad539fd6d9e8e610a0784556246a59e821661a63348
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fa7d188967c96df7d2e1d46c9a309e066fbcad9818322100a6dc40968f902b5b

www.ihash.eu Open in urlscan Pro 2606:4700:30::681c:1b06 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

34 Requests

29 %HTTPS

86 %IPv6

8 Domains

10 Subdomains

8 IPs

3 Countries

237 kBTransfer

499 kBSize

0 Cookies

8 Outgoing links

Redirected requests

34 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

www.ihash.eu Open in urlscan Pro
2606:4700:30::681c:1b06 Public Scan

Screenshot
Live screenshot

Full Image

34
Requests

29 %
HTTPS

86 %
IPv6

8
Domains

10
Subdomains

8
IPs

3
Countries

237 kB
Transfer

499 kB
Size

0
Cookies

34 HTTP transactions
1 data transactions