blog.wpscan.com Open in urlscan Pro
192.0.78.164  Public Scan

18 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

60 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
5 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/	88 KB 21 KB	283ms 188ms	Document text/html	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 2dfbabe59cf9b5c787a9fe9990fde427443688b9c2de5737e07e8d613f6d00e4 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control max-age=298, must-revalidate content-encoding br content-type text/html; charset=UTF-8 date Thu, 06 Jul 2023 16:11:32 GMT host-header WordPress.com last-modified Thu, 06 Jul 2023 16:11:30 GMT link <https://blog.wpscan.com/wp-json/>; rel="https://api.w.org/" <https://blog.wpscan.com/wp-json/wp/v2/posts/1294>; rel="alternate"; type="application/json" <https://wp.me/pdcgQG-kS>; rel=shortlink server nginx strict-transport-security max-age=31536000 vary Accept-Encoding Cookie x-ac 2.hhn _atomic_ams BYPASS x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. x-nananana Batcache-Hit
GET H2	200	/ blog.wpscan.com/_jb_static/	840 KB 121 KB	206ms 204ms	Stylesheet text/css	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/_jb_static/??-eJytUttuwjAM/Zs9LQQkhnhBe0HaB+wDkJt4wSNNqjgt69/PpRRxEQVNe2nj5Bz72Mf7SpkYMoasK187CqxdLWGByemiJm914aPZKU9FgtRqzq3HiWF+3d9SPbSxzsolsuPAb8wVmN3w3zQYbEwa6hxLyJnM8KIashirhMwXctBSFsIhYH0AyRf3Q0EKxtcWpRLrUsCAHstOwXlQiV5MyqMD005KCg/Z8nYen3OuWzTxKM4S534aarhTsz+x8EewTDHwjVCJtfHATEblrYjjMW3XFptYVjEIgsdtO6k71V1jJdZhMCTBR1yDta3+7HIMfnnIyPnRIpTR1h3H0w7viOjb0oxoPeanMCJTLJPu1D9tIyMks9WcJC9Zh7mffH+t+iv1lQ757T1xlaC3CFY3kAgKaft5pLKQdg/ho7M5oQI05CDLPj3rDm8hoT143B0puEfMTWcBR0PglY8u8kUwtqNDhm6+x3MHfS9Xs8VyuXibz6fTF1OsZr+F39Nu Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 94acd4859bb5540fac5a4a399bfecde941df7e49ed8ead0406cdaa6a70cce7b0 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nananana Batcache-Hit date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. last-modified Thu, 06 Jul 2023 14:40:00 GMT server nginx content-encoding br x-page-optimize uncached etag W/"a741fa86ee1dd3ef3256b7a72bb95bb2" vary Accept-Encoding, Cookie content-type text/css;charset=utf-8 x-ac 2.hhn _atomic_ams BYPASS cache-control max-age=31536000 host-header WordPress.com
GET H2	200	dashicons.min.css blog.wpscan.com/wp-includes/css/	58 KB 35 KB	167ms 164ms	Stylesheet text/css	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/wp-includes/css/dashicons.min.css?ver=6.2.2 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 03 Mar 2021 21:16:22 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"603ffca6-e688" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	css fonts-api.wp.com/	11 KB 1 KB	114ms 48ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts-api.wp.com/css?family=Fira+Sans%3Aital%2Cwght%400%2C400%3B0%2C500%3B1%2C400%7CPlayfair+Display%3Aital%2Cwght%400%2C400%3B0%2C700%3B1%2C400&subset=latin%2Clatin-ext Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 503d5bf134127271e87644fe19c0b439a34369a6ea04278573a0cea3df7671c4 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding gzip cross-origin-resource-policy cross-origin x-xss-protection 0 x-nc BYPASS hhn 1 last-modified Thu, 06 Jul 2023 16:11:32 GMT server nginx cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin
GET H2	200	css2 fonts-api.wp.com/	11 KB 848 B	115ms 49ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts-api.wp.com/css2?family=Libre+Franklin:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&family=IBM+Plex+Mono:wght@400;700&display=swap Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 36e4f9b2caaa2e23a37448bbfae7ff1f7b6867c5c771f7bb531aa5441fbe8791 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-encoding gzip cross-origin-resource-policy cross-origin x-xss-protection 0 x-nc BYPASS hhn 1 last-modified Thu, 06 Jul 2023 16:11:32 GMT server nginx cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin
GET H2	200	lodash.min.js Show response blog.wpscan.com/wp-includes/js/dist/vendor/	69 KB 25 KB	168ms 166ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/wp-includes/js/dist/vendor/lodash.min.js?ver=4.17.19 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash be7a8a75a7a589c5a1747ea85846bded2393219f42478979c91b86d2ebbea94a Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 11 Apr 2022 12:04:30 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6254194e-115ba" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	/ Show response blog.wpscan.com/_jb_static/	48 KB 14 KB	191ms 189ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/_jb_static/??-eJydj9EOgjAMRf/GJ8dCJOAL8Vs2VpZi2ZZuE/XrXYwx+GAiPja95552CQLdQNlAlFOUBmOSF3DGs1yCCJ5uIxKVDHCqZnTVFPfLd4bBQomq5FlwdglnWFGDdwlckoGyRRelzWXUwFbqjGReJVE+bW/5D9rVqRt0KicfiszAdQOlyet/oOEsIjAqwrtK6J0wMKpM5U/FZfFReZr7uj22XdMcumY36L5+AA4coD8= Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash ecc8569f9ce025242a4f2ba6f96a6c711b8f640b65372e50ed2ff3108b47dab1 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nananana Batcache-Hit date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. last-modified Wed, 14 Jun 2023 12:06:14 GMT server nginx content-encoding br x-page-optimize uncached etag W/"938d54d9016ce6f4a04da4ab31282be9" vary Accept-Encoding, Cookie content-type application/javascript x-ac 2.hhn _atomic_ams BYPASS cache-control max-age=31536000 host-header WordPress.com
GET H2	200	react.min.js Show response blog.wpscan.com/wp-content/plugins/gutenberg/build/vendors/	10 KB 4 KB	163ms 161ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/wp-content/plugins/gutenberg/build/vendors/react.min.js?ver=18 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash a851ac2edc584a3b08c0a057bb2d0c08ac95c4de2cc453e22a2c83305cce3694 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 21 Dec 2022 17:24:44 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"63a3415c-2884" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	/ Show response blog.wpscan.com/_jb_static/	17 KB 6 KB	190ms 188ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/_jb_static/??-eJyVyzEOgCAMAMDfOCmNkYiL8S0CDaJQiEDw+bo6GccbrsZOBcpIGaIrxlICUx5KPA3IYp2GLYQjgSWNF/OW2J7a+r00xhPVmlH/r8G/zuLnfpxGwfkgeKPk3N8B50NO Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 3f334400653ed20c6253b8aa983bd3829c6162c050d4d1b5578f590701f222b0 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nananana Batcache-Hit date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. last-modified Wed, 14 Jun 2023 12:06:14 GMT server nginx content-encoding br x-page-optimize uncached etag W/"2c95618757b1fae0b85245a44800f578" vary Accept-Encoding, Cookie content-type application/javascript x-ac 2.hhn _atomic_ams BYPASS cache-control max-age=31536000 host-header WordPress.com
GET H2	200	react-dom.min.js Show response blog.wpscan.com/wp-content/plugins/gutenberg/build/vendors/	126 KB 41 KB	191ms 190ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/wp-content/plugins/gutenberg/build/vendors/react-dom.min.js?ver=18 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash dbba6c1c59954873629e196b8009f0a8256e66d755f889cf6c8ac4f1164d10c2 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 14 Jun 2023 12:06:14 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6489ad36-1f878" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	/ Show response blog.wpscan.com/_jb_static/	13 KB 5 KB	170ms 169ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/_jb_static/??-eJyVjTEOgzAMAH/TiWChRtAF8ZYkWMGVY9I6UXh+27EbjKfT6Vo2YZeCUiBzjSQKsX7R4zuCr8QroAaX0WwlMZCsePSJpH9q1060jOnnr3akRjfHvDeDr+r+x0uah/ExTtbeJ3sLfh4+hYNJXg== Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash e271db34d83651eddfbd65c770c5ec0c0d171c704046841a76f54d4163ccff90 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nananana Batcache-Hit date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. last-modified Wed, 14 Jun 2023 12:06:14 GMT server nginx content-encoding br x-page-optimize uncached etag W/"9e6c02f83b50847fb0e7ce2f6379768c" vary Accept-Encoding, Cookie content-type application/javascript x-ac 2.hhn _atomic_ams BYPASS cache-control max-age=31536000 host-header WordPress.com
GET H2	200	index.min.js Show response blog.wpscan.com/wp-content/plugins/gutenberg/build/i18n/	9 KB 4 KB	163ms 162ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/wp-content/plugins/gutenberg/build/i18n/index.min.js?ver=5baa98e4345eccc97e24 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash d743ad07240fdc75d2e2a357b4ff44b334f6d4c53683e31e824aaf61d3bad0c9 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 14 Jun 2023 12:06:14 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6489ad36-227d" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	index.min.js Show response blog.wpscan.com/wp-content/plugins/gutenberg/build/keycodes/	4 KB 2 KB	165ms 164ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/wp-content/plugins/gutenberg/build/keycodes/index.min.js?ver=7171cd5686d225d3012e Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash c7eae60c689db5de4a3b330e9eb1514f9dae50f92d10ea6f7f1a0e547589bd71 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 14 Jun 2023 12:06:14 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6489ad36-e9f" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	/ Show response blog.wpscan.com/_jb_static/	50 KB 16 KB	208ms 207ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/_jb_static/??-eJyVzTEOgzAMQNHbdGqIUCPognoWkliRK+Kkjl3o7WFlqhj/8PTXakIhARJbF01IzSY90gMn6xWXaCtjYZSf+SgoWKQIW5eRune7r/95KLmWdt0d2+8sYOaK7TJmiLoZLipI5/UrT/3wHEbnHqO7BT/1O9phYWM= Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 867a565cf44e29b60e0a8e2b398820153e76cbb24d462d31b8769640608a19c2 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nananana Batcache-Hit date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. last-modified Wed, 14 Jun 2023 12:06:14 GMT server nginx content-encoding br x-page-optimize uncached etag W/"c570dccfc1f28621ffcb6719571f813a" vary Accept-Encoding, Cookie content-type application/javascript x-ac 2.hhn _atomic_ams BYPASS cache-control max-age=31536000 host-header WordPress.com
GET H2	200	index.min.js Show response blog.wpscan.com/wp-content/plugins/gutenberg/build/data/	24 KB 8 KB	194ms 193ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/wp-content/plugins/gutenberg/build/data/index.min.js?ver=16f144585d33a494a980 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 0b916d09638b0cf0403bd510e2549a0d78d472d3edac5757fd65e1fc3203e5fc Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 14 Jun 2023 12:06:14 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6489ad36-5f4a" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	/ Show response blog.wpscan.com/_jb_static/	4 KB 2 KB	205ms 204ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/_jb_static/??-eJyFyzEOgCAMQNHbOCmNkYiL8S5AgzVQjJTo8WV1cvzJf/c5uMyCLHDGGogLhNrS4hXAVooedklxaAMJYQFij49KxOoo/f2vy54vcdnjR25pHedlNlpPRnfOruMLPP0yWw== Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 698fca0dd794284f1d0fb3706857558f9e73ce770cfb829a6f98fec10d71b4c3 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nananana Batcache-Hit date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. last-modified Wed, 14 Jun 2023 12:06:14 GMT server nginx content-encoding br x-page-optimize uncached etag W/"c34addfbda8ffebb1824afd899a4512e" vary Accept-Encoding, Cookie content-type application/javascript x-ac 2.hhn _atomic_ams BYPASS cache-control max-age=31536000 host-header WordPress.com
GET H2	200	index.min.js Show response blog.wpscan.com/wp-content/plugins/gutenberg/build/blocks/	157 KB 50 KB	208ms 207ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/wp-content/plugins/gutenberg/build/blocks/index.min.js?ver=42530a18270fd7554276 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 734e98f2e9b67a75bb5d0d2becc307ff227050aef67b5339ce08b99b066e4fd4 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 14 Jun 2023 12:06:14 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6489ad36-27308" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	wp-emoji-release.min.js Show response blog.wpscan.com/wp-includes/js/	18 KB 5 KB	163ms 163ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/wp-includes/js/wp-emoji-release.min.js?ver=6.2.2 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Thu, 02 Feb 2023 00:53:25 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"63db0985-4904" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	print.css blog.wpscan.com/wp-content/themes/seedlet/assets/css/	4 KB 1 KB	161ms 161ms	Stylesheet text/css	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/wp-content/themes/seedlet/assets/css/print.css?m=1621587777 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 96f2da12c025e217eabfa01ae7ccbc6d77b593da8795b4a266d35280d89215d9 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Fri, 21 May 2021 09:02:57 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"60a77741-f34" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	bilmur.min.js Show response s0.wp.com/wp-content/js/	7 KB 3 KB	47ms 27ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/js/bilmur.min.js?m=202327 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash e0f724e7902c0b2186d8395984c312696dc8be9ae0c187792f032fb0955fcf9a Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 06 Jul 2023 16:11:32 GMT content-encoding br x-ac 2.hhn _dca MISS last-modified Thu, 29 Jun 2023 15:07:20 GMT server nginx etag W/"649d9e28-1bf2" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Tue, 02 Jul 2024 00:00:01 GMT
GET H2	200	thickbox.css blog.wpscan.com/wp-includes/js/thickbox/	3 KB 989 B	172ms 170ms	Stylesheet text/css	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/wp-includes/js/thickbox/thickbox.css?m=1603679109 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash b390a3efe231d9f38b3a706a5765a2a2f0817e761f60a27556171e9a276980e3 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 26 Oct 2020 02:25:09 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"5f963385-a63" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	/ Show response blog.wpscan.com/_jb_static/	15 KB 6 KB	178ms 175ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/_jb_static/??-eJyVjEEOgjAQRW/jytp0AcEF8SimDBMypZ1p6ECjp5fEiAtXLt/Pe79mA8KKrDbHdSIuNqBmD7MZRIp+6L4hj7JYv6okr0pweJT8hAZGtiPtwYGXUM719x5kiAJzedvhOxjPe6sk/5dK/CiVMi6GmJR8pCcu+80t9a7tuubq2qY5wdC7F+ecWpw= Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash d8ff58dedf496fd2d696a35b40132d801faa50d74e11e3858e92eaf88aa6bbf3 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nananana Batcache-Hit date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. last-modified Wed, 05 Jul 2023 21:14:15 GMT server nginx content-encoding br x-page-optimize uncached etag W/"26ab13c0863367235da957cd4b77245a" vary Accept-Encoding, Cookie content-type application/javascript x-ac 2.hhn _atomic_ams BYPASS cache-control max-age=31536000 host-header WordPress.com
GET H2	200	gprofiles.js Show response secure.gravatar.com/js/	26 KB 9 KB	100ms 27ms	Script application/javascript	2a04:fa87:fffe::c000:4902 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://secure.gravatar.com/js/gprofiles.js?ver=202327 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT content-encoding br last-modified Thu, 01 Jun 2023 11:07:36 GMT server nginx etag W/"64787bf8-6611" content-type application/javascript cache-control max-age=604800 expires Thu, 13 Jul 2023 16:11:32 GMT
GET H2	200	/ Show response blog.wpscan.com/_jb_static/	8 KB 3 KB	306ms 304ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/_jb_static/??wp-content/plugins/jetpack/modules/wpgroho.js,wp-includes/js/comment-reply.min.js,wp-content/themes/seedlet/assets/js/primary-navigation.js?m=1649448438&cb=1 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 32819a89311ae2e027b8ad82d6b1489ecdcbcab34dc1880d5fe97663325cd266 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nananana Batcache-Hit date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. last-modified Fri, 08 Apr 2022 20:07:18 GMT server nginx content-encoding br x-page-optimize uncached etag W/"c9645319756d99d9d3f6db6333f69f32" vary Accept-Encoding, Cookie content-type application/javascript x-ac 2.hhn _atomic_ams BYPASS cache-control max-age=31536000 host-header WordPress.com
GET H2	200	search-widget.js Show response blog.wpscan.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/src/widgets/js/	1 KB 648 B	172ms 171ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-search/src/widgets/js/search-widget.js?minify=false&ver=1645029952 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 5cdb1cad298e924cb4a212a8884ff50f3edc8a98ac8ad80d76d9de8eb16be69e Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 16 Feb 2022 16:45:52 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"620d2a40-5d0" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	/ Show response blog.wpscan.com/_jb_static/	17 KB 6 KB	178ms 177ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/_jb_static/??-eJy1jr0OwjAQg9+GiXDq0KoMFY9S5edUrk0uJbm0Kk9PFhATG6Mtf7b3VdnIgiyw+jIRZ5hRVm0XZWLM8lbjhuxiAl0kBi1C9pPz+nkoCnrCDI4qQrUvZbRCkVU0GdOG6TLn8/6HsS/j9wSMxBZMIe/A01L5R8GCd83O13uBuPK3MDRd37fXpmvbkzVD8wLakG2k Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 9183d722edfeb52f6447ea1e4cdbade93b74862528254ef7bfdad8f302d4d124 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nananana Batcache-Hit date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. last-modified Wed, 05 Jul 2023 21:14:15 GMT server nginx content-encoding br x-page-optimize uncached etag W/"aac7b1e2ab6a508c2437b45dd3897885" vary Accept-Encoding, Cookie content-type application/javascript x-ac 2.hhn _atomic_ams BYPASS cache-control max-age=31536000 host-header WordPress.com
GET H2	200	e-202327.js Show response stats.wp.com/	7 KB 3 KB	101ms 27ms	Script application/javascript	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://stats.wp.com/e-202327.js Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-minify-cache hit x-nc HIT hhn date Thu, 06 Jul 2023 16:11:32 GMT content-encoding br server nginx x-minify t etag W/13576-1684461103136.7104 vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 expires Mon, 01 Jul 2024 11:39:33 GMT
GET H2	200	akismet-frontend.js Show response blog.wpscan.com/wp-content/plugins/akismet/_inc/	10 KB 3 KB	161ms 160ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?m=1666634240 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 5734f1b66dcb622529d435aba20990813d43553f949bc0813719b4e7d1252527 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Mon, 24 Oct 2022 17:57:20 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6356d200-29ed" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	jquery.min.js Show response blog.wpscan.com/wp-includes/js/jquery/	88 KB 31 KB	173ms 172ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 08 Mar 2023 18:37:33 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"6408d5ed-15ed7" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	/ Show response blog.wpscan.com/_jb_static/	29 KB 10 KB	179ms 177ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/_jb_static/??-eJxdjcsKg0AMRf+mq2oQqriRfkpxMmEanVfn4ejfdxZS2kLg5sI5SfENW9RZUoSlzitTOM5oDKswJ2oN23aJ1/LLpifjKtz+WU4GnU1kE3idFdsIKtcqKCgQmbUE6UwTaJYHsJW0f13/NxdKfsYVHvUtCO1wjRCziBjYJ3aV2JhKle9m6oax72/D0I8XFFP3BhR1UIU= Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 5a6d9aaa2345c4f83315994f37ea38d7f00740b122f55cf0d7cb665b6fafe811 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nananana Batcache-Hit date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. last-modified Wed, 31 May 2023 15:24:18 GMT server nginx content-encoding br x-page-optimize uncached etag W/"3665e0092208a4dc1987260722993018" vary Accept-Encoding, Cookie content-type application/javascript x-ac 2.hhn _atomic_ams BYPASS cache-control max-age=31536000 host-header WordPress.com
GET H2	200	sharing.min.js Show response blog.wpscan.com/wp-content/plugins/jetpack/_inc/build/sharedaddy/	9 KB 3 KB	171ms 170ms	Script application/javascript	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://blog.wpscan.com/wp-content/plugins/jetpack/_inc/build/sharedaddy/sharing.min.js?ver=12.3 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 9e1dae23d3ad3212f67d09ca79a50003c32953c36bab976f634c9b38d8a8c6dc Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT strict-transport-security max-age=31536000 content-encoding br last-modified Tue, 07 Mar 2023 19:14:38 GMT server nginx x-ac 2.hhn _atomic_ams BYPASS etag W/"64078d1e-2259" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	/ Show response jetpack.wordpress.com/jetpack-comment/ Frame E839	25 KB 7 KB	328ms 248ms	Document text/html	192.0.78.33 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://jetpack.wordpress.com/jetpack-comment/?blogid=195017074&postid=1294&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=4692b51cf8&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=afacb4f74a3320f023a43309bf6f90904a188d16 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.33 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash f17123ace87329ebac626b9db0251a8d388f71dd78b3b7d52de7a16ca4cffc42 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://blog.wpscan.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-type text/html; charset=UTF-8 date Thu, 06 Jul 2023 16:11:33 GMT host-header WordPress.com server nginx strict-transport-security max-age=31536000 vary Accept-Encoding accept, content-type x-ac 2.hhn _dca EXPIRED x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
GET DATA	200 OK	truncated /	42 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	351 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash f8dbcb0d906325ea81fbaca5be475a10eaf975fa2b3c835b9860c6b3445db16e Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	225 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 1d91045d9b974feac67afeb398dd1f99c3a5523e30d9b982e5a0810d6f67e324 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8
GET DATA	200 OK	truncated /	325 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 5905c15570060e567d99ff9787345543f85fd0e82c5e15f42462d10ada386e3f Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	jizDREVItHgc8qDIbSTKq4XkRiUf2zc.woff2 fonts.wp.com/s/librefranklin/v13/	27 KB 27 KB	104ms 27ms	Font font/woff2	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/librefranklin/v13/jizDREVItHgc8qDIbSTKq4XkRiUf2zc.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css2?family=Libre+Franklin:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&family=IBM+Plex+Mono:wght@400;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 0c5b68b3ae23054815d89c5a2230ad7edf2d4b68732b4463d6be74cacb974055 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://blog.wpscan.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 06 Jul 2023 16:11:32 GMT x-content-type-options nosniff last-modified Mon, 11 Jul 2022 18:56:23 GMT server nginx age 436231 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 27268 x-xss-protection 0
GET H2	200	-F63fjptAgt5VM-kVkqdyU8n1i8q1w.woff2 fonts.wp.com/s/ibmplexmono/v19/	14 KB 15 KB	100ms 27ms	Font font/woff2	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/ibmplexmono/v19/-F63fjptAgt5VM-kVkqdyU8n1i8q1w.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css2?family=Libre+Franklin:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&family=IBM+Plex+Mono:wght@400;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 3c5a451f9ec27a354b0c2bcca636c6ec17a651281aabf29f8427e210a1d31e85 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://blog.wpscan.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 06 Jul 2023 16:11:32 GMT x-content-type-options nosniff last-modified Thu, 27 Apr 2023 00:17:55 GMT server nginx age 15472 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 14812 x-xss-protection 0
GET DATA	200 OK	truncated /	7 KB 7 KB		Font application/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 8b672850aad14669fbcf95e2b49e71dab446a29fd5857934c074b84173cb89b0 Request headers Referer Origin https://blog.wpscan.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type application/octet-stream
GET H2	200	jizBREVItHgc8qDIbSTKq4XkRiUa6zUTjg.woff2 fonts.wp.com/s/librefranklin/v13/	30 KB 30 KB	129ms 57ms	Font font/woff2	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/librefranklin/v13/jizBREVItHgc8qDIbSTKq4XkRiUa6zUTjg.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css2?family=Libre+Franklin:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&family=IBM+Plex+Mono:wght@400;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash efe16fd64edb961d670fd35ee4a211ec22cb9e2fa6850cbbf13464dace1b39e2 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://blog.wpscan.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 06 Jul 2023 16:11:32 GMT x-content-type-options nosniff last-modified Mon, 11 Jul 2022 18:55:36 GMT server nginx age 507401 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 30628 x-xss-protection 0
GET H2	200	-F6qfjptAgt5VM-kVkqdyU8n3pQPwlBFgg.woff2 fonts.wp.com/s/ibmplexmono/v19/	15 KB 15 KB	129ms 57ms	Font font/woff2	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://fonts.wp.com/s/ibmplexmono/v19/-F6qfjptAgt5VM-kVkqdyU8n3pQPwlBFgg.woff2 Requested by Host: fonts-api.wp.com URL: https://fonts-api.wp.com/css2?family=Libre+Franklin:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&family=IBM+Plex+Mono:wght@400;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash a51b6594bdda5d76e047259fb1fcaf7af2eb227cac553b4eb1cffa8328784c9c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts-api.wp.com/ Origin https://blog.wpscan.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 06 Jul 2023 16:11:32 GMT x-content-type-options nosniff last-modified Wed, 26 Apr 2023 23:36:35 GMT server nginx age 18083 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 14956 x-xss-protection 0
GET H2	200	master.html Show response widgets.wp.com/likes/ Frame 642D	3 KB 1 KB	33ms 27ms	Document text/html	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://widgets.wp.com/likes/master.html?ver=202327 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 32cf39fdd1cd09157852ef8193ff69bc05364c447e0fbbf2271bd963b30ebd7c Request headers Referer https://blog.wpscan.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-methods GET, HEAD access-control-allow-origin * content-encoding br content-type text/html date Thu, 06 Jul 2023 16:11:32 GMT etag W/"6408e4c4-ae1" last-modified Wed, 08 Mar 2023 19:40:52 GMT server nginx timing-allow-origin * vary Accept-Encoding x-ac 2.hhn _dca MISS x-nc HIT hhn 1
GET H2	200	g.gif pixel.wp.com/	50 B 93 B	37ms 27ms	Image image/gif	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.wp.com/g.gif?v=ext&blog=195017074&post=1294&tz=2&srv=blog.wpscan.com&hp=atomic&ac=2&amp=0&j=1%3A12.3&host=blog.wpscan.com&ref=&fcp=775&rand=0.7183064937656161 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers access-control-allow-origin * date Thu, 06 Jul 2023 16:11:32 GMT cache-control no-cache server nginx content-length 50 content-type image/gif
GET H2	200	1f641.svg s.w.org/images/core/emoji/14.0.0/svg/	512 B 537 B	99ms 27ms	Image image/svg+xml	192.0.77.48 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://s.w.org/images/core/emoji/14.0.0/svg/1f641.svg Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS s.w.org Software nginx / Resource Hash 87bcc22d43cfa00bd1cf5e3a35aad79150b4ce804899db3ea93efe57eeb6dbf7 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 06 Jul 2023 16:11:33 GMT content-encoding br x-content-type-options nosniff last-modified Tue, 12 Apr 2022 03:50:59 GMT server nginx vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml access-control-allow-origin * access-control-allow-methods GET, HEAD cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	1f642.svg s.w.org/images/core/emoji/14.0.0/svg/	525 B 590 B	99ms 28ms	Image image/svg+xml	192.0.77.48 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://s.w.org/images/core/emoji/14.0.0/svg/1f642.svg Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS s.w.org Software nginx / Resource Hash 943c44a0f3dc1aba84f5fbe8465baadbb90af66cd7be9f37ca07a39260357ad2 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 06 Jul 2023 16:11:33 GMT x-content-type-options nosniff last-modified Tue, 12 Apr 2022 03:53:43 GMT server nginx vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml access-control-allow-origin * access-control-allow-methods GET, HEAD cache-control max-age=315360000 accept-ranges bytes content-length 525 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	hovercard.min.css secure.gravatar.com/dist/css/	8 KB 2 KB	29ms 28ms	Stylesheet text/css	2a04:fa87:fffe::c000:4902 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://secure.gravatar.com/dist/css/hovercard.min.css?ver=202327 Requested by Host: secure.gravatar.com URL: https://secure.gravatar.com/js/gprofiles.js?ver=202327 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash b6430eb74818a1eda8c688c967c3ccf00b2139dd175e868f6c5658d58f3abd11 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT content-encoding br last-modified Fri, 19 May 2023 08:02:31 GMT server nginx etag W/"64672d17-2067" content-type text/css cache-control max-age=604800 expires Thu, 13 Jul 2023 16:11:32 GMT
GET H2	200	services.min.css secure.gravatar.com/dist/css/	3 KB 736 B	30ms 28ms	Stylesheet text/css	2a04:fa87:fffe::c000:4902 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://secure.gravatar.com/dist/css/services.min.css?ver=202327 Requested by Host: secure.gravatar.com URL: https://secure.gravatar.com/js/gprofiles.js?ver=202327 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 28256c0a68f5a8b099fdc6aef91cbd61591585447f54b8554cddeeabf6d368d0 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:32 GMT content-encoding br last-modified Wed, 21 Jun 2023 20:08:04 GMT server nginx etag W/"649358a4-d7b" content-type text/css cache-control max-age=604800 expires Thu, 13 Jul 2023 16:11:32 GMT
GET H2	200	loadingAnimation.gif blog.wpscan.com/wp-includes/js/thickbox/	15 KB 15 KB	178ms 178ms	Image image/gif	192.0.78.164 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://blog.wpscan.com/wp-includes/js/thickbox/loadingAnimation.gif Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.164 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 6a486bb6036ea984d293ab009566e99e522abc19f8833c5fd49630be7eba0135 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:33 GMT strict-transport-security max-age=31536000 x-ac 2.hhn _atomic_ams BYPASS last-modified Mon, 05 Nov 2012 21:00:15 GMT server nginx etag "509828df-3b86" access-control-allow-methods GET, HEAD content-type image/gif access-control-allow-origin * cache-control max-age=604800 accept-ranges bytes content-length 15238 expires Thu, 13 Jul 2023 16:11:33 GMT
GET H2	200	rlt-proxy.js Show response s0.wp.com/wp-content/js/ Frame 642D	3 KB 1 KB	28ms 27ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122 Requested by Host: widgets.wp.com URL: https://widgets.wp.com/likes/master.html?ver=202327 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash f72ea1589b707feb0d369c239e89cc4ca754d70645c76e3a61ba0af9d69bba8c Request headers accept-language de-DE,de;q=0.9 Referer https://widgets.wp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-minify-cache hit x-nc HIT hhn 1 date Thu, 06 Jul 2023 16:11:32 GMT content-encoding br x-ac 2.hhn _dca MISS server nginx x-minify t etag W/7325-1684461116096.7104 vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Thu, 30 May 2024 14:44:30 GMT
GET H2	200	/ Show response s0.wp.com/_static/ Frame 642D	81 KB 20 KB	28ms 28ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20230308 Requested by Host: widgets.wp.com URL: https://widgets.wp.com/likes/master.html?ver=202327 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash a38aca823bb17c7335f249bb6194adbc333694c11ffa76563b4cba3a033cd99c Request headers accept-language de-DE,de;q=0.9 Referer https://widgets.wp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 06 Jul 2023 16:11:32 GMT content-encoding br x-ac 2.hhn _dca MISS last-modified Wed, 15 Feb 2023 09:58:05 GMT server nginx etag W/"63ecacad-1430c" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Thu, 07 Mar 2024 19:41:06 GMT
GET H2	200	cropped-wpscan-avatar-transparent.png i0.wp.com/blog.wpscan.com/wp-content/uploads/2022/02/	2 KB 2 KB	92ms 28ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/blog.wpscan.com/wp-content/uploads/2022/02/cropped-wpscan-avatar-transparent.png?w=240&ssl=1 Requested by Host: blog.wpscan.com URL: https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i0.wp.com Software nginx / Resource Hash 27006ef8b518c425fe38cb7edfe82df352c92e706fa577f5304901466b69f703 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nc HIT hhn 3 date Thu, 06 Jul 2023 16:11:33 GMT x-content-type-options nosniff last-modified Mon, 14 Feb 2022 23:36:38 GMT server nginx etag "48f2d3ca06015c90" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://blog.wpscan.com/wp-content/uploads/2022/02/cropped-wpscan-avatar-transparent.png>; rel="canonical" content-length 2008 expires Thu, 15 Feb 2024 11:36:38 GMT
GET H2	200	/ Show response public-api.wordpress.com/wp-admin/rest-proxy/ Frame 1942	8 KB 4 KB	212ms 129ms	Document text/html	192.0.78.23 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://public-api.wordpress.com/wp-admin/rest-proxy/ Requested by Host: s0.wp.com URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20230308 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.23 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 82d7db2beaf0bed1398411ac2509f5fb4ca0564af181a066c77bec4b835b93bb Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://widgets.wp.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-type text/html; charset=utf-8 date Thu, 06 Jul 2023 16:11:33 GMT p3p CP="CAO PSA OUR" server nginx strict-transport-security max-age=31536000 vary Accept-Encoding x-ac 1.hhn _dca BYPASS
GET H2	200	/ Show response s0.wp.com/_static/ Frame E839	19 KB 4 KB	29ms 28ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/_static/??/wp-content/js/mobile-useragent-info.js,/wp-content/js/rlt-proxy.js?m=1637704497j Requested by Host: jetpack.wordpress.com URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=195017074&postid=1294&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=4692b51cf8&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=afacb4f74a3320f023a43309bf6f90904a188d16 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 7551cbecbf078a66df8f9d246d8b11c773247921f5ff0bbe601f0cf67e1e287b Request headers Referer https://jetpack.wordpress.com/ Origin https://jetpack.wordpress.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 06 Jul 2023 16:11:33 GMT content-encoding br x-ac 2.hhn _dfw BYPASS last-modified Sun, 19 Dec 2021 04:31:01 GMT server nginx etag W/"61beb585-4b6b" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Thu, 23 Nov 2023 21:55:43 GMT
GET H2	200	style.css s0.wp.com/wp-content/mu-plugins/highlander-comments/ Frame E839	15 KB 3 KB	28ms 28ms	Stylesheet text/css	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1688641610i&cssminify=yes Requested by Host: jetpack.wordpress.com URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=195017074&postid=1294&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=4692b51cf8&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=afacb4f74a3320f023a43309bf6f90904a188d16 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 7585686ddb0b5ea2259272f6762a6362a4f9ff7445fb520a32551df5b0b529f0 Request headers Referer https://jetpack.wordpress.com/ Origin https://jetpack.wordpress.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-minify-cache hit x-nc HIT hhn 2 date Thu, 06 Jul 2023 16:11:33 GMT content-encoding br x-ac 2.hhn _dfw BYPASS server nginx x-minify t etag W/18516-1688641618172.8413 vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Fri, 05 Jul 2024 11:07:04 GMT
GET H2	200	ad516503a11cd5ca435acc9bb6523536 1.gravatar.com/avatar/ Frame E839	1 KB 2 KB	50ms 27ms	Image image/png	2a04:fa87:fffe::c000:4902 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://1.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=identicon&forcedefault=y&r=G Requested by Host: jetpack.wordpress.com URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=195017074&postid=1294&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=4692b51cf8&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=afacb4f74a3320f023a43309bf6f90904a188d16 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 3086aaa2e8d2138d1ef45b3747e966b8f0056f2edb6786616da1a8928cf1c018 Request headers accept-language de-DE,de;q=0.9 Referer https://jetpack.wordpress.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 06 Jul 2023 16:11:33 GMT last-modified Sat, 01 Mar 2008 02:44:06 GMT server nginx content-type image/png access-control-allow-origin * cache-control max-age=300 accept-ranges bytes link <https://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=identicon&forcedefault=y&r=G>; rel="canonical" content-length 1485 expires Thu, 06 Jul 2023 16:16:33 GMT
GET H2	200	gprofiles.js Show response 0.gravatar.com/js/ Frame E839	26 KB 9 KB	40ms 27ms	Script application/javascript	2a04:fa87:fffe::c000:4902 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://0.gravatar.com/js/gprofiles.js?ver=202327a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e Requested by Host: jetpack.wordpress.com URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=195017074&postid=1294&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=4692b51cf8&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=afacb4f74a3320f023a43309bf6f90904a188d16 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e Request headers accept-language de-DE,de;q=0.9 Referer https://jetpack.wordpress.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:33 GMT content-encoding br last-modified Thu, 01 Jun 2023 11:07:36 GMT server nginx etag W/"64787bf8-6611" content-type application/javascript cache-control max-age=604800 expires Thu, 13 Jul 2023 16:11:33 GMT
GET H2	200	wpgroho.js Show response s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/ Frame E839	655 B 446 B	28ms 27ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240i Requested by Host: jetpack.wordpress.com URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=195017074&postid=1294&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=4692b51cf8&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=afacb4f74a3320f023a43309bf6f90904a188d16 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash b6e4492d3b8358a81b80908b1f84e6bd2f64a7a46d48793af99d27bf29f4c2e8 Request headers Referer https://jetpack.wordpress.com/ Origin https://jetpack.wordpress.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-minify-cache hit x-nc HIT hhn 2 date Thu, 06 Jul 2023 16:11:33 GMT content-encoding br x-ac 2.hhn _dfw BYPASS server nginx x-minify t etag W/1125-1684460931415.6394 vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Thu, 30 May 2024 20:22:44 GMT
GET H2	200	/ Show response s0.wp.com/_static/ Frame E839	41 KB 11 KB	29ms 28ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/_static/??/wp-content/js/textarea-autosize.min.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1663141412j Requested by Host: jetpack.wordpress.com URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=195017074&postid=1294&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=4692b51cf8&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=afacb4f74a3320f023a43309bf6f90904a188d16 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 822183b6912f8ef43349d897aa66f65f840a059a488c1dae834f2e1b4d847c1c Request headers Referer https://jetpack.wordpress.com/ Origin https://jetpack.wordpress.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 06 Jul 2023 16:11:33 GMT content-encoding br x-ac 2.hhn _dfw last-modified Wed, 14 Sep 2022 07:43:47 GMT server nginx etag W/"63218633-a4f5" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Thu, 14 Sep 2023 07:43:50 GMT
GET H2	200	/ Show response s0.wp.com/_static/ Frame E839	24 KB 7 KB	29ms 28ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/_static/??/wp-content/mu-plugins/likes/queuehandler.js,/wp-content/mu-plugins/akismet-3.0/_inc/akismet-frontend.js?m=1683897436j Requested by Host: jetpack.wordpress.com URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=195017074&postid=1294&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=4692b51cf8&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=afacb4f74a3320f023a43309bf6f90904a188d16 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 780b61f483cfb44ee9881cbd362d41cf89609d401d12e9726e1471530ab14738 Request headers Referer https://jetpack.wordpress.com/ Origin https://jetpack.wordpress.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nc HIT hhn 2 date Thu, 06 Jul 2023 16:11:33 GMT content-encoding br x-ac 2.hhn _dfw BYPASS last-modified Fri, 12 May 2023 13:17:23 GMT server nginx etag W/"645e3c63-5e76" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Sat, 11 May 2024 13:17:32 GMT
GET H2	200	wp-emoji-release.min.js Show response s0.wp.com/wp-includes/js/ Frame E839	18 KB 5 KB	28ms 27ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1677072837i&ver=6.3-alpha-56011 Requested by Host: jetpack.wordpress.com URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=195017074&postid=1294&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=4692b51cf8&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=12.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=afacb4f74a3320f023a43309bf6f90904a188d16 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230 Request headers accept-language de-DE,de;q=0.9 Referer https://jetpack.wordpress.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 06 Jul 2023 16:11:33 GMT content-encoding br x-ac 2.hhn _dca MISS last-modified Fri, 19 May 2023 02:58:32 GMT server nginx etag W/"6466e5d8-4904" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Fri, 28 Jun 2024 14:06:28 GMT
GET H2	200	button-back.gif s0.wp.com/wp-content/mu-plugins/highlander-comments/images/ Frame E839	1 KB 1 KB	28ms 27ms	Image image/gif	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://s0.wp.com/wp-content/mu-plugins/highlander-comments/images/button-back.gif Requested by Host: s0.wp.com URL: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1688641610i&cssminify=yes Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 0dab369eac5fd3a06420395d02d292bc3e3ab0bf62add857c72804fd9f4edd35 Request headers accept-language de-DE,de;q=0.9 Referer https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1688641610i&cssminify=yes User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-nc HIT hhn 1 date Thu, 06 Jul 2023 16:11:33 GMT x-ac 2.hhn _dca BYPASS last-modified Wed, 28 Nov 2018 18:49:03 GMT server nginx etag "5bfee31f-4d0" access-control-allow-methods GET, HEAD content-type image/gif access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes timing-allow-origin * content-length 1232 expires Fri, 10 Nov 2023 15:12:14 GMT
GET H2	200	hovercard.min.css 0.gravatar.com/dist/css/ Frame E839	8 KB 2 KB	28ms 27ms	Stylesheet text/css	2a04:fa87:fffe::c000:4902 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://0.gravatar.com/dist/css/hovercard.min.css?ver=202327a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e Requested by Host: 0.gravatar.com URL: https://0.gravatar.com/js/gprofiles.js?ver=202327a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash b6430eb74818a1eda8c688c967c3ccf00b2139dd175e868f6c5658d58f3abd11 Request headers accept-language de-DE,de;q=0.9 Referer https://jetpack.wordpress.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:33 GMT content-encoding br last-modified Fri, 19 May 2023 08:02:31 GMT server nginx etag W/"64672d17-2067" content-type text/css cache-control max-age=604800 expires Thu, 13 Jul 2023 16:11:33 GMT
GET H2	200	services.min.css 0.gravatar.com/dist/css/ Frame E839	3 KB 699 B	28ms 28ms	Stylesheet text/css	2a04:fa87:fffe::c000:4902 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://0.gravatar.com/dist/css/services.min.css?ver=202327a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e Requested by Host: 0.gravatar.com URL: https://0.gravatar.com/js/gprofiles.js?ver=202327a38e82b72ca7b7f7489a6e0d2e13bda8e1ecaa4ef340fc6b01754378626ee67e Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 28256c0a68f5a8b099fdc6aef91cbd61591585447f54b8554cddeeabf6d368d0 Request headers accept-language de-DE,de;q=0.9 Referer https://jetpack.wordpress.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 16:11:33 GMT content-encoding br last-modified Wed, 21 Jun 2023 20:08:04 GMT server nginx etag W/"649358a4-d7b" content-type text/css cache-control max-age=604800 expires Thu, 13 Jul 2023 16:11:33 GMT
GET H2	200	rlt-proxy.js Show response s0.wp.com/wp-content/js/ Frame 1942	3 KB 1 KB	28ms 27ms	Script application/javascript	192.0.77.32 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122 Requested by Host: public-api.wordpress.com URL: https://public-api.wordpress.com/wp-admin/rest-proxy/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash f72ea1589b707feb0d369c239e89cc4ca754d70645c76e3a61ba0af9d69bba8c Request headers accept-language de-DE,de;q=0.9 Referer https://public-api.wordpress.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-minify-cache hit x-nc HIT hhn 1 date Thu, 06 Jul 2023 16:11:33 GMT content-encoding br x-ac 2.hhn _dca MISS server nginx x-minify t etag W/7325-1684461116096.7104 vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * expires Thu, 30 May 2024 14:44:30 GMT
GET H2	204	boom.gif pixel.wp.com/	0 37 B	28ms 27ms	Image text/plain	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.wp.com/boom.gif?bilmur=1&cumulative_layout_shift=0.098&largest_contentful_paint=775&batcache_hit=0&provider=wordpress.com&service=atomic&custom_properties=%7B%22devicepx%22%3A%220%22%7D&effective_connection_type=4g&rtt=0&downlink=10000&host_name=blog.wpscan.com&url_path=%2Fhacking-campaign-actively-exploiting-ultimate-member-plugin%2F&nt_fetchStart=0&nt_domainLookupStart=2&nt_domainLookupEnd=39&nt_connectStart=39&nt_connectEnd=96&nt_secureConnectionStart=66&nt_requestStart=96&nt_responseStart=284&nt_responseEnd=312&nt_domLoading=287&nt_domInteractive=793&nt_domContentLoadedEventStart=820&nt_domContentLoadedEventEnd=827&nt_domComplete=1153&nt_loadEventStart=1153&nt_loadEventEnd=1153&nt_redirectCount=0&nt_nextHopProtocol=h2&nt_api_level=2&start_render=775&first_contentful_paint=775&resource_size=1698917&resource_transferred=422930&js_size=750702&js_transferred=258769&resource_cache_percent=0&js_cache_percent=0&last_resource_end=1116 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://blog.wpscan.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers access-control-allow-origin * date Thu, 06 Jul 2023 16:11:35 GMT cache-control no-cache server nginx