URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Submission: On September 29 via api from DE — Scanned from DE

Summary

This website contacted 33 IPs in 5 countries across 26 domains to perform 154 HTTP transactions. The main IP is 141.193.213.21, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is logrhythm.com. The Cisco Umbrella rank of the primary domain is 298555.
TLS certificate: Issued by R3 on August 30th 2022. Valid for: 3 months.
This is the only time logrhythm.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
36 141.193.213.21 209242 (CLOUDFLAR...)
7 2a02:26f0:350... 20940 (AKAMAI-ASN1)
20 2606:4700::68... 13335 (CLOUDFLAR...)
9 104.17.73.206 13335 (CLOUDFLAR...)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
2 2a00:1450:400... 15169 (GOOGLE)
2 199.232.192.134 54113 (FASTLY)
2 23.205.237.4 16625 (AKAMAI-AS)
1 142.250.185.226 15169 (GOOGLE)
1 199.232.136.157 54113 (FASTLY)
2 2a03:2880:f02... 32934 (FACEBOOK)
1 2606:4700::68... 13335 (CLOUDFLAR...)
8 13.32.99.99 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:402... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
6 3.229.167.244 14618 (AMAZON-AES)
14 2600:9000:223... 16509 (AMAZON-02)
5 151.101.64.134 54113 (FASTLY)
4 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
1 104.244.42.69 13414 (TWITTER)
1 104.244.42.67 13414 (TWITTER)
1 2a03:2880:f12... 32934 (FACEBOOK)
1 192.28.144.124 15224 (OMNITURE)
1 199.232.196.134 54113 (FASTLY)
12 2600:9000:225... 16509 (AMAZON-02)
1 52.222.213.67 16509 (AMAZON-02)
1 2600:9000:249... 16509 (AMAZON-02)
154 33
Apex Domain
Subdomains
Transfer
45 logrhythm.com
logrhythm.com — Cisco Umbrella Rank: 298555
ecrm.logrhythm.com
648 KB
20 fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 1515
ka-p.fontawesome.com — Cisco Umbrella Rank: 3765
586 KB
14 disquscdn.com
c.disquscdn.com — Cisco Umbrella Rank: 4578
535 KB
14 pathfactory.com
cdn-app.pathfactory.com — Cisco Umbrella Rank: 70662
jukebox.pathfactory.com — Cisco Umbrella Rank: 45665
129 KB
13 insent.ai
logrhythm.widget.insent.ai
attachments.insent.ai — Cisco Umbrella Rank: 198673
643 KB
8 disqus.com
logrhythm-com.disqus.com
disqus.com — Cisco Umbrella Rank: 1376
referrer.disqus.com — Cisco Umbrella Rank: 6775
70 KB
7 typekit.net
use.typekit.net — Cisco Umbrella Rank: 448
p.typekit.net — Cisco Umbrella Rank: 588
60 KB
4 google.de
www.google.de — Cisco Umbrella Rank: 6301
871 B
4 google.com
www.google.com — Cisco Umbrella Rank: 2
871 B
4 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 79
googleads.g.doubleclick.net — Cisco Umbrella Rank: 42
4 KB
2 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 365
px4.ads.linkedin.com — Cisco Umbrella Rank: 6161
1 KB
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 707
77 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 28
20 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 151
111 KB
2 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 2843
6 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 64
159 KB
1 pusher.com
js.pusher.com — Cisco Umbrella Rank: 14919
18 KB
1 mktoresp.com
050-uwt-888.mktoresp.com
318 B
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 114
204 B
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 540
395 B
1 t.co
t.co — Cisco Umbrella Rank: 495
377 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 41
1 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 208
2 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 624
15 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 758
3 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 129
16 KB
154 26
Domain Requested by
36 logrhythm.com logrhythm.com
17 ka-p.fontawesome.com kit.fontawesome.com
logrhythm.com
14 c.disquscdn.com logrhythm-com.disqus.com
disqus.com
c.disquscdn.com
logrhythm.com
12 logrhythm.widget.insent.ai logrhythm.com
logrhythm.widget.insent.ai
9 ecrm.logrhythm.com logrhythm.com
ecrm.logrhythm.com
8 cdn-app.pathfactory.com logrhythm.com
cdn-app.pathfactory.com
6 jukebox.pathfactory.com cdn-app.pathfactory.com
6 use.typekit.net logrhythm.com
use.typekit.net
5 disqus.com logrhythm-com.disqus.com
c.disquscdn.com
4 www.google.de logrhythm.com
4 www.google.com logrhythm.com
3 googleads.g.doubleclick.net www.googleadservices.com
3 kit.fontawesome.com logrhythm.com
kit.fontawesome.com
2 maxcdn.bootstrapcdn.com cdn-app.pathfactory.com
maxcdn.bootstrapcdn.com
2 www.google-analytics.com www.googletagmanager.com
logrhythm.com
2 connect.facebook.net logrhythm.com
connect.facebook.net
2 munchkin.marketo.net logrhythm.com
munchkin.marketo.net
2 logrhythm-com.disqus.com logrhythm.com
2 www.googletagmanager.com logrhythm.com
www.googletagmanager.com
1 attachments.insent.ai
1 js.pusher.com logrhythm.widget.insent.ai
1 referrer.disqus.com logrhythm.com
1 050-uwt-888.mktoresp.com munchkin.marketo.net
1 www.facebook.com logrhythm.com
1 analytics.twitter.com logrhythm.com
1 t.co logrhythm.com
1 px4.ads.linkedin.com logrhythm.com
1 px.ads.linkedin.com 1 redirects
1 fonts.googleapis.com cdn-app.pathfactory.com
1 stats.g.doubleclick.net www.google-analytics.com
1 cdnjs.cloudflare.com www.googletagmanager.com
1 static.ads-twitter.com www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 www.googleadservices.com www.googletagmanager.com
1 p.typekit.net use.typekit.net
154 35
Subject Issuer Validity Valid
logrhythm.com
R3
2022-08-30 -
2022-11-28
3 months crt.sh
use.typekit.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-09-14 -
2023-10-15
a year crt.sh
*.fontawesome.com
DigiCert TLS RSA SHA256 2020 CA1
2021-12-01 -
2023-01-01
a year crt.sh
ecrm.logrhythm.com
Cloudflare Inc ECC CA-3
2022-06-30 -
2023-06-30
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
*.disqus.com
Sectigo RSA Domain Validation Secure Server CA
2022-04-20 -
2023-04-20
a year crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA
2022-02-06 -
2023-02-07
a year crt.sh
www.googleadservices.com
GTS CA 1C3
2022-09-05 -
2022-11-28
3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2022-03-01 -
2023-03-01
a year crt.sh
ads-twitter.com
DigiCert TLS RSA SHA256 2020 CA1
2022-07-22 -
2023-08-22
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2022-07-09 -
2022-10-07
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-08-03 -
2023-08-02
a year crt.sh
*.pathfactory.com
Amazon
2022-07-11 -
2023-08-09
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
a.disquscdn.com
Amazon
2021-10-31 -
2022-11-28
a year crt.sh
www.google.com
GTS CA 1C3
2022-09-05 -
2022-11-28
3 months crt.sh
www.google.de
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-07 -
2023-03-06
a year crt.sh
*.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-07 -
2023-03-06
a year crt.sh
*.mktoresp.com
DigiCert TLS RSA SHA256 2020 CA1
2021-11-30 -
2022-11-30
a year crt.sh
*.widget.insent.ai
Amazon
2022-03-31 -
2023-04-29
a year crt.sh
js.pusher.com
Amazon
2022-05-13 -
2023-06-11
a year crt.sh
*.insent.ai
Amazon
2022-03-30 -
2023-04-27
a year crt.sh

This page contains 4 frames:

Primary Page: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Frame ID: 0C70DBDA99CF11D6D5089425A7C83D5B
Requests: 124 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
Frame ID: 9C3236A7F7BD107B63102AEFEB39F3DE
Requests: 16 HTTP requests in this frame

Frame: https://ecrm.logrhythm.com/index.php/form/XDFrame
Frame ID: F7296E792963EBDFC0EE70742926E65B
Requests: 2 HTTP requests in this frame

Frame: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=cCmpTdR6O2V5tmT&marketo_cookies=[%22_mch-logrhythm.com-1664483438842-90806%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Frame ID: 2A1346942BC2F12306392E0B43EE0AB5
Requests: 13 HTTP requests in this frame

Screenshot

Page Title

Take a Deep Dive into PlugX Malware - LogRhythm

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • <link [^>]*href=(?:"|')[^"']*elementor/assets
  • <link [^>]*href=(?:"|')[^"']*uploads/elementor/css

Overall confidence: 75%
Detected patterns

Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • kit\.fontawesome\.com/([0-9a-z]+).js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Overall confidence: 100%
Detected patterns
  • ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Overall confidence: 100%
Detected patterns
  • <link [^>]*href="[^"]+use\.typekit\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

154
Requests

99 %
HTTPS

55 %
IPv6

26
Domains

35
Subdomains

33
IPs

5
Countries

3106 kB
Transfer

8390 kB
Size

19
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 82
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=74706&time=1664483438414&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=74706&time=1664483438414&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&e_ipv6=AQKhbD-Nl0Y27AAAAYOK8bBPc1vQgXlcpR0acQ7PwGKKnayfTlkiFCKyA6Kao2dQCJ6hkmIEFA4grfLUqM0hS_DEysUkcA

154 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
logrhythm.com/blog/deep-dive-into-plugx-malware/
143 KB
33 KB
Document
General
Full URL
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / WP Engine
Resource Hash
2cd7c34945ba1e6676bf1905775c52d5ca4366b7a00f1463d63f78b10d3d62d2
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=600, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
75277a4accc69142-FRA
content-encoding
br
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
content-type
text/html; charset=UTF-8
date
Thu, 29 Sep 2022 20:30:37 GMT
link
<https://logrhythm.com/wp-json/>; rel="https://api.w.org/" <https://logrhythm.com/wp-json/wp/v2/posts/2042>; rel="alternate"; type="application/json" <https://logrhythm.com/?p=2042>; rel=shortlink
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
referrer-policy
same-origin
server
cloudflare
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache
HIT: 1
x-cache-group
normal
x-cacheable
SHORT
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
WP Engine
x-tec-api-origin
https://logrhythm.com
x-tec-api-root
https://logrhythm.com/wp-json/tribe/events/v1/
x-tec-api-version
v1
x-xss-protection
1; mode=block
kan0mns.css
use.typekit.net/
9 KB
1 KB
Stylesheet
General
Full URL
https://use.typekit.net/kan0mns.css
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
8dac98c3fc310b29e185176a0a8b6c0e1a21baffbde3ab41173b3bf44492f67f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Thu, 29 Sep 2022 20:30:37 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
1114
frontend.css
logrhythm.com/wp-content/plugins/th-widget-pack/header-footer/inc/widgets-css/
79 KB
12 KB
Stylesheet
General
Full URL
https://logrhythm.com/wp-content/plugins/th-widget-pack/header-footer/inc/widgets-css/frontend.css?ver=2.1.14
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b47c6f613bff41662a4af43e11dd7a291ad7a1fbb2346cbcf6260fc2895c911
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
80922
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 11 Mar 2022 18:02:04 GMT
server
cloudflare
etag
W/"622b8e9c-13c18"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4c38ce9142-FRA
global.css
logrhythm.com/wp-content/plugins/th-widget-pack/css/
2 KB
3 KB
Stylesheet
General
Full URL
https://logrhythm.com/wp-content/plugins/th-widget-pack/css/global.css?ver=1647021724
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
eebddba8e782ebfcd323563bf510591cbe86e7299aa0ff6e7d8118775c9a0dcd
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
80922
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 11 Mar 2022 18:02:04 GMT
server
cloudflare
etag
W/"622b8e9c-656"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4c38d39142-FRA
scriptlesssocialsharing-style.css
logrhythm.com/wp-content/plugins/scriptless-social-sharing/includes/css/
3 KB
4 KB
Stylesheet
General
Full URL
https://logrhythm.com/wp-content/plugins/scriptless-social-sharing/includes/css/scriptlesssocialsharing-style.css?ver=3.2.1
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fd2d7eb59ac53d537480eaf6728e57f5311965a91cf7c5e0c6b98da73acf9dd
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
41469
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 30 Aug 2021 18:17:03 GMT
server
cloudflare
etag
W/"612d209f-a1a"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4c38db9142-FRA
header-footer-elementor.css
logrhythm.com/wp-content/plugins/th-widget-pack/header-footer/assets/css/
1 KB
3 KB
Stylesheet
General
Full URL
https://logrhythm.com/wp-content/plugins/th-widget-pack/header-footer/assets/css/header-footer-elementor.css?ver=2.1.14
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b37ebd2524191bf943476446276026a92083fe5bc43571eec11855c3872bd1af
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
80922
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 11 Mar 2022 18:02:04 GMT
server
cloudflare
etag
W/"622b8e9c-4c6"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4c38e29142-FRA
frontend-legacy.min.css
logrhythm.com/wp-content/plugins/elementor/assets/css/
13 KB
4 KB
Stylesheet
General
Full URL
https://logrhythm.com/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.7.7
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3adcf1b172631008be7d4276379dc62eda2af457fb3baa55a0f86e493ab101d8
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
80922
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 21 Sep 2022 00:24:05 GMT
server
cloudflare
etag
W/"632a59a5-35ed"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4c38e69142-FRA
frontend.min.css
logrhythm.com/wp-content/plugins/elementor/assets/css/
162 KB
23 KB
Stylesheet
General
Full URL
https://logrhythm.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.7.7
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b565a52be57ce739615a573520217c33bded28111fa20b62fdf26b7bab7e84d7
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
87012
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 21 Sep 2022 00:24:05 GMT
server
cloudflare
etag
W/"632a59a5-28722"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4c38ed9142-FRA
post-6608.css
logrhythm.com/wp-content/uploads/elementor/css/
3 KB
4 KB
Stylesheet
General
Full URL
https://logrhythm.com/wp-content/uploads/elementor/css/post-6608.css?ver=1663960616
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d7a365f539d97717913d10132c77a3b9949fff048ecfb12667fa5bb436a4f95
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
80922
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 23 Sep 2022 19:16:55 GMT
server
cloudflare
etag
W/"632e0627-d2f"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4c38f49142-FRA
frontend.min.css
logrhythm.com/wp-content/plugins/elementor-pro/assets/css/
470 KB
47 KB
Stylesheet
General
Full URL
https://logrhythm.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.7.7
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
802372f788e1d164af80a0f26260fcf9d6e88218ab450c014d5eaf44fda7d0e3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
80922
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 21 Sep 2022 00:26:28 GMT
server
cloudflare
etag
W/"632a5a34-75771"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4c38fa9142-FRA
app.css
logrhythm.com/wp-content/themes/stratusx/assets/css/
284 KB
50 KB
Stylesheet
General
Full URL
https://logrhythm.com/wp-content/themes/stratusx/assets/css/app.css?ver=1
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
677292abd3264e7a749be23ac07c2529f0ac499ca9f2030aa9446533496fc9eb
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
80922
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 23 Jun 2022 18:42:46 GMT
server
cloudflare
etag
W/"62b4b426-46e6f"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4c38ff9142-FRA
style.css
logrhythm.com/wp-content/themes/logrhythm-child/
347 B
3 KB
Stylesheet
General
Full URL
https://logrhythm.com/wp-content/themes/logrhythm-child/style.css?ver=6.0.2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1b33627d7bddf9d93dcf1e913bb6e53d97a99c5a7fc30f9aab824bf74707b35
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
80922
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Sun, 29 Mar 2020 18:29:03 GMT
server
cloudflare
etag
W/"5e80e8ef-15b"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4c39039142-FRA
app.min.css
logrhythm.com/wp-content/themes/logrhythm-child/dist/css/
332 KB
36 KB
Stylesheet
General
Full URL
https://logrhythm.com/wp-content/themes/logrhythm-child/dist/css/app.min.css?v=041222
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f05d8d723eb8a3e94158a98dc7f33ca75d0649303ca4743301c4ed02ebea43d3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
80922
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 21 Sep 2022 01:40:50 GMT
server
cloudflare
etag
W/"632a6ba2-52f6e"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4c591e9142-FRA
gdpr-main-nf.css
logrhythm.com/wp-content/plugins/gdpr-cookie-compliance/dist/styles/
77 KB
11 KB
Stylesheet
General
Full URL
https://logrhythm.com/wp-content/plugins/gdpr-cookie-compliance/dist/styles/gdpr-main-nf.css?ver=4.8.12
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
655f5c4b438879fe7d4ab3f95519548a68abf300e32fd093f27d4624fc936177
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
53310
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 17 Aug 2022 17:46:12 GMT
server
cloudflare
etag
W/"62fd2964-134a3"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4c59229142-FRA
jquery.min.js
logrhythm.com/wp-includes/js/jquery/
87 KB
34 KB
Script
General
Full URL
https://logrhythm.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
50001
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 10 Mar 2021 15:07:24 GMT
server
cloudflare
etag
W/"6048e0ac-15db1"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4c59289142-FRA
jquery-migrate.min.js
logrhythm.com/wp-includes/js/jquery/
11 KB
7 KB
Script
General
Full URL
https://logrhythm.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
50001
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 18 Nov 2020 09:06:06 GMT
server
cloudflare
etag
W/"5fb4e3fe-2bd8"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4c59299142-FRA
2f1bae2942.js
kit.fontawesome.com/
11 KB
4 KB
Script
General
Full URL
https://kit.fontawesome.com/2f1bae2942.js
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
728b153440edf86d283cdc6a5a279623456c0cd3341b63b32dcedb2b5e795e15
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=31536000; preload
content-encoding
gzip
cf-cache-status
REVALIDATED
server
cloudflare
access-control-max-age
3000
access-control-allow-methods
GET, OPTIONS
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=60, public, must-revalidate
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-ray
75277a50593ebbbb-FRA
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id
FxcDWR7ftYTAnntMo5Bi
forms2.min.js
ecrm.logrhythm.com/js/forms2/js/
208 KB
69 KB
Script
General
Full URL
https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.73.206 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:37 GMT
strict-transport-security
max-age=63072000;
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Sep 2022 03:44:48 GMT
server
cloudflare
cf-cache-status
HIT
age
6259
etag
"16324c-33e51-5e94fffe29b0b"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=14400
cf-ray
75277a4d4b2f9025-FRA
expires
Fri, 30 Sep 2022 00:30:37 GMT
modernizr-custom.min.js
logrhythm.com/wp-content/themes/logrhythm-child/dist/js/
5 KB
5 KB
Script
General
Full URL
https://logrhythm.com/wp-content/themes/logrhythm-child/dist/js/modernizr-custom.min.js
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c99f726f2a86c98e77f5f081280ff5e78252dbc6d6576828e5fde6c62a3051ed
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
50001
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 01 Dec 2020 20:51:16 GMT
server
cloudflare
etag
W/"5fc6acc4-12ac"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4c592d9142-FRA
logrhythm-logo-white.svg
logrhythm.com/wp-content/themes/logrhythm-child/dist/img/
3 KB
5 KB
Image
General
Full URL
https://logrhythm.com/wp-content/themes/logrhythm-child/dist/img/logrhythm-logo-white.svg
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e0b427fb8a24a526d196dd476a027463dd3a1fed8af31f53919886ef7c21fb1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
87750
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 14 Feb 2022 01:53:42 GMT
server
cloudflare
etag
W/"6209b626-d4a"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4f78acbba1-FRA
gartner-mq-logrhythm-leader-2021.svg
logrhythm.com/wp-content/uploads/2022/02/
1 KB
4 KB
Image
General
Full URL
https://logrhythm.com/wp-content/uploads/2022/02/gartner-mq-logrhythm-leader-2021.svg
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
103d65d0bb1059863bacf409fb11aec0de3bc4b388b31fac43345dc68565cf06
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
87550
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 14 Feb 2022 00:01:56 GMT
server
cloudflare
etag
W/"62099bf4-42b"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4f78b2bba1-FRA
deep-dive-into-plugx-malware-1.jpg
logrhythm.com/wp-content/uploads/2020/02/
15 KB
18 KB
Image
General
Full URL
https://logrhythm.com/wp-content/uploads/2020/02/deep-dive-into-plugx-malware-1.jpg
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
382c257f12b68ddf9f8a9acaa9289cfb6304f091731e482a9831cbcf2a80accc
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
850
cf-polished
status=not_needed
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
14980
x-xss-protection
1; mode=block
referrer-policy
same-origin
cf-bgj
imgq:100,h2pri
last-modified
Wed, 07 Apr 2021 17:24:15 GMT
server
cloudflare
etag
"606deabf-3a84"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
cf-ray
75277a4f78b6bba1-FRA
deep-dive-into-plugx-malware-2_iaynji.jpg
logrhythm.com/wp-content/uploads/2020/02/
9 KB
12 KB
Image
General
Full URL
https://logrhythm.com/wp-content/uploads/2020/02/deep-dive-into-plugx-malware-2_iaynji.jpg
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
51222392bf548c5fde2cac2b1a6db7f2312c64f836547b4567a1ddceba4399c7
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
850
cf-polished
status=not_needed
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
9360
x-xss-protection
1; mode=block
referrer-policy
same-origin
cf-bgj
imgq:100,h2pri
last-modified
Wed, 07 Apr 2021 17:24:04 GMT
server
cloudflare
etag
"606deab4-2490"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
cf-ray
75277a4f78c0bba1-FRA
deep-dive-into-plugx-malware-3.jpg
logrhythm.com/wp-content/uploads/2020/02/
15 KB
19 KB
Image
General
Full URL
https://logrhythm.com/wp-content/uploads/2020/02/deep-dive-into-plugx-malware-3.jpg
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a569d19eb5d61a14942aa1f0df3b2108a8014f119937625182bc0ac547f4c70
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
849
cf-polished
status=not_needed
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
15759
x-xss-protection
1; mode=block
referrer-policy
same-origin
cf-bgj
imgq:100,h2pri
last-modified
Wed, 07 Apr 2021 17:23:52 GMT
server
cloudflare
etag
"606deaa8-3d8f"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
cf-ray
75277a4f78c3bba1-FRA
deep-dive-into-plugx-malware-4.png
logrhythm.com/wp-content/uploads/2020/02/
17 KB
21 KB
Image
General
Full URL
https://logrhythm.com/wp-content/uploads/2020/02/deep-dive-into-plugx-malware-4.png
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dcd539d31a167dfbcccb461790c6551195dd3332a16a4e812f85a00022f4e2fa
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
850
cf-polished
origFmt=png, origSize=22728
content-disposition
inline; filename="deep-dive-into-plugx-malware-4.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
17524
x-xss-protection
1; mode=block
referrer-policy
same-origin
cf-bgj
imgq:100,h2pri
last-modified
Wed, 07 Apr 2021 17:23:41 GMT
server
cloudflare
etag
"606dea9d-58c8"
vary
Accept
x-frame-options
SAMEORIGIN
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
cf-ray
75277a4f78c5bba1-FRA
email-decode.min.js
logrhythm.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
871 B
Script
General
Full URL
https://logrhythm.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 26 Sep 2022 11:11:52 GMT
server
cloudflare
etag
W/"633188f8-4d7"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
75277a4dd8b8bba1-FRA
expires
Sat, 01 Oct 2022 20:30:37 GMT
waypoints.min.js
logrhythm.com/wp-content/plugins/elementor/assets/lib/waypoints/
12 KB
6 KB
Script
General
Full URL
https://logrhythm.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
87549
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 21 Sep 2022 00:24:05 GMT
server
cloudflare
etag
W/"632a59a5-2fa6"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4e195ebba1-FRA
frontend.js
logrhythm.com/wp-content/plugins/th-widget-pack/header-footer/inc/js/
25 KB
7 KB
Script
General
Full URL
https://logrhythm.com/wp-content/plugins/th-widget-pack/header-footer/inc/js/frontend.js?ver=2.1.14
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e92fb6dc00e3c04e1f9af5a1554a33e2b3f2b1d7f9a9266066863a932437f0b9
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
87549
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 11 Mar 2022 18:02:04 GMT
server
cloudflare
etag
W/"622b8e9c-6384"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4ebb79bba1-FRA
comment_count.js
logrhythm.com/wp-content/plugins/disqus-comment-system/public/js/
889 B
4 KB
Script
General
Full URL
https://logrhythm.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.22
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
28903
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 27 May 2021 16:40:52 GMT
server
cloudflare
etag
W/"60afcb94-379"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4f7eb7bba1-FRA
main.js
logrhythm.com/wp-content/themes/stratusx/assets/js/
10 KB
7 KB
Script
General
Full URL
https://logrhythm.com/wp-content/themes/stratusx/assets/js/main.js?ver=1.3
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1120606d70171f70f1c92b702798a10dedacf4e5a3efd3b7cb7a649f524b50d2
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
87550
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 23 Jun 2022 18:42:46 GMT
server
cloudflare
etag
W/"62b4b426-2798"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4f7f07bba1-FRA
app.min.js
logrhythm.com/wp-content/themes/logrhythm-child/dist/js/
101 KB
39 KB
Script
General
Full URL
https://logrhythm.com/wp-content/themes/logrhythm-child/dist/js/app.min.js?ver=1
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b830faccf14d4753732c5d7c854ffb8092ecd49afc2d87b57e257021720c98b0
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
87550
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 15 Jul 2022 20:46:13 GMT
server
cloudflare
etag
W/"62d1d215-19568"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4f78c9bba1-FRA
marketo-prefill.min.js
logrhythm.com/wp-content/themes/logrhythm-child/dist/js/
2 KB
4 KB
Script
General
Full URL
https://logrhythm.com/wp-content/themes/logrhythm-child/dist/js/marketo-prefill.min.js?ver=6.0.2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
087736c1739310dc04c47e35f7e654cd75479dbf764da09eea77eb29b63e7030
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
87550
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 31 Mar 2022 20:03:47 GMT
server
cloudflare
etag
W/"62460923-620"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4f7f0cbba1-FRA
themo-foot.js
logrhythm.com/wp-content/plugins/th-widget-pack/js/
11 KB
6 KB
Script
General
Full URL
https://logrhythm.com/wp-content/plugins/th-widget-pack/js/themo-foot.js?ver=2.1.14
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
be557052880037a1c160050458fc687e95a193799d58686f0e2eefc8b39f4f42
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
87550
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 11 Mar 2022 18:02:04 GMT
server
cloudflare
etag
W/"622b8e9c-2b02"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4f7f65bba1-FRA
comment-reply.min.js
logrhythm.com/wp-includes/js/
3 KB
5 KB
Script
General
Full URL
https://logrhythm.com/wp-includes/js/comment-reply.min.js?ver=6.0.2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
28903
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 08 Apr 2022 20:07:18 GMT
server
cloudflare
etag
W/"625095f6-ba5"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4f7f6bbba1-FRA
vendor_footer.js
logrhythm.com/wp-content/themes/stratusx/assets/js/vendor/
117 KB
36 KB
Script
General
Full URL
https://logrhythm.com/wp-content/themes/stratusx/assets/js/vendor/vendor_footer.js?ver=1.2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
eaff775ad40803675c3df967fd79d70cfe3cca7b691c0c7a5e03bfdc0b2850ff
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
87550
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 23 Jun 2022 18:42:46 GMT
server
cloudflare
etag
W/"62b4b426-1d211"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4f7f6fbba1-FRA
main.js
logrhythm.com/wp-content/plugins/gdpr-cookie-compliance/dist/scripts/
57 KB
17 KB
Script
General
Full URL
https://logrhythm.com/wp-content/plugins/gdpr-cookie-compliance/dist/scripts/main.js?ver=4.8.12
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
be484c9d69d3c256a119e904b92711c093e31494b18d3e6c69888dca6a0cd928
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
87550
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 17 Aug 2022 17:46:12 GMT
server
cloudflare
etag
W/"62fd2964-e443"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4f7f74bba1-FRA
LogRhythm_TM_Logo_ForLightBackgrounds_RGB-1.svg
logrhythm.com/wp-content/uploads/2022/02/
3 KB
5 KB
Image
General
Full URL
https://logrhythm.com/wp-content/uploads/2022/02/LogRhythm_TM_Logo_ForLightBackgrounds_RGB-1.svg
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7baa8418eba4ee1e100cbea28c14678226d047e0f5563976f5a92c8a0aaac45f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-cache-status
HIT
age
87550
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 11 Feb 2022 04:24:58 GMT
server
cloudflare
etag
W/"6205e51a-df7"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
cf-ray
75277a4f78cabba1-FRA
p.css
p.typekit.net/
5 B
195 B
Stylesheet
General
Full URL
https://p.typekit.net/p.css?s=1&k=kan0mns&ht=tk&f=32226.32227.32230.32231.40407.40408.40409.40410.40411.40412.40415.40416&a=86739004&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/kan0mns.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

unused62
8096267
date
Thu, 29 Sep 2022 20:30:37 GMT
last-modified
Sat, 16 Oct 2021 08:18:43 GMT
server
nginx
etag
"616a8ae3-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
l
use.typekit.net/af/74b049/00000000000000007735b97f/30/
12 KB
12 KB
Font
General
Full URL
https://use.typekit.net/af/74b049/00000000000000007735b97f/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/kan0mns.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
3728afa1bf40c8ef2f820860a415da47f6bf118c1ccd856fd96926bc932a612a

Request headers

Referer
https://use.typekit.net/kan0mns.css
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
server
nginx
etag
"0725935a0405a101e1f63fb0d88e754d06e3e316"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
11992
truncated
/
90 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type
image/webp
truncated
/
44 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type
image/webp
truncated
/
38 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type
image/webp
gtm.js
www.googletagmanager.com/
278 KB
85 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0d52732ac6e202224ba424c85d33412471b66ea7da5f845332932c8950453663
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
86574
x-xss-protection
0
last-modified
Thu, 29 Sep 2022 20:13:43 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 29 Sep 2022 20:30:38 GMT
l
use.typekit.net/af/dde969/00000000000000007735b995/30/
12 KB
12 KB
Font
General
Full URL
https://use.typekit.net/af/dde969/00000000000000007735b995/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/kan0mns.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
b060b43ee8aa1a1a7d17f98215f3d920d4b8b48f1af0fdc392119b11de47b36e

Request headers

Referer
https://use.typekit.net/kan0mns.css
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
server
nginx
etag
"4499a6228bad8b85e09d5232a2e94be820faa664"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
11864
l
use.typekit.net/af/34c58e/00000000000000007735b983/30/
12 KB
12 KB
Font
General
Full URL
https://use.typekit.net/af/34c58e/00000000000000007735b983/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=i4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/kan0mns.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
e0688ce88275ad7c4f3035ceae4033f11020cae4c218d0396ccd1be3d503a2bc

Request headers

Referer
https://use.typekit.net/kan0mns.css
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
server
nginx
etag
"83f6a95b08faa058c1be7387d942a37f52c267cc"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
12392
truncated
/
82 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type
image/webp
embed.js
logrhythm-com.disqus.com/
78 KB
25 KB
Script
General
Full URL
https://logrhythm-com.disqus.com/embed.js
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.232.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
33c5c9155100a0fce122ce614c5e79fe8d25e668d229c0b3f53ff1345e19109f
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:38 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=300; includeSubdomains
Server
openresty
Age
0
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
private, max-age=60
X-Service
router
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
25379
l
use.typekit.net/af/c2b6e5/00000000000000007735afee/30/
11 KB
11 KB
Font
General
Full URL
https://use.typekit.net/af/c2b6e5/00000000000000007735afee/30/l?primer=c279b7655ef133eefcdc8a0e82ce6967fcf4be86c88c3d3423b05eb1816318b7&fvd=n4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/kan0mns.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
d36a96e8719f0a7129b328047d19a9ebb2cf4e70f40e4c6db0b01216b80ab498

Request headers

Referer
https://use.typekit.net/kan0mns.css
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
server
nginx
etag
"3206fe244b32e4b776d3735b2b940afbba9642fc"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
11036
l
use.typekit.net/af/1fe1ce/00000000000000007735aff6/30/
12 KB
12 KB
Font
General
Full URL
https://use.typekit.net/af/1fe1ce/00000000000000007735aff6/30/l?primer=c279b7655ef133eefcdc8a0e82ce6967fcf4be86c88c3d3423b05eb1816318b7&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/kan0mns.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
3cc3108c864da12cea8db6a598d888e8073e1add0c16d6bf6208813ca4487344

Request headers

Referer
https://use.typekit.net/kan0mns.css
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
server
nginx
etag
"60544d9a92264c5bbf8c0bfe6da06aa456428460"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
11892
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.237.4 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-237-4.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:38 GMT
Content-Encoding
gzip
Last-Modified
Fri, 09 Sep 2022 01:18:39 GMT
Server
AkamaiNetStorage
ETag
"92b41a298690c047b0c4602dd843cba4:1662686319.691662"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type
application/x-javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
728
conversion_async.js
www.googleadservices.com/pagead/
41 KB
16 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
f42283e0ca17a52688c5250e714ecd1b6a53af8b0f6e54ac64546499b0ec1b19
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15699
x-xss-protection
0
server
cafe
etag
699633608045481581
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 29 Sep 2022 20:30:38 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
8 KB
3 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
content-encoding
gzip
last-modified
Fri, 12 Aug 2022 20:23:36 GMT
x-cdn
AKAM
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=39339
accept-ranges
bytes
content-length
3063
uwt.js
static.ads-twitter.com/
56 KB
15 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
41b758f84ab2dd5da6f7ba488813d17410ebb48bc2074d304c26d63c5ece003d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
content-encoding
gzip
last-modified
Tue, 30 Aug 2022 15:04:19 GMT
etag
"d4de8398858246712016031c834bb061+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15317
x-served-by
cache-iad-kcgs7200095-IAD, cache-hhn11561-HHN
fbevents.js
connect.facebook.net/en_US/
101 KB
27 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
00a92494627ed8f758972b7dc47b3af186497c0637ea867a33fdb604c1548674
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 29 Sep 2022 20:30:38 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26840
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
Id7NG4CSiee+uleklznok6x8peok0tQ1YUct23hrgAbaJayp3SAFCCcuq4rU9WrX5B+b21AYDx48mWEytLs60w==
x-fb-trip-id
917726464
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
arrive.min.js
cdnjs.cloudflare.com/ajax/libs/arrive/2.4.1/
5 KB
2 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/arrive/2.4.1/arrive.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5971de670aef1d6f90a63e6ed8d095ca22f95c455ffc0ceb60be62e30e1a4473
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1614484
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1577
last-modified
Mon, 04 May 2020 16:05:50 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03d5e-13e2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UFZQzz1Vuqzyce%2FkbCvTd9EueCZzYhdwDFYuWtRWhRU1OHZRhAfGn0Ii55D2JbpO4%2FGmbTVrs4xcnRIEu4%2Ft48tiDoD329BxDg4oc4D0cJUb7SD8%2BXzMbqIqJ2AzF7huh2siqq9ytV15c6Tr3Ug%2Byi%2FJ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
75277a50bf3c9ba7-FRA
expires
Tue, 19 Sep 2023 20:30:38 GMT
jukebox.js
cdn-app.pathfactory.com/production/jukebox-lite/current/
51 KB
17 KB
Script
General
Full URL
https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-99.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8eb95978d45418ea2ffc193e48c7e6a746ff38152a82b1e405be03484204ea7a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
date
Thu, 29 Sep 2022 01:04:31 GMT
last-modified
Wed, 28 Sep 2022 01:04:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
69968
etag
W/"0df9f05024f0411bdfaa0319c2f22e8c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
4mn5nqvETEDVIlEKc2ctx2OmtxYBafSFnzacuPGzn-JafCsRRiiNLw==
js
www.googletagmanager.com/gtag/
215 KB
74 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-1FE13FG8WE&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1858cbcc0fdc17e7dca540ba4f0a2984dc0ff79bbdc86c1d75ac8319a5080a4d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
75992
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 29 Sep 2022 20:30:38 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 29 Sep 2022 19:15:57 GMT
last-modified
Sun, 11 Sep 2022 13:50:09 GMT
server
Golfe2
age
4481
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19826
expires
Thu, 29 Sep 2022 21:15:57 GMT
count.js
logrhythm-com.disqus.com/
1 KB
2 KB
Script
General
Full URL
https://logrhythm-com.disqus.com/count.js
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.22
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.232.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:38 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=300; includeSubdomains
X-Amz-Cf-Pop
DFW56-P1
Age
180
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
871
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 22 Sep 2022 15:28:05 GMT
Server
nginx
ETag
"632c7f05-367"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
public, max-age=300
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id
4JJZcA3J3HkAGkGt_qHBTeAUxVihselft6EgSV3mJkXkk22gS9EyZQ==
232919347190734
connect.facebook.net/signals/config/
293 KB
84 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/232919347190734?v=2.9.84&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
dcc6b211d7833bc4b667c3141cfe0f7bf8ad92c277922fbb57cb36776e716070
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 29 Sep 2022 20:30:38 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
zoc6pDV0IPT/dncMNDn4S0GsDse06D9znrOQ0FV+Z3LBpyvuKmVAcxHH1uaamnx+VKfBqFZHk++unxqmJJvbbA==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
677.js
cdn-app.pathfactory.com/production/jukebox-lite/current/
7 KB
3 KB
Script
General
Full URL
https://cdn-app.pathfactory.com/production/jukebox-lite/current/677.js
Requested by
Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-99.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3df5a486db3e76836ec8719a381a75402a190b04dd1eaf6af6b2108f24de5c79

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
date
Thu, 29 Sep 2022 01:46:19 GMT
last-modified
Wed, 28 Sep 2022 01:04:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
68307
etag
W/"043d12ba7ffcd76c1d9cc1b0540df15a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
NrhBz5R6J7DRpjKgT-mgVd-Yt_JdL3B4QJ_zSMU1ytegpr-sUbyV5A==
collect
stats.g.doubleclick.net/j/
4 B
441 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-3420049-1&cid=191057288.1664483438&jid=918473306&gjid=2024946875&_gid=99916755.1664483438&_u=YGBAgUABAAAAAE~&z=1563257382
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4025:402::9d Den Helder, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 29 Sep 2022 20:30:38 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://logrhythm.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j97&aip=1&a=268838461&t=pageview&_s=1&dl=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&ul=en-us&de=UTF-8&dt=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgUAB~&jid=918473306&gjid=2024946875&cid=191057288.1664483438&tid=UA-3420049-1&_gid=99916755.1664483438&gtm=2wg9s0N3MMPPN&z=505174348
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 16:20:40 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
14998
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
pro.min.css
ka-p.fontawesome.com/releases/v6.2.0/css/
788 KB
170 KB
Fetch
General
Full URL
https://ka-p.fontawesome.com/releases/v6.2.0/css/pro.min.css?token=2f1bae2942
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/2f1bae2942.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76ff2cfe25e35dc7a90fb959a1da27629357d601a7dab2876c16d19853448cfb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 30 Aug 2022 16:04:59 GMT
server
cloudflare
age
2511516
etag
"630e352b-2a5b9"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
75277a518d58bbbb-FRA
content-length
173497
pro-v4-shims.min.css
ka-p.fontawesome.com/releases/v6.2.0/css/
27 KB
4 KB
Fetch
General
Full URL
https://ka-p.fontawesome.com/releases/v6.2.0/css/pro-v4-shims.min.css?token=2f1bae2942
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/2f1bae2942.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bbdc1d949f82ab22e6011d00d1c6db35852d853c99f6beb8e1be0f0d32f3d6b6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 30 Aug 2022 16:04:58 GMT
server
cloudflare
age
341744
etag
"630e352a-10e7"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
75277a518d57bbbb-FRA
content-length
4327
pro-v5-font-face.min.css
ka-p.fontawesome.com/releases/v6.2.0/css/
84 KB
12 KB
Fetch
General
Full URL
https://ka-p.fontawesome.com/releases/v6.2.0/css/pro-v5-font-face.min.css?token=2f1bae2942
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/2f1bae2942.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d867a5a06a9f9357f5b1289be35fff639fa653f667985a872dcde08a39e33f1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 30 Aug 2022 16:04:58 GMT
server
cloudflare
age
1787698
etag
"630e352a-305d"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
75277a518d55bbbb-FRA
content-length
12381
pro-v4-font-face.min.css
ka-p.fontawesome.com/releases/v6.2.0/css/
12 KB
2 KB
Fetch
General
Full URL
https://ka-p.fontawesome.com/releases/v6.2.0/css/pro-v4-font-face.min.css?token=2f1bae2942
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/2f1bae2942.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef160ec762d4a2cafd6b4ceca26c6b4f3b695f8db7bd32ec3e2b2b8e1b292d90

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 30 Aug 2022 16:04:58 GMT
server
cloudflare
age
1262196
etag
"630e352a-906"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
75277a518d5dbbbb-FRA
content-length
2310
kit-upload.css
kit.fontawesome.com/2f1bae2942/46107999/
450 B
399 B
Fetch
General
Full URL
https://kit.fontawesome.com/2f1bae2942/46107999/kit-upload.css?token=2f1bae2942
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/2f1bae2942.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a7eb6424801ff903c28a448f39c942bcbfdd914bd88e21d7e3e0e590f33a8c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=31536000; preload
content-encoding
gzip
cf-cache-status
HIT
server
cloudflare
age
682837
access-control-max-age
3000
access-control-allow-methods
GET, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926, public, must-revalidate
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-ray
75277a517d24bbbb-FRA
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id
FxcB1PAVqKkh27WWjYaB
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1070386004/
2 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1070386004/?random=1664483438301&cv=9&fst=1664483438301&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9s0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&auid=718910051.1664483438&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c4f98022a53dccda1c360e74de8df0ae15f38df0b4baee239551b91a3ef8f752
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1053
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/952414179/
2 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/952414179/?random=1664483438304&cv=9&fst=1664483438304&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9s0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&auid=718910051.1664483438&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
030e50d8fb46d0d350d6b20857ea56a1e10d8ad0b55285bb32a78e4f859e419c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1052
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/903108792/
2 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/903108792/?random=1664483438305&cv=9&fst=1664483438305&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9s0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&auid=718910051.1664483438&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0358d4c8b5fcb211232f53ff124e38454a2bc3b460bd333c748cd0d923e5c588
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1053
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
init
jukebox.pathfactory.com/api/public/v1/ Frame
0
0
Preflight
General
Full URL
https://jukebox.pathfactory.com/api/public/v1/init?clientId=LB-72E778C0-10607&image=&title=&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.229.167.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-229-167-244.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://logrhythm.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin
https://logrhythm.com
access-control-expose-headers
access-control-max-age
7200
date
Thu, 29 Sep 2022 20:30:38 GMT
447.js
cdn-app.pathfactory.com/production/jukebox-lite/current/
455 B
817 B
Script
General
Full URL
https://cdn-app.pathfactory.com/production/jukebox-lite/current/447.js
Requested by
Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-99.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3cb35269dc1be66fc58f5781d86f083118be8ea2098256832d28953616619bec

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id
null
date
Thu, 29 Sep 2022 01:46:19 GMT
via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
last-modified
Wed, 28 Sep 2022 01:04:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
68306
etag
"781595c1866f620f3ed659c17c4ba5cf"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
455
x-amz-cf-id
U2n1yWXHx4GfJE1qj3F1MSRSoQLePA5G5R3Kga5o7RjlI23EoKIbXA==
init
jukebox.pathfactory.com/api/public/v1/
11 KB
4 KB
XHR
General
Full URL
https://jukebox.pathfactory.com/api/public/v1/init?clientId=LB-72E778C0-10607&image=&title=&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F
Requested by
Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.229.167.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-229-167-244.compute-1.amazonaws.com
Software
/
Resource Hash
3fde201925fe9dc3d22400e9d50c14a5878e06f7ea3de7ba4e1b001c76f440c9
Security Headers
Name Value
Content-Security-Policy
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
content-encoding
gzip
x-request-id
eaf89213-eb38-470f-9c00-78a163e55dac
x-runtime
0.070534
referrer-policy
no-referrer-when-downgrade
etag
W/"3fde201925fe9dc3d22400e9d50c14a5"
access-control-max-age
7200
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://logrhythm.com
access-control-expose-headers
vary
Accept, Origin, Accept-Encoding
access-control-allow-credentials
true
cache-control
max-age=0, private, must-revalidate
lounge.9772024640e1cec8d973cd80fb62abd8.css
c.disquscdn.com/next/embed/styles/
0
26 KB
Other
General
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.9772024640e1cec8d973cd80fb62abd8.css
Requested by
Host: logrhythm-com.disqus.com
URL: https://logrhythm-com.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ae00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-cache-hits
0
date
Mon, 12 Sep 2022 19:34:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 bafea69ec4368ee11760779ffcfbd4fc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
age
1472189
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
26136
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Mon, 12 Sep 2022 19:13:42 GMT
server
nginx
etag
"631f84e6-6618"
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
timing-allow-origin
*
x-amz-cf-id
054SQgPwOJ2bFt0dvp-OeB-XI4RpnWnqVhJrN4phx-_Fqw9ZMe-2Pw==
expires
Tue, 12 Sep 2023 19:34:09 GMT
common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
c.disquscdn.com/next/embed/
0
93 KB
Other
General
Full URL
https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
Requested by
Host: logrhythm-com.disqus.com
URL: https://logrhythm-com.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ae00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-cache-hits
0
date
Tue, 19 Apr 2022 20:31:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 bafea69ec4368ee11760779ffcfbd4fc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
age
14083171
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
94755
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Tue, 19 Apr 2022 20:21:53 GMT
server
nginx
etag
"625f19e1-17223"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
timing-allow-origin
*
x-amz-cf-id
ApO6k51rUTZo_I9SxK1LzRW1oZ3fH_VDh2xqzsjydTWMhZNGq5ygYg==
expires
Wed, 19 Apr 2023 20:31:07 GMT
lounge.bundle.4a4252944de4199d2e7f3e9e3eb9bc54.js
c.disquscdn.com/next/embed/
0
122 KB
Other
General
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.4a4252944de4199d2e7f3e9e3eb9bc54.js
Requested by
Host: logrhythm-com.disqus.com
URL: https://logrhythm-com.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ae00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-cache-hits
0
date
Fri, 16 Sep 2022 09:02:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 bafea69ec4368ee11760779ffcfbd4fc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
age
1164476
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
123979
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Fri, 16 Sep 2022 08:34:41 GMT
server
nginx
etag
"63243521-1e44b"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
timing-allow-origin
*
x-amz-cf-id
mjnfMqt-e_PCblO0hzTqmrr9FlEjd8Kl3UKCD3LkMggFabZs_rfyCQ==
expires
Sat, 16 Sep 2023 09:02:42 GMT
config.js
disqus.com/next/
0
17 KB
Other
General
Full URL
https://disqus.com/next/config.js
Requested by
Host: logrhythm-com.disqus.com
URL: https://logrhythm-com.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:38 GMT
Strict-Transport-Security
max-age=300; includeSubdomains
X-Content-Type-Options
nosniff
Server
nginx
Age
26
X-Frame-Options
SAMEORIGIN
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
16366
X-XSS-Protection
1; mode=block
getForm
ecrm.logrhythm.com/index.php/form/
6 KB
2 KB
Script
General
Full URL
https://ecrm.logrhythm.com/index.php/form/getForm?munchkinId=050-UWT-888&form=1920&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&callback=jQuery112407394818664844129_1664483437954&_=1664483437955
Requested by
Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.73.206 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c403d4fc6b90ad93d6edfa7ffc0dbe243e9bd0752aa4539ee0942a7621568c1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:39 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-form-service-request-id
17251#1838af1b003
x-marketo-source
Form Service
cf-ray
75277a51ff0a9025-FRA
cached
false
ga-audiences
www.google.com/ads/
42 B
107 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-3420049-1&cid=191057288.1664483438&jid=918473306&_u=YGBAgUABAAAAAE~&z=1479516667
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:38 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
107 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-3420049-1&cid=191057288.1664483438&jid=918473306&_u=YGBAgUABAAAAAE~&z=1479516667
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:38 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/
28 KB
7 KB
Stylesheet
General
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css
Requested by
Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/447.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
632, 617, 617
age
18440818
cdn-cachedat
2021-06-08 21:36:06
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:54 GMT
server
cloudflare
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
0da3e6fa0421515cbcf5425517fc7012
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
75277a524c3a6977-FRA
cdn-requestpullsuccess
True
css
fonts.googleapis.com/
4 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,700
Requested by
Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/447.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400a:808::200a Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
099f342bcdd01d03cacd2d665bb82ed11b7110f74768ec40774de44140481a38
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 29 Sep 2022 20:30:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 29 Sep 2022 19:06:07 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 29 Sep 2022 20:30:38 GMT
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=74706&time=1664483438414&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=74706&time=1664483438414&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&e_ipv6=AQKhbD-Nl0Y27AAAAYOK8bBPc1vQgXlcpR0acQ7P...
0
264 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=74706&time=1664483438414&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&e_ipv6=AQKhbD-Nl0Y27AAAAYOK8bBPc1vQgXlcpR0acQ7PwGKKnayfTlkiFCKyA6Kao2dQCJ6hkmIEFA4grfLUqM0hS_DEysUkcA
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: D2F7CCC0235E4DEA81C79C865170DA04 Ref B: FRAEDGE1507 Ref C: 2022-09-29T20:30:38Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXp1sAcBo6w07WrPKC4HQ==

Redirect headers

date
Thu, 29 Sep 2022 20:30:37 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: AE1D1D448F7A44258962C08F62CC4A8B Ref B: FRAEDGE1220 Ref C: 2022-09-29T20:30:38Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=74706&time=1664483438414&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&e_ipv6=AQKhbD-Nl0Y27AAAAYOK8bBPc1vQgXlcpR0acQ7PwGKKnayfTlkiFCKyA6Kao2dQCJ6hkmIEFA4grfLUqM0hS_DEysUkcA
x-li-proto
http/2
content-length
0
x-li-uuid
AAXp1sAYjdwG8/ghBNDY3g==
adsct
t.co/i/
43 B
377 B
Image
General
Full URL
https://t.co/i/adsct?bci=3&eci=2&event_id=29eb0524-2d62-449b-bf5d-0182488039e5&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=3ce79bdf-236d-4d6e-a7e6-9c1e7b93028d&tw_document_href=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nw4xr&type=javascript&version=2.3.27
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-response-time
104
date
Thu, 29 Sep 2022 20:30:37 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
e4c3f85f208c816f
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
4d1888129f46e4e7e8e23b3c33261c8d3ac2711759ba333ff8408251dbd5aa88
content-length
43
adsct
analytics.twitter.com/i/
43 B
395 B
Image
General
Full URL
https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=29eb0524-2d62-449b-bf5d-0182488039e5&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=3ce79bdf-236d-4d6e-a7e6-9c1e7b93028d&tw_document_href=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nw4xr&type=javascript&version=2.3.27
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.67 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-response-time
104
date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
d92137fe63cb0c44
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
8454c88969d3be50fdf3e446f6b1bf644e4f8f2c20f3bd31c4ddbdc1bb0ee744
content-length
43
/
www.google.com/pagead/1p-user-list/903108792/
42 B
548 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/903108792/?random=1664483438305&cv=9&fst=1664481600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9s0&sendb=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&async=1&fmt=3&is_vtc=1&random=1315459370&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:38 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/903108792/
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/903108792/?random=1664483438305&cv=9&fst=1664481600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9s0&sendb=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&async=1&fmt=3&is_vtc=1&random=1315459370&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:38 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/952414179/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/952414179/?random=1664483438304&cv=9&fst=1664481600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9s0&sendb=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&async=1&fmt=3&is_vtc=1&random=2032165001&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:38 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/952414179/
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/952414179/?random=1664483438304&cv=9&fst=1664481600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9s0&sendb=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&async=1&fmt=3&is_vtc=1&random=2032165001&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:38 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/1070386004/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/1070386004/?random=1664483438301&cv=9&fst=1664481600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9s0&sendb=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&async=1&fmt=3&is_vtc=1&random=3838534468&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:38 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1070386004/
42 B
548 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/1070386004/?random=1664483438301&cv=9&fst=1664481600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9s0&sendb=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&async=1&fmt=3&is_vtc=1&random=3838534468&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:38 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/
0
204 B
Image
General
Full URL
https://www.facebook.com/tr/?id=232919347190734&ev=PageView&dl=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&rl=&if=false&ts=1664483438464&sw=1600&sh=1200&v=2.9.84&r=stable&ec=0&o=29&fbp=fb.1.1664483438463.1686417716&it=1664483438232&coo=false&rqm=GET
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 29 Sep 2022 20:30:38 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.6.1/fonts/
69 KB
70 KB
Font
General
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/fonts/fontawesome-webfont.woff2?v=4.6.1
Requested by
Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3ebb498192527b985939ae62cc4e5eb5c108efc1896184126b45d866868e73d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
632, 617, 617, 617
age
18719802
cdn-cachedat
2021-06-08 21:26:23
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
70728
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
server
cloudflare
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
03933867305e4184d821185b6a3b9fc6
accept-ranges
bytes
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
75277a5349f19b4c-FRA
cdn-requestpullsuccess
True
/
disqus.com/embed/comments/ Frame 9C32
7 KB
4 KB
Document
General
Full URL
https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
Requested by
Host: logrhythm-com.disqus.com
URL: https://logrhythm-com.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
622953ae78983932c796e1a15b7b63aec70c0fcb05456f165bd3f5edae978f70
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
0
Cache-Control
stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
Connection
keep-alive
Content-Encoding
gzip
Content-Length
2910
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type
text/html; charset=utf-8
Cross-Origin-Resource-Policy
cross-origin
Date
Thu, 29 Sep 2022 20:30:38 GMT
ETag
W/"lounge:view:7945976954.5332c4969d76fb5f0a7aa5e3862a6ffe.2"
Last-Modified
Wed, 21 Sep 2022 15:32:29 GMT
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Referrer-Policy
no-referrer-when-downgrade
Server
nginx
Strict-Transport-Security
max-age=300; includeSubdomains
Timing-Allow-Origin
*
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
pro-fa-regular-400-50c900.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/
33 KB
33 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-regular-400-50c900.woff2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ca2202520f3f78cba73015daef158992ab312f08b80ad683a37d37abc7aa278

Request headers

Referer
https://logrhythm.com/
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
cf-cache-status
HIT
last-modified
Tue, 30 Aug 2022 16:15:03 GMT
server
cloudflare
age
305972
etag
"630e3787-83b8"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
75277a533ad0bbbb-FRA
content-length
33720
pro-fa-brands-400-90d968.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/
42 KB
43 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-brands-400-90d968.woff2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4929f4afa91d468ab332ef629d7d5027495755ab17b415168f233cd203fe01b

Request headers

Referer
https://logrhythm.com/
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
cf-cache-status
HIT
last-modified
Tue, 30 Aug 2022 16:15:00 GMT
server
cloudflare
age
341743
etag
"630e3784-a9b0"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
75277a534adabbbb-FRA
content-length
43440
pro-fa-brands-400-9b80fe.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/
44 KB
45 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-brands-400-9b80fe.woff2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ffce383d7ddb41f6f1b477f56f64ac57a8a0ed1ef0d2aa468fcd8a25ac142b3

Request headers

Referer
https://logrhythm.com/
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
cf-cache-status
HIT
last-modified
Tue, 30 Aug 2022 16:15:00 GMT
server
cloudflare
age
341743
etag
"630e3784-b180"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
75277a534ae3bbbb-FRA
content-length
45440
pro-fa-duotone-900-d5bbe9.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/
32 KB
32 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-duotone-900-d5bbe9.woff2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91d9d0f15f67f3359a0d7b18859e12a9e25eba28037866c7e15ef3c79cb7ff2a

Request headers

Referer
https://logrhythm.com/
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
cf-cache-status
HIT
last-modified
Tue, 30 Aug 2022 16:15:01 GMT
server
cloudflare
age
305972
etag
"630e3785-7e38"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
75277a534ae6bbbb-FRA
content-length
32312
pro-fa-duotone-900-e41116.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/
26 KB
26 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-duotone-900-e41116.woff2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96ea9adaf2c4700dc967e308957a65abe16c4b77a787a017442789580e0627b9

Request headers

Referer
https://logrhythm.com/
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
cf-cache-status
HIT
last-modified
Tue, 30 Aug 2022 16:15:02 GMT
server
cloudflare
age
305972
etag
"630e3786-663c"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
75277a534aeebbbb-FRA
content-length
26172
pro-fa-solid-900-d85a6c.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/
26 KB
27 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-solid-900-d85a6c.woff2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a77c3961342c53443c7b470aa1c6c48d0062115a930eb843de40a1696fce683

Request headers

Referer
https://logrhythm.com/
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
cf-cache-status
HIT
last-modified
Tue, 30 Aug 2022 16:15:05 GMT
server
cloudflare
age
305972
etag
"630e3789-69b0"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
75277a534af1bbbb-FRA
content-length
27056
pro-fa-light-300-d5bbe9.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/
31 KB
31 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-light-300-d5bbe9.woff2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc3c056f0c924ef1309d9c51c581071e702d17236e488e63a684f5609820412d

Request headers

Referer
https://logrhythm.com/
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
cf-cache-status
HIT
last-modified
Tue, 30 Aug 2022 16:15:03 GMT
server
cloudflare
age
139189
etag
"630e3787-7d60"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
75277a534af2bbbb-FRA
content-length
32096
kit-upload.woff2
kit.fontawesome.com/2f1bae2942/46107999/
1 KB
1 KB
Font
General
Full URL
https://kit.fontawesome.com/2f1bae2942/46107999/kit-upload.woff2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70c37c5c69aafdf96bdb24968e981ec29eb4425dddae28b48b99e4f2cd3d570a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://logrhythm.com/
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
strict-transport-security
max-age=31536000; preload
cf-cache-status
HIT
age
433879
content-length
1132
x-request-id
FxfkQe4GJBYUeu14ihFC
server
cloudflare
etag
aa753db54e32fe77fb869f7a248f604e
access-control-max-age
3000
access-control-allow-methods
GET, OPTIONS
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926, public, must-revalidate
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
accept-ranges
bytes
cf-ray
75277a534af4bbbb-FRA
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
pro-fa-solid-900-ca12ba.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/
28 KB
28 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-solid-900-ca12ba.woff2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
609ddde20d5061b1d72e72b510a96fddae68a66f7310fc8dde8538068252bee1

Request headers

Referer
https://logrhythm.com/
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
cf-cache-status
HIT
last-modified
Tue, 30 Aug 2022 16:15:05 GMT
server
cloudflare
age
305972
etag
"630e3789-7014"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
75277a534b01bbbb-FRA
content-length
28692
pro-fa-solid-900-1e5361.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/
25 KB
26 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-solid-900-1e5361.woff2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1e0586a5e9a737b2a97b328305d1a8c0e5f4d1b37f88fd6fe2daf8bb530ef29

Request headers

Referer
https://logrhythm.com/
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
cf-cache-status
HIT
last-modified
Tue, 30 Aug 2022 16:15:04 GMT
server
cloudflare
age
433818
etag
"630e3788-65d8"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
75277a534b05bbbb-FRA
content-length
26072
pro-fa-solid-900-03c840.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/
26 KB
26 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-solid-900-03c840.woff2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e567f8a857cb3871c7f2a1c00ae73d85bedea2a79cdac80fba9562b88b0c577a

Request headers

Referer
https://logrhythm.com/
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
cf-cache-status
HIT
last-modified
Tue, 30 Aug 2022 16:15:04 GMT
server
cloudflare
age
305972
etag
"630e3788-66e4"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
75277a539c1dbbbb-FRA
content-length
26340
pro-fa-solid-900-3523ab.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/
26 KB
26 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-solid-900-3523ab.woff2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99e1c2ffcd21cbef5c62ee7e5a88e86a23c95d6faa7cc9e3569b5dd2ed82bae5

Request headers

Referer
https://logrhythm.com/
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
cf-cache-status
HIT
last-modified
Tue, 30 Aug 2022 16:15:04 GMT
server
cloudflare
age
305972
etag
"630e3788-6944"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
75277a539c29bbbb-FRA
content-length
26948
pro-fa-regular-400-043e6a.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/
31 KB
31 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-regular-400-043e6a.woff2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0dec5a438b5d39dd06963bf7d0dd86d62cafbabccfdb274255ae4a888798151

Request headers

Referer
https://logrhythm.com/
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
cf-cache-status
HIT
last-modified
Tue, 30 Aug 2022 16:15:03 GMT
server
cloudflare
age
433879
etag
"630e3787-7c20"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
75277a539c30bbbb-FRA
content-length
31776
pro-fa-brands-400-f6b769.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/
18 KB
18 KB
Font
General
Full URL
https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-brands-400-f6b769.woff2
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ad3dbb62196226b6214d8843acda08008cf431585dbfad30908e96dc05f47d1

Request headers

Referer
https://logrhythm.com/
Origin
https://logrhythm.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:38 GMT
cf-cache-status
HIT
last-modified
Tue, 30 Aug 2022 16:15:01 GMT
server
cloudflare
age
341743
etag
"630e3785-4808"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
75277a539c32bbbb-FRA
content-length
18440
munchkin.js
munchkin.marketo.net/162/
11 KB
5 KB
Script
General
Full URL
https://munchkin.marketo.net/162/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.237.4 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-237-4.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:38 GMT
Content-Encoding
gzip
Last-Modified
Fri, 01 Jul 2022 00:59:12 GMT
Server
AkamaiNetStorage
ETag
"75daf56f6191efe42577301908659c29:1656637152.894482"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type
application/x-javascript
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4677
Expires
Sat, 07 Jan 2023 20:30:38 GMT
lounge.load.6aea2f4e09ae30542b5dce5b45ef2326.js
c.disquscdn.com/next/embed/ Frame 9C32
958 B
1 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/lounge.load.6aea2f4e09ae30542b5dce5b45ef2326.js
Requested by
Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ae00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
38f41731eec750c022d3770ec606eece0195a9d02eb13a1206bb3771acd7d446
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
Origin
https://disqus.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-cache-hits
0
date
Fri, 16 Sep 2022 09:02:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 3092bdd288d2a449c56d11f2cf4a9b88.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
age
1164476
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
494
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Fri, 16 Sep 2022 08:34:41 GMT
server
nginx
etag
"63243521-1ee"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
timing-allow-origin
*
x-amz-cf-id
KU2u3iNP8RZSc_5r-P1oeO1MzuHjOQlJiVJuw27CpcmtgKCN--QSkA==
expires
Sat, 16 Sep 2023 09:02:42 GMT
common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
c.disquscdn.com/next/embed/ Frame 9C32
282 KB
93 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.6aea2f4e09ae30542b5dce5b45ef2326.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ae00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
64cee676a611b27aca955c5e227666f9d955682512ec25b982bd5e2f92eb61dd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-cache-hits
0
date
Tue, 19 Apr 2022 20:31:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 bafea69ec4368ee11760779ffcfbd4fc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
age
14083171
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
94755
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Tue, 19 Apr 2022 20:21:53 GMT
server
nginx
etag
"625f19e1-17223"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
timing-allow-origin
*
x-amz-cf-id
XiiRAjseQk_aV4toSD-h9IzUXNqYgg-ErEAynFw3OdeXrZUaCslpMQ==
expires
Wed, 19 Apr 2023 20:31:07 GMT
lounge.9772024640e1cec8d973cd80fb62abd8.css
c.disquscdn.com/next/embed/styles/ Frame 9C32
165 KB
26 KB
Stylesheet
General
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.9772024640e1cec8d973cd80fb62abd8.css
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ae00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
c43a8d413e5b24b174ce521baf90d23fd3ee9649b210ccc3847cb6943b2f28ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-cache-hits
0
date
Mon, 12 Sep 2022 19:34:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 bafea69ec4368ee11760779ffcfbd4fc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
age
1472189
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
26136
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Mon, 12 Sep 2022 19:13:42 GMT
server
nginx
etag
"631f84e6-6618"
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
timing-allow-origin
*
x-amz-cf-id
jOLJVJvsAZ2FehLF1NmAOTr_b9tK6n0X7l00feBM8nhl9NL1jnK5Tg==
expires
Tue, 12 Sep 2023 19:34:09 GMT
lounge.bundle.4a4252944de4199d2e7f3e9e3eb9bc54.js
c.disquscdn.com/next/embed/ Frame 9C32
480 KB
122 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.4a4252944de4199d2e7f3e9e3eb9bc54.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ae00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
68a742d714f6bfd07296aafa58b940878878848f93f2e7f8d0f2a13a68c1a326
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-cache-hits
0
date
Fri, 16 Sep 2022 09:02:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 bafea69ec4368ee11760779ffcfbd4fc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
age
1164476
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
123979
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Fri, 16 Sep 2022 08:34:41 GMT
server
nginx
etag
"63243521-1e44b"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
timing-allow-origin
*
x-amz-cf-id
OiDk5T-qp-5qefL69urPn2MoU6LwLbsxMHpJQf5iC9zxtddl0fd_Jg==
expires
Sat, 16 Sep 2023 09:02:42 GMT
config.js
disqus.com/next/ Frame 9C32
16 KB
17 KB
Script
General
Full URL
https://disqus.com/next/config.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b8cb70a5a0d21cf09927a4cdd2e51a51cc6889095de3f9d9ec3c1bcacb15c126
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:38 GMT
Strict-Transport-Security
max-age=300; includeSubdomains
X-Content-Type-Options
nosniff
Server
nginx
Age
26
X-Frame-Options
SAMEORIGIN
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
16366
X-XSS-Protection
1; mode=block
details
disqus.com/api/3.0/forums/ Frame 9C32
3 KB
4 KB
XHR
General
Full URL
https://disqus.com/api/3.0/forums/details?forum=logrhythm-com&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
def021776e339845a843e935849c7a6789108b40394ee21217287a703dfe181e
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:38 GMT
Strict-Transport-Security
max-age=300; includeSubdomains
X-Content-Type-Options
nosniff
Server
nginx
Age
0
X-Frame-Options
SAMEORIGIN
Vary
Origin, Cookie
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type
application/json
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
3583
X-XSS-Protection
1; mode=block
visitWebPage
050-uwt-888.mktoresp.com/webevents/
2 B
318 B
Ping
General
Full URL
https://050-uwt-888.mktoresp.com/webevents/visitWebPage?_mchNc=1664483438842&_mchCn=&_mchId=050-UWT-888&_mchTk=_mch-logrhythm.com-1664483438842-90806&_mchHo=logrhythm.com&_mchPo=&_mchRu=%2Fblog%2Fdeep-dive-into-plugx-malware%2F&_mchPc=https%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/162/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:39 GMT
Content-Encoding
gzip
Server
nginx/1.20.1
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
605d7f90-d012-4d20-a625-5bb82bf3be54
loadReactions
disqus.com/api/3.0/threadReactions/ Frame 9C32
931 B
1 KB
XHR
General
Full URL
https://disqus.com/api/3.0/threadReactions/loadReactions?thread=7945976954&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
39ea31b09d3b57e0009d5d59d6f64308b648682b78d9bd3223daac59018392bd
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:39 GMT
Strict-Transport-Security
max-age=300; includeSubdomains
X-Content-Type-Options
nosniff
Server
nginx
Age
0
X-Frame-Options
SAMEORIGIN
Vary
Origin, Cookie
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type
application/json
Cache-Control
stale-while-revalidate=30, max-age=60
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
931
X-XSS-Protection
1; mode=block
loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame 9C32
3 KB
3 KB
Image
General
Full URL
https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.9772024640e1cec8d973cd80fb62abd8.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ae00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://c.disquscdn.com/next/embed/styles/lounge.9772024640e1cec8d973cd80fb62abd8.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-cache-hits
0
date
Thu, 03 Feb 2022 04:58:07 GMT
via
1.1 bafea69ec4368ee11760779ffcfbd4fc.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
age
20619151
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
2971
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Wed, 26 Jan 2022 21:59:15 GMT
server
nginx
etag
"61f1c433-b9b"
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
wmvC7Tb5MgB8UXNhSQrxLU7yvUzKjJkVPSX0dYjZJBsSmfUkcpOB5g==
expires
Fri, 03 Feb 2023 04:58:07 GMT
sprite.ad630a07080a45451f139a7487853ff8.png
c.disquscdn.com/next/embed/assets/img/ Frame 9C32
2 KB
2 KB
Image
General
Full URL
https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.9772024640e1cec8d973cd80fb62abd8.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ae00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://c.disquscdn.com/next/embed/styles/lounge.9772024640e1cec8d973cd80fb62abd8.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-cache-hits
0
date
Tue, 20 Sep 2022 11:48:31 GMT
via
1.1 bafea69ec4368ee11760779ffcfbd4fc.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
age
808927
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
1763
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Fri, 16 Sep 2022 08:34:41 GMT
server
nginx
etag
"63243521-6e3"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
V_rtGNUw53A1QSlZX_RoVnYEMi_snha0afnPT6zCGHOBPS3JHjlZXQ==
expires
Wed, 20 Sep 2023 11:48:31 GMT
icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame 9C32
8 KB
8 KB
Font
General
Full URL
https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.9772024640e1cec8d973cd80fb62abd8.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ae00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://c.disquscdn.com/next/embed/styles/lounge.9772024640e1cec8d973cd80fb62abd8.css
Origin
https://disqus.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-cache-hits
0
date
Sun, 28 Aug 2022 00:45:29 GMT
via
1.1 3092bdd288d2a449c56d11f2cf4a9b88.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
age
2835909
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
7900
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Fri, 26 Aug 2022 22:07:42 GMT
server
nginx
etag
"6309442e-1edc"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
ivsty3sKjQoEfLIninnzs3BWFTCXfJrWO4zII41ozKSz0BlM3WkIRQ==
expires
Mon, 28 Aug 2023 00:45:29 GMT
event.gif
referrer.disqus.com/juggler/ Frame 9C32
43 B
339 B
Image
General
Full URL
https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&integration=wordpress%203.0.22&load_time=188&event=init_embed&thread=7945976954&forum=logrhythm-com&forum_id=6036216&imp=445usn91snuamo&thread_slug=take_a_deep_dive_into_plugx_malware&user_type=anon&referrer=&theme=next&dnt=0&tracking_enabled=0&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=false
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:39 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
website_forms
jukebox.pathfactory.com/api/public/v1/ Frame
0
0
Preflight
General
Full URL
https://jukebox.pathfactory.com/api/public/v1/website_forms?clientId=LB-72E778C0-10607&visitorUuid=&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.229.167.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-229-167-244.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://logrhythm.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin
https://logrhythm.com
access-control-expose-headers
access-control-max-age
7200
date
Thu, 29 Sep 2022 20:30:39 GMT
268.js
cdn-app.pathfactory.com/production/jukebox-lite/current/
159 KB
54 KB
Script
General
Full URL
https://cdn-app.pathfactory.com/production/jukebox-lite/current/268.js
Requested by
Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-99.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
48f0d6da0d3e054ef913556d3a1f3b9a5816a4314c2932397293a2be0e55957f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
date
Thu, 29 Sep 2022 01:45:13 GMT
last-modified
Wed, 28 Sep 2022 01:04:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
67527
etag
W/"f8beb658fe0e593a4d1f5718df136843"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
z1Z17D2KVL-ERI9gFDuQyNorq7dWmvw_TisMo3QYXNK50Fklm1WSaA==
689.js
cdn-app.pathfactory.com/production/jukebox-lite/current/
16 KB
6 KB
Script
General
Full URL
https://cdn-app.pathfactory.com/production/jukebox-lite/current/689.js
Requested by
Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-99.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
05ff91703fa482062b851d83b00e7663ef9d2001e01eaa126430e417d8e28aaa

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
date
Thu, 29 Sep 2022 01:45:13 GMT
last-modified
Wed, 28 Sep 2022 01:04:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
67527
etag
W/"c08943f25f0d30cb139fc315b9b5d615"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
ZerIhy1WHtpkqswUlvW-QmNUo3mjW0JKgiYgo7SXd1vJE_0vYzp8EA==
421.js
cdn-app.pathfactory.com/production/jukebox-lite/current/
65 KB
16 KB
Script
General
Full URL
https://cdn-app.pathfactory.com/production/jukebox-lite/current/421.js
Requested by
Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-99.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
053ca68ac9ca11b316cb8159df519a8d4bf7cb3208f1a462387c49a3e786972c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
date
Thu, 29 Sep 2022 01:45:13 GMT
last-modified
Wed, 28 Sep 2022 01:04:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
67527
etag
W/"5b7e50a6c9f58241e112c715584bfb4c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
W5dTslrRAjHcnFPkeb4-RgODs_rQjXOg6fYF7pGmKuwYWlGTZj-kyQ==
796.js
cdn-app.pathfactory.com/production/jukebox-lite/current/
109 KB
25 KB
Script
General
Full URL
https://cdn-app.pathfactory.com/production/jukebox-lite/current/796.js
Requested by
Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-99.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
68b13232ce19f26b9d8f703f553a099da5c7aade297a430aff9caa2bb61b0497

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 02:59:40 GMT
x-amz-version-id
null
content-encoding
gzip
last-modified
Wed, 28 Sep 2022 01:04:08 GMT
server
AmazonS3
via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
etag
W/"0b04be85436f36a9da57f375b753dc5e"
age
63060
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
uJCBiYNrB0d8HEflj7MGoA5kq7JHbqz34E1QH1x94EGcM2wDJuCNvg==
605.js
cdn-app.pathfactory.com/production/jukebox-lite/current/
3 KB
2 KB
Script
General
Full URL
https://cdn-app.pathfactory.com/production/jukebox-lite/current/605.js
Requested by
Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-99.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b1b7cad3662c797e3e91b18c0aceaf92bbcb53be6b0b1d1fa8d9ca55fbc76f36

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
date
Thu, 29 Sep 2022 01:45:13 GMT
last-modified
Wed, 28 Sep 2022 01:04:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
67527
etag
W/"1832a9b4ac200c1e1a1a68a20bd26cb6"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
1FdiMxiNkJWOiIGuHBZ_HsQqHVOiXcomy5BOcwn7Olu5W8IZpTeN3w==
website_forms
jukebox.pathfactory.com/api/public/v1/
0
686 B
XHR
General
Full URL
https://jukebox.pathfactory.com/api/public/v1/website_forms?clientId=LB-72E778C0-10607&visitorUuid=&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F
Requested by
Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.229.167.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-229-167-244.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
application/json

Response headers

x-runtime
0.014264
date
Thu, 29 Sep 2022 20:30:39 GMT
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
access-control-max-age
7200
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin
https://logrhythm.com
access-control-expose-headers
cache-control
no-cache
access-control-allow-credentials
true
vary
Origin
x-request-id
d726ff93-a7dd-48ff-999a-769517e4f5df
page_views
jukebox.pathfactory.com/api/public/v1/ Frame
0
0
Preflight
General
Full URL
https://jukebox.pathfactory.com/api/public/v1/page_views
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.229.167.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-229-167-244.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://logrhythm.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin
https://logrhythm.com
access-control-expose-headers
access-control-max-age
7200
date
Thu, 29 Sep 2022 20:30:39 GMT
page_views
jukebox.pathfactory.com/api/public/v1/
153 B
1 KB
XHR
General
Full URL
https://jukebox.pathfactory.com/api/public/v1/page_views
Requested by
Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.229.167.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-229-167-244.compute-1.amazonaws.com
Software
/
Resource Hash
ce324c8f6bf059709bc1b45517ff17e54c908a9ba44645629a3d5166749fcf90
Security Headers
Name Value
Content-Security-Policy
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 29 Sep 2022 20:30:39 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
content-encoding
gzip
x-request-id
1922e958-e58a-46f3-8757-c86dbba3f926
x-runtime
0.051841
referrer-policy
no-referrer-when-downgrade
etag
W/"ce324c8f6bf059709bc1b45517ff17e5"
access-control-max-age
7200
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://logrhythm.com
access-control-expose-headers
vary
Accept, Origin, Accept-Encoding
access-control-allow-credentials
true
cache-control
max-age=0, private, must-revalidate
upvote-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 9C32
8 KB
8 KB
Image
General
Full URL
https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/upvote-512x512.png
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ae00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-cache-hits
0
date
Thu, 29 Sep 2022 20:30:21 GMT
via
1.1 bafea69ec4368ee11760779ffcfbd4fc.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
age
18
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
8170
x-xss-protection
1; mode=block
x-served-by
static-web-1
last-modified
Thu, 29 Sep 2022 09:08:21 GMT
server
nginx
etag
"63356085-1fea"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300, public
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
_7oW1qqn50NPqeoj1rHSJb4wxtIZ43mfROdNROEht9LdCmnCyzGhEw==
expires
Thu, 29 Sep 2022 20:35:21 GMT
funny-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 9C32
9 KB
9 KB
Image
General
Full URL
https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/funny-512x512.png
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ae00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-cache-hits
0
date
Thu, 29 Sep 2022 20:27:44 GMT
via
1.1 bafea69ec4368ee11760779ffcfbd4fc.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
age
176
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
8883
x-xss-protection
1; mode=block
x-served-by
static-web-1
last-modified
Thu, 29 Sep 2022 09:08:21 GMT
server
nginx
etag
"63356085-22b3"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300, public
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
xa3_r2eMd9xaX5ENOyV5x3SRI6FdI-0XXTBDA-2WIadoNmGe42-Pkg==
expires
Thu, 29 Sep 2022 20:32:43 GMT
love-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 9C32
12 KB
12 KB
Image
General
Full URL
https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/love-512x512.png
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ae00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-cache-hits
0
date
Thu, 29 Sep 2022 20:27:31 GMT
via
1.1 bafea69ec4368ee11760779ffcfbd4fc.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
age
188
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
11910
x-xss-protection
1; mode=block
x-served-by
static-web-1
last-modified
Thu, 29 Sep 2022 09:08:21 GMT
server
nginx
etag
"63356085-2e86"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300, public
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
HcQ0gKksJFJFbk1RL8OlC945RwhV0UUdLagjECoH9LJWhDP7K_iPWA==
expires
Thu, 29 Sep 2022 20:32:31 GMT
surprised-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 9C32
7 KB
8 KB
Image
General
Full URL
https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/surprised-512x512.png
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:ae00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
4e14ce1bd0d4433eee84cbb16196a7a051126f07af888ef7f9d252120f32f907
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-cache-hits
0
date
Thu, 29 Sep 2022 20:27:48 GMT
via
1.1 bafea69ec4368ee11760779ffcfbd4fc.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P3
age
172
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
7308
x-xss-protection
1; mode=block
x-served-by
static-web-2
last-modified
Thu, 29 Sep 2022 09:08:21 GMT
server
nginx
etag
"63356085-1c8c"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300, public
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
SN2EctJJp3_QQQr9TyNOor4gBthJGkO50IbOoJvrUJjOR1srnKgQdQ==
expires
Thu, 29 Sep 2022 20:32:47 GMT
forms2.css
ecrm.logrhythm.com/js/forms2/css/
13 KB
3 KB
Stylesheet
General
Full URL
https://ecrm.logrhythm.com/js/forms2/css/forms2.css
Requested by
Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.73.206 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:39 GMT
strict-transport-security
max-age=63072000;
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
73
content-length
2623
last-modified
Tue, 16 Aug 2022 18:54:37 GMT
server
cloudflare
etag
"808ff-3437-5e66047a81540"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
75277a56baf59025-FRA
expires
Fri, 30 Sep 2022 00:30:39 GMT
forms2-theme-simple.css
ecrm.logrhythm.com/js/forms2/css/
826 B
326 B
Stylesheet
General
Full URL
https://ecrm.logrhythm.com/js/forms2/css/forms2-theme-simple.css
Requested by
Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.73.206 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:39 GMT
strict-transport-security
max-age=63072000;
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
73
content-length
242
last-modified
Tue, 16 Aug 2022 18:54:37 GMT
server
cloudflare
etag
"808fe-33a-5e66047a81540"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
75277a56baf89025-FRA
expires
Fri, 30 Sep 2022 00:30:39 GMT
getKnownLead
ecrm.logrhythm.com/index.php/form/
49 B
137 B
Script
General
Full URL
https://ecrm.logrhythm.com/index.php/form/getKnownLead?form=1920&lpId=&munchkinId=050-UWT-888&filledFields=true&_mkt_trk=id%3A050-UWT-888%26token%3A_mch-logrhythm.com-1664483438842-90806&callback=jQuery112407394818664844129_1664483437954&_=1664483437956
Requested by
Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.73.206 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
23462d1c7d29e485c3b57d19a7cf049bf8f941a6e1e506c4974060cf290e94ee
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:39 GMT
strict-transport-security
max-age=63072000;
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
server
cloudflare
content-type
application/javascript; charset=utf-8
cf-ray
75277a56bafc9025-FRA
getForm
ecrm.logrhythm.com/index.php/form/
6 KB
2 KB
Script
General
Full URL
https://ecrm.logrhythm.com/index.php/form/getForm?munchkinId=050-UWT-888&form=1920&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&callback=jQuery112407394818664844129_1664483437954&_=1664483437957
Requested by
Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.73.206 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c403d4fc6b90ad93d6edfa7ffc0dbe243e9bd0752aa4539ee0942a7621568c1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:39 GMT
content-encoding
gzip
server
cloudflare
cf-ray
75277a5a2afc9025-FRA
cached
true
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
XDFrame
ecrm.logrhythm.com/index.php/form/ Frame F729
2 KB
736 B
Document
General
Full URL
https://ecrm.logrhythm.com/index.php/form/XDFrame
Requested by
Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.73.206 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a664bb15e3ef71f68c86f06d043539ac34c7797563ce54b5a6fd0b1b14fd1ea6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=3600
cf-cache-status
DYNAMIC
cf-ray
75277a5a3b2a9025-FRA
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Thu, 29 Sep 2022 20:30:39 GMT
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
admin-ajax.php
logrhythm.com/wp-admin/
67 B
4 KB
XHR
General
Full URL
https://logrhythm.com/wp-admin/admin-ajax.php?action=marketo_prefill&_mkto_trk=id%3A050-UWT-888%26token%3A_mch-logrhythm.com-1664483438842-90806
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / WP Engine
Resource Hash
15a0a0336534b4a80bc7815e964fb079e03f73c8aefa8f188f18f9199ecde1d3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-pass-why
wp-admin
date
Thu, 29 Sep 2022 20:30:40 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
x-cacheable
NO:Passed
cf-cache-status
DYNAMIC
content-encoding
br
x-powered-by
WP Engine
x-cache
MISS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
cloudflare
vary
Accept-Encoding, X-NR-SAMPLE-PERCENT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
cache-control
max-age=0, must-revalidate, private
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
x-robots-tag
noindex
cf-ray
75277a5a492abba1-FRA
expires
Wed, 11 Jan 1984 05:00:00 GMT
getKnownLead
ecrm.logrhythm.com/index.php/form/
49 B
151 B
Script
General
Full URL
https://ecrm.logrhythm.com/index.php/form/getKnownLead?form=1920&lpId=&munchkinId=050-UWT-888&filledFields=true&_mkt_trk=id%3A050-UWT-888%26token%3A_mch-logrhythm.com-1664483438842-90806&callback=jQuery112407394818664844129_1664483437954&_=1664483437958
Requested by
Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.73.206 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
23462d1c7d29e485c3b57d19a7cf049bf8f941a6e1e506c4974060cf290e94ee
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:40 GMT
strict-transport-security
max-age=63072000;
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
server
cloudflare
content-type
application/javascript; charset=utf-8
cf-ray
75277a5acc809025-FRA
forms2.min.js
ecrm.logrhythm.com/js/forms2/js/ Frame F729
208 KB
69 KB
Script
General
Full URL
https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js
Requested by
Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/index.php/form/XDFrame
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.73.206 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ecrm.logrhythm.com/index.php/form/XDFrame
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:39 GMT
strict-transport-security
max-age=63072000;
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Sep 2022 03:44:48 GMT
server
cloudflare
cf-cache-status
HIT
age
6261
etag
"16324c-33e51-5e94fffe29b0b"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=14400
cf-ray
75277a5b4dbb9025-FRA
expires
Fri, 30 Sep 2022 00:30:39 GMT
insent
logrhythm.widget.insent.ai/
79 KB
23 KB
Script
General
Full URL
https://logrhythm.widget.insent.ai/insent
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:d800:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dc7d3d9942743ea9e256820bb1a9b64fa310944e09a70b66b2de29c246c0d586

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id
UWBsgtSaCUEPXAwaM0lkoBBKaCykwQMB
content-encoding
gzip
via
1.1 9c920cc684a38b53bc9c7a44ba794874.cloudfront.net (CloudFront)
date
Thu, 29 Sep 2022 19:50:46 GMT
last-modified
Sun, 18 Sep 2022 03:41:32 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
age
2401
etag
"1304a29b0fb86034147d522f9613d113"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
binary/octet-stream
content-length
22861
x-amz-cf-id
r_7sMOjTVpCHbRgDjgHtF02MX_ysB4c20isPd4mR_Jok8aPzmvZooA==
admin-ajax.php
logrhythm.com/wp-admin/
67 B
4 KB
XHR
General
Full URL
https://logrhythm.com/wp-admin/admin-ajax.php?action=marketo_prefill&_mkto_trk=id%3A050-UWT-888%26token%3A_mch-logrhythm.com-1664483438842-90806
Requested by
Host: logrhythm.com
URL: https://logrhythm.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / WP Engine
Resource Hash
3db6a6df9ab435e43eccb6a66377e5c8c13011d34c23e00417d8874746fb05b9
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-pass-why
wp-admin
date
Thu, 29 Sep 2022 20:30:40 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
x-cacheable
NO:Passed
cf-cache-status
DYNAMIC
content-encoding
br
x-powered-by
WP Engine
x-cache
MISS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
cloudflare
vary
Accept-Encoding, X-NR-SAMPLE-PERCENT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
cache-control
max-age=0, must-revalidate, private
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
x-robots-tag
noindex
cf-ray
75277a5dfc15bba1-FRA
expires
Wed, 11 Jan 1984 05:00:00 GMT
/
logrhythm.widget.insent.ai/ Frame 2A13
3 KB
2 KB
Document
General
Full URL
https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=cCmpTdR6O2V5tmT&marketo_cookies=[%22_mch-logrhythm.com-1664483438842-90806%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Requested by
Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/insent
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:d800:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b9e47d69d676caa317d1f363d2f8b0738190f8ff20b63e8785d7b042fdc04a8a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1010922
cache-control
max-age=31536000
content-encoding
gzip
content-type
text/html
date
Sun, 18 Sep 2022 03:41:59 GMT
etag
W/"eea75ef925622e1167b0d9b4954b912b"
last-modified
Sun, 18 Sep 2022 03:41:35 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 9c920cc684a38b53bc9c7a44ba794874.cloudfront.net (CloudFront)
x-amz-cf-id
PyxwLSC3gEaMItoaG02aX_eg1nNi1qMYrJ9zFlV31vbB3FPPp-_SaQ==
x-amz-cf-pop
FRA60-P4
x-amz-version-id
1E8NQBLsmaokM5JnHsrL5cuXUjOz6Qm.
x-cache
Error from cloudfront
env.js
logrhythm.widget.insent.ai/ Frame 2A13
378 B
746 B
Script
General
Full URL
https://logrhythm.widget.insent.ai/env.js
Requested by
Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=cCmpTdR6O2V5tmT&marketo_cookies=[%22_mch-logrhythm.com-1664483438842-90806%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:d800:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
89a36badc95907fd50278438a72934c399417a57418c19e6a3720750df9f40c9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=cCmpTdR6O2V5tmT&marketo_cookies=[%22_mch-logrhythm.com-1664483438842-90806%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id
7l0DNtUH75hgZ0ODtYgwUTux2BGbJfgS
date
Thu, 29 Sep 2022 19:50:52 GMT
via
1.1 9c920cc684a38b53bc9c7a44ba794874.cloudfront.net (CloudFront)
last-modified
Mon, 28 Mar 2022 10:28:10 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
age
2392
etag
"e711f85de9dc5aa30577052ddc69b53b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
content-length
378
x-amz-cf-id
uxMI6VSrj2-TpUeC_IZf6sV-ojOMBIgfi19w98P63K-qVTF4jJwpWQ==
pusher.min.js
js.pusher.com/6.0/ Frame 2A13
64 KB
18 KB
Script
General
Full URL
https://js.pusher.com/6.0/pusher.min.js
Requested by
Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=cCmpTdR6O2V5tmT&marketo_cookies=[%22_mch-logrhythm.com-1664483438842-90806%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.213.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-213-67.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d9f69c562fa39d1b002af05da1c6b99247e69c14a48e67b35d8a8b0efd739128

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.widget.insent.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Fri, 23 Sep 2022 04:01:15 GMT
content-encoding
gzip
via
1.1 474733f16f494ddb794b4f7dfd7de966.cloudfront.net (CloudFront)
last-modified
Thu, 14 May 2020 14:40:27 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P3
age
577807
etag
W/"ba16a869e0473ee0ff7636f71e340c60"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
x-cache
Hit from cloudfront
cache-control
max-age=2592000
x-amz-cf-id
DMHdzMn4TXjNf5o93eJ1LM2-JDiJinL9SmVvxBu1LsTYOzccudhN6g==
vendors.f8bcf3b7.js
logrhythm.widget.insent.ai/static/js/ Frame 2A13
1 MB
350 KB
Script
General
Full URL
https://logrhythm.widget.insent.ai/static/js/vendors.f8bcf3b7.js
Requested by
Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=cCmpTdR6O2V5tmT&marketo_cookies=[%22_mch-logrhythm.com-1664483438842-90806%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:d800:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9e2023898adb5547a6906ffadf47d31e35f5102ad38808692441b9d4b3a01482

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=cCmpTdR6O2V5tmT&marketo_cookies=[%22_mch-logrhythm.com-1664483438842-90806%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 18 Sep 2022 03:42:02 GMT
content-encoding
gzip
via
1.1 9c920cc684a38b53bc9c7a44ba794874.cloudfront.net (CloudFront)
x-amz-version-id
haAiiIiR9ZddBhAMDzVXne5n.fWvWTr4
last-modified
Sun, 18 Sep 2022 03:41:35 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
age
1010919
etag
W/"a31e16fc4204218b28bc60265dbe7ab3"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=31536000
x-amz-cf-id
lEtcJuxy-QMpUXuwTOViQNf8bg4n2QhfyXGajzkhungqJyswkm43gw==
commons.bb9c1912.js
logrhythm.widget.insent.ai/static/js/ Frame 2A13
209 KB
56 KB
Script
General
Full URL
https://logrhythm.widget.insent.ai/static/js/commons.bb9c1912.js
Requested by
Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=cCmpTdR6O2V5tmT&marketo_cookies=[%22_mch-logrhythm.com-1664483438842-90806%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:d800:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
08a26d1e0ccf53b7c589b5629ff34578193d4f8c43a25f176180e7237803bf1a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=cCmpTdR6O2V5tmT&marketo_cookies=[%22_mch-logrhythm.com-1664483438842-90806%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 18 Sep 2022 03:42:02 GMT
content-encoding
gzip
via
1.1 9c920cc684a38b53bc9c7a44ba794874.cloudfront.net (CloudFront)
x-amz-version-id
dewzPh3E08LhzeOLMbj4TtUBnqhR0vsX
last-modified
Sun, 18 Sep 2022 03:41:35 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
age
1010919
etag
W/"7936e152613a372d5367072d3e004050"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=31536000
x-amz-cf-id
KE4hOZyYITkokKMPcuoT-TDs50VSZW6Nh8kgOnoa1MB0hyH01H9OoA==
reduxComponents.be024c74.js
logrhythm.widget.insent.ai/static/js/ Frame 2A13
50 KB
12 KB
Script
General
Full URL
https://logrhythm.widget.insent.ai/static/js/reduxComponents.be024c74.js
Requested by
Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=cCmpTdR6O2V5tmT&marketo_cookies=[%22_mch-logrhythm.com-1664483438842-90806%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:d800:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f26f86b768b8f10ca0f4d2e808f4c29c343cdd464b062c514709fd14b5c7675a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=cCmpTdR6O2V5tmT&marketo_cookies=[%22_mch-logrhythm.com-1664483438842-90806%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 18 Sep 2022 03:42:02 GMT
content-encoding
gzip
via
1.1 9c920cc684a38b53bc9c7a44ba794874.cloudfront.net (CloudFront)
x-amz-version-id
PBPnfK5JRTbpNgKZmv0uOaLgMsGY0KOH
last-modified
Sun, 18 Sep 2022 03:41:35 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
age
1010919
etag
W/"fe0cd0830212d1e2bd6956b3d59842a7"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=31536000
x-amz-cf-id
d-3mYYQz9d37IOFIquJ9tBJPehvnITZx7CSuoDFRRcUm2IjuEnefVg==
main.28ee7744.chunk.js
logrhythm.widget.insent.ai/static/js/ Frame 2A13
112 KB
28 KB
Script
General
Full URL
https://logrhythm.widget.insent.ai/static/js/main.28ee7744.chunk.js
Requested by
Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=cCmpTdR6O2V5tmT&marketo_cookies=[%22_mch-logrhythm.com-1664483438842-90806%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:d800:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
eda7e9c18b84b3893e4244b65b2c9d6d857e629dfe4459c3ecbd1e813137d43b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=cCmpTdR6O2V5tmT&marketo_cookies=[%22_mch-logrhythm.com-1664483438842-90806%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 18 Sep 2022 03:41:59 GMT
content-encoding
gzip
via
1.1 9c920cc684a38b53bc9c7a44ba794874.cloudfront.net (CloudFront)
x-amz-version-id
PAf7drtdyoX0FT6vxswRxoClJCoO1FlP
last-modified
Sun, 18 Sep 2022 03:41:35 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
age
1010922
etag
W/"88c87d26fe961e217a658762cb699dc7"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=31536000
x-amz-cf-id
eBnYj2jMkOJx2TSOpeqHtkV_8Z_0y0hgZdyhoF8Zuct3q1hl0dG3yQ==
english.json
logrhythm.widget.insent.ai/ Frame 2A13
6 KB
2 KB
XHR
General
Full URL
https://logrhythm.widget.insent.ai/english.json
Requested by
Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/static/js/vendors.f8bcf3b7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:d800:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
156d6aa105478b20d8942963436e8dfd7fb6a76c7767c27fd08827c24c5c7c0c

Request headers

Accept
application/json, text/plain, */*
Cache-Control
max-age=31536000
Referer
https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=cCmpTdR6O2V5tmT&marketo_cookies=[%22_mch-logrhythm.com-1664483438842-90806%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 18 Sep 2022 03:42:06 GMT
content-encoding
gzip
via
1.1 9c920cc684a38b53bc9c7a44ba794874.cloudfront.net (CloudFront)
x-amz-version-id
GVsffcJFvoW_1buO0ogVC8b6.dzQ_mfQ
last-modified
Sun, 18 Sep 2022 03:41:33 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
age
1010915
etag
W/"e519d8608767e738a0724810cbf546c9"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
cache-control
max-age=31536000
x-amz-cf-id
lY2l1P1YHJ500kYvIm3mPqB917k4Z0wf5Ng2B5sLJr3T5Ht7EdcdEw==
getuser
logrhythm.widget.insent.ai/ Frame 2A13
1 KB
1 KB
XHR
General
Full URL
https://logrhythm.widget.insent.ai/getuser?url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F
Requested by
Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/static/js/vendors.f8bcf3b7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:d800:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
1eed80ad84d568da365294179c93d07a9b44eb0d907afb30b77fdf3565be6adc
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
marketoCookies
["_mch-logrhythm.com-1664483438842-90806"]
Referer
https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=cCmpTdR6O2V5tmT&marketo_cookies=[%22_mch-logrhythm.com-1664483438842-90806%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
accept-language
de-DE,de;q=0.9
Authorization
Bearer eCHZJAVbbvK7Q39sF6oo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:42 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
via
1.1 9c920cc684a38b53bc9c7a44ba794874.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P4
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
apigw-requestid
ZPUBtgltCYcEMZQ=
x-xss-protection
1; mode=block
etag
W/"4c0-vhgU0K5lABMiOLVZxm70RJRj7Sc"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
x-amz-cf-id
KsdQm0R9E5XjgAfhGmpMddFZKkPmjIvMSKGj6V672l9OnF03IK3wfw==
logo-logrhythm-1657126227445
attachments.insent.ai/logrhythm/ Frame 2A13
48 KB
49 KB
Image
General
Full URL
https://attachments.insent.ai/logrhythm/logo-logrhythm-1657126227445?1657126227539
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:c000:d:ed29:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d4f4d52cfda3e0e099e88af5c322a704352db9b322cb6b9cfef5b480a1b9d175

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.widget.insent.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id
sfeZrNLqb4gIiwm5N9rLdUjzi29G0w89
date
Thu, 29 Sep 2022 06:40:27 GMT
via
1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
last-modified
Wed, 06 Jul 2022 16:50:28 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P6
age
49816
x-amz-server-side-encryption
AES256
etag
"3d0923f7b3d6f404d6f98e30984ecaa7"
x-cache
Hit from cloudfront
content-type
application/octet-stream
accept-ranges
bytes
content-length
49214
x-amz-cf-id
xrMLeWiMkn7bueAMgr3_hos0MvmEG87UuXMN1FLB2ffYYola9JwF9w==
close.ec75d473.svg
logrhythm.widget.insent.ai/static/media/ Frame 2A13
340 B
710 B
Image
General
Full URL
https://logrhythm.widget.insent.ai/static/media/close.ec75d473.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:d800:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
825b6e088ed40f0fb6b08608d52992bd7641b9ec0065c97ac6c957c7991a3d48

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=cCmpTdR6O2V5tmT&marketo_cookies=[%22_mch-logrhythm.com-1664483438842-90806%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 18 Sep 2022 03:41:47 GMT
x-amz-version-id
oAWPpC9pDNHVjMv5knT9jSidt58cPcAW
via
1.1 9c920cc684a38b53bc9c7a44ba794874.cloudfront.net (CloudFront)
last-modified
Sun, 18 Sep 2022 03:41:35 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
age
1010937
etag
"28a1e152bc15dc1dba7aeb152b263167"
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
max-age=31536000
content-length
340
x-amz-cf-id
9Y49NuOgisH7NXD_OzYcGUn84mmF_yJDhSPt_EoEkrfR5hZEsFPUeA==
Rubik.woff2
logrhythm.widget.insent.ai/ Frame 2A13
33 KB
33 KB
Font
General
Full URL
https://logrhythm.widget.insent.ai/Rubik.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:d800:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
815772b443b23ef0ef0929fd6305b13cae6a6345c7d55613a9d8d03e2f9efdb8

Request headers

Referer
https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=cCmpTdR6O2V5tmT&marketo_cookies=[%22_mch-logrhythm.com-1664483438842-90806%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Origin
https://logrhythm.widget.insent.ai
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 18 Sep 2022 03:41:47 GMT
x-amz-version-id
MmJsnNqHLbO1hr4h6h3GXwhu7CvAtest
via
1.1 9c920cc684a38b53bc9c7a44ba794874.cloudfront.net (CloudFront)
last-modified
Sun, 18 Sep 2022 03:41:35 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
age
1010937
etag
"39bafb777ff83e2b3520d39f9d01ed95"
x-cache
Hit from cloudfront
content-type
font/woff2
cache-control
max-age=31536000
content-length
33620
x-amz-cf-id
yRgdN_PDhuOjXCwLfFm62kXsOys6GDJsZiwsYawvPO7RxuLY6lYkzw==
definite.9606d071.wav
logrhythm.widget.insent.ai/static/media/ Frame 2A13
86 KB
86 KB
Media
General
Full URL
https://logrhythm.widget.insent.ai/static/media/definite.9606d071.wav
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:d800:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4c33f4e9f6ff8978c0c2f06d93068909edb0e7b7867915e548492ba0ee266f03

Request headers

Referer
https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=cCmpTdR6O2V5tmT&marketo_cookies=[%22_mch-logrhythm.com-1664483438842-90806%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Range
bytes=0-

Response headers

date
Sun, 18 Sep 2022 03:42:41 GMT
x-amz-version-id
DszuFbIQGjKAlGg3U9Dcz3Y3tEBCwTZy
via
1.1 9c920cc684a38b53bc9c7a44ba794874.cloudfront.net (CloudFront)
last-modified
Sun, 18 Sep 2022 03:41:35 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
age
1010883
etag
"3d648870caaca84fd9f81e0b0bba3d48"
x-cache
Hit from cloudfront
content-type
audio/x-wav
Content-Range
bytes 0-87675/87676
cache-control
max-age=31536000
x-amz-cf-id
b3KPBuulCtAZdToyW0QMoamxjiqVCFVZ1QCRl7wspzpn20II5WAWMA==
Content-Length
87676

Verdicts & Comments Add Verdict or Comment

114 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation undefined| $ function| jQuery object| MktoForms2 object| Modernizr object| dataLayer boolean| is_root object| embedVars string| disqus_url string| disqus_identifier string| disqus_container_id string| disqus_shortname string| disqus_title undefined| disqus_config_custom function| disqus_config object| tribe_l10n_datatables function| Waypoint object| google_tag_manager object| google_tag_data string| _linkedin_data_partner_id function| twq function| fbq function| _fbq function| handleJukeboxDispatchedEventsIPoverlay function| lbhq object| t object| s string| insentCompanyDomain string| insentProjectName string| insentProjectKey object| insent string| GoogleAnalyticsObject function| ga object| countVars function| themo_support_mobile_navigation function| themo_is_touch_device function| themo_no_transparent_header_for_mobile function| themo_start_scrollup boolean| nice object| app_localized function| readCookie object| webpackJsonpPFJukebox object| Arrive object| gaplugins object| gaGlobal object| gaData object| FontAwesomeKitConfig function| onYouTubeIframeAPIReady function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO boolean| jukeboxInitialized function| themo_start_flex_slider function| themo_active_lightbox object| addComment function| jQueryBridget function| EvEmitter function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Isotope function| Masonry function| imagesLoaded function| Headhesive function| retinajs object| retina object| moove_frontend_gdpr_scripts function| postscribe function| gdpr_lightbox string| gdpr_consent__strict string| gdpr_consent__thirdparty string| gdpr_consent__advanced string| gdpr_consent__cookies object| DISQUS function| lintrk boolean| _already_called_lintrk object| regeneratorRuntime object| twttr object| DISQUSWIDGETS undefined| disqus_domain function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin object| MunchkinTracker function| addCaptchaScript object| jQuery112407394818664844129 object| currentMktoFrm number| $mobileAdminBar boolean| isSessionActive boolean| isInsentUserWindowActive boolean| insentPauseUrlCheckInterval number| checkCookiesIntervalId string| insentPageUrl number| insentUrlChangeIntervalId string| eventListenerName string| insentUserId string| insentPageSessionId function| arrive function| unbindArrive function| leave function| unbindLeave

19 Cookies

Domain/Path Name / Value
.ecrm.logrhythm.com/ Name: __cf_bm
Value: C7LLpc1Q12Gg12g3.Qpxpc7tJ57BlINGS7EL3iCTtvE-1664483437-0-AZQUFzSJn7lTIlbzL5gJ4h7Hk3l+jyE6zaTYefsT2tfxE6Ktz/XBiJG+AzrWSnLu6Ejk0+1clya0H8zR9di2BqI=
.logrhythm.com/ Name: _gcl_au
Value: 1.1.718910051.1664483438
.logrhythm.com/ Name: _gid
Value: GA1.2.99916755.1664483438
.logrhythm.com/ Name: _dc_gtm_UA-3420049-1
Value: 1
.logrhythm.com/ Name: _ga
Value: GA1.1.191057288.1664483438
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.logrhythm.com/ Name: _fbp
Value: fb.1.1664483438463.1686417716
.t.co/ Name: muc_ads
Value: 152220a4-2f86-4760-9554-b10560ceae3a
.twitter.com/ Name: personalization_id
Value: "v1_7W3OhDjj/ArLi2vfbpdmEg=="
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&fd1c5c77-8bd9-42a2-8e62-0c2fbef3d8cc"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NjQ0ODM0Mzg7MjswMjGmqi2BlaIHoZhPOB2dws+RmCAVulbZ431+qs8L/kFDEw==
.linkedin.com/ Name: lidc
Value: "b=OGST06:s=O:r=O:a=O:p=O:g=2494:u=1:x=1:i=1664483438:t=1664569838:v=2:sig=AQEA5MJfxMkwxZAFSPpmZpLbz5jAtYoj"
.logrhythm.com/ Name: _mkto_trk
Value: id:050-UWT-888&token:_mch-logrhythm.com-1664483438842-90806
ecrm.logrhythm.com/ Name: BIGipServerabcweb-nginx-app_https
Value: !OeUT5L1AlrjEu07n/+ZT2Dlakae2CxqLDbHyXmc+x8L+ji58AIgeeZjo9EWUVIfH9zKgnRrxTVqM1Q==
.logrhythm.com/ Name: vid
Value: 6ae50b95-ffb7-408a-9b7a-fe497efa634a
jukebox.pathfactory.com/ Name: _session_id
Value: U2VLNml0NkFzN2RkSG1BY0o1c0NmNFE0NzNZNFUzVTVmOFhtemxUbFc0RVZGTk5WaXl6UllhMEhJb3lLZ0NzR3dIaGFJR1VTMm5VRTRabTd3U0JYai85MnRFSk5RTmliVEI3K1NwbGdyaVYwdnBlZEw3Y2g2dW1NYlJ3b01mUm5GenhEYTVmWmRrbG05VCtWek42RnlCMG16c0srQzNtbTkzQ1FXRnJnanRjVzlxK1pzdEQrVDdYZUJOUVFZNkY1LS1SL2JMR253bllTV3BGUkNGd25QcGV3PT0%3D--7ba7eb340df41c36ab9709f4b7af03b85b7f4cd7
.logrhythm.com/ Name: _ga_1FE13FG8WE
Value: GS1.1.1664483438.1.0.1664483439.0.0.0
.logrhythm.com/ Name: insent-user-id
Value: o8JlF5VTIjLYKyEoU1664483441161

2 Console Messages

Source Level URL
Text
security error URL: https://www.googletagmanager.com/gtag/js?id=G-1FE13FG8WE&l=dataLayer&cx=c(Line 49)
Message:
Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-1FE13FG8WE&gtm=2oe9s0&_p=268838461&cid=191057288.1664483438&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_z=ccd.v9B&_s=1&sid=1664483438&sct=1&seg=0&dl=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&dt=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&en=page_view&_fv=1&_ss=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-1FE13FG8WE&l=dataLayer&cx=c(Line 367)
Message:
Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-1FE13FG8WE&gtm=2oe9s0&_p=268838461&cid=191057288.1664483438&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_z=ccd.v9B&sid=1664483438&sct=1&seg=0&dl=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&dt=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&_s=2' because it violates the following Content Security Policy directive: "connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

050-uwt-888.mktoresp.com
analytics.twitter.com
attachments.insent.ai
c.disquscdn.com
cdn-app.pathfactory.com
cdnjs.cloudflare.com
connect.facebook.net
disqus.com
ecrm.logrhythm.com
fonts.googleapis.com
googleads.g.doubleclick.net
js.pusher.com
jukebox.pathfactory.com
ka-p.fontawesome.com
kit.fontawesome.com
logrhythm-com.disqus.com
logrhythm.com
logrhythm.widget.insent.ai
maxcdn.bootstrapcdn.com
munchkin.marketo.net
p.typekit.net
px.ads.linkedin.com
px4.ads.linkedin.com
referrer.disqus.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
use.typekit.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
104.17.73.206
104.244.42.67
104.244.42.69
13.107.42.14
13.32.99.99
141.193.213.21
142.250.185.226
151.101.64.134
192.28.144.124
199.232.136.157
199.232.192.134
199.232.196.134
23.205.237.4
2600:9000:223d:ae00:6:8656:f5c0:93a1
2600:9000:225e:d800:f:7ae2:7780:93a1
2600:9000:2490:c000:d:ed29:200:93a1
2606:4700::6811:180e
2606:4700::6812:1734
2606:4700::6812:bcf
2620:1ec:21::14
2a00:1450:4001:808::2004
2a00:1450:4001:811::2003
2a00:1450:4001:827::2008
2a00:1450:4001:828::200e
2a00:1450:4001:82a::2002
2a00:1450:400a:808::200a
2a00:1450:4025:402::9d
2a02:26f0:3500:16::215:1495
2a02:26f0:3500:16::215:14a0
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
3.229.167.244
52.222.213.67
00a92494627ed8f758972b7dc47b3af186497c0637ea867a33fdb604c1548674
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
030e50d8fb46d0d350d6b20857ea56a1e10d8ad0b55285bb32a78e4f859e419c
0358d4c8b5fcb211232f53ff124e38454a2bc3b460bd333c748cd0d923e5c588
053ca68ac9ca11b316cb8159df519a8d4bf7cb3208f1a462387c49a3e786972c
05ff91703fa482062b851d83b00e7663ef9d2001e01eaa126430e417d8e28aaa
0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849
087736c1739310dc04c47e35f7e654cd75479dbf764da09eea77eb29b63e7030
08a26d1e0ccf53b7c589b5629ff34578193d4f8c43a25f176180e7237803bf1a
099f342bcdd01d03cacd2d665bb82ed11b7110f74768ec40774de44140481a38
0a77c3961342c53443c7b470aa1c6c48d0062115a930eb843de40a1696fce683
0b47c6f613bff41662a4af43e11dd7a291ad7a1fbb2346cbcf6260fc2895c911
0d52732ac6e202224ba424c85d33412471b66ea7da5f845332932c8950453663
103d65d0bb1059863bacf409fb11aec0de3bc4b388b31fac43345dc68565cf06
1120606d70171f70f1c92b702798a10dedacf4e5a3efd3b7cb7a649f524b50d2
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
156d6aa105478b20d8942963436e8dfd7fb6a76c7767c27fd08827c24c5c7c0c
15a0a0336534b4a80bc7815e964fb079e03f73c8aefa8f188f18f9199ecde1d3
1858cbcc0fdc17e7dca540ba4f0a2984dc0ff79bbdc86c1d75ac8319a5080a4d
1a569d19eb5d61a14942aa1f0df3b2108a8014f119937625182bc0ac547f4c70
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1eed80ad84d568da365294179c93d07a9b44eb0d907afb30b77fdf3565be6adc
20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
23462d1c7d29e485c3b57d19a7cf049bf8f941a6e1e506c4974060cf290e94ee
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2c403d4fc6b90ad93d6edfa7ffc0dbe243e9bd0752aa4539ee0942a7621568c1
2cd7c34945ba1e6676bf1905775c52d5ca4366b7a00f1463d63f78b10d3d62d2
33c5c9155100a0fce122ce614c5e79fe8d25e668d229c0b3f53ff1345e19109f
345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
3728afa1bf40c8ef2f820860a415da47f6bf118c1ccd856fd96926bc932a612a
382c257f12b68ddf9f8a9acaa9289cfb6304f091731e482a9831cbcf2a80accc
38f41731eec750c022d3770ec606eece0195a9d02eb13a1206bb3771acd7d446
39ea31b09d3b57e0009d5d59d6f64308b648682b78d9bd3223daac59018392bd
3adcf1b172631008be7d4276379dc62eda2af457fb3baa55a0f86e493ab101d8
3cb35269dc1be66fc58f5781d86f083118be8ea2098256832d28953616619bec
3cc3108c864da12cea8db6a598d888e8073e1add0c16d6bf6208813ca4487344
3db6a6df9ab435e43eccb6a66377e5c8c13011d34c23e00417d8874746fb05b9
3df5a486db3e76836ec8719a381a75402a190b04dd1eaf6af6b2108f24de5c79
3fde201925fe9dc3d22400e9d50c14a5878e06f7ea3de7ba4e1b001c76f440c9
41b758f84ab2dd5da6f7ba488813d17410ebb48bc2074d304c26d63c5ece003d
48f0d6da0d3e054ef913556d3a1f3b9a5816a4314c2932397293a2be0e55957f
4c33f4e9f6ff8978c0c2f06d93068909edb0e7b7867915e548492ba0ee266f03
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
4e14ce1bd0d4433eee84cbb16196a7a051126f07af888ef7f9d252120f32f907
51222392bf548c5fde2cac2b1a6db7f2312c64f836547b4567a1ddceba4399c7
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5971de670aef1d6f90a63e6ed8d095ca22f95c455ffc0ceb60be62e30e1a4473
5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57
5fd2d7eb59ac53d537480eaf6728e57f5311965a91cf7c5e0c6b98da73acf9dd
609ddde20d5061b1d72e72b510a96fddae68a66f7310fc8dde8538068252bee1
622953ae78983932c796e1a15b7b63aec70c0fcb05456f165bd3f5edae978f70
64cee676a611b27aca955c5e227666f9d955682512ec25b982bd5e2f92eb61dd
655f5c4b438879fe7d4ab3f95519548a68abf300e32fd093f27d4624fc936177
677292abd3264e7a749be23ac07c2529f0ac499ca9f2030aa9446533496fc9eb
68a742d714f6bfd07296aafa58b940878878848f93f2e7f8d0f2a13a68c1a326
68b13232ce19f26b9d8f703f553a099da5c7aade297a430aff9caa2bb61b0497
70c37c5c69aafdf96bdb24968e981ec29eb4425dddae28b48b99e4f2cd3d570a
728b153440edf86d283cdc6a5a279623456c0cd3341b63b32dcedb2b5e795e15
76ff2cfe25e35dc7a90fb959a1da27629357d601a7dab2876c16d19853448cfb
7a7eb6424801ff903c28a448f39c942bcbfdd914bd88e21d7e3e0e590f33a8c8
7baa8418eba4ee1e100cbea28c14678226d047e0f5563976f5a92c8a0aaac45f
7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551
7e0b427fb8a24a526d196dd476a027463dd3a1fed8af31f53919886ef7c21fb1
802372f788e1d164af80a0f26260fcf9d6e88218ab450c014d5eaf44fda7d0e3
815772b443b23ef0ef0929fd6305b13cae6a6345c7d55613a9d8d03e2f9efdb8
825b6e088ed40f0fb6b08608d52992bd7641b9ec0065c97ac6c957c7991a3d48
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
89a36badc95907fd50278438a72934c399417a57418c19e6a3720750df9f40c9
8ad3dbb62196226b6214d8843acda08008cf431585dbfad30908e96dc05f47d1
8ca2202520f3f78cba73015daef158992ab312f08b80ad683a37d37abc7aa278
8d867a5a06a9f9357f5b1289be35fff639fa653f667985a872dcde08a39e33f1
8dac98c3fc310b29e185176a0a8b6c0e1a21baffbde3ab41173b3bf44492f67f
8eb95978d45418ea2ffc193e48c7e6a746ff38152a82b1e405be03484204ea7a
8ffce383d7ddb41f6f1b477f56f64ac57a8a0ed1ef0d2aa468fcd8a25ac142b3
91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc
91d9d0f15f67f3359a0d7b18859e12a9e25eba28037866c7e15ef3c79cb7ff2a
96ea9adaf2c4700dc967e308957a65abe16c4b77a787a017442789580e0627b9
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
99e1c2ffcd21cbef5c62ee7e5a88e86a23c95d6faa7cc9e3569b5dd2ed82bae5
9d7a365f539d97717913d10132c77a3b9949fff048ecfb12667fa5bb436a4f95
9e2023898adb5547a6906ffadf47d31e35f5102ad38808692441b9d4b3a01482
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
a664bb15e3ef71f68c86f06d043539ac34c7797563ce54b5a6fd0b1b14fd1ea6
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b060b43ee8aa1a1a7d17f98215f3d920d4b8b48f1af0fdc392119b11de47b36e
b1b33627d7bddf9d93dcf1e913bb6e53d97a99c5a7fc30f9aab824bf74707b35
b1b7cad3662c797e3e91b18c0aceaf92bbcb53be6b0b1d1fa8d9ca55fbc76f36
b1e0586a5e9a737b2a97b328305d1a8c0e5f4d1b37f88fd6fe2daf8bb530ef29
b37ebd2524191bf943476446276026a92083fe5bc43571eec11855c3872bd1af
b565a52be57ce739615a573520217c33bded28111fa20b62fdf26b7bab7e84d7
b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1
b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d
b830faccf14d4753732c5d7c854ffb8092ecd49afc2d87b57e257021720c98b0
b8cb70a5a0d21cf09927a4cdd2e51a51cc6889095de3f9d9ec3c1bcacb15c126
b9e47d69d676caa317d1f363d2f8b0738190f8ff20b63e8785d7b042fdc04a8a
bbdc1d949f82ab22e6011d00d1c6db35852d853c99f6beb8e1be0f0d32f3d6b6
bc3c056f0c924ef1309d9c51c581071e702d17236e488e63a684f5609820412d
bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
be484c9d69d3c256a119e904b92711c093e31494b18d3e6c69888dca6a0cd928
be557052880037a1c160050458fc687e95a193799d58686f0e2eefc8b39f4f42
c43a8d413e5b24b174ce521baf90d23fd3ee9649b210ccc3847cb6943b2f28ac
c4f98022a53dccda1c360e74de8df0ae15f38df0b4baee239551b91a3ef8f752
c99f726f2a86c98e77f5f081280ff5e78252dbc6d6576828e5fde6c62a3051ed
ce324c8f6bf059709bc1b45517ff17e54c908a9ba44645629a3d5166749fcf90
cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d36a96e8719f0a7129b328047d19a9ebb2cf4e70f40e4c6db0b01216b80ab498
d3ebb498192527b985939ae62cc4e5eb5c108efc1896184126b45d866868e73d
d4929f4afa91d468ab332ef629d7d5027495755ab17b415168f233cd203fe01b
d4f4d52cfda3e0e099e88af5c322a704352db9b322cb6b9cfef5b480a1b9d175
d9f69c562fa39d1b002af05da1c6b99247e69c14a48e67b35d8a8b0efd739128
dc7d3d9942743ea9e256820bb1a9b64fa310944e09a70b66b2de29c246c0d586
dcc6b211d7833bc4b667c3141cfe0f7bf8ad92c277922fbb57cb36776e716070
dcd539d31a167dfbcccb461790c6551195dd3332a16a4e812f85a00022f4e2fa
ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018
def021776e339845a843e935849c7a6789108b40394ee21217287a703dfe181e
e0688ce88275ad7c4f3035ceae4033f11020cae4c218d0396ccd1be3d503a2bc
e0dec5a438b5d39dd06963bf7d0dd86d62cafbabccfdb274255ae4a888798151
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33
e567f8a857cb3871c7f2a1c00ae73d85bedea2a79cdac80fba9562b88b0c577a
e92fb6dc00e3c04e1f9af5a1554a33e2b3f2b1d7f9a9266066863a932437f0b9
eaff775ad40803675c3df967fd79d70cfe3cca7b691c0c7a5e03bfdc0b2850ff
eda7e9c18b84b3893e4244b65b2c9d6d857e629dfe4459c3ecbd1e813137d43b
eebddba8e782ebfcd323563bf510591cbe86e7299aa0ff6e7d8118775c9a0dcd
ef160ec762d4a2cafd6b4ceca26c6b4f3b695f8db7bd32ec3e2b2b8e1b292d90
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f05d8d723eb8a3e94158a98dc7f33ca75d0649303ca4743301c4ed02ebea43d3
f26f86b768b8f10ca0f4d2e808f4c29c343cdd464b062c514709fd14b5c7675a
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f42283e0ca17a52688c5250e714ecd1b6a53af8b0f6e54ac64546499b0ec1b19