logrhythm.com Open in urlscan Pro
141.193.213.20 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Submission: On September 23 via api (September 23rd 2022, 4:23:32 pm UTC) from DE — Scanned from DE

Summary HTTP 151 Redirects Links 42 Behaviour Indicators

Summary

This website contacted 33 IPs in 5 countries across 26 domains to perform 151 HTTP transactions. The main IP is 141.193.213.20, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is logrhythm.com. The Cisco Umbrella rank of the primary domain is 333933.
TLS certificate: Issued by R3 on August 30th 2022. Valid for: 3 months.

This is the only time logrhythm.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
36	141.193.213.20 141.193.213.20	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
6	2a02:26f0:350... 2a02:26f0:3500:16::215:14a0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
20	2606:4700::68... 2606:4700::6812:1734	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	104.17.73.206 104.17.73.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:1495	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
3	199.232.192.134 199.232.192.134	54113 (FASTLY) (FASTLY)
2	23.205.237.4 23.205.237.4	16625 (AKAMAI-AS) (AKAMAI-AS)
1	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:149b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	143.204.215.71 143.204.215.71	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1	2a00:1450:402... 2a00:1450:4025:402::9c	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1 4	2a00:1450:400... 2a00:1450:400d:80a::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400d:80e::2003	15169 (GOOGLE) (GOOGLE)
14	2600:9000:205... 2600:9000:2057:8c00:6:8656:f5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	151.101.192.134 151.101.192.134	54113 (FASTLY) (FASTLY)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
6	34.193.204.7 34.193.204.7	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
12	2600:9000:214... 2600:9000:214f:6c00:f:7ae2:7780:93a1	16509 (AMAZON-02) (AMAZON-02)
1	143.204.210.101 143.204.210.101	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:230... 2600:9000:2304:fa00:d:ed29:200:93a1	16509 (AMAZON-02) (AMAZON-02)
151	33

36 141.193.213.20 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

logrhythm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:26f0:3500:16::215:14a0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ka-p.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.17.73.206 (None, )

ASN13335 (CLOUDFLARENET, US)

ecrm.logrhythm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:1495 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 199.232.192.134 (United States)

ASN54113 (FASTLY, US)

logrhythm-com.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.205.237.4 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-237-4.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 143.204.215.71 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-71.fra53.r.cloudfront.net

cdn-app.pathfactory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4025:402::9c (Den Helder, Netherlands)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:80a::2004 (Ireland) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:80e::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2600:9000:2057:8c00:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.192.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

050-uwt-888.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.193.204.7 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-193-204-7.compute-1.amazonaws.com

jukebox.pathfactory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2600:9000:214f:6c00:f:7ae2:7780:93a1 (United States)

ASN16509 (AMAZON-02, US)

logrhythm.widget.insent.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.210.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-210-101.fra53.r.cloudfront.net

js.pusher.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2304:fa00:d:ed29:200:93a1 (United States)

ASN16509 (AMAZON-02, US)

attachments.insent.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
45	logrhythm.com logrhythm.com — Cisco Umbrella Rank: 333933 ecrm.logrhythm.com	652 KB
20	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 1512 ka-p.fontawesome.com — Cisco Umbrella Rank: 3785	585 KB
14	disquscdn.com c.disquscdn.com — Cisco Umbrella Rank: 4569	535 KB
14	pathfactory.com cdn-app.pathfactory.com — Cisco Umbrella Rank: 75414 jukebox.pathfactory.com — Cisco Umbrella Rank: 47620	129 KB
13	insent.ai logrhythm.widget.insent.ai attachments.insent.ai — Cisco Umbrella Rank: 179615	643 KB
8	disqus.com logrhythm-com.disqus.com disqus.com — Cisco Umbrella Rank: 1623 referrer.disqus.com — Cisco Umbrella Rank: 6749	69 KB
7	typekit.net use.typekit.net — Cisco Umbrella Rank: 430 p.typekit.net — Cisco Umbrella Rank: 577	60 KB
4	google.de www.google.de — Cisco Umbrella Rank: 6352	827 B
4	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	1 KB
4	doubleclick.net 1 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 79 googleads.g.doubleclick.net — Cisco Umbrella Rank: 41	4 KB
2	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 394 px4.ads.linkedin.com — Cisco Umbrella Rank: 6198	1 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	20 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 152	111 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 2665	6 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	159 KB
1	pusher.com js.pusher.com — Cisco Umbrella Rank: 14872	18 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 113	204 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 40	1 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 691	7 KB
1	mktoresp.com 050-uwt-888.mktoresp.com	318 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 538	353 B
1	t.co t.co — Cisco Umbrella Rank: 489	337 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 209	2 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 613	15 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 769	3 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 128	16 KB
151	26

	Domain	Requested by
36	logrhythm.com	logrhythm.com
17	ka-p.fontawesome.com	kit.fontawesome.com logrhythm.com
14	c.disquscdn.com	logrhythm-com.disqus.com disqus.com c.disquscdn.com logrhythm.com
12	logrhythm.widget.insent.ai	logrhythm.com logrhythm.widget.insent.ai
9	ecrm.logrhythm.com	logrhythm.com ecrm.logrhythm.com
8	cdn-app.pathfactory.com	logrhythm.com cdn-app.pathfactory.com
6	jukebox.pathfactory.com	cdn-app.pathfactory.com
6	use.typekit.net	logrhythm.com use.typekit.net
5	disqus.com	logrhythm-com.disqus.com c.disquscdn.com
4	www.google.de	logrhythm.com
4	www.google.com	1 redirects logrhythm.com
3	googleads.g.doubleclick.net	1 redirects www.googleadservices.com
3	kit.fontawesome.com	logrhythm.com kit.fontawesome.com
2	www.google-analytics.com	www.googletagmanager.com logrhythm.com
2	connect.facebook.net	logrhythm.com connect.facebook.net
2	munchkin.marketo.net	logrhythm.com munchkin.marketo.net
2	logrhythm-com.disqus.com	logrhythm.com
2	www.googletagmanager.com	logrhythm.com www.googletagmanager.com
1	attachments.insent.ai
1	js.pusher.com	logrhythm.widget.insent.ai
1	referrer.disqus.com	logrhythm.com
1	www.facebook.com	logrhythm.com
1	fonts.googleapis.com	cdn-app.pathfactory.com
1	maxcdn.bootstrapcdn.com	cdn-app.pathfactory.com
1	050-uwt-888.mktoresp.com	munchkin.marketo.net
1	stats.g.doubleclick.net	www.google-analytics.com
1	analytics.twitter.com	logrhythm.com
1	t.co	logrhythm.com
1	px4.ads.linkedin.com	logrhythm.com
1	px.ads.linkedin.com	1 redirects
1	cdnjs.cloudflare.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	p.typekit.net	use.typekit.net
151	35

This site contains links to these domains. Also see Links.

Domain
logrhythmcommunity.force.com
community.logrhythm.com
explore.logrhythm.com
www.paloaltonetworks.com
researchcenter.paloaltonetworks.com
airbus-cyber-security.com
blog.trendmicro.com
go.crowdstrike.com
www.proofpoint.com
www.lastline.com
www.sophos.com
www.jpcert.or.jp
www.carbonblack.com
blog.jpcert.or.jp
gallery.logrhythm.com
www.linkedin.com
twitter.com
www.facebook.com
www.reddit.com
docs.logrhythm.com
www.g2.com
www.youtube.com
support.logrhythm.com
wordpress.org

Subject Issuer	Validity	Valid
logrhythm.com R3	`2022-08-30` - `2022-11-28`	3 months	crt.sh
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-14` - `2023-10-15`	a year	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-01` - `2023-01-01`	a year	crt.sh
ecrm.logrhythm.com Cloudflare Inc ECC CA-3	`2022-06-30` - `2023-06-30`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.disqus.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-20` - `2023-04-20`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2022-02-06` - `2023-02-07`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-07-03` - `2022-10-01`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.pathfactory.com Amazon	`2022-07-11` - `2023-08-09`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
a.disquscdn.com Amazon	`2021-10-31` - `2022-11-28`	a year	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-30` - `2022-11-30`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.widget.insent.ai Amazon	`2022-03-31` - `2023-04-29`	a year	crt.sh
js.pusher.com Amazon	`2022-05-13` - `2023-06-11`	a year	crt.sh
*.insent.ai Amazon	`2022-03-30` - `2023-04-27`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Frame ID: 2573B5F84DE83F137F85DCCC5B95572E
Requests: 121 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
Frame ID: 1EBFB465943F71A061921CF5D2432673
Requests: 16 HTTP requests in this frame

Frame: https://ecrm.logrhythm.com/index.php/form/XDFrame
Frame ID: 23BC6E9498AFAB2C5A60012EF2A57FC8
Requests: 2 HTTP requests in this frame

Frame: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=Uv7O5xp2945P1wG&marketo_cookies=[%22_mch-logrhythm.com-1663950205712-80690%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Frame ID: EBA2162E3E52B1640E3CA103D44C3191
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Take a Deep Dive into PlugX Malware - LogRhythm

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Elementor (Landing Page Builders) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href=(?:"|')[^"']*elementor/assets
<link [^>]*href=(?:"|')[^"']*uploads/elementor/css

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

151
Requests

99 %
HTTPS

58 %
IPv6

26
Domains

35
Subdomains

33
IPs

5
Countries

3038 kB
Transfer

8320 kB
Size

19
Cookies

42 Outgoing links

These are links going to different origins than the main page.

URL: https://logrhythmcommunity.force.com/
Title: Customer Portal

Search URL Search Domain Scan URL

URL: https://community.logrhythm.com/?utm_source=logrhythm-com-website
Title: LogRhythm Community

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-analyst-reports?utm_source=logrhythm-website&utm_content=nav-menu&utm_medium=pathfactory
Title: Analyst Reports

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-demos?utm_source=logrhythm-website&utm_content=nav-menu&utm_medium=pathfactory
Title: Product Demos

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-ebooks-whitepapers?utm_source=logrhythm-website&utm_content=nav-menu&utm_medium=pathfactory
Title: White Papers & e-Books

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-threat-research?utm_source=logrhythm-website&utm_content=nav-menu&utm_medium=pathfactory
Title: Threat Research

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/featured-content?utm_source=logrhythm-website&utm_content=mainNav
Title: Featured Content

Search URL Search Domain Scan URL

URL: https://www.paloaltonetworks.com/threat-research
Title: Palo Alto’s Unit 42 Threat Research

Search URL Search Domain Scan URL

URL: https://researchcenter.paloaltonetworks.com/2017/06/unit42-paranoid-plugx/
Title: blog post

Search URL Search Domain Scan URL

URL: https://airbus-cyber-security.com/latest-changes-plugx/
Title: builder for version one

Search URL Search Domain Scan URL

URL: https://blog.trendmicro.com/trendlabs-security-intelligence/plugx-new-tool-for-a-not-so-new-campaign/
Title: researchers at Trend Micro

Search URL Search Domain Scan URL

URL: https://go.crowdstrike.com/rs/281-OBQ-266/images/ReportGlobalThreatIntelligence.pdf
Title: Crowdstrike’s Global Threat Report

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/threat-insight/post/PlugX-in-Russia
Title: delivered via a phishing campaign

Search URL Search Domain Scan URL

URL: https://airbus-cyber-security.com/getting-plugx-builder/
Title: These samples represented

Search URL Search Domain Scan URL

URL: https://www.lastline.com/labsblog/an-analysis-of-plugx-malware
Title: researchers at Lastline

Search URL Search Domain Scan URL

URL: https://www.sophos.com/en-us/medialibrary/pdfs/technical%20papers/plugx-thenextgeneration.pdf
Title: Researchers at Sophos

Search URL Search Domain Scan URL

URL: https://www.jpcert.or.jp/magazine/acreport-plugx.html
Title: researchers from JPCERT

Search URL Search Domain Scan URL

URL: https://www.carbonblack.com/2015/09/04/threat-research-team-goes-beyond-the-exploit-in-search-of-payloads-from-ms15-093/
Title: Carbon Black detected an additional PlugX variant

Search URL Search Domain Scan URL

URL: http://blog.jpcert.or.jp/2017/02/plugx-poison-iv-919a.html
Title: researchers from JPCERT

Search URL Search Domain Scan URL

URL: https://gallery.logrhythm.com/supporting-documents/deep-dive-into-plugx-variants-mentioned.pdf
Title: Click here

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=1&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&title=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&source=https%3A%2F%2Flogrhythm.com
Title: Share on LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&via=LogRhythm&related=LogRhythm
Title: Share on Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F
Title: Share on Facebook

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F
Title: Share on Reddit

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-demos?utm_source=logrhythm-website&utm_content=footer&utm_medium=pathfactory
Title: Product Demos

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-ebooks-whitepapers?utm_source=logrhythm-website&utm_content=footer&utm_medium=pathfactory
Title: White Papers & e-Books

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-data-sheets?utm_source=logrhythm-website&utm_content=footer&utm_medium=pathfactory
Title: Product Data Sheets

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-analyst-reports?utm_source=logrhythm-website&utm_content=footer&utm_medium=pathfactory
Title: Analyst Reports

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-threat-research?utm_source=logrhythm-website&utm_content=footer&utm_medium=pathfactory
Title: Threat Research

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-infographics?utm_source=logrhythm-website&utm_content=footer&utm_medium=pathfactory
Title: Infographics

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-brochures?utm_source=logrhythm-website&utm_content=footer&utm_medium=pathfactory
Title: Brochures

Search URL Search Domain Scan URL

URL: https://explore.logrhythm.com/l/resources-joint-solution-briefs?utm_source=logrhythm-website
Title: Joint Solution Briefs

Search URL Search Domain Scan URL

URL: https://logrhythmcommunity.force.com/?utm_source=logrhythm-com-website
Title: Support

Search URL Search Domain Scan URL

URL: https://docs.logrhythm.com/docs/kb?utm_source=logrhythm-com-website
Title: Knowledge Base

Search URL Search Domain Scan URL

URL: https://docs.logrhythm.com/docs?utm_source=logrhythm-com-website
Title: Documentation

Search URL Search Domain Scan URL

URL: https://www.g2.com/products/logrhythm-nextgen-siem-platform/reviews?utm_source=rewards-badge

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/logrhythm/

Search URL Search Domain Scan URL

URL: https://twitter.com/LogRhythm

Search URL Search Domain Scan URL

URL: https://www.facebook.com/LogRhythmInc/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/LogRhythmInc

Search URL Search Domain Scan URL

URL: https://support.logrhythm.com/?utm_source=logrhythm-com-website
Title: Support

Search URL Search Domain Scan URL

URL: https://wordpress.org/plugins/gdpr-cookie-compliance/
Title: Powered by GDPR Cookie Compliance

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 77

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=74706&time=1663950205620&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=74706&time=1663950205620&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&e_ipv6=AQJeVD7-mlAnigAAAYNrKTM7eR7gC0lMm965e3BhxtW7UTNBzVda8_p1mLgpKpj6

Request Chain 86

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/903108792/?random=1663950205655&cv=9&fst=1663950205655&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9l0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&auid=1470409100.1663950205&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/903108792/?random=1663950205655&cv=9&fst=1663948800000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&async=1&is_vtc=1&random=106584824&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/903108792/?random=1663950205655&cv=9&fst=1663948800000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&async=1&is_vtc=1&random=106584824&resp=GooglemKTybQhCsO&ipr=y

151 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
logrhythm.com/blog/deep-dive-into-plugx-malware/ 143 KB
33 KB 683ms
647ms Document
text/html 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

01308b306b30630d74806e0db485dfedc37395bfe7a4501abeb0222a4430c645

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 74f49fe8aab96909-FRA
content-encoding: br
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
content-type: text/html; charset=UTF-8
date: Fri, 23 Sep 2022 16:23:24 GMT
link: <https://logrhythm.com/?p=2042>; rel=shortlink
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
referrer-policy: same-origin
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: MISS
x-cache-group: normal
x-cacheable: SHORT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: WP Engine
x-tec-api-origin: https://logrhythm.com
x-tec-api-root: https://logrhythm.com/wp-json/tribe/events/v1/
x-tec-api-version: v1
x-xss-protection: 1; mode=block

GET
H2 200 kan0mns.css
use.typekit.net/ 9 KB
1 KB 176ms
124ms Stylesheet
text/css 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/kan0mns.css

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

8dac98c3fc310b29e185176a0a8b6c0e1a21baffbde3ab41173b3bf44492f67f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
date: Fri, 23 Sep 2022 16:23:25 GMT
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1114

GET
H2 200 frontend.css
logrhythm.com/wp-content/plugins/th-widget-pack/header-footer/inc/widgets-css/ 79 KB
12 KB 54ms
35ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/th-widget-pack/header-footer/inc/widgets-css/frontend.css?ver=2.1.14

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b47c6f613bff41662a4af43e11dd7a291ad7a1fbb2346cbcf6260fc2895c911

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 222433
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 11 Mar 2022 18:02:04 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"622b8e9c-13c18"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fecf9f66909-FRA

GET
H2 200 global.css
logrhythm.com/wp-content/plugins/th-widget-pack/css/ 2 KB
3 KB 101ms
83ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/th-widget-pack/css/global.css?ver=1647021724

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

eebddba8e782ebfcd323563bf510591cbe86e7299aa0ff6e7d8118775c9a0dcd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 222433
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 11 Mar 2022 18:02:04 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"622b8e9c-656"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fecf9f76909-FRA

GET
H2 200 scriptlesssocialsharing-style.css
logrhythm.com/wp-content/plugins/scriptless-social-sharing/includes/css/ 3 KB
4 KB 84ms
67ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/scriptless-social-sharing/includes/css/scriptlesssocialsharing-style.css?ver=3.2.1

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fd2d7eb59ac53d537480eaf6728e57f5311965a91cf7c5e0c6b98da73acf9dd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 207012
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Mon, 30 Aug 2021 18:17:03 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"612d209f-a1a"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fecf9f96909-FRA

GET
H2 200 header-footer-elementor.css
logrhythm.com/wp-content/plugins/th-widget-pack/header-footer/assets/css/ 1 KB
3 KB 90ms
74ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/th-widget-pack/header-footer/assets/css/header-footer-elementor.css?ver=2.1.14

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b37ebd2524191bf943476446276026a92083fe5bc43571eec11855c3872bd1af

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 222433
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 11 Mar 2022 18:02:04 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"622b8e9c-4c6"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fecf9fa6909-FRA

GET
H2 200 frontend-legacy.min.css
logrhythm.com/wp-content/plugins/elementor/assets/css/ 13 KB
4 KB 92ms
77ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.7.7

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3adcf1b172631008be7d4276379dc62eda2af457fb3baa55a0f86e493ab101d8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 222433
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 21 Sep 2022 00:24:05 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"632a59a5-35ed"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fecfa056909-FRA

GET
H2 200 frontend.min.css
logrhythm.com/wp-content/plugins/elementor/assets/css/ 162 KB
23 KB 86ms
72ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.7.7

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b565a52be57ce739615a573520217c33bded28111fa20b62fdf26b7bab7e84d7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 222433
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 21 Sep 2022 00:24:05 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"632a59a5-28722"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fecfa066909-FRA

GET
H2 200 post-6608.css
logrhythm.com/wp-content/uploads/elementor/css/ 3 KB
4 KB 119ms
105ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/uploads/elementor/css/post-6608.css?ver=1663883583

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d7a365f539d97717913d10132c77a3b9949fff048ecfb12667fa5bb436a4f95

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 66485
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 22 Sep 2022 21:53:03 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"632cd93f-d2f"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fecfa076909-FRA

GET
H2 200 frontend.min.css
logrhythm.com/wp-content/plugins/elementor-pro/assets/css/ 470 KB
47 KB 138ms
125ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.7.7

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

802372f788e1d164af80a0f26260fcf9d6e88218ab450c014d5eaf44fda7d0e3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 222433
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 21 Sep 2022 00:26:28 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"632a5a34-75771"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fecfa086909-FRA

GET
H2 200 app.css
logrhythm.com/wp-content/themes/stratusx/assets/css/ 284 KB
50 KB 95ms
82ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/themes/stratusx/assets/css/app.css?ver=1

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

677292abd3264e7a749be23ac07c2529f0ac499ca9f2030aa9446533496fc9eb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 222433
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 23 Jun 2022 18:42:46 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"62b4b426-46e6f"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fecfa166909-FRA

GET
H2 200 style.css
logrhythm.com/wp-content/themes/logrhythm-child/ 347 B
3 KB 86ms
75ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/themes/logrhythm-child/style.css?ver=6.0.2

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1b33627d7bddf9d93dcf1e913bb6e53d97a99c5a7fc30f9aab824bf74707b35

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 222433
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sun, 29 Mar 2020 18:29:03 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5e80e8ef-15b"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fecfa1d6909-FRA

GET
H2 200 app.min.css
logrhythm.com/wp-content/themes/logrhythm-child/dist/css/ 332 KB
36 KB 75ms
64ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/themes/logrhythm-child/dist/css/app.min.css?v=041222

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f05d8d723eb8a3e94158a98dc7f33ca75d0649303ca4743301c4ed02ebea43d3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 219792
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 21 Sep 2022 01:40:50 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"632a6ba2-52f6e"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fed0a206909-FRA

GET
H2 200 gdpr-main-nf.css
logrhythm.com/wp-content/plugins/gdpr-cookie-compliance/dist/styles/ 77 KB
11 KB 98ms
88ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/gdpr-cookie-compliance/dist/styles/gdpr-main-nf.css?ver=4.8.12

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

655f5c4b438879fe7d4ab3f95519548a68abf300e32fd093f27d4624fc936177

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 219793
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 17 Aug 2022 17:46:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"62fd2964-134a3"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fed0a226909-FRA

GET
H2 200 jquery.min.js Show response
logrhythm.com/wp-includes/js/jquery/ 87 KB
34 KB 125ms
116ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 219793
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"6048e0ac-15db1"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fed0a236909-FRA

GET
H2 200 jquery-migrate.min.js Show response
logrhythm.com/wp-includes/js/jquery/ 11 KB
7 KB 98ms
90ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 219793
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5fb4e3fe-2bd8"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fed0a256909-FRA

GET
H2 200 2f1bae2942.js Show response
kit.fontawesome.com/ 11 KB
4 KB 59ms
27ms Script
text/javascript 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/2f1bae2942.js

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

728b153440edf86d283cdc6a5a279623456c0cd3341b63b32dcedb2b5e795e15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Referer
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
server: cloudflare
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
cf-ray: 74f49fef5a7d6925-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: Fxb5hLW-aUCjxd9LIBAi

GET
H2 200 forms2.min.js Show response
ecrm.logrhythm.com/js/forms2/js/ 208 KB
69 KB 312ms
158ms Script
application/x-javascript 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Fri, 23 Sep 2022 03:44:48 GMT
server: cloudflare
etag: "16324c-33e51-5e94fffe29b0b"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 74f49fedef289040-FRA
expires: Fri, 23 Sep 2022 20:23:25 GMT

GET
H2 200 modernizr-custom.min.js Show response
logrhythm.com/wp-content/themes/logrhythm-child/dist/js/ 5 KB
5 KB 94ms
87ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/themes/logrhythm-child/dist/js/modernizr-custom.min.js

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c99f726f2a86c98e77f5f081280ff5e78252dbc6d6576828e5fde6c62a3051ed

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 219793
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 01 Dec 2020 20:51:16 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5fc6acc4-12ac"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fed0a346909-FRA

GET
H3 200 logrhythm-logo-white.svg
logrhythm.com/wp-content/themes/logrhythm-child/dist/img/ 3 KB
5 KB 101ms
100ms Image
image/svg+xml 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logrhythm.com/wp-content/themes/logrhythm-child/dist/img/logrhythm-logo-white.svg

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0b427fb8a24a526d196dd476a027463dd3a1fed8af31f53919886ef7c21fb1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 219409
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Mon, 14 Feb 2022 01:53:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"6209b626-d4a"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fef2aebbbec-FRA

GET
H3 200 gartner-mq-logrhythm-leader-2021.svg
logrhythm.com/wp-content/uploads/2022/02/ 1 KB
4 KB 73ms
71ms Image
image/svg+xml 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logrhythm.com/wp-content/uploads/2022/02/gartner-mq-logrhythm-leader-2021.svg

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

103d65d0bb1059863bacf409fb11aec0de3bc4b388b31fac43345dc68565cf06

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 203905
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Mon, 14 Feb 2022 00:01:56 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"62099bf4-42b"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fef2aefbbec-FRA

GET
H3 200 deep-dive-into-plugx-malware-1.jpg
logrhythm.com/wp-content/uploads/2020/02/ 15 KB
18 KB 79ms
77ms Image
image/jpeg 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logrhythm.com/wp-content/uploads/2020/02/deep-dive-into-plugx-malware-1.jpg

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

382c257f12b68ddf9f8a9acaa9289cfb6304f091731e482a9831cbcf2a80accc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 43548
cf-polished: status=not_needed
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14980
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 07 Apr 2021 17:24:15 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "606deabf-3a84"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
accept-ranges: bytes
cf-ray: 74f49fef2af0bbec-FRA
cf-bgj: imgq:100,h2pri

GET
H3 200 deep-dive-into-plugx-malware-2_iaynji.jpg
logrhythm.com/wp-content/uploads/2020/02/ 9 KB
12 KB 236ms
234ms Image
image/jpeg 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logrhythm.com/wp-content/uploads/2020/02/deep-dive-into-plugx-malware-2_iaynji.jpg

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

51222392bf548c5fde2cac2b1a6db7f2312c64f836547b4567a1ddceba4399c7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9360
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 07 Apr 2021 17:24:04 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "606deab4-2490"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
accept-ranges: bytes
cf-ray: 74f49fef2af3bbec-FRA

GET
H3 200 deep-dive-into-plugx-malware-3.jpg
logrhythm.com/wp-content/uploads/2020/02/ 15 KB
19 KB 102ms
101ms Image
image/jpeg 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logrhythm.com/wp-content/uploads/2020/02/deep-dive-into-plugx-malware-3.jpg

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a569d19eb5d61a14942aa1f0df3b2108a8014f119937625182bc0ac547f4c70

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 43549
cf-polished: status=not_needed
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15759
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 07 Apr 2021 17:23:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "606deaa8-3d8f"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
accept-ranges: bytes
cf-ray: 74f49fef2af4bbec-FRA
cf-bgj: imgq:100,h2pri

GET
H3 200 deep-dive-into-plugx-malware-4.png
logrhythm.com/wp-content/uploads/2020/02/ 22 KB
26 KB 195ms
193ms Image
image/png 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logrhythm.com/wp-content/uploads/2020/02/deep-dive-into-plugx-malware-4.png

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9dabe432137803d3ecc162b6a3e5070f0831a7e60e34ae31a1079edbf22035a1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 22728
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 07 Apr 2021 17:23:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "606dea9d-58c8"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
accept-ranges: bytes
cf-ray: 74f49fef2af7bbec-FRA

GET
H3 200 email-decode.min.js Show response
logrhythm.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
871 B 12ms
11ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 21 Sep 2022 17:11:54 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"632b45da-4d7"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 74f49fedf8c8bbec-FRA
expires: Sun, 25 Sep 2022 16:23:25 GMT

GET
H3 200 waypoints.min.js Show response
logrhythm.com/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
6 KB 55ms
54ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 207079
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 21 Sep 2022 00:24:05 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"632a59a5-2fa6"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fee494fbbec-FRA

GET
H3 200 frontend.js Show response
logrhythm.com/wp-content/plugins/th-widget-pack/header-footer/inc/js/ 25 KB
7 KB 74ms
74ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/th-widget-pack/header-footer/inc/js/frontend.js?ver=2.1.14

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e92fb6dc00e3c04e1f9af5a1554a33e2b3f2b1d7f9a9266066863a932437f0b9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 207079
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 11 Mar 2022 18:02:04 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"622b8e9c-6384"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fee99e6bbec-FRA

GET
H3 200 comment_count.js Show response
logrhythm.com/wp-content/plugins/disqus-comment-system/public/js/ 889 B
4 KB 505ms
504ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.22

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 27 May 2021 16:40:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"60afcb94-379"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49feefa7fbbec-FRA

GET
H3 200 main.js Show response
logrhythm.com/wp-content/themes/stratusx/assets/js/ 10 KB
7 KB 69ms
69ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/themes/stratusx/assets/js/main.js?ver=1.3

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1120606d70171f70f1c92b702798a10dedacf4e5a3efd3b7cb7a649f524b50d2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 36301
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 23 Jun 2022 18:42:46 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"62b4b426-2798"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fef1ad7bbec-FRA

GET
H3 200 app.min.js Show response
logrhythm.com/wp-content/themes/logrhythm-child/dist/js/ 101 KB
39 KB 88ms
87ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/themes/logrhythm-child/dist/js/app.min.js?ver=1

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b830faccf14d4753732c5d7c854ffb8092ecd49afc2d87b57e257021720c98b0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 36301
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 15 Jul 2022 20:46:13 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"62d1d215-19568"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fef2af9bbec-FRA

GET
H3 200 marketo-prefill.min.js Show response
logrhythm.com/wp-content/themes/logrhythm-child/dist/js/ 2 KB
4 KB 99ms
96ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/themes/logrhythm-child/dist/js/marketo-prefill.min.js?ver=6.0.2

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

087736c1739310dc04c47e35f7e654cd75479dbf764da09eea77eb29b63e7030

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 207077
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 31 Mar 2022 20:03:47 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"62460923-620"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fef2adebbec-FRA

GET
H3 200 themo-foot.js Show response
logrhythm.com/wp-content/plugins/th-widget-pack/js/ 11 KB
6 KB 114ms
111ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/th-widget-pack/js/themo-foot.js?ver=2.1.14

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

be557052880037a1c160050458fc687e95a193799d58686f0e2eefc8b39f4f42

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 36301
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 11 Mar 2022 18:02:04 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"622b8e9c-2b02"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fef2ae2bbec-FRA

GET
H3 200 comment-reply.min.js Show response
logrhythm.com/wp-includes/js/ 3 KB
5 KB 215ms
213ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-includes/js/comment-reply.min.js?ver=6.0.2

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"625095f6-ba5"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fef2ae3bbec-FRA

GET
H3 200 vendor_footer.js Show response
logrhythm.com/wp-content/themes/stratusx/assets/js/vendor/ 117 KB
36 KB 87ms
85ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/themes/stratusx/assets/js/vendor/vendor_footer.js?ver=1.2

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

eaff775ad40803675c3df967fd79d70cfe3cca7b691c0c7a5e03bfdc0b2850ff

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 207076
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 23 Jun 2022 18:42:46 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"62b4b426-1d211"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fef2ae5bbec-FRA

GET
H3 200 main.js Show response
logrhythm.com/wp-content/plugins/gdpr-cookie-compliance/dist/scripts/ 57 KB
17 KB 100ms
98ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-content/plugins/gdpr-cookie-compliance/dist/scripts/main.js?ver=4.8.12

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

be484c9d69d3c256a119e904b92711c093e31494b18d3e6c69888dca6a0cd928

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 207076
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 17 Aug 2022 17:46:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"62fd2964-e443"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fef2ae9bbec-FRA

GET
H3 200 LogRhythm_TM_Logo_ForLightBackgrounds_RGB-1.svg
logrhythm.com/wp-content/uploads/2022/02/ 3 KB
5 KB 108ms
107ms Image
image/svg+xml 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://logrhythm.com/wp-content/uploads/2022/02/LogRhythm_TM_Logo_ForLightBackgrounds_RGB-1.svg

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7baa8418eba4ee1e100cbea28c14678226d047e0f5563976f5a92c8a0aaac45f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 36301
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 11 Feb 2022 04:24:58 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"6205e51a-df7"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cache-control: public, max-age=31536000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49fef2afbbbec-FRA

GET
H2 200 p.css
p.typekit.net/ 5 B
195 B 46ms
7ms Stylesheet
text/css 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=kan0mns&ht=tk&f=32226.32227.32230.32231.40407.40408.40409.40410.40411.40412.40415.40416&a=86739004&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/kan0mns.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

unused62: 8096267
date: Fri, 23 Sep 2022 16:23:25 GMT
last-modified: Sat, 16 Oct 2021 08:18:43 GMT
server: nginx
etag: "616a8ae3-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 l
use.typekit.net/af/74b049/00000000000000007735b97f/30/ 12 KB
12 KB 29ms
7ms Font
application/font-woff2 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/74b049/00000000000000007735b97f/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/kan0mns.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 3728afa1bf40c8ef2f820860a415da47f6bf118c1ccd856fd96926bc932a612a

Request headers

Referer: https://use.typekit.net/kan0mns.css
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
server: nginx
etag: "0725935a0405a101e1f63fb0d88e754d06e3e316"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11992

GET
DATA 200
OK truncated
/ 90 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 44 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 38 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 277 KB
85 KB 60ms
34ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3c6d36d81d38d173d509710c7b90ec4f25e7d6ea167668133c98c9d37b88b99f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 86234
x-xss-protection: 0
last-modified: Fri, 23 Sep 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 23 Sep 2022 16:23:25 GMT

GET
DATA 200
OK truncated
/ 82 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/webp

GET
H/1.1 200
OK embed.js Show response
logrhythm-com.disqus.com/ 78 KB
25 KB 189ms
153ms Script
application/javascript 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm-com.disqus.com/embed.js

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

4690ff0f6f24284f7c98f74aab059b8edfc610a295aeb9fcc3e2c49eda3160a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Fri, 23 Sep 2022 16:23:25 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 25379
Cross-Origin-Resource-Policy: cross-origin

GET
H2 200 l
use.typekit.net/af/dde969/00000000000000007735b995/30/ 12 KB
12 KB 8ms
7ms Font
application/font-woff2 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/dde969/00000000000000007735b995/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/kan0mns.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: b060b43ee8aa1a1a7d17f98215f3d920d4b8b48f1af0fdc392119b11de47b36e

Request headers

Referer: https://use.typekit.net/kan0mns.css
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
server: nginx
etag: "4499a6228bad8b85e09d5232a2e94be820faa664"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11864

GET
H2 200 l
use.typekit.net/af/1fe1ce/00000000000000007735aff6/30/ 12 KB
12 KB 12ms
11ms Font
application/font-woff2 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/1fe1ce/00000000000000007735aff6/30/l?primer=c279b7655ef133eefcdc8a0e82ce6967fcf4be86c88c3d3423b05eb1816318b7&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/kan0mns.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 3cc3108c864da12cea8db6a598d888e8073e1add0c16d6bf6208813ca4487344

Request headers

Referer: https://use.typekit.net/kan0mns.css
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
server: nginx
etag: "60544d9a92264c5bbf8c0bfe6da06aa456428460"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11892

GET
H2 200 l
use.typekit.net/af/34c58e/00000000000000007735b983/30/ 12 KB
12 KB 12ms
11ms Font
application/font-woff2 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/34c58e/00000000000000007735b983/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=i4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/kan0mns.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: e0688ce88275ad7c4f3035ceae4033f11020cae4c218d0396ccd1be3d503a2bc

Request headers

Referer: https://use.typekit.net/kan0mns.css
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
server: nginx
etag: "83f6a95b08faa058c1be7387d942a37f52c267cc"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 12392

GET
H2 200 l
use.typekit.net/af/c2b6e5/00000000000000007735afee/30/ 11 KB
11 KB 13ms
12ms Font
application/font-woff2 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/c2b6e5/00000000000000007735afee/30/l?primer=c279b7655ef133eefcdc8a0e82ce6967fcf4be86c88c3d3423b05eb1816318b7&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/kan0mns.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: d36a96e8719f0a7129b328047d19a9ebb2cf4e70f40e4c6db0b01216b80ab498

Request headers

Referer: https://use.typekit.net/kan0mns.css
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
server: nginx
etag: "3206fe244b32e4b776d3735b2b940afbba9642fc"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11036

GET
H2 200 pro.min.css Show response
ka-p.fontawesome.com/releases/v6.2.0/css/ 788 KB
170 KB 43ms
32ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.0/css/pro.min.css?token=2f1bae2942
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/2f1bae2942.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 76ff2cfe25e35dc7a90fb959a1da27629357d601a7dab2876c16d19853448cfb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 16:04:59 GMT
server: cloudflare
age: 1975095
etag: "630e352b-2a5b9"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 74f49fefcb4c6925-FRA
content-length: 173497

GET
H2 200 pro-v4-shims.min.css Show response
ka-p.fontawesome.com/releases/v6.2.0/css/ 27 KB
4 KB 31ms
20ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.0/css/pro-v4-shims.min.css?token=2f1bae2942
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/2f1bae2942.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bbdc1d949f82ab22e6011d00d1c6db35852d853c99f6beb8e1be0f0d32f3d6b6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 16:04:58 GMT
server: cloudflare
age: 1975095
etag: "630e352a-10e7"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 74f49fefcb4a6925-FRA
content-length: 4327

GET
H2 200 pro-v5-font-face.min.css Show response
ka-p.fontawesome.com/releases/v6.2.0/css/ 84 KB
12 KB 39ms
29ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.0/css/pro-v5-font-face.min.css?token=2f1bae2942
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/2f1bae2942.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d867a5a06a9f9357f5b1289be35fff639fa653f667985a872dcde08a39e33f1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 16:04:58 GMT
server: cloudflare
age: 1975433
etag: "630e352a-305d"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 74f49fefcb516925-FRA
content-length: 12381

GET
H2 200 pro-v4-font-face.min.css Show response
ka-p.fontawesome.com/releases/v6.2.0/css/ 12 KB
2 KB 32ms
21ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.0/css/pro-v4-font-face.min.css?token=2f1bae2942
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/2f1bae2942.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef160ec762d4a2cafd6b4ceca26c6b4f3b695f8db7bd32ec3e2b2b8e1b292d90

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 16:04:58 GMT
server: cloudflare
age: 1975433
etag: "630e352a-906"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 74f49fefcb506925-FRA
content-length: 2310

GET
H2 200 kit-upload.css Show response
kit.fontawesome.com/2f1bae2942/46107999/ 450 B
409 B 29ms
22ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/2f1bae2942/46107999/kit-upload.css?token=2f1bae2942

Requested by

Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/2f1bae2942.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a7eb6424801ff903c28a448f39c942bcbfdd914bd88e21d7e3e0e590f33a8c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 35291
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-allow-methods: GET, OPTIONS
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926, public, must-revalidate
strict-transport-security: max-age=31536000; preload
cf-ray: 74f49fefcb366925-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: FxdpzGqdtpNsagh3nF1C

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 39ms
12ms Script
application/x-javascript 23.205.237.4
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.237.4 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-237-4.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Fri, 23 Sep 2022 16:23:25 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Sep 2022 01:18:39 GMT
Server: AkamaiNetStorage
ETag: "92b41a298690c047b0c4602dd843cba4:1662686319.691662"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 728

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 41 KB
16 KB 67ms
30ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

7bcbe327243628310e84027b85bca98a20d208f66f64685d979c6ccfa587d2d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15697
x-xss-protection: 0
server: cafe
etag: 1764007376392519731
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 23 Sep 2022 16:23:25 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 60ms
8ms Script
application/x-javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: gzip
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=71577
accept-ranges: bytes
content-length: 3063

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 48ms
14ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 41b758f84ab2dd5da6f7ba488813d17410ebb48bc2074d304c26d63c5ece003d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: gzip
last-modified: Tue, 30 Aug 2022 15:04:19 GMT
etag: "d4de8398858246712016031c834bb061+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 15317
x-served-by: cache-iad-kiad7000062-IAD, cache-hhn11544-HHN

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 101 KB
27 KB 43ms
18ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

844bfb2ff3311ad9b5611b51d8c72e0c483a8ceafe7c625a5c321637f9277399

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26839
x-xss-protection: 0
pragma: public
x-fb-debug: Oo2J0SOBW0ZteR5qFLAqTqxaUzJ4kFuPlOieYSBPv29IMU9kQVY7DqC0yEIlJCi4Kbit6N7vk4Pg5vj6tbG80w==
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 23 Sep 2022 16:23:25 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 arrive.min.js Show response
cdnjs.cloudflare.com/ajax/libs/arrive/2.4.1/ 5 KB
2 KB 45ms
20ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/arrive/2.4.1/arrive.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5971de670aef1d6f90a63e6ed8d095ca22f95c455ffc0ceb60be62e30e1a4473

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1081251
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1577
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:05:50 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d5e-13e2"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bbfi2ZVvnQmWMDISTV%2FES0fr51jsdEijctCbMw%2BYGXDK6fKSR%2FqJExXC0%2FoxR1dsp0%2FoOwOOwh5BGcT%2BOVyL%2FsiSBhPaf%2B5Q85VVMhxEu3qM41g9BDbcn0q%2B3cntDAoQg5dCJ7fkN3LqpMkZnP809F9Z"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 74f49ff01f6a90ac-FRA
expires: Wed, 13 Sep 2023 16:23:25 GMT

GET
H2 200 jukebox.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 51 KB
17 KB 59ms
12ms Script
application/javascript 143.204.215.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-71.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f871e9c901f36f4975633a6f51584d3641c843069e00f87b3f8a0d8ef644e2b3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Wed, 14 Sep 2022 00:54:20 GMT
server: AmazonS3
age: 49640
etag: W/"e05e4d622fc104a85bb03a05bdaee04f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
date: Fri, 23 Sep 2022 02:45:30 GMT
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: 42fOwVLx9DtHbi2EMzYs76h-IhO2wXuKTAKgbv5ZNw6ck2fCHTk72A==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 213 KB
74 KB 50ms
29ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-1FE13FG8WE&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8bf82a9944f66411f472632af2dc18232a0ce0cf30b87e07c1913059caff6122

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 75557
x-xss-protection: 0
expires: Fri, 23 Sep 2022 16:23:25 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 44ms
7ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3MMPPN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
server: Golfe2
age: 4885
date: Fri, 23 Sep 2022 15:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19826
expires: Fri, 23 Sep 2022 17:02:00 GMT

GET
H2 200 pro-fa-duotone-900-d5bbe9.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/ 32 KB
32 KB 26ms
24ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-duotone-900-d5bbe9.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 91d9d0f15f67f3359a0d7b18859e12a9e25eba28037866c7e15ef3c79cb7ff2a

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 16:15:01 GMT
server: cloudflare
age: 35333
etag: "630e3785-7e38"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 74f49ff07ca06925-FRA
content-length: 32312

GET
H2 200 pro-fa-brands-400-f6b769.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/ 18 KB
18 KB 37ms
35ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-brands-400-f6b769.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ad3dbb62196226b6214d8843acda08008cf431585dbfad30908e96dc05f47d1

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 16:15:01 GMT
server: cloudflare
age: 1975427
etag: "630e3785-4808"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 74f49ff07ca16925-FRA
content-length: 18440

GET
H2 200 pro-fa-brands-400-9b80fe.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/ 44 KB
45 KB 35ms
33ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-brands-400-9b80fe.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ffce383d7ddb41f6f1b477f56f64ac57a8a0ed1ef0d2aa468fcd8a25ac142b3

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 16:15:00 GMT
server: cloudflare
age: 1975427
etag: "630e3784-b180"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 74f49ff07ca36925-FRA
content-length: 45440

GET
H2 200 pro-fa-regular-400-043e6a.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/ 31 KB
31 KB 25ms
23ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-regular-400-043e6a.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0dec5a438b5d39dd06963bf7d0dd86d62cafbabccfdb274255ae4a888798151

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 16:15:03 GMT
server: cloudflare
age: 1975426
etag: "630e3787-7c20"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 74f49ff07ca56925-FRA
content-length: 31776

GET
H2 200 pro-fa-duotone-900-e41116.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/ 26 KB
26 KB 22ms
20ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-duotone-900-e41116.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96ea9adaf2c4700dc967e308957a65abe16c4b77a787a017442789580e0627b9

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 16:15:02 GMT
server: cloudflare
age: 1972335
etag: "630e3786-663c"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 74f49ff07ca86925-FRA
content-length: 26172

GET
H2 200 pro-fa-solid-900-d85a6c.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/ 26 KB
27 KB 30ms
29ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-solid-900-d85a6c.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a77c3961342c53443c7b470aa1c6c48d0062115a930eb843de40a1696fce683

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 16:15:05 GMT
server: cloudflare
age: 1972335
etag: "630e3789-69b0"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 74f49ff07cab6925-FRA
content-length: 27056

GET
H2 200 pro-fa-light-300-d5bbe9.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/ 31 KB
31 KB 33ms
32ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-light-300-d5bbe9.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc3c056f0c924ef1309d9c51c581071e702d17236e488e63a684f5609820412d

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 16:15:03 GMT
server: cloudflare
age: 903166
etag: "630e3787-7d60"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 74f49ff07cae6925-FRA
content-length: 32096

GET
H2 200 pro-fa-regular-400-50c900.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/ 33 KB
33 KB 27ms
26ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-regular-400-50c900.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ca2202520f3f78cba73015daef158992ab312f08b80ad683a37d37abc7aa278

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 16:15:03 GMT
server: cloudflare
age: 1972194
etag: "630e3787-83b8"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 74f49ff07caf6925-FRA
content-length: 33720

GET
H2 200 kit-upload.woff2
kit.fontawesome.com/2f1bae2942/46107999/ 1 KB
1 KB 23ms
22ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/2f1bae2942/46107999/kit-upload.woff2

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

86a26d1312a49dd232817a6ef9eb510d3cd7ddb018e2a48d71102929122ce574

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-cache-status: HIT
age: 158532
strict-transport-security: max-age=31536000; preload
content-length: 1128
x-request-id: Fxb5tkUlncdDDdSUz6Xh
server: cloudflare
etag: 44b1aca75cc9e1854e7e49081e17d0cb
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926, public, must-revalidate
accept-ranges: bytes
cf-ray: 74f49ff07cb06925-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token

GET
H2 200 pro-fa-solid-900-ca12ba.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/ 28 KB
28 KB 20ms
20ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-solid-900-ca12ba.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 609ddde20d5061b1d72e72b510a96fddae68a66f7310fc8dde8538068252bee1

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 16:15:05 GMT
server: cloudflare
age: 1972335
etag: "630e3789-7014"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 74f49ff0cd226925-FRA
content-length: 28692

GET
H2 200 pro-fa-solid-900-1e5361.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/ 25 KB
26 KB 23ms
23ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-solid-900-1e5361.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1e0586a5e9a737b2a97b328305d1a8c0e5f4d1b37f88fd6fe2daf8bb530ef29

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 16:15:04 GMT
server: cloudflare
age: 993782
etag: "630e3788-65d8"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 74f49ff0cd246925-FRA
content-length: 26072

GET
H2 200 pro-fa-solid-900-03c840.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/ 26 KB
26 KB 19ms
19ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-solid-900-03c840.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e567f8a857cb3871c7f2a1c00ae73d85bedea2a79cdac80fba9562b88b0c577a

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 16:15:04 GMT
server: cloudflare
age: 35333
etag: "630e3788-66e4"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 74f49ff0cd2c6925-FRA
content-length: 26340

GET
H2 200 pro-fa-solid-900-3523ab.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/ 26 KB
26 KB 33ms
33ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-solid-900-3523ab.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99e1c2ffcd21cbef5c62ee7e5a88e86a23c95d6faa7cc9e3569b5dd2ed82bae5

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 16:15:04 GMT
server: cloudflare
age: 1972335
etag: "630e3788-6944"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 74f49ff0cd2d6925-FRA
content-length: 26948

GET
H2 200 pro-fa-brands-400-90d968.woff2
ka-p.fontawesome.com/releases/v6.2.0/webfonts/ 42 KB
43 KB 28ms
28ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/pro-fa-brands-400-90d968.woff2
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d4929f4afa91d468ab332ef629d7d5027495755ab17b415168f233cd203fe01b

Request headers

Referer: https://logrhythm.com/
Origin: https://logrhythm.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
cf-cache-status: HIT
last-modified: Tue, 30 Aug 2022 16:15:00 GMT
server: cloudflare
age: 1278635
etag: "630e3784-a9b0"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 74f49ff0cd336925-FRA
content-length: 43440

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/162/ 11 KB
5 KB 8ms
8ms Script
application/x-javascript 23.205.237.4
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/162/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.237.4 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-237-4.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Fri, 23 Sep 2022 16:23:25 GMT
Content-Encoding: gzip
Last-Modified: Fri, 01 Jul 2022 00:59:12 GMT
Server: AkamaiNetStorage
ETag: "75daf56f6191efe42577301908659c29:1656637152.894482"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4677
Expires: Sun, 01 Jan 2023 16:23:25 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=74706&time=1663950205620&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=74706&time=1663950205620&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&e_ipv6=AQJeVD7-mlAnigAAAYNrKTM7eR7gC0lMm965e3Bh...

0
264 B

198ms
153ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=74706&time=1663950205620&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&e_ipv6=AQJeVD7-mlAnigAAAYNrKTM7eR7gC0lMm965e3BhxtW7UTNBzVda8_p1mLgpKpj6
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 67E992120C234330949453BDFD0076EA Ref B: FRAEDGE1408 Ref C: 2022-09-23T16:23:25Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXpWpjznyfQbh+vgtodZA==
x-li-fabric: prod-ltx1

Redirect headers

date: Fri, 23 Sep 2022 16:23:25 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 7333892A48964171B8B53AD1B2F77F1A Ref B: FRAEDGE1510 Ref C: 2022-09-23T16:23:25Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=74706&time=1663950205620&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&e_ipv6=AQJeVD7-mlAnigAAAYNrKTM7eR7gC0lMm965e3BhxtW7UTNBzVda8_p1mLgpKpj6
x-li-proto: http/2
x-li-source-fabric: prod-lor1
content-length: 0
x-li-uuid: AAXpWpjvhWuZYE0Ip2G8+w==

GET
H2 200 adsct
t.co/i/ 43 B
337 B 141ms
119ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=abb2d0b4-a7f1-4425-bec6-34b7e13d7e1c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=b119af41-b023-41b5-ba38-571d61b19d8d&tw_document_href=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nw4xr&type=javascript&version=2.3.27

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-response-time: 112
date: Fri, 23 Sep 2022 16:23:25 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: afc01e958037421796bf64d858a15d3532d9a74c94e2a1e803a94098ca117e2f
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
353 B 140ms
118ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=abb2d0b4-a7f1-4425-bec6-34b7e13d7e1c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=b119af41-b023-41b5-ba38-571d61b19d8d&tw_document_href=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nw4xr&type=javascript&version=2.3.27

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-response-time: 110
date: Fri, 23 Sep 2022 16:23:25 GMT
server: tsa_o
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: fbf09c2ecb12eeecc2f291862ae97aeb794041b1a6cfe41d3649a468eaa01de7
content-length: 43

GET
H3 200 232919347190734 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 167ms
156ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/232919347190734?v=2.9.83&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3b0b59a401f38c50ef1293d0e7c87ebd02323519a4ba21407fbbf52df28c4d19

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: y/6sEI/gissD8d+0j88VxOLziJS3ibN8wYTHUabnaAMveqbQhwp1A+3JqTaqAiMsz+RD/LgzA58kNmhhbXl8uw==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 23 Sep 2022 16:23:25 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
441 B 70ms
24ms XHR
text/plain 2a00:1450:4025:402::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-3420049-1&cid=567230187.1663950206&jid=1282488857&gjid=730164733&_gid=1562777688.1663950206&_u=YGBAgUABAAAAAE~&z=419841790

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4025:402::9c Den Helder, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 23 Sep 2022 16:23:25 GMT
content-type: text/plain
access-control-allow-origin: https://logrhythm.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 25ms
9ms Image
image/gif 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j97&aip=1&a=421695435&t=pageview&_s=1&dl=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&ul=en-us&de=UTF-8&dt=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgUAB~&jid=1282488857&gjid=730164733&cid=567230187.1663950206&tid=UA-3420049-1&_gid=1562777688.1663950206&gtm=2wg9l0N3MMPPN&z=1057846462

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 12:48:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12897
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 677.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 7 KB
3 KB 9ms
9ms Script
application/javascript 143.204.215.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/677.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-71.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 91d8033a4e69dae9cba5ff8566caaae1fcf54e2989d0e9bc3aeaf5bd2ef5ff38

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Wed, 14 Sep 2022 00:54:20 GMT
server: AmazonS3
age: 57009
etag: W/"979214fde675971ae0344e76a7888bc8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
date: Fri, 23 Sep 2022 00:33:16 GMT
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: ffAH9ukueX5UNt9qoMw-DNdiwcdcW4zy3gY56DxA0L3uHDXchwkTDg==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1070386004/ 2 KB
1 KB 84ms
58ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1070386004/?random=1663950205653&cv=9&fst=1663950205653&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9l0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&auid=1470409100.1663950205&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6e9d58866f0c9d6cbc654ecff004d8bb0d2b3539f238f737dac4b3fb18951613

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1056
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/952414179/ 2 KB
1 KB 81ms
55ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/952414179/?random=1663950205655&cv=9&fst=1663950205655&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9l0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&auid=1470409100.1663950205&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15b488dffdf860a7967aefe712f3a435d61306aee12d0d5b16fdee85fd4d5b86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1055
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-user-list/903108792/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/903108792/?random=1663950205655&cv=9&fst=1663950205655&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
https://www.google.com/pagead/1p-user-list/903108792/?random=1663950205655&cv=9&fst=1663948800000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=f...
https://www.google.de/pagead/1p-user-list/903108792/?random=1663950205655&cv=9&fst=1663948800000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=fa...

42 B
64 B

105ms
49ms

Image
image/gif

2a00:1450:400d:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/903108792/?random=1663950205655&cv=9&fst=1663948800000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&async=1&is_vtc=1&random=106584824&resp=GooglemKTybQhCsO&ipr=y

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Server

2a00:1450:400d:80e::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 16:23:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 23 Sep 2022 16:23:25 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-user-list/903108792/?random=1663950205655&cv=9&fst=1663948800000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&async=1&is_vtc=1&random=106584824&resp=GooglemKTybQhCsO&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 lounge.9772024640e1cec8d973cd80fb62abd8.css
c.disquscdn.com/next/embed/styles/ 0
26 KB 28ms
8ms Other
text/css 2600:9000:2057:8c00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.9772024640e1cec8d973cd80fb62abd8.css

Requested by

Host: logrhythm-com.disqus.com
URL: https://logrhythm-com.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:8c00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 19:34:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 938956
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26136
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 12 Sep 2022 19:13:42 GMT
server: nginx
etag: "631f84e6-6618"
content-type: text/css; charset=utf-8
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
expires: Tue, 12 Sep 2023 19:34:09 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA6-C1
timing-allow-origin: *
x-amz-cf-id: dhl5eG9HsWPs6DNgMDl17SrqNR2WzOmHU25M-9s3LHdu9LClfoq7TA==
x-cache-hits: 0

GET
H2 200 common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
c.disquscdn.com/next/embed/ 0
93 KB 34ms
14ms Other
application/javascript 2600:9000:2057:8c00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Requested by

Host: logrhythm-com.disqus.com
URL: https://logrhythm-com.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:8c00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 24 May 2022 11:26:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10558589
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94755
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 10 May 2022 13:06:19 GMT
server: nginx
etag: "627a634b-17223"
content-type: application/javascript; charset=utf-8
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
expires: Wed, 24 May 2023 11:26:56 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA6-C1
timing-allow-origin: *
x-amz-cf-id: laBhezcUivv2aXrZuZYOYLa-ZXLkCvWvWEmTtH8Q2c0w3IfG3GdCbQ==
x-cache-hits: 0

GET
H2 200 lounge.bundle.4a4252944de4199d2e7f3e9e3eb9bc54.js
c.disquscdn.com/next/embed/ 0
122 KB 41ms
22ms Other
application/javascript 2600:9000:2057:8c00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.4a4252944de4199d2e7f3e9e3eb9bc54.js

Requested by

Host: logrhythm-com.disqus.com
URL: https://logrhythm-com.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:8c00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 16 Sep 2022 09:02:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 631243
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 123979
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Fri, 16 Sep 2022 08:34:41 GMT
server: nginx
etag: "63243521-1e44b"
content-type: application/javascript; charset=utf-8
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
expires: Sat, 16 Sep 2023 09:02:42 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA6-C1
timing-allow-origin: *
x-amz-cf-id: RChSSMxWnjOQ37D7S8y5ZHuzKFoW1JMGo_K4ySNzOW2q9zhW-nPkag==
x-cache-hits: 0

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
16 KB 32ms
9ms Other
application/javascript 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: logrhythm-com.disqus.com
URL: https://logrhythm-com.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Fri, 23 Sep 2022 16:23:25 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 37
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 16221
X-XSS-Protection: 1; mode=block

POST
H/1.1 200
OK visitWebPage
050-uwt-888.mktoresp.com/webevents/ 2 B
318 B 728ms
97ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://050-uwt-888.mktoresp.com/webevents/visitWebPage?_mchNc=1663950205712&_mchCn=&_mchId=050-UWT-888&_mchTk=_mch-logrhythm.com-1663950205712-80690&_mchHo=logrhythm.com&_mchPo=&_mchRu=%2Fblog%2Fdeep-dive-into-plugx-malware%2F&_mchPc=https%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/162/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Fri, 23 Sep 2022 16:23:26 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 6a9c56d1-bb6f-418e-8d4e-a64861e29690

OPTIONS
H2 200 init
jukebox.pathfactory.com/api/public/v1/ Frame 0
0 321ms
106ms Preflight 34.193.204.7
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/init?clientId=LB-72E778C0-10607&image=&title=&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.204.7 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-204-7.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://logrhythm.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://logrhythm.com
access-control-expose-headers
access-control-max-age: 7200
date: Fri, 23 Sep 2022 16:23:25 GMT

GET
H2 200 447.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 455 B
825 B 8ms
8ms Script
application/javascript 143.204.215.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/447.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-71.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3cb35269dc1be66fc58f5781d86f083118be8ea2098256832d28953616619bec

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
last-modified: Wed, 14 Sep 2022 00:54:20 GMT
server: AmazonS3
age: 67964
etag: "781595c1866f620f3ed659c17c4ba5cf"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
date: Thu, 22 Sep 2022 21:30:42 GMT
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-length: 455
x-amz-cf-id: B57woa4lftp1moz-XzLJJ6kNncmDBkbwKA27LTqtm9E1Zkg7g1AAAQ==

GET
H2 200 init Show response
jukebox.pathfactory.com/api/public/v1/ 11 KB
4 KB 363ms
160ms XHR
application/json 34.193.204.7
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/init?clientId=LB-72E778C0-10607&image=&title=&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.204.7 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-204-7.compute-1.amazonaws.com

Software

Resource Hash

3fde201925fe9dc3d22400e9d50c14a5878e06f7ea3de7ba4e1b001c76f440c9

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 23 Sep 2022 16:23:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-max-age: 7200
vary: Accept, Origin, Accept-Encoding
x-request-id: 6526aec2-43cd-4d65-91eb-f3cc5ef00953
x-runtime: 0.054954
referrer-policy: no-referrer-when-downgrade
etag: W/"3fde201925fe9dc3d22400e9d50c14a5"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://logrhythm.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-security-policy

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 117ms
56ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-3420049-1&cid=567230187.1663950206&jid=1282488857&_u=YGBAgUABAAAAAE~&z=848190208

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 16:23:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 117ms
58ms Image
image/gif 2a00:1450:400d:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-3420049-1&cid=567230187.1663950206&jid=1282488857&_u=YGBAgUABAAAAAE~&z=848190208

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 16:23:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/ 28 KB
7 KB 60ms
40ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/447.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 632, 617, 617
age: 17907585
cdn-cachedat: 2021-06-08 21:36:06
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 0da3e6fa0421515cbcf5425517fc7012
cf-ray: 74f49ff1d9c15c9e-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 css
fonts.googleapis.com/ 4 KB
1 KB 41ms
19ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,700

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/447.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

099f342bcdd01d03cacd2d665bb82ed11b7110f74768ec40774de44140481a38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 23 Sep 2022 15:52:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 23 Sep 2022 16:23:25 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 23 Sep 2022 16:23:25 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/952414179/ 42 B
108 B 97ms
57ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/952414179/?random=1663950205655&cv=9&fst=1663948800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&async=1&fmt=3&is_vtc=1&random=3672952305&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 16:23:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/952414179/ 42 B
108 B 85ms
47ms Image
image/gif 2a00:1450:400d:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/952414179/?random=1663950205655&cv=9&fst=1663948800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&async=1&fmt=3&is_vtc=1&random=3672952305&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 16:23:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1070386004/ 42 B
108 B 95ms
58ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1070386004/?random=1663950205653&cv=9&fst=1663948800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&async=1&fmt=3&is_vtc=1&random=4013239054&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 16:23:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1070386004/ 42 B
548 B 56ms
46ms Image
image/gif 2a00:1450:400d:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1070386004/?random=1663950205653&cv=9&fst=1663948800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9l0&sendb=1&frm=0&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&tiba=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&async=1&fmt=3&is_vtc=1&random=4013239054&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Sep 2022 16:23:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame 1EBF 7 KB
4 KB 141ms
141ms Document
text/html 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default

Requested by

Host: logrhythm-com.disqus.com
URL: https://logrhythm-com.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

622953ae78983932c796e1a15b7b63aec70c0fcb05456f165bd3f5edae978f70

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 0
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 2910
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 23 Sep 2022 16:23:25 GMT
ETag: W/"lounge:view:7945976954.5332c4969d76fb5f0a7aa5e3862a6ffe.2"
Last-Modified: Wed, 21 Sep 2022 15:32:29 GMT
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Referrer-Policy: no-referrer-when-downgrade
Server: nginx
Strict-Transport-Security: max-age=300; includeSubdomains
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"

GET
H/1.1 200
OK count.js Show response
logrhythm-com.disqus.com/ 1 KB
2 KB 8ms
7ms Script
application/javascript 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm-com.disqus.com/count.js

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.22

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Fri, 23 Sep 2022 16:23:25 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 147
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 22 Sep 2022 15:28:05 GMT
Server: nginx
ETag: "632c7f05-367"
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
X-Amz-Cf-Pop: DFW56-P1
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id: 4JJZcA3J3HkAGkGt_qHBTeAUxVihselft6EgSV3mJkXkk22gS9EyZQ==

GET
H2 200 getForm Show response
ecrm.logrhythm.com/index.php/form/ 6 KB
2 KB 73ms
72ms Script
application/javascript 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ecrm.logrhythm.com/index.php/form/getForm?munchkinId=050-UWT-888&form=1920&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&callback=jQuery112406115197546506332_1663950205286&_=1663950205287
Requested by: Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00c00504a1aead512fcf165cc9b54a7ee9bb8d29702e10bd0f6060b389c9decd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:25 GMT
content-encoding: gzip
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f49ff26dd49040-FRA
cached: true
content-type: application/javascript; charset=utf-8

GET
H2 200 forms2.css
ecrm.logrhythm.com/js/forms2/css/ 13 KB
3 KB 377ms
373ms Stylesheet
text/css 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ecrm.logrhythm.com/js/forms2/css/forms2.css

Requested by

Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Tue, 16 Aug 2022 18:54:37 GMT
server: cloudflare
etag: "808ff-3437-5e66047a81540"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
strict-transport-security: max-age=63072000;
accept-ranges: bytes
cf-ray: 74f49ff2fe859040-FRA
content-length: 2623
expires: Fri, 23 Sep 2022 20:23:26 GMT

GET
H2 200 forms2-theme-simple.css
ecrm.logrhythm.com/js/forms2/css/ 826 B
405 B 145ms
141ms Stylesheet
text/css 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ecrm.logrhythm.com/js/forms2/css/forms2-theme-simple.css

Requested by

Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Tue, 16 Aug 2022 18:54:37 GMT
server: cloudflare
etag: "808fe-33a-5e66047a81540"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 74f49ff2fe869040-FRA
content-length: 242
expires: Fri, 23 Sep 2022 20:23:26 GMT

GET
H2 200 getKnownLead Show response
ecrm.logrhythm.com/index.php/form/ 49 B
261 B 438ms
437ms Script
application/javascript 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ecrm.logrhythm.com/index.php/form/getKnownLead?form=1920&lpId=&munchkinId=050-UWT-888&filledFields=true&_mkt_trk=id%3A050-UWT-888%26token%3A_mch-logrhythm.com-1663950205712-80690&callback=jQuery112406115197546506332_1663950205286&_=1663950205288

Requested by

Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64be7e9283fd94db2161714edd1ead5bd58bedb1398b4a526a580a260f114129

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=63072000;
content-type: application/javascript; charset=utf-8
cf-ray: 74f49ff2fe889040-FRA

GET
H2 200 /
www.facebook.com/tr/ 0
204 B 37ms
11ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=232919347190734&ev=PageView&dl=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&rl=&if=false&ts=1663950205951&sw=1600&sh=1200&v=2.9.83&r=stable&ec=0&o=29&fbp=fb.1.1663950205950.636397494&it=1663950205632&coo=false&rqm=GET

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Fri, 23 Sep 2022 16:23:25 GMT
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

GET
H2 200 lounge.load.6aea2f4e09ae30542b5dce5b45ef2326.js Show response
c.disquscdn.com/next/embed/ Frame 1EBF 958 B
1 KB 34ms
7ms Script
application/javascript 2600:9000:2057:8c00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.6aea2f4e09ae30542b5dce5b45ef2326.js

Requested by

Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:8c00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

38f41731eec750c022d3770ec606eece0195a9d02eb13a1206bb3771acd7d446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 16 Sep 2022 09:02:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 631243
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 494
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Fri, 16 Sep 2022 08:34:41 GMT
server: nginx
etag: "63243521-1ee"
content-type: application/javascript; charset=utf-8
via: 1.1 d357d5d597708d2b41e0fea397aa2620.cloudfront.net (CloudFront)
expires: Sat, 16 Sep 2023 09:02:42 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA6-C1
timing-allow-origin: *
x-amz-cf-id: r4aN7g4iM788ywYV5Jkm9YM5g7mFa7FbAPqq1x6m_uL4X4hu6I-Tmw==
x-cache-hits: 0

GET
H2 200 common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js Show response
c.disquscdn.com/next/embed/ Frame 1EBF 282 KB
93 KB 7ms
7ms Script
application/javascript 2600:9000:2057:8c00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.6aea2f4e09ae30542b5dce5b45ef2326.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:8c00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

64cee676a611b27aca955c5e227666f9d955682512ec25b982bd5e2f92eb61dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 24 May 2022 11:26:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10558589
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94755
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 10 May 2022 13:06:19 GMT
server: nginx
etag: "627a634b-17223"
content-type: application/javascript; charset=utf-8
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
expires: Wed, 24 May 2023 11:26:56 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA6-C1
timing-allow-origin: *
x-amz-cf-id: wjaXzO3jhk5dodheRD2-6RFYBhA9xfWZk-DU9dF3kPAAGX80H1PUXg==
x-cache-hits: 0

GET
H2 200 lounge.9772024640e1cec8d973cd80fb62abd8.css
c.disquscdn.com/next/embed/styles/ Frame 1EBF 165 KB
26 KB 10ms
10ms Stylesheet
text/css 2600:9000:2057:8c00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.9772024640e1cec8d973cd80fb62abd8.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:8c00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c43a8d413e5b24b174ce521baf90d23fd3ee9649b210ccc3847cb6943b2f28ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 19:34:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 938957
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26136
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 12 Sep 2022 19:13:42 GMT
server: nginx
etag: "631f84e6-6618"
content-type: text/css; charset=utf-8
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
expires: Tue, 12 Sep 2023 19:34:09 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA6-C1
timing-allow-origin: *
x-amz-cf-id: C6Z8Rts3xz558bIIJydllphGgvwWjfkf-GMzqaFwCjztTYmXFOODew==
x-cache-hits: 0

GET
H2 200 lounge.bundle.4a4252944de4199d2e7f3e9e3eb9bc54.js Show response
c.disquscdn.com/next/embed/ Frame 1EBF 480 KB
122 KB 9ms
9ms Script
application/javascript 2600:9000:2057:8c00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.4a4252944de4199d2e7f3e9e3eb9bc54.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:8c00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

68a742d714f6bfd07296aafa58b940878878848f93f2e7f8d0f2a13a68c1a326

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 16 Sep 2022 09:02:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 631244
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 123979
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Fri, 16 Sep 2022 08:34:41 GMT
server: nginx
etag: "63243521-1e44b"
content-type: application/javascript; charset=utf-8
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
expires: Sat, 16 Sep 2023 09:02:42 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA6-C1
timing-allow-origin: *
x-amz-cf-id: PAhrMIgnp61MsXhQNigGIKi_xekAygpnrn39nCIzM2uAJfRmlc6KhA==
x-cache-hits: 0

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame 1EBF 16 KB
16 KB 10ms
10ms Script
application/javascript 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

d870d845526fe81346f4fe0d0b2cf1543c3ddbd5c5e484c00223b6dd0b85226a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Fri, 23 Sep 2022 16:23:26 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 38
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 16221
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame 1EBF 3 KB
4 KB 117ms
117ms XHR
application/json 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=logrhythm-com&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

def021776e339845a843e935849c7a6789108b40394ee21217287a703dfe181e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Fri, 23 Sep 2022 16:23:26 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 3583
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK loadReactions Show response
disqus.com/api/3.0/threadReactions/ Frame 1EBF 931 B
1 KB 143ms
128ms XHR
application/json 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/threadReactions/loadReactions?thread=7945976954&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

39ea31b09d3b57e0009d5d59d6f64308b648682b78d9bd3223daac59018392bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Fri, 23 Sep 2022 16:23:26 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cache-Control: stale-while-revalidate=30, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 931
X-XSS-Protection: 1; mode=block

GET
H2 200 loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame 1EBF 3 KB
3 KB 7ms
7ms Image
image/gif 2600:9000:2057:8c00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.9772024640e1cec8d973cd80fb62abd8.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:8c00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.9772024640e1cec8d973cd80fb62abd8.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 21 Aug 2022 05:31:16 GMT
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 2890330
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2971
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Thu, 18 Aug 2022 14:28:43 GMT
server: nginx
etag: "62fe4c9b-b9b"
content-type: image/gif
access-control-allow-origin: *
expires: Mon, 21 Aug 2023 05:31:16 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: uRWIttsZJtf6tR-dEP4zKTicl5bnHsd-xv3L8593MMjMT6KdsKoOFg==
x-cache-hits: 0

GET
H2 200 sprite.ad630a07080a45451f139a7487853ff8.png
c.disquscdn.com/next/embed/assets/img/ Frame 1EBF 2 KB
2 KB 7ms
7ms Image
image/png 2600:9000:2057:8c00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.9772024640e1cec8d973cd80fb62abd8.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:8c00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.9772024640e1cec8d973cd80fb62abd8.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 05:21:30 GMT
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 5223716
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 1763
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Fri, 22 Jul 2022 12:02:55 GMT
server: nginx
etag: "62da91ef-6e3"
content-type: image/png
access-control-allow-origin: *
expires: Tue, 25 Jul 2023 05:21:30 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: ymKSbK4esJFy4-Z0uYLIlpwx1L4NdQ4LF6Bmw1HvstccasNDhVTvcA==
x-cache-hits: 0

GET
H2 200 icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame 1EBF 8 KB
8 KB 8ms
8ms Font
application/octet-stream 2600:9000:2057:8c00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.9772024640e1cec8d973cd80fb62abd8.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:8c00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.9772024640e1cec8d973cd80fb62abd8.css
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 22:05:41 GMT
via: 1.1 d357d5d597708d2b41e0fea397aa2620.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 9656265
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 7900
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Fri, 03 Jun 2022 17:03:15 GMT
server: nginx
etag: "629a3ed3-1edc"
content-type: application/octet-stream
access-control-allow-origin: *
expires: Sat, 03 Jun 2023 22:05:41 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: -kYzQulwfqwMdnCtxZbus_b-F5IxQdDOGi--p5Q9jWdE_8RQWTX7Ew==
x-cache-hits: 0

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame 1EBF 43 B
339 B 118ms
100ms Image
image/gif 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&integration=wordpress%203.0.22&load_time=160&event=init_embed&thread=7945976954&forum=logrhythm-com&forum_id=6036216&imp=3k9dts216pq7vf&thread_slug=take_a_deep_dive_into_plugx_malware&user_type=anon&referrer=&theme=next&dnt=0&tracking_enabled=0&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=false

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Fri, 23 Sep 2022 16:23:26 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H2 200 upvote-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 1EBF 8 KB
8 KB 10ms
7ms Image
image/png 2600:9000:2057:8c00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/upvote-512x512.png

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:8c00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:22:09 GMT
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 77
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8170
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Thu, 22 Sep 2022 16:09:35 GMT
server: nginx
etag: "632c88bf-1fea"
content-type: image/png
access-control-allow-origin: *
expires: Fri, 23 Sep 2022 16:27:09 GMT
cache-control: max-age=300, public
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: rt3Vl8cC8HHhiKmi9V-C3Yrmt2DGp0PwsTAN6nsMrzfXtOVimIjD4A==
x-cache-hits: 0

GET
H2 200 funny-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 1EBF 9 KB
9 KB 11ms
8ms Image
image/png 2600:9000:2057:8c00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/funny-512x512.png

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:8c00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:19:47 GMT
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 232
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8883
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Thu, 22 Sep 2022 16:09:35 GMT
server: nginx
etag: "632c88bf-22b3"
content-type: image/png
access-control-allow-origin: *
expires: Fri, 23 Sep 2022 16:24:34 GMT
cache-control: max-age=300, public
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: BpvF2_WSX3tK4Yk-ZKkutqc9okXXh2SSG-4ii--3mPWo9XloapWsRA==
x-cache-hits: 0

GET
H2 200 love-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 1EBF 12 KB
12 KB 11ms
9ms Image
image/png 2600:9000:2057:8c00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/love-512x512.png

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:8c00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:20:17 GMT
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 189
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 11910
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Thu, 22 Sep 2022 16:09:35 GMT
server: nginx
etag: "632c88bf-2e86"
content-type: image/png
access-control-allow-origin: *
expires: Fri, 23 Sep 2022 16:25:17 GMT
cache-control: max-age=300, public
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: oxSR6EJrvumEKYjRGlAe_4WjcFmiZO9Em3AxUe0hEwBjmAMzvK5J8w==
x-cache-hits: 0

GET
H2 200 surprised-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 1EBF 7 KB
8 KB 12ms
10ms Image
image/png 2600:9000:2057:8c00:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/surprised-512x512.png

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:8c00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4e14ce1bd0d4433eee84cbb16196a7a051126f07af888ef7f9d252120f32f907

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=logrhythm-com&t_i=2042%20https%3A%2F%2Flogrhythm.com%2Fblog-deep-dive-into-plugx-malware%2F&t_u=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&t_e=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_d=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&t_t=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:22:50 GMT
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 40
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 7308
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Thu, 22 Sep 2022 16:09:35 GMT
server: nginx
etag: "632c88bf-1c8c"
content-type: image/png
access-control-allow-origin: *
expires: Fri, 23 Sep 2022 16:27:46 GMT
cache-control: max-age=300, public
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: ieNlfaKg7OtsE3hxGe93kYnt7BrsGSKa6qMh4tV91FDmdvu2IZZWqQ==
x-cache-hits: 0

GET
H2 200 getForm Show response
ecrm.logrhythm.com/index.php/form/ 6 KB
2 KB 53ms
53ms Script
application/javascript 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ecrm.logrhythm.com/index.php/form/getForm?munchkinId=050-UWT-888&form=1920&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&callback=jQuery112406115197546506332_1663950205286&_=1663950205289
Requested by: Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00c00504a1aead512fcf165cc9b54a7ee9bb8d29702e10bd0f6060b389c9decd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:26 GMT
content-encoding: gzip
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f49ff5ea099040-FRA
cached: true
content-type: application/javascript; charset=utf-8

GET
H2 200 XDFrame Show response
ecrm.logrhythm.com/index.php/form/ Frame 23BC 2 KB
736 B 127ms
126ms Document
text/html 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ecrm.logrhythm.com/index.php/form/XDFrame

Requested by

Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a664bb15e3ef71f68c86f06d043539ac34c7797563ce54b5a6fd0b1b14fd1ea6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 74f49ff65a9b9040-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 23 Sep 2022 16:23:26 GMT
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H3 200 admin-ajax.php Show response
logrhythm.com/wp-admin/ 67 B
4 KB 734ms
733ms XHR
text/html 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-admin/admin-ajax.php?action=marketo_prefill&_mkto_trk=id%3A050-UWT-888%26token%3A_mch-logrhythm.com-1663950205712-80690

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

2edd5df59be45f1a58604387890b721d3a36d512fdc66c263c74dcdb19a0ac90

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:27 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-cacheable: NO:Passed
x-pass-why: wp-admin
x-powered-by: WP Engine
x-cache: MISS
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
x-frame-options: SAMEORIGIN
x-robots-tag: noindex
vary: Accept-Encoding, X-NR-SAMPLE-PERCENT
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate, private
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49ff60962bbec-FRA
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 268.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 159 KB
54 KB 12ms
11ms Script
application/javascript 143.204.215.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/268.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-71.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 48f0d6da0d3e054ef913556d3a1f3b9a5816a4314c2932397293a2be0e55957f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Wed, 14 Sep 2022 00:54:20 GMT
server: AmazonS3
age: 72674
etag: W/"f8beb658fe0e593a4d1f5718df136843"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
date: Thu, 22 Sep 2022 20:12:13 GMT
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: wvmXMVp1IAB-Ag0Ht2rOY6PECijpIaL4P3aNd-mNu6MBTEVUnBlFig==

GET
H2 200 689.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 16 KB
6 KB 12ms
10ms Script
application/javascript 143.204.215.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/689.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-71.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 05ff91703fa482062b851d83b00e7663ef9d2001e01eaa126430e417d8e28aaa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Wed, 14 Sep 2022 00:54:20 GMT
server: AmazonS3
age: 38292
etag: W/"c08943f25f0d30cb139fc315b9b5d615"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
date: Fri, 23 Sep 2022 05:45:15 GMT
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: TL6NyVdq4fLh3SgERoJp4yv07EsTTEc1L68xCcN81H0KcwtHuavaKA==

GET
H2 200 421.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 64 KB
16 KB 43ms
42ms Script
application/javascript 143.204.215.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/421.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-71.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2723d2f68283c90a974ef6e1b2d8f297f7c9beb2822b362ed512a9a74efe0d0d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Wed, 14 Sep 2022 00:54:20 GMT
server: AmazonS3
age: 72674
etag: W/"4a9d56675a31b5a854f0d91e09afda4b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
date: Thu, 22 Sep 2022 20:12:13 GMT
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: _FJviqc-EStja6QH4mIM7MKHhOssxBbRfGuHnd7EjPfB_I0pUkOQ0g==

GET
H2 200 796.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 109 KB
25 KB 44ms
43ms Script
application/javascript 143.204.215.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/796.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-71.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 630da0350c5691ad9841dd6196aedcb19326d3e4b95ae3b52af8ec18902a67c2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Wed, 14 Sep 2022 00:54:20 GMT
server: AmazonS3
age: 57008
etag: W/"670fb490edfc9e7f742c97c491603a18"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
date: Fri, 23 Sep 2022 00:33:19 GMT
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: uCNOLkSB9wtSThJseZ9mgSMWFOFMKGBvPZg0ALuo9Wi1RNQVLy1iNg==

GET
H2 200 605.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 3 KB
2 KB 45ms
44ms Script
application/javascript 143.204.215.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/605.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-71.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b1b7cad3662c797e3e91b18c0aceaf92bbcb53be6b0b1d1fa8d9ca55fbc76f36

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Wed, 14 Sep 2022 00:54:20 GMT
server: AmazonS3
age: 73767
etag: W/"1832a9b4ac200c1e1a1a68a20bd26cb6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
date: Thu, 22 Sep 2022 19:54:00 GMT
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: b-K1j_GV6SY8W-vYeroKt5OQirpLfFd3SGEr_daesgrjMRaUCJflmg==

GET
H2 204 website_forms Show response
jukebox.pathfactory.com/api/public/v1/ 0
684 B 114ms
114ms XHR
text/plain 34.193.204.7
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/website_forms?clientId=LB-72E778C0-10607&visitorUuid=&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.204.7 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-204-7.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: application/json

Response headers

x-runtime: 0.010287
date: Fri, 23 Sep 2022 16:23:26 GMT
referrer-policy: no-referrer-when-downgrade
access-control-max-age: 7200
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://logrhythm.com
access-control-expose-headers
cache-control: no-cache
access-control-allow-credentials: true
vary: Origin
x-content-type-options: nosniff
x-request-id: 73aa71d2-581c-403e-aa70-29c732c1368b

OPTIONS
H2 200 website_forms
jukebox.pathfactory.com/api/public/v1/ Frame 0
0 103ms
102ms Preflight 34.193.204.7
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/website_forms?clientId=LB-72E778C0-10607&visitorUuid=&url=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.204.7 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-204-7.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://logrhythm.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://logrhythm.com
access-control-expose-headers
access-control-max-age: 7200
date: Fri, 23 Sep 2022 16:23:26 GMT

GET
H2 200 getKnownLead Show response
ecrm.logrhythm.com/index.php/form/ 49 B
128 B 448ms
447ms Script
application/javascript 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64be7e9283fd94db2161714edd1ead5bd58bedb1398b4a526a580a260f114129

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=63072000;
content-type: application/javascript; charset=utf-8
cf-ray: 74f49ff65a9e9040-FRA

OPTIONS
H2 200 page_views
jukebox.pathfactory.com/api/public/v1/ Frame 0
0 102ms
102ms Preflight 34.193.204.7
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/page_views
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.204.7 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-204-7.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://logrhythm.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://logrhythm.com
access-control-expose-headers
access-control-max-age: 7200
date: Fri, 23 Sep 2022 16:23:26 GMT

POST
H2 200 page_views Show response
jukebox.pathfactory.com/api/public/v1/ 153 B
1 KB 147ms
146ms XHR
application/json 34.193.204.7
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/page_views

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.204.7 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-204-7.compute-1.amazonaws.com

Software

Resource Hash

eeaf0558859c6490cfe4515e5d1be31b35a59f0b5b840a89be7da5948168e10c

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 23 Sep 2022 16:23:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-max-age: 7200
vary: Accept, Origin, Accept-Encoding
x-request-id: 308552ae-66fa-426a-9de4-e7517211fae2
x-runtime: 0.042152
referrer-policy: no-referrer-when-downgrade
etag: W/"eeaf0558859c6490cfe4515e5d1be31b"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://logrhythm.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-security-policy

GET
H2 200 forms2.min.js Show response
ecrm.logrhythm.com/js/forms2/js/ Frame 23BC 208 KB
69 KB 27ms
27ms Script
application/x-javascript 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ecrm.logrhythm.com/js/forms2/js/forms2.min.js

Requested by

Host: ecrm.logrhythm.com
URL: https://ecrm.logrhythm.com/index.php/form/XDFrame

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ecrm.logrhythm.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Fri, 23 Sep 2022 03:44:48 GMT
server: cloudflare
age: 1
etag: "16324c-33e51-5e94fffe29b0b"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 74f49ff72bae9040-FRA
expires: Fri, 23 Sep 2022 20:23:26 GMT

GET
H2 200 insent Show response
logrhythm.widget.insent.ai/ 79 KB
23 KB 51ms
8ms Script
binary/octet-stream 2600:9000:214f:6c00:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/insent
Requested by: Host: logrhythm.com
URL: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6c00:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dc7d3d9942743ea9e256820bb1a9b64fa310944e09a70b66b2de29c246c0d586

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: UWBsgtSaCUEPXAwaM0lkoBBKaCykwQMB
content-encoding: gzip
last-modified: Sun, 18 Sep 2022 03:41:32 GMT
server: AmazonS3
age: 73806
etag: "1304a29b0fb86034147d522f9613d113"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: binary/octet-stream
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
date: Thu, 22 Sep 2022 19:54:25 GMT
x-amz-cf-pop: FRA53-C1
content-length: 22861
x-amz-cf-id: EQZImPYrS7nKd_uVL0P7gGVgvcB8YnCGQq416VfgkheznFSgwprWVg==

GET
H3 200 admin-ajax.php Show response
logrhythm.com/wp-admin/ 67 B
4 KB 782ms
781ms XHR
text/html 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.com/wp-admin/admin-ajax.php?action=marketo_prefill&_mkto_trk=id%3A050-UWT-888%26token%3A_mch-logrhythm.com-1663950205712-80690

Requested by

Host: logrhythm.com
URL: https://logrhythm.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

d86ad5fbbe8decb941967af7793c7f88fb2ac2701082bad19da29387c4abce0e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://logrhythm.com/blog/deep-dive-into-plugx-malware/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:27 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-cacheable: NO:Passed
x-pass-why: wp-admin
x-powered-by: WP Engine
x-cache: MISS
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
x-frame-options: SAMEORIGIN
x-robots-tag: noindex
vary: Accept-Encoding, X-NR-SAMPLE-PERCENT
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate, private
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
content-security-policy: default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://*.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.intercom.io https://js.intercomcdn.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://*.bizzabo.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://*.logrhythm.com https://*.bizzabo.com https://forms.office.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://*.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com;
cf-ray: 74f49ff948f0bbec-FRA
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 / Show response
logrhythm.widget.insent.ai/ Frame EBA2 3 KB
2 KB 12ms
12ms Document
text/html 2600:9000:214f:6c00:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=Uv7O5xp2945P1wG&marketo_cookies=[%22_mch-logrhythm.com-1663950205712-80690%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Requested by: Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/insent
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6c00:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b9e47d69d676caa317d1f363d2f8b0738190f8ff20b63e8785d7b042fdc04a8a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 477689
cache-control: max-age=31536000
content-encoding: gzip
content-type: text/html
date: Sun, 18 Sep 2022 03:41:59 GMT
etag: W/"eea75ef925622e1167b0d9b4954b912b"
last-modified: Sun, 18 Sep 2022 03:41:35 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
x-amz-cf-id: hTTUO9mIun3RSxRwK4rrUHqxqglj2Qdmzjr9aA6ILxqhLV-WDt7dGQ==
x-amz-cf-pop: FRA53-C1
x-amz-version-id: 1E8NQBLsmaokM5JnHsrL5cuXUjOz6Qm.
x-cache: Error from cloudfront

GET
H2 200 env.js Show response
logrhythm.widget.insent.ai/ Frame EBA2 378 B
747 B 10ms
9ms Script
application/javascript 2600:9000:214f:6c00:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/env.js
Requested by: Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=Uv7O5xp2945P1wG&marketo_cookies=[%22_mch-logrhythm.com-1663950205712-80690%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6c00:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 89a36badc95907fd50278438a72934c399417a57418c19e6a3720750df9f40c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=Uv7O5xp2945P1wG&marketo_cookies=[%22_mch-logrhythm.com-1663950205712-80690%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: 7l0DNtUH75hgZ0ODtYgwUTux2BGbJfgS
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
last-modified: Mon, 28 Mar 2022 10:28:10 GMT
server: AmazonS3
age: 82549
etag: "e711f85de9dc5aa30577052ddc69b53b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
date: Thu, 22 Sep 2022 17:27:53 GMT
x-amz-cf-pop: FRA53-C1
content-length: 378
x-amz-cf-id: oIusWzjyZ8nlCaBvDUSk4u6tQcITISNzNrjv2Gzp_153UIjI8YlDtg==

GET
H2 200 pusher.min.js Show response
js.pusher.com/6.0/ Frame EBA2 64 KB
18 KB 65ms
9ms Script
application/javascript 143.204.210.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.pusher.com/6.0/pusher.min.js
Requested by: Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=Uv7O5xp2945P1wG&marketo_cookies=[%22_mch-logrhythm.com-1663950205712-80690%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.210.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-210-101.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d9f69c562fa39d1b002af05da1c6b99247e69c14a48e67b35d8a8b0efd739128

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.widget.insent.ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 04:00:34 GMT
content-encoding: gzip
last-modified: Thu, 14 May 2020 14:40:27 GMT
server: AmazonS3
age: 44574
etag: W/"ba16a869e0473ee0ff7636f71e340c60"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: 2Bx-EPA0eVDAPPAxtf98J5oahSW27fHj1jR77WJaBxP_RSUK2XpoWw==
via: 1.1 511c8b6c7e903efca023a504d527516a.cloudfront.net (CloudFront)

GET
H2 200 vendors.f8bcf3b7.js Show response
logrhythm.widget.insent.ai/static/js/ Frame EBA2 1 MB
350 KB 22ms
20ms Script
application/javascript 2600:9000:214f:6c00:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/static/js/vendors.f8bcf3b7.js
Requested by: Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=Uv7O5xp2945P1wG&marketo_cookies=[%22_mch-logrhythm.com-1663950205712-80690%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6c00:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9e2023898adb5547a6906ffadf47d31e35f5102ad38808692441b9d4b3a01482

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=Uv7O5xp2945P1wG&marketo_cookies=[%22_mch-logrhythm.com-1663950205712-80690%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 18 Sep 2022 03:42:02 GMT
content-encoding: gzip
last-modified: Sun, 18 Sep 2022 03:41:35 GMT
server: AmazonS3
age: 477686
etag: W/"a31e16fc4204218b28bc60265dbe7ab3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: haAiiIiR9ZddBhAMDzVXne5n.fWvWTr4
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1
content-type: application/javascript
x-amz-cf-id: tDyE2hQcyT8hkLbsHODmewdHAZVBfqySyX_LusA3wRtpMrZAtGpMSg==

GET
H2 200 commons.bb9c1912.js Show response
logrhythm.widget.insent.ai/static/js/ Frame EBA2 209 KB
56 KB 13ms
12ms Script
application/javascript 2600:9000:214f:6c00:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/static/js/commons.bb9c1912.js
Requested by: Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=Uv7O5xp2945P1wG&marketo_cookies=[%22_mch-logrhythm.com-1663950205712-80690%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6c00:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 08a26d1e0ccf53b7c589b5629ff34578193d4f8c43a25f176180e7237803bf1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=Uv7O5xp2945P1wG&marketo_cookies=[%22_mch-logrhythm.com-1663950205712-80690%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 18 Sep 2022 03:42:02 GMT
content-encoding: gzip
last-modified: Sun, 18 Sep 2022 03:41:35 GMT
server: AmazonS3
age: 477686
etag: W/"7936e152613a372d5367072d3e004050"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: dewzPh3E08LhzeOLMbj4TtUBnqhR0vsX
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1
content-type: application/javascript
x-amz-cf-id: ixIjm3Ni_eYTW6rpGivHg-Tv7z0FzS6rnUT-_EETVIbBAQOQXwcF7g==

GET
H2 200 reduxComponents.be024c74.js Show response
logrhythm.widget.insent.ai/static/js/ Frame EBA2 50 KB
12 KB 10ms
9ms Script
application/javascript 2600:9000:214f:6c00:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/static/js/reduxComponents.be024c74.js
Requested by: Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=Uv7O5xp2945P1wG&marketo_cookies=[%22_mch-logrhythm.com-1663950205712-80690%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6c00:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f26f86b768b8f10ca0f4d2e808f4c29c343cdd464b062c514709fd14b5c7675a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=Uv7O5xp2945P1wG&marketo_cookies=[%22_mch-logrhythm.com-1663950205712-80690%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 18 Sep 2022 03:42:02 GMT
content-encoding: gzip
last-modified: Sun, 18 Sep 2022 03:41:35 GMT
server: AmazonS3
age: 477686
etag: W/"fe0cd0830212d1e2bd6956b3d59842a7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: PBPnfK5JRTbpNgKZmv0uOaLgMsGY0KOH
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1
content-type: application/javascript
x-amz-cf-id: ybvn8UE-zD8Hb8LNm0N1GuIrLOqGQJLPK1M60a16483PUtyASkChvA==

GET
H2 200 main.28ee7744.chunk.js Show response
logrhythm.widget.insent.ai/static/js/ Frame EBA2 112 KB
28 KB 11ms
11ms Script
application/javascript 2600:9000:214f:6c00:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/static/js/main.28ee7744.chunk.js
Requested by: Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=Uv7O5xp2945P1wG&marketo_cookies=[%22_mch-logrhythm.com-1663950205712-80690%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6c00:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: eda7e9c18b84b3893e4244b65b2c9d6d857e629dfe4459c3ecbd1e813137d43b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=Uv7O5xp2945P1wG&marketo_cookies=[%22_mch-logrhythm.com-1663950205712-80690%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 18 Sep 2022 03:41:59 GMT
content-encoding: gzip
last-modified: Sun, 18 Sep 2022 03:41:35 GMT
server: AmazonS3
age: 477689
etag: W/"88c87d26fe961e217a658762cb699dc7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: PAf7drtdyoX0FT6vxswRxoClJCoO1FlP
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1
content-type: application/javascript
x-amz-cf-id: ryFYIwX1Whp3o5viiM2mf8t_mXKCkUu0Nf7EG40tgD7PAiqP6HWvtQ==

GET
H2 200 english.json Show response
logrhythm.widget.insent.ai/ Frame EBA2 6 KB
2 KB 8ms
8ms XHR
application/json 2600:9000:214f:6c00:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/english.json
Requested by: Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/static/js/vendors.f8bcf3b7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6c00:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 156d6aa105478b20d8942963436e8dfd7fb6a76c7767c27fd08827c24c5c7c0c

Request headers

Accept: application/json, text/plain, */*
Cache-Control: max-age=31536000
Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=Uv7O5xp2945P1wG&marketo_cookies=[%22_mch-logrhythm.com-1663950205712-80690%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 18 Sep 2022 03:42:06 GMT
content-encoding: gzip
last-modified: Sun, 18 Sep 2022 03:41:33 GMT
server: AmazonS3
age: 477682
etag: W/"e519d8608767e738a0724810cbf546c9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: GVsffcJFvoW_1buO0ogVC8b6.dzQ_mfQ
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1
content-type: application/json
x-amz-cf-id: _c2hKO24NxDyKqluiJ15oKlqzVWWLgS8r4J1if3gRdOryfSVgWVcow==

GET
H2 200 getuser Show response
logrhythm.widget.insent.ai/ Frame EBA2 1 KB
1 KB 995ms
995ms XHR
application/json 2600:9000:214f:6c00:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://logrhythm.widget.insent.ai/getuser?url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F

Requested by

Host: logrhythm.widget.insent.ai
URL: https://logrhythm.widget.insent.ai/static/js/vendors.f8bcf3b7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:6c00:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

1ed787b78d74e59b54488197d80b9dd1246edae7a27c31177f85684efe52f022

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=Uv7O5xp2945P1wG&marketo_cookies=[%22_mch-logrhythm.com-1663950205712-80690%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Authorization: Bearer eCHZJAVbbvK7Q39sF6oo
marketoCookies: ["_mch-logrhythm.com-1663950205712-80690"]
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Fri, 23 Sep 2022 16:23:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA53-C1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
apigw-requestid: Y6-L_hYCiYcEPQw=
x-frame-options: SAMEORIGIN
etag: W/"4d3-bsdEeN6IzsHlWI2nwf7QhSzp8i4"
x-download-options: noopen
strict-transport-security: max-age=15552000; includeSubDomains
content-type: application/json; charset=utf-8
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
x-amz-cf-id: we6seXlehD_grU_CoqmJSWUGY4sI7-jQVWfT4acDdB2x7fGC4Acgkg==

GET
H2 200 logo-logrhythm-1657126227445
attachments.insent.ai/logrhythm/ Frame EBA2 48 KB
49 KB 104ms
20ms Image
application/octet-stream 2600:9000:2304:fa00:d:ed29:200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attachments.insent.ai/logrhythm/logo-logrhythm-1657126227445?1657126227539
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:fa00:d:ed29:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d4f4d52cfda3e0e099e88af5c322a704352db9b322cb6b9cfef5b480a1b9d175

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.widget.insent.ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id: sfeZrNLqb4gIiwm5N9rLdUjzi29G0w89
via: 1.1 92835d2f5794bba6bff3a83645bbf4c4.cloudfront.net (CloudFront)
etag: "3d0923f7b3d6f404d6f98e30984ecaa7"
last-modified: Wed, 06 Jul 2022 16:50:28 GMT
server: AmazonS3
age: 36608
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/octet-stream
date: Fri, 23 Sep 2022 06:13:21 GMT
x-amz-cf-pop: VIE50-P1
accept-ranges: bytes
content-length: 49214
x-amz-cf-id: AQDYTnyPqsPniYqepWC1PbvCeHrdhUcpioccIvQkjaApuR2V33apmg==

GET
H2 200 close.ec75d473.svg
logrhythm.widget.insent.ai/static/media/ Frame EBA2 340 B
710 B 9ms
9ms Image
image/svg+xml 2600:9000:214f:6c00:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logrhythm.widget.insent.ai/static/media/close.ec75d473.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6c00:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 825b6e088ed40f0fb6b08608d52992bd7641b9ec0065c97ac6c957c7991a3d48

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=Uv7O5xp2945P1wG&marketo_cookies=[%22_mch-logrhythm.com-1663950205712-80690%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 18 Sep 2022 03:41:47 GMT
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
last-modified: Sun, 18 Sep 2022 03:41:35 GMT
server: AmazonS3
age: 477703
etag: "28a1e152bc15dc1dba7aeb152b263167"
x-cache: Hit from cloudfront
x-amz-version-id: oAWPpC9pDNHVjMv5knT9jSidt58cPcAW
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1
content-type: image/svg+xml
content-length: 340
x-amz-cf-id: Wy2REi4HO-0_7C5JyQlwPMRvsur-FxlR3TsNnB1-UopkAsvbpyO5pA==

GET
H2 200 Rubik.woff2
logrhythm.widget.insent.ai/ Frame EBA2 33 KB
33 KB 12ms
12ms Font
font/woff2 2600:9000:214f:6c00:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/Rubik.woff2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6c00:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 815772b443b23ef0ef0929fd6305b13cae6a6345c7d55613a9d8d03e2f9efdb8

Request headers

Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=Uv7O5xp2945P1wG&marketo_cookies=[%22_mch-logrhythm.com-1663950205712-80690%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Origin: https://logrhythm.widget.insent.ai
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 18 Sep 2022 03:41:47 GMT
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
last-modified: Sun, 18 Sep 2022 03:41:35 GMT
server: AmazonS3
age: 477703
etag: "39bafb777ff83e2b3520d39f9d01ed95"
x-cache: Hit from cloudfront
x-amz-version-id: MmJsnNqHLbO1hr4h6h3GXwhu7CvAtest
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1
content-type: font/woff2
content-length: 33620
x-amz-cf-id: IolpGtf214GX-5lvUsYx8IlW0pdIfB0Ux3152Sad7JRtY0FF4Iyuog==

GET
H2 206 definite.9606d071.wav
logrhythm.widget.insent.ai/static/media/ Frame EBA2 86 KB
86 KB 9ms
8ms Media
audio/x-wav 2600:9000:214f:6c00:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logrhythm.widget.insent.ai/static/media/definite.9606d071.wav
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6c00:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4c33f4e9f6ff8978c0c2f06d93068909edb0e7b7867915e548492ba0ee266f03

Request headers

Referer: https://logrhythm.widget.insent.ai/?project_key=eCHZJAVbbvK7Q39sF6oo&blog_url=logrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&event_listener=Uv7O5xp2945P1wG&marketo_cookies=[%22_mch-logrhythm.com-1663950205712-80690%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Range: bytes=0-

Response headers

date: Sun, 18 Sep 2022 03:42:41 GMT
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
last-modified: Sun, 18 Sep 2022 03:41:35 GMT
server: AmazonS3
age: 477649
etag: "3d648870caaca84fd9f81e0b0bba3d48"
x-cache: Hit from cloudfront
x-amz-version-id: DszuFbIQGjKAlGg3U9Dcz3Y3tEBCwTZy
Content-Range: bytes 0-87675/87676
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1
content-type: audio/x-wav
Content-Length: 87676
x-amz-cf-id: 14lZmMwNdtSrpFZDqacr6mHEwIkWvHdrqSiVfOa_UwqOsuyD7KOyFw==

Verdicts & Comments Add Verdict or Comment

114 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.ecrm.logrhythm.com/	1970-01-20 06:12:32	Name: __cf_bm Value: 0rsSYCLb6M_xXKPdic6fmZdHZ0YubRtP_8QGO19YsXE-1663950205-0-AbOwVPB+x1bbeQXA02h1WrVU+gY80MgWa88OmJwB+Vlo6FEY+JmcJvz5L8mrGAQmiD5A/oLwUlqw5DVy+h9CB10=
.logrhythm.com/	1970-01-20 08:22:06	Name: _gcl_au Value: 1.1.1470409100.1663950205
.logrhythm.com/	1970-01-20 06:13:56	Name: _gid Value: GA1.2.1562777688.1663950206
.logrhythm.com/	1970-01-20 06:12:30	Name: _dc_gtm_UA-3420049-1 Value: 1
.logrhythm.com/	1970-01-20 15:48:30	Name: _ga Value: GA1.1.567230187.1663950206
.logrhythm.com/	1970-01-20 15:48:30	Name: _mkto_trk Value: id:050-UWT-888&token:_mch-logrhythm.com-1663950205712-80690
.doubleclick.net/	1970-01-20 06:12:31	Name: test_cookie Value: CheckForPermission
.twitter.com/	1970-01-20 15:48:30	Name: personalization_id Value: "v1_f7WK7uYrJG2NO/AKHtaObQ=="
.t.co/	1970-01-20 15:48:30	Name: muc_ads Value: 8d33eea6-942c-4ea7-a6de-9db9a4a86f4d
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 14:58:06	Name: bcookie Value: "v=2&46a05e6a-aff2-46bb-86a3-63487b791553"
.linkedin.com/	1970-01-20 10:31:42	Name: li_gc Value: MTswOzE2NjM5NTAyMDU7MjswMjEW9sBJb1qV4dVS5n2BB3bf1mU7ALkdK50il7e4ZhJ+PQ==
.linkedin.com/	1970-01-20 06:13:56	Name: lidc Value: "b=TGST03:s=T:r=T:a=T:p=T:g=2844:u=1:x=1:i=1663950205:t=1664036605:v=2:sig=AQGqgBCCq6CbjCRTX8uYhjVScQnaOy-A"
.logrhythm.com/	1970-01-20 08:22:06	Name: _fbp Value: fb.1.1663950205950.636397494
ecrm.logrhythm.com/	1969-12-31 23:59:59	Name: BIGipServerabcweb-nginx-app_https Value: !kByZFzYXAwqDDkrn/+ZT2Dlakae2CzL+UOp3zqVaePzTUAMN+KrC+QYGDZdFfMcvTLRewCqjGQPr5w==
.logrhythm.com/	1970-01-20 15:48:30	Name: _ga_1FE13FG8WE Value: GS1.1.1663950205.1.0.1663950206.0.0.0
.logrhythm.com/	1970-01-20 15:48:30	Name: vid Value: d407ac61-df5c-417d-8a96-b27735219067
jukebox.pathfactory.com/	1970-01-20 15:48:30	Name: _session_id Value: T0hHbjZUbzhJNFBjQU8vNnlxdm5BNDZZb21OSkRZVGFEUElFNUZUVWpyT1F2RkI2clVHa0lTZE1HYkVidjd2ZkpWWHQ4QXhjY2FYTDhud0ZmU2RBRTlNVUptQnJOZEwwZWx5NzQ4dkpzWFdtaHRFTVFGTmprb2hrWlhQY1JzVXU3dFFsaG56WlJOVDZNYnVUR1F1UXdvVENvM2xDZklRRE40WTNmaGw0cGN2OTloTlJXR1BFZ3MxNDVMdFJZK2h3LS1WdGJCNjdlSUxjdnNQYTV1cDg3czhBPT0%3D--f045af53cdf6d59157503584a224bbe7bd2cd245
.logrhythm.com/	1970-01-20 15:48:30	Name: insent-user-id Value: KBsFDVOH2m9IsgwzM1663950207712

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-1FE13FG8WE&l=dataLayer&cx=c(Line 49) Message: Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-1FE13FG8WE&gtm=2oe9l0&_p=421695435&cid=567230187.1663950206&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=1&sid=1663950205&sct=1&seg=0&dl=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&dt=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&en=page_view&_fv=1&_ss=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-1FE13FG8WE&l=dataLayer&cx=c(Line 363) Message: Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-1FE13FG8WE&gtm=2oe9l0&_p=421695435&cid=567230187.1663950206&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_z=ccd.v9B&sid=1663950205&sct=1&seg=0&dl=https%3A%2F%2Flogrhythm.com%2Fblog%2Fdeep-dive-into-plugx-malware%2F&dt=Take%20a%20Deep%20Dive%20into%20PlugX%20Malware%20-%20LogRhythm&_s=2' because it violates the following Content Security Policy directive: "connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://bat.bing.com https://.logrhythm.com https://maps.googleapis.com https://.fontawesome.com https://.clarity.ms wss://nexus-websocket-a.intercom.io https://use.typekit.net https://050-uwt-888.mktoutil.com https://.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://.ampproject.org https://.addthis.com https://.ampproject.net https://connect.facebook.net https://yoast.com https://.facebook.com https://.hotjar.io wss://.hotjar.com https://.hotjar.com https://stats.g.doubleclick.net https://.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://api-iam.intercom.io https://050-uwt-888.mktoresp.com; font-src 'self' data: https://js.intercomcdn.com https://.logrhythm.com https://.hotjar.com https://.typekit.net https://.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://.logrhythm.com https://.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://.logrhythm.com https://logrhythm.widget.insent.ai https://yoast.com https://player.vimeo.com https://.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://.bizzabo.com https://unpkg.com/web-vitals https://www.g2.com https://.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://.intercom.io https://js.intercomcdn.com https://.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://boards.greenhouse.io https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://.twitter.com https://.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://.logrhythm.com https://cdn.jsdelivr.net https://.fontawesome.com https://yoast.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://.bizzabo.com https://platform.twitter.com https://.twimg.com https://.typekit.net https://.disquscdn.com https://www.gartner.com https://.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://logrhythm.com https://.logrhythm.com https://.bizzabo.com https://forms.office.com https://www.facebook.com https://.elementor.com https://www.itcentralstation.com https://optimize.google.com https://www.google.com https://tpc.googlesyndication.com https://.twitter.com https://.addthis.com https://.ampproject.net https://www.slideshare.net https://.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://boards.greenhouse.io https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://.fls.doubleclick.net; prefetch-src 'self' https://disqus.com https://.disquscdn.com; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://.getbambu.com https://.logrhythm.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

050-uwt-888.mktoresp.com
analytics.twitter.com
attachments.insent.ai
c.disquscdn.com
cdn-app.pathfactory.com
cdnjs.cloudflare.com
connect.facebook.net
disqus.com
ecrm.logrhythm.com
fonts.googleapis.com
googleads.g.doubleclick.net
js.pusher.com
jukebox.pathfactory.com
ka-p.fontawesome.com
kit.fontawesome.com
logrhythm-com.disqus.com
logrhythm.com
logrhythm.widget.insent.ai
maxcdn.bootstrapcdn.com
munchkin.marketo.net
p.typekit.net
px.ads.linkedin.com
px4.ads.linkedin.com
referrer.disqus.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
use.typekit.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
104.17.73.206
104.244.42.131
104.244.42.5
13.107.42.14
141.193.213.20
142.250.185.226
143.204.210.101
143.204.215.71
151.101.192.134
192.28.144.124
199.232.136.157
199.232.192.134
23.205.237.4
2600:9000:2057:8c00:6:8656:f5c0:93a1
2600:9000:214f:6c00:f:7ae2:7780:93a1
2600:9000:2304:fa00:d:ed29:200:93a1
2606:4700::6811:190e
2606:4700::6812:1734
2606:4700::6812:bcf
2620:1ec:21::14
2a00:1450:4001:808::2002
2a00:1450:4001:812::2008
2a00:1450:4001:812::200e
2a00:1450:4001:829::200a
2a00:1450:400d:80a::2004
2a00:1450:400d:80e::2003
2a00:1450:4025:402::9c
2a02:26f0:3500:16::215:1495
2a02:26f0:3500:16::215:149b
2a02:26f0:3500:16::215:14a0
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
34.193.204.7
00c00504a1aead512fcf165cc9b54a7ee9bb8d29702e10bd0f6060b389c9decd
01308b306b30630d74806e0db485dfedc37395bfe7a4501abeb0222a4430c645
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
05ff91703fa482062b851d83b00e7663ef9d2001e01eaa126430e417d8e28aaa
0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849
087736c1739310dc04c47e35f7e654cd75479dbf764da09eea77eb29b63e7030
08a26d1e0ccf53b7c589b5629ff34578193d4f8c43a25f176180e7237803bf1a
099f342bcdd01d03cacd2d665bb82ed11b7110f74768ec40774de44140481a38
0a77c3961342c53443c7b470aa1c6c48d0062115a930eb843de40a1696fce683
0b47c6f613bff41662a4af43e11dd7a291ad7a1fbb2346cbcf6260fc2895c911
103d65d0bb1059863bacf409fb11aec0de3bc4b388b31fac43345dc68565cf06
1120606d70171f70f1c92b702798a10dedacf4e5a3efd3b7cb7a649f524b50d2
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
156d6aa105478b20d8942963436e8dfd7fb6a76c7767c27fd08827c24c5c7c0c
15b488dffdf860a7967aefe712f3a435d61306aee12d0d5b16fdee85fd4d5b86
1a569d19eb5d61a14942aa1f0df3b2108a8014f119937625182bc0ac547f4c70
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1ed787b78d74e59b54488197d80b9dd1246edae7a27c31177f85684efe52f022
20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2723d2f68283c90a974ef6e1b2d8f297f7c9beb2822b362ed512a9a74efe0d0d
2edd5df59be45f1a58604387890b721d3a36d512fdc66c263c74dcdb19a0ac90
345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
3728afa1bf40c8ef2f820860a415da47f6bf118c1ccd856fd96926bc932a612a
382c257f12b68ddf9f8a9acaa9289cfb6304f091731e482a9831cbcf2a80accc
38f41731eec750c022d3770ec606eece0195a9d02eb13a1206bb3771acd7d446
39ea31b09d3b57e0009d5d59d6f64308b648682b78d9bd3223daac59018392bd
3adcf1b172631008be7d4276379dc62eda2af457fb3baa55a0f86e493ab101d8
3b0b59a401f38c50ef1293d0e7c87ebd02323519a4ba21407fbbf52df28c4d19
3c6d36d81d38d173d509710c7b90ec4f25e7d6ea167668133c98c9d37b88b99f
3cb35269dc1be66fc58f5781d86f083118be8ea2098256832d28953616619bec
3cc3108c864da12cea8db6a598d888e8073e1add0c16d6bf6208813ca4487344
3fde201925fe9dc3d22400e9d50c14a5878e06f7ea3de7ba4e1b001c76f440c9
41b758f84ab2dd5da6f7ba488813d17410ebb48bc2074d304c26d63c5ece003d
4690ff0f6f24284f7c98f74aab059b8edfc610a295aeb9fcc3e2c49eda3160a1
48f0d6da0d3e054ef913556d3a1f3b9a5816a4314c2932397293a2be0e55957f
4c33f4e9f6ff8978c0c2f06d93068909edb0e7b7867915e548492ba0ee266f03
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
4e14ce1bd0d4433eee84cbb16196a7a051126f07af888ef7f9d252120f32f907
51222392bf548c5fde2cac2b1a6db7f2312c64f836547b4567a1ddceba4399c7
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5971de670aef1d6f90a63e6ed8d095ca22f95c455ffc0ceb60be62e30e1a4473
5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57
5fd2d7eb59ac53d537480eaf6728e57f5311965a91cf7c5e0c6b98da73acf9dd
609ddde20d5061b1d72e72b510a96fddae68a66f7310fc8dde8538068252bee1
622953ae78983932c796e1a15b7b63aec70c0fcb05456f165bd3f5edae978f70
630da0350c5691ad9841dd6196aedcb19326d3e4b95ae3b52af8ec18902a67c2
64be7e9283fd94db2161714edd1ead5bd58bedb1398b4a526a580a260f114129
64cee676a611b27aca955c5e227666f9d955682512ec25b982bd5e2f92eb61dd
655f5c4b438879fe7d4ab3f95519548a68abf300e32fd093f27d4624fc936177
677292abd3264e7a749be23ac07c2529f0ac499ca9f2030aa9446533496fc9eb
68a742d714f6bfd07296aafa58b940878878848f93f2e7f8d0f2a13a68c1a326
6e9d58866f0c9d6cbc654ecff004d8bb0d2b3539f238f737dac4b3fb18951613
728b153440edf86d283cdc6a5a279623456c0cd3341b63b32dcedb2b5e795e15
76ff2cfe25e35dc7a90fb959a1da27629357d601a7dab2876c16d19853448cfb
7a7eb6424801ff903c28a448f39c942bcbfdd914bd88e21d7e3e0e590f33a8c8
7baa8418eba4ee1e100cbea28c14678226d047e0f5563976f5a92c8a0aaac45f
7bcbe327243628310e84027b85bca98a20d208f66f64685d979c6ccfa587d2d2
7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551
7e0b427fb8a24a526d196dd476a027463dd3a1fed8af31f53919886ef7c21fb1
802372f788e1d164af80a0f26260fcf9d6e88218ab450c014d5eaf44fda7d0e3
815772b443b23ef0ef0929fd6305b13cae6a6345c7d55613a9d8d03e2f9efdb8
825b6e088ed40f0fb6b08608d52992bd7641b9ec0065c97ac6c957c7991a3d48
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
844bfb2ff3311ad9b5611b51d8c72e0c483a8ceafe7c625a5c321637f9277399
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86a26d1312a49dd232817a6ef9eb510d3cd7ddb018e2a48d71102929122ce574
89a36badc95907fd50278438a72934c399417a57418c19e6a3720750df9f40c9
8ad3dbb62196226b6214d8843acda08008cf431585dbfad30908e96dc05f47d1
8bf82a9944f66411f472632af2dc18232a0ce0cf30b87e07c1913059caff6122
8ca2202520f3f78cba73015daef158992ab312f08b80ad683a37d37abc7aa278
8d867a5a06a9f9357f5b1289be35fff639fa653f667985a872dcde08a39e33f1
8dac98c3fc310b29e185176a0a8b6c0e1a21baffbde3ab41173b3bf44492f67f
8ffce383d7ddb41f6f1b477f56f64ac57a8a0ed1ef0d2aa468fcd8a25ac142b3
91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc
91d8033a4e69dae9cba5ff8566caaae1fcf54e2989d0e9bc3aeaf5bd2ef5ff38
91d9d0f15f67f3359a0d7b18859e12a9e25eba28037866c7e15ef3c79cb7ff2a
96ea9adaf2c4700dc967e308957a65abe16c4b77a787a017442789580e0627b9
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
99e1c2ffcd21cbef5c62ee7e5a88e86a23c95d6faa7cc9e3569b5dd2ed82bae5
9d7a365f539d97717913d10132c77a3b9949fff048ecfb12667fa5bb436a4f95
9dabe432137803d3ecc162b6a3e5070f0831a7e60e34ae31a1079edbf22035a1
9e2023898adb5547a6906ffadf47d31e35f5102ad38808692441b9d4b3a01482
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
a664bb15e3ef71f68c86f06d043539ac34c7797563ce54b5a6fd0b1b14fd1ea6
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b060b43ee8aa1a1a7d17f98215f3d920d4b8b48f1af0fdc392119b11de47b36e
b1b33627d7bddf9d93dcf1e913bb6e53d97a99c5a7fc30f9aab824bf74707b35
b1b7cad3662c797e3e91b18c0aceaf92bbcb53be6b0b1d1fa8d9ca55fbc76f36
b1e0586a5e9a737b2a97b328305d1a8c0e5f4d1b37f88fd6fe2daf8bb530ef29
b37ebd2524191bf943476446276026a92083fe5bc43571eec11855c3872bd1af
b565a52be57ce739615a573520217c33bded28111fa20b62fdf26b7bab7e84d7
b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1
b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d
b830faccf14d4753732c5d7c854ffb8092ecd49afc2d87b57e257021720c98b0
b9e47d69d676caa317d1f363d2f8b0738190f8ff20b63e8785d7b042fdc04a8a
bbdc1d949f82ab22e6011d00d1c6db35852d853c99f6beb8e1be0f0d32f3d6b6
bc3c056f0c924ef1309d9c51c581071e702d17236e488e63a684f5609820412d
bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
be484c9d69d3c256a119e904b92711c093e31494b18d3e6c69888dca6a0cd928
be557052880037a1c160050458fc687e95a193799d58686f0e2eefc8b39f4f42
c43a8d413e5b24b174ce521baf90d23fd3ee9649b210ccc3847cb6943b2f28ac
c99f726f2a86c98e77f5f081280ff5e78252dbc6d6576828e5fde6c62a3051ed
cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d36a96e8719f0a7129b328047d19a9ebb2cf4e70f40e4c6db0b01216b80ab498
d4929f4afa91d468ab332ef629d7d5027495755ab17b415168f233cd203fe01b
d4f4d52cfda3e0e099e88af5c322a704352db9b322cb6b9cfef5b480a1b9d175
d86ad5fbbe8decb941967af7793c7f88fb2ac2701082bad19da29387c4abce0e
d870d845526fe81346f4fe0d0b2cf1543c3ddbd5c5e484c00223b6dd0b85226a
d9f69c562fa39d1b002af05da1c6b99247e69c14a48e67b35d8a8b0efd739128
dc7d3d9942743ea9e256820bb1a9b64fa310944e09a70b66b2de29c246c0d586
ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018
def021776e339845a843e935849c7a6789108b40394ee21217287a703dfe181e
e0688ce88275ad7c4f3035ceae4033f11020cae4c218d0396ccd1be3d503a2bc
e0dec5a438b5d39dd06963bf7d0dd86d62cafbabccfdb274255ae4a888798151
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33
e567f8a857cb3871c7f2a1c00ae73d85bedea2a79cdac80fba9562b88b0c577a
e92fb6dc00e3c04e1f9af5a1554a33e2b3f2b1d7f9a9266066863a932437f0b9
eaff775ad40803675c3df967fd79d70cfe3cca7b691c0c7a5e03bfdc0b2850ff
eda7e9c18b84b3893e4244b65b2c9d6d857e629dfe4459c3ecbd1e813137d43b
eeaf0558859c6490cfe4515e5d1be31b35a59f0b5b840a89be7da5948168e10c
eebddba8e782ebfcd323563bf510591cbe86e7299aa0ff6e7d8118775c9a0dcd
ef160ec762d4a2cafd6b4ceca26c6b4f3b695f8db7bd32ec3e2b2b8e1b292d90
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f05d8d723eb8a3e94158a98dc7f33ca75d0649303ca4743301c4ed02ebea43d3
f26f86b768b8f10ca0f4d2e808f4c29c343cdd464b062c514709fd14b5c7675a
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f871e9c901f36f4975633a6f51584d3641c843069e00f87b3f8a0d8ef644e2b3

logrhythm.com Open in urlscan Pro 141.193.213.20 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

151 Requests

99 %HTTPS

58 %IPv6

26 Domains

35 Subdomains

33 IPs

5 Countries

3038 kBTransfer

8320 kBSize

19 Cookies

42 Outgoing links

Redirected requests

151 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

logrhythm.com Open in urlscan Pro
141.193.213.20 Public Scan

Screenshot
Live screenshot

Full Image

151
Requests

99 %
HTTPS

58 %
IPv6

26
Domains

35
Subdomains

33
IPs

5
Countries

3038 kB
Transfer

8320 kB
Size

19
Cookies

151 HTTP transactions
4 data transactions