threatreconblog.com Open in urlscan Pro
192.0.78.25 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Submission: On May 03 via api (May 3rd 2018, 12:26:24 pm UTC) from US

Summary HTTP 48 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 14 IPs in 2 countries across 9 domains to perform 48 HTTP transactions. The main IP is 192.0.78.25, located in San Francisco, United States and belongs to AUTOMATTIC - Automattic, Inc, US. The main domain is threatreconblog.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 23rd 2018. Valid for: 3 months.

This is the only time threatreconblog.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	192.0.78.25 192.0.78.25	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
1	192.0.78.19 192.0.78.19	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
13	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
1	216.58.207.74 216.58.207.74	15169 (GOOGLE) (GOOGLE - Google LLC)
3	192.0.72.23 192.0.72.23	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
4	192.0.73.2 192.0.73.2	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
6	216.58.207.67 216.58.207.67	15169 (GOOGLE) (GOOGLE - Google LLC)
5	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
4	199.96.57.6 199.96.57.6	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	185.60.216.15 185.60.216.15	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	68.232.35.172 68.232.35.172	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
2	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER - Twitter Inc.)
5	192.229.233.50 192.229.233.50	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
48	14

2 192.0.78.25 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)

threatreconblog.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.19 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)

r-login.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.207.74 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.72.23 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)

ctiwagon.files.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.0.73.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)

1.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 216.58.207.67 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 199.96.57.6 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.60.216.15 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.232.35.172 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.8 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.229.233.50 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	wp.com s0.wp.com s2.wp.com s1.wp.com stats.wp.com pixel.wp.com	213 KB
6	twimg.com cdn.syndication.twimg.com pbs.twimg.com	23 KB
6	twitter.com platform.twitter.com syndication.twitter.com	116 KB
6	gstatic.com fonts.gstatic.com	211 KB
4	gravatar.com 1.gravatar.com 0.gravatar.com	12 KB
4	wordpress.com r-login.wordpress.com ctiwagon.files.wordpress.com	405 KB
2	threatreconblog.com threatreconblog.com	17 KB
1	facebook.com graph.facebook.com	539 B
1	googleapis.com fonts.googleapis.com	527 B
48	9

	Domain	Requested by
6	fonts.gstatic.com	threatreconblog.com
5	pbs.twimg.com	threatreconblog.com
5	s1.wp.com	threatreconblog.com
5	s2.wp.com	threatreconblog.com
4	pixel.wp.com	threatreconblog.com
4	platform.twitter.com	s2.wp.com platform.twitter.com
3	0.gravatar.com	threatreconblog.com s0.wp.com
3	ctiwagon.files.wordpress.com	threatreconblog.com
3	s0.wp.com	threatreconblog.com
2	syndication.twitter.com	threatreconblog.com
2	threatreconblog.com	threatreconblog.com
1	cdn.syndication.twimg.com	platform.twitter.com
1	graph.facebook.com	s0.wp.com
1	stats.wp.com	threatreconblog.com
1	1.gravatar.com	threatreconblog.com
1	fonts.googleapis.com	threatreconblog.com
1	r-login.wordpress.com	threatreconblog.com
48	17

This site contains links to these domains. Also see Links.

Domain
researchcenter.paloaltonetworks.com
malware.prevenity.com
networkfights.com
gravatar.com
wordpress.com
ctiwagon.wordpress.com
wp.me
en.wordpress.com
subscribe.wordpress.com

Subject Issuer	Validity	Valid
tls.automattic.com Let's Encrypt Authority X3	`2018-03-23` - `2018-06-21`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Frame ID: 1AFFEE2EB8463513A47FA72095AAD449
Requests: 44 HTTP requests in this frame

Frame: https://platform.twitter.com/css/timeline.e783991e0672c909d3fc09a8416757c3.light.ltr.css
Frame ID: E4E0D850FC3C1AB1C7F3FA866CE48C27
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+wp-(?:content|includes)/i
html /<link[^>]+s\d+\.wp\.com/i
script /\/wp-includes\//i
meta generator /WordPress( [\d.]+)?/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+wp-(?:content|includes)/i
html /<link[^>]+s\d+\.wp\.com/i
script /\/wp-includes\//i
meta generator /WordPress( [\d.]+)?/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Gravatar (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

env /^Gravatar$/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

Twitter Emoji (Twemoji) (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

env /^twemoji$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

48
Requests

4 %
HTTPS

0 %
IPv6

9
Domains

17
Subdomains

14
IPs

2
Countries

999 kB
Transfer

1879 kB
Size

0
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: http://researchcenter.paloaltonetworks.com/2016/06/unit42-new-sofacy-attacks-against-us-government-agency/
Title: Palo Alto Unit 42

Search URL Search Domain Scan URL

URL: http://malware.prevenity.com/2017/01/ataki-na-instytucje-rzadowe-grudzien.html
Title: Prevenity

Search URL Search Domain Scan URL

URL: http://networkfights.com/2017/08/19/finding-nemohost-fancy-bear-infrastructure/
Title: Finding Nemo(hosts) | NETWORKFIGHTS.COM

Search URL Search Domain Scan URL

URL: https://gravatar.com/site/signup/
Title:

Search URL Search Domain Scan URL

URL: https://wordpress.com/?ref=footer_custom_blog
Title: Blog at WordPress.com

Search URL Search Domain Scan URL

URL: https://ctiwagon.wordpress.com/wp-admin/customize.php?url=https%3A%2F%2Fctiwagon.wordpress.com%2F2017%2F02%2F03%2Fapt28-malicious-document%2F
Title: Customize

Search URL Search Domain Scan URL

URL: https://wordpress.com/start/
Title: Sign up

Search URL Search Domain Scan URL

URL: https://ctiwagon.wordpress.com/wp-login.php?redirect_to=https%3A%2F%2Fthreatreconblog.com%2F2017%2F02%2F03%2Fapt28-malicious-document%2F
Title: Log in

Search URL Search Domain Scan URL

URL: https://wp.me/p7pvRG-jr
Title: Copy shortlink

Search URL Search Domain Scan URL

URL: http://en.wordpress.com/abuse/
Title: Report this content

Search URL Search Domain Scan URL

URL: https://subscribe.wordpress.com/
Title: Manage subscriptions

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

48 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
threatreconblog.com/2017/02/03/apt28-malicious-document/ 56 KB
17 KB 340ms
323ms Document
text/html 192.0.78.25
Automattic

General

Check archive.org

Show headers Download Go to

Full URL

https://threatreconblog.com/2017/02/03/apt28-malicious-document/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.0.78.25 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

Software

nginx /

Resource Hash

a3bb010753cdea8f85d4818b714db8227ab3da816b080d4f2a01f2a5a8e82f17

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

:path: /2017/02/03/apt28-malicious-document/
pragma: no-cache
accept-encoding: gzip, deflate
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
cache-control: no-cache
:authority: threatreconblog.com
:scheme: https
:method: GET
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-pingback: https://threatreconblog.com/xmlrpc.php
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding Cookie
strict-transport-security: max-age=86400
content-type: text/html; charset=UTF-8
status: 200
x-ac: 3.fra _dfw
link: <https://wp.me/p7pvRG-jr>; rel=shortlink

GET
S 200 remote-login.php Show response
r-login.wordpress.com/ 0
77 B 32ms
4ms Script
text/javascript 192.0.78.19
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://r-login.wordpress.com/remote-login.php?action=js&host=threatreconblog.com&id=109515044&t=1525350373&back=https%3A%2F%2Fthreatreconblog.com%2F2017%2F02%2F03%2Fapt28-malicious-document%2F
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.78.19 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

status: 200
date: Thu, 03 May 2018 12:26:13 GMT
server: nginx
content-length: 0
vary: Cookie
content-type: text/javascript

GET
S 200 /
s0.wp.com/_static/ 84 KB
33 KB 34ms
6ms Stylesheet
text/css 192.0.77.32
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyFj90OwiAMhV9IrC5uxgvjszCsjo0CWcFlby9INPEn86Zpm/P1nMLkhXI2oA1AUXgTr9oyTF45Ekza4PwxrRXzCn5jRg/I0GPwUg3iMS3JlRsx7cnLkBWEZy3RICXZEka+eVK57ZLXok2J37Z+RGaRKulIInTJ6E88ylHKH5CE75uCarAu6ETzq/m6WazAxxaMu6Ea5SUAh9lglp7ouK2r3b45bKq6vwNe6ZYy?cssminify=yes
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: c7ff6934cb2a3fdf03bbedd4373db26034f4d06a8ea0f3112e6e5699d1160d68

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-nc: HIT fra 32
date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
last-modified: Thu, 26 Apr 2018 18:57:38 GMT
server: nginx
etag: W/"5ae22122-14ef8"
vary: Accept-Encoding
content-type: text/css;charset=utf-8
status: 200
cache-control: max-age=31536000
x-ac: 4.fra _dfw
expires: Fri, 26 Apr 2019 18:58:06 GMT

GET
S 200 css
fonts.googleapis.com/ 2 KB
527 B 18ms
16ms Stylesheet
text/css 216.58.207.74
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic%7CLato%3A400%2C400italic%2C700%2C700italic%2C900%2C900italic&subset=latin%2Clatin-ext&ver=4.9.5

Requested by

Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/

Protocol

SPDY

Server

216.58.207.74 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f10.1e100.net

Software

ESF /

Resource Hash

803fc5fe628d0a7f403250879ffe5beb8c17eddc29363b8f439928515b9c6373

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
x-xss-protection: 1; mode=block
expires: Thu, 03 May 2018 12:26:13 GMT

GET
S 200 /
s2.wp.com/_static/ 31 KB
17 KB 34ms
6ms Stylesheet
text/css 192.0.77.32
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.wp.com/_static/??-eJx9jcEKAjEMRH/IGqqCehC/pcZsraRNabIu/r0rXiri3uYx8xiYqkMpRsUgj67yGFNRiFSopbn4E9eouoLOtRtlUqjjBVgehC0MBqkgqD2Z3FRR8o/UHU7pGskUVDAFdp+/HpbkSOJYMFiS8gVu4JDaktrowhLnGGFedfiWzvnkd8f95uD91t9f6fdwHw==?cssminify=yes
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 39082fac325df025d42b8ef04a4af8ba810e7a2e621298f7bac99f49cbd82569

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-nc: HIT fra 32
date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
last-modified: Mon, 12 Jun 2017 15:25:41 GMT
server: nginx
etag: W/"593eb275-7a67"
vary: Accept-Encoding
content-type: text/css;charset=utf-8
status: 200
cache-control: max-age=31536000
x-ac: 4.fra _dfw
expires: Sat, 08 Dec 2018 13:04:10 GMT

GET
S 200 /
s1.wp.com/_static/ 55 KB
25 KB 34ms
7ms Stylesheet
text/css 192.0.77.32
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.wp.com/_static/??-eJx9i0EKAjEMRS9kDYUZGRfiWTKltpE0KU0Grz+4EBHF1X8f3oNHD0nFszi0LXTeCokBJieVFcebjsnsAL/1rubhxkgDrOIgKa/9V5kmQg6sRT/PV+Q1t2xQJyisK/JTuLZLnOPpvMxxWu47xX5JvA==?cssminify=yes
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 083415fce9f107416009acf4e1b84d0a272ea99caf112dc3265cfb505b48667d

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-nc: HIT fra 32
date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
last-modified: Fri, 26 Jan 2018 16:46:44 GMT
server: nginx
etag: W/"5a6b5b74-da4e"
vary: Accept-Encoding
content-type: text/css;charset=utf-8
status: 200
cache-control: max-age=31536000
x-ac: 4.fra _dfw
expires: Sat, 26 Jan 2019 16:46:48 GMT

GET
S 200 / Show response
s0.wp.com/_static/ 155 KB
49 KB 35ms
7ms Script
application/x-javascript 192.0.77.32
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyFztEKwjAMBdAfsquTiXsRv6XWOFKXtDbphn69HeiDMBQCgdzDJXZOBtmP5QJiQ517gfx4rybIxv4ChnDITqEh5A/2kRVYF0vxjCOYIpDdUG+16BpXXIqiBCIVraTfLyFPCPNfFkCT8zeTQfC5tJ7o2Hb9Yde3+24bXjRNW9I=
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 9f0c1dc7bb2b53b28e8df2fdc67c22fb762251a9e76f3784646572c13f9442d7

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-nc: HIT fra 32
date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
last-modified: Thu, 16 Feb 2017 21:47:59 GMT
server: nginx
etag: W/"58a61e0f-26d19"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=31536000
x-ac: 4.fra _dfw
expires: Fri, 22 Jun 2018 02:18:14 GMT

GET
S 200 style.css
s1.wp.com/wp-content/mu-plugins/highlander-comments/ 19 KB
4 KB 35ms
7ms Stylesheet
text/css 192.0.77.32
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1522184747h&cssminify=yes
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 6f50d9b50d28d77158091654773bf86ebdf4a98236174d4b4e4ceb6e0b5fb9c0

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-nc: HIT fra 32
date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
server: nginx
etag: W/"5abab2a5-5d0c"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=31536000
x-ac: 4.fra _dfw
expires: Wed, 27 Mar 2019 21:07:51 GMT

GET
S 200 cropped-binary-1332816_1280.jpg
ctiwagon.files.wordpress.com/2016/10/ 110 KB
111 KB 40ms
6ms Image
image/jpeg 192.0.72.23
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ctiwagon.files.wordpress.com/2016/10/cropped-binary-1332816_1280.jpg
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.72.23 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 1cc8b847a98eeed52a6ff290262820de6a3c58e95a3b81e61871613b3e12ede0

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-nc: HIT fra 23 np
date: Thu, 03 May 2018 12:26:13 GMT
last-modified: Thu, 06 Oct 2016 21:27:11 GMT
server: nginx
x-orig-src: 01_mogdir
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 112971
expires: Tue, 29 May 2018 08:01:23 GMT

GET
S 200 screen-shot-2017-01-27-at-3-27-44-pm.png
ctiwagon.files.wordpress.com/2017/01/ 208 KB
209 KB 8ms
7ms Image
image/png 192.0.72.23
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ctiwagon.files.wordpress.com/2017/01/screen-shot-2017-01-27-at-3-27-44-pm.png?w=640
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.72.23 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: ac6a2a0e9db81cb1c4a6d9a04f355c68d866ef0b58d7d0323899ae6d64c21e65

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-nc: HIT fra 23 np
date: Thu, 03 May 2018 12:26:13 GMT
last-modified: Fri, 27 Jan 2017 23:28:11 GMT
server: nginx
vary: Accept
content-type: image/png
status: 200
x-orig-src: 0_imageresize
accept-ranges: bytes
content-length: 213076
expires: Mon, 04 Jun 2018 19:57:59 GMT

GET
S 200 tempapt282.png
ctiwagon.files.wordpress.com/2017/01/ 86 KB
86 KB 49ms
48ms Image
image/png 192.0.72.23
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ctiwagon.files.wordpress.com/2017/01/tempapt282.png?w=640
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.72.23 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: f42e61b30cb83accea960fe7f759d91101742869b8c81ec0b542a428f4cf05d2

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-nc: HIT fra 23 np
date: Thu, 03 May 2018 12:26:13 GMT
last-modified: Sat, 28 Jan 2017 04:46:01 GMT
server: nginx
vary: Accept
content-type: image/png
status: 200
x-orig-src: 0_imageresize
accept-ranges: bytes
content-length: 87727
expires: Mon, 28 May 2018 21:07:41 GMT

GET
S 200 ad516503a11cd5ca435acc9bb6523536
1.gravatar.com/avatar/ 2 KB
2 KB 27ms
6ms Image
image/png 192.0.73.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=identicon&forcedefault=y&r=G
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: cb3e87ff58a5e66937ffb6013c8265ed549658a4ff59c1f8d8ae193f488390a5

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-nc: HIT fra 3
date: Thu, 03 May 2018 12:26:13 GMT
last-modified: Sat, 01 Mar 2008 02:44:06 GMT
server: nginx
source-age: 490685
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=identicon&forcedefault=y&r=G>; rel="canonical"
content-length: 1792
expires: Thu, 03 May 2018 12:31:13 GMT

GET
S 200 wp-emoji-release.min.js Show response
s1.wp.com/wp-includes/js/ 11 KB
4 KB 7ms
6ms Script
application/x-javascript 192.0.77.32
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1516999477h&ver=4.9.5
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 3d8e94fed6cc8ea56ee5ec6174efb68cb7197d2e729149cb43e85505bf175779

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-nc: HIT fra 32
date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
server: nginx
etag: W/"5a6b938a-2dc9"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=31536000
x-ac: 4.fra _dfw
expires: Wed, 03 Apr 2019 21:06:23 GMT

GET
S 200 global-print.css
s2.wp.com/wp-content/mu-plugins/global-print/ 5 KB
2 KB 7ms
6ms Stylesheet
text/css 192.0.77.32
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.wp.com/wp-content/mu-plugins/global-print/global-print.css?m=1465851035h&cssminify=yes
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 7d08e9159f7d2bf0835085cbd1ffb0252b0e11de45ed07db4447f8e63f181dbf

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-nc: HIT fra 32
date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
server: nginx
etag: W/"58674608-1f6c"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=31536000
x-ac: 4.fra _dfw
expires: Fri, 22 Jun 2018 06:18:47 GMT

GET
S 200 nuFiD-vYSZviVYUb_rj3ij__anPXDTLYhQ.ttf
fonts.gstatic.com/s/playfairdisplay/v13/ 73 KB
38 KB 7ms
7ms Font
font/ttf 216.58.207.67
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/playfairdisplay/v13/nuFiD-vYSZviVYUb_rj3ij__anPXDTLYhQ.ttf

Requested by

Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/

Protocol

SPDY

Server

216.58.207.67 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f3.1e100.net

Software

sffe /

Resource Hash

0380c5d55c4f9b20d5b358c4d410c74a8cc388d34218b1ecf07cb2acedeb42dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic%7CLato%3A400%2C400italic%2C700%2C700italic%2C900%2C900italic&subset=latin%2Clatin-ext&ver=4.9.5
Origin: https://threatreconblog.com

Response headers

date: Mon, 12 Feb 2018 16:52:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6896012
status: 200
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 38521
x-xss-protection: 1; mode=block
last-modified: Tue, 07 Nov 2017 15:21:08 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Feb 2019 16:52:41 GMT

GET
S 200 nuFlD-vYSZviVYUb_rj3ij__anPXBYf9lWAe4w.ttf
fonts.gstatic.com/s/playfairdisplay/v13/ 75 KB
40 KB 9ms
9ms Font
font/ttf 216.58.207.67
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/playfairdisplay/v13/nuFlD-vYSZviVYUb_rj3ij__anPXBYf9lWAe4w.ttf

Requested by

Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/

Protocol

SPDY

Server

216.58.207.67 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f3.1e100.net

Software

sffe /

Resource Hash

b77066312d6f915e7d1ffca2fa3e6eeb61b5245227255e8cfd05172e265d0f56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic%7CLato%3A400%2C400italic%2C700%2C700italic%2C900%2C900italic&subset=latin%2Clatin-ext&ver=4.9.5
Origin: https://threatreconblog.com

Response headers

date: Mon, 12 Feb 2018 18:38:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6889658
status: 200
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 40677
x-xss-protection: 1; mode=block
last-modified: Tue, 07 Nov 2017 15:20:27 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Feb 2019 18:38:35 GMT

GET
S 200 nuFkD-vYSZviVYUb_rj3ij__anPXDTnojEk-.ttf
fonts.gstatic.com/s/playfairdisplay/v13/ 74 KB
40 KB 8ms
8ms Font
font/ttf 216.58.207.67
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/playfairdisplay/v13/nuFkD-vYSZviVYUb_rj3ij__anPXDTnojEk-.ttf

Requested by

Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/

Protocol

SPDY

Server

216.58.207.67 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f3.1e100.net

Software

sffe /

Resource Hash

f2c25547f6b4673f116b1360b9b2e2018cc4dcbcba4437e4d1c8c45b4e4cb6ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic%7CLato%3A400%2C400italic%2C700%2C700italic%2C900%2C900italic&subset=latin%2Clatin-ext&ver=4.9.5
Origin: https://threatreconblog.com

Response headers

date: Tue, 13 Feb 2018 02:10:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6862554
status: 200
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 41308
x-xss-protection: 1; mode=block
last-modified: Tue, 07 Nov 2017 15:20:28 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 13 Feb 2019 02:10:19 GMT

GET
S 200 S6u9w4BMUTPHh6UVSwaPHA.ttf
fonts.gstatic.com/s/lato/v14/ 62 KB
31 KB 10ms
9ms Font
font/ttf 216.58.207.67
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v14/S6u9w4BMUTPHh6UVSwaPHA.ttf

Requested by

Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/

Protocol

SPDY

Server

216.58.207.67 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f3.1e100.net

Software

sffe /

Resource Hash

08d3764653cba296a0f9b57a8b1356f976bf780c6944628552342a3b16831772

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic%7CLato%3A400%2C400italic%2C700%2C700italic%2C900%2C900italic&subset=latin%2Clatin-ext&ver=4.9.5
Origin: https://threatreconblog.com

Response headers

date: Tue, 10 Apr 2018 13:47:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1982296
status: 200
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 31921
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Oct 2017 18:22:47 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Apr 2019 13:47:57 GMT

GET
S 200 S6u9w4BMUTPHh50XSwaPHA.ttf
fonts.gstatic.com/s/lato/v14/ 58 KB
30 KB 8ms
8ms Font
font/ttf 216.58.207.67
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v14/S6u9w4BMUTPHh50XSwaPHA.ttf

Requested by

Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/

Protocol

SPDY

Server

216.58.207.67 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f3.1e100.net

Software

sffe /

Resource Hash

ffb0a1f440d57011b67a8b03c6af798a79a02cb24010a6030f23c9d13da9c59b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic%7CLato%3A400%2C400italic%2C700%2C700italic%2C900%2C900italic&subset=latin%2Clatin-ext&ver=4.9.5
Origin: https://threatreconblog.com

Response headers

date: Mon, 12 Feb 2018 21:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6880658
status: 200
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 30712
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Oct 2017 18:22:37 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Feb 2019 21:08:35 GMT

GET
DATA 200
OK truncated
/ 18 KB
0 Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 895964971ebdb56ee76d08850bcb4c5a88ec4c65e6a235882304e8ff6767cd7c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Origin: https://threatreconblog.com

Response headers

Access-Control-Allow-Origin: *
Content-Type: application/x-font-woff;charset=utf-8

GET
S 200 S6uyw4BMUTPHjxAwWw.ttf
fonts.gstatic.com/s/lato/v14/ 64 KB
32 KB 17ms
17ms Font
font/ttf 216.58.207.67
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v14/S6uyw4BMUTPHjxAwWw.ttf

Requested by

Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/

Protocol

SPDY

Server

216.58.207.67 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f3.1e100.net

Software

sffe /

Resource Hash

682faf236eb80dd1a3353fc2eae4ff34b39e2883ef1ffc27ed984842ebfc47e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic%7CLato%3A400%2C400italic%2C700%2C700italic%2C900%2C900italic&subset=latin%2Clatin-ext&ver=4.9.5
Origin: https://threatreconblog.com

Response headers

date: Mon, 12 Feb 2018 17:54:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6892309
status: 200
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 32316
x-xss-protection: 1; mode=block
last-modified: Wed, 11 Oct 2017 18:22:47 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Feb 2019 17:54:24 GMT

GET
H2 200 red-small.png
threatreconblog.com/i/rss/ 654 B
883 B 130ms
127ms Image
image/png 192.0.78.25
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatreconblog.com/i/rss/red-small.png

Requested by

Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.0.78.25 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

Software

nginx /

Resource Hash

5f8e21998371f848f3f62f7a549314cb6ed3097dc28e55b8d24d6df2a68c50e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

:path: /i/rss/red-small.png
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: threatreconblog.com
referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
:scheme: https
:method: GET
Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:26:13 GMT
x-ac: 3.fra _dfw
last-modified: Sat, 31 Dec 2016 05:45:35 GMT
server: nginx
etag: "586745ff-28e"
strict-transport-security: max-age=86400
content-type: image/png
status: 200
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 654
expires: Fri, 03 May 2019 12:26:13 GMT

GET
S 200 gprofiles.js Show response
0.gravatar.com/js/ 20 KB
7 KB 9ms
5ms Script
application/x-javascript 192.0.73.2
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://0.gravatar.com/js/gprofiles.js?ver=201818y
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 920c9189a522af2214445b9b592232c64c6bcb262bd4bcf1e1abad27c5cbe606

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
last-modified: Thu, 17 Sep 2015 14:13:14 GMT
server: nginx
etag: W/"55faca7a-50aa"
content-type: application/x-javascript
status: 200
cache-control: max-age=604800
expires: Thu, 10 May 2018 12:26:13 GMT

GET
S 200 wpgroho.js Show response
s1.wp.com/wp-content/mu-plugins/gravatar-hovercards/ 582 B
526 B 8ms
4ms Script
application/x-javascript 192.0.77.32
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1380573781h
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 21c557180f1bd074974eb41ae4228b6aa9c41234ab1729d780bc8f05761110bb

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-nc: HIT fra 32
date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
server: nginx
etag: W/"57391252-2f0"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=31536000
x-ac: 4.fra _dfw
expires: Fri, 22 Jun 2018 02:18:14 GMT

GET
S 200 / Show response
s2.wp.com/_static/ 42 KB
11 KB 8ms
5ms Script
application/x-javascript 192.0.77.32
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.wp.com/_static/??/wp-content/js/jquery/jquery.autoresize.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1521806916j
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: e006b2e9c836d246df8e779c911d71302fc8c17dcb0320b386c3f2ee3e6e04ae

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-nc: HIT fra 32
date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
last-modified: Fri, 23 Mar 2018 12:08:53 GMT
server: nginx
etag: W/"5ab4ee55-a6ba"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=31536000
x-ac: 4.fra _dfw
expires: Sat, 23 Mar 2019 12:08:56 GMT

GET
S 200 jetpack-carousel.css
s0.wp.com/wp-content/mu-plugins/carousel/ 22 KB
4 KB 9ms
6ms Stylesheet
text/css 192.0.77.32
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/carousel/jetpack-carousel.css?m=1524699534h&cssminify=yes
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: ff3ae511ad442902d07cda794ab776342099fc909a06e630b758bd9a99109b50

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-nc: HIT fra 32
date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
server: nginx
etag: W/"5ae111c8-6483"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=31536000
x-ac: 4.fra _dfw
expires: Thu, 25 Apr 2019 23:39:55 GMT

GET
S 200 / Show response
s2.wp.com/_static/ 181 KB
49 KB 9ms
6ms Script
application/x-javascript 192.0.77.32
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.wp.com/_static/??-eJyVkt1SgzAQhV/IEK1TGS8cH8UJYYGF/LmbgH17g7VIbYdpr5I5nG85eyZyCkJ7F8FF2bOsYUQN4avo+UGuPtkkgkktOpYGB2D5mSBBp1xtgDbM2lubJXGE+pmuJE8Y4B7oTPgPxg5stoVUSeNH0KSan1WcGrFVEb27lWiNr5S51c0DhpzIDaLxOrFocGkNnTapPs9OEMyhsHiRZrV4DzEoPciPPEDGCWMEEhEt5N9sFabqPFdUiqRVnJl8EzkqEc4hFu3OCZFylou615Ce252h5XatAQ5/S6/1Pr8hOvwexdp17U0o8onBnDoSJ2Er34BsIYrn4vFYaePJbviD5ygao5Akd4rQtaczQ+/27Wm/2+/K8qV87b8B4v00bw==
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: f8f6bd7fcecf7443663fe5fccbd5f8f9e2e88b582e5e73bd40e9c3ffe92eb8f7

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-nc: HIT fra 32
date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
last-modified: Wed, 02 May 2018 16:14:51 GMT
server: nginx
etag: W/"5ae9e3fb-2d3c0"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=31536000
x-ac: 4.fra _dfw
expires: Thu, 02 May 2019 16:38:00 GMT

GET
S 200 w.js Show response
stats.wp.com/ 11 KB
4 KB 30ms
5ms Script
application/x-javascript 192.0.76.3
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/w.js?56
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: e7f6a232138a2992064e3f39aae317a816a4b892340be34695e42089e0e95cdc

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
server: nginx
etag: W/"5890f68b-405c"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=31536000
expires: Sun, 03 Jun 2018 01:14:56 GMT

GET
S 200 button-back.gif
s1.wp.com/wp-content/mu-plugins/highlander-comments/images/ 1 KB
1 KB 6ms
6ms Image
image/gif 192.0.77.32
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.wp.com/wp-content/mu-plugins/highlander-comments/images/button-back.gif
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 0dab369eac5fd3a06420395d02d292bc3e3ab0bf62add857c72804fd9f4edd35

Request headers

Referer: https://s1.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1522184747h&cssminify=yes
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-nc: HIT fra 32
date: Thu, 03 May 2018 12:26:13 GMT
x-ac: 4.fra _dfw
last-modified: Sat, 31 Dec 2016 05:45:43 GMT
server: nginx
etag: "58674607-4d0"
content-type: image/gif
status: 200
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1232
expires: Fri, 22 Jun 2018 02:18:14 GMT

GET
DATA 200
OK truncated
/ 14 KB
0 Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 970a3fa15876d16dcc0fd70eb7c9ab44d733108b3ddca1a449edd0356c1b79a7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Origin: https://threatreconblog.com

Response headers

Access-Control-Allow-Origin: *
Content-Type: application/x-font-woff;charset=utf-8

GET
S 200 widgets.js Show response
platform.twitter.com/ 123 KB
36 KB 6ms
6ms Script
application/javascript 199.96.57.6
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: s2.wp.com
URL: https://s2.wp.com/_static/??-eJyVkt1SgzAQhV/IEK1TGS8cH8UJYYGF/LmbgH17g7VIbYdpr5I5nG85eyZyCkJ7F8FF2bOsYUQN4avo+UGuPtkkgkktOpYGB2D5mSBBp1xtgDbM2lubJXGE+pmuJE8Y4B7oTPgPxg5stoVUSeNH0KSan1WcGrFVEb27lWiNr5S51c0DhpzIDaLxOrFocGkNnTapPs9OEMyhsHiRZrV4DzEoPciPPEDGCWMEEhEt5N9sFabqPFdUiqRVnJl8EzkqEc4hFu3OCZFylou615Ce252h5XatAQ5/S6/1Pr8hOvwexdp17U0o8onBnDoSJ2Er34BsIYrn4vFYaePJbviD5ygao5Akd4rQtaczQ+/27Wm/2+/K8qV87b8B4v00bw==
Protocol: SPDY
Server: 199.96.57.6 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software: /
Resource Hash: 7e1549d8014a30c3c17fdca43be710f1c4acbe33706b008f7ef45b99f6b2bbe5

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
age: 776
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 36295
x-served-by: cache-tw-fra1-cr1-11-TWFRA1
last-modified: Thu, 26 Apr 2018 22:37:34 GMT
x-timer: S1525350374.538377,VS0,VE0
etag: "734cb84ab666fc8eeea3489e24aa3b7d+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: public, max-age=1800
accept-ranges: bytes

GET
S 200 wpcom-gray-white.png
s2.wp.com/i/logo/ 8 KB
8 KB 7ms
7ms Image
image/png 192.0.77.32
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s2.wp.com/i/logo/wpcom-gray-white.png
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: c0e93b5ebf107af77d9e7d101d186b3b93e9d5ad4fbb6a74e2dea60173cc04f8

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-nc: HIT fra 32
date: Thu, 03 May 2018 12:26:13 GMT
x-ac: 4.fra _dfw
last-modified: Wed, 23 Nov 2016 19:27:32 GMT
server: nginx
etag: "5835eda4-200b"
content-type: image/png
status: 200
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 8203
expires: Fri, 22 Jun 2018 02:18:14 GMT

GET
S 200 hovercard.css
0.gravatar.com/css/ 8 KB
2 KB 6ms
5ms Stylesheet
text/css 192.0.73.2
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://0.gravatar.com/css/hovercard.css?ver=201818y
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFztEKwjAMBdAfsquTiXsRv6XWOFKXtDbphn69HeiDMBQCgdzDJXZOBtmP5QJiQ517gfx4rybIxv4ChnDITqEh5A/2kRVYF0vxjCOYIpDdUG+16BpXXIqiBCIVraTfLyFPCPNfFkCT8zeTQfC5tJ7o2Hb9Yde3+24bXjRNW9I=
Protocol: SPDY
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 3f10442336cd9b12279a4662345ca628aa1dc48b9993a7cc75c2077b6ecbaf6b

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
last-modified: Mon, 28 Jan 2013 22:29:45 GMT
server: nginx
etag: W/"5106fbd9-2062"
content-type: text/css
status: 200
cache-control: max-age=604800
expires: Thu, 10 May 2018 12:26:13 GMT

GET
S 200 services.css
0.gravatar.com/css/ 3 KB
736 B 6ms
6ms Stylesheet
text/css 192.0.73.2
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://0.gravatar.com/css/services.css?ver=201818y
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFztEKwjAMBdAfsquTiXsRv6XWOFKXtDbphn69HeiDMBQCgdzDJXZOBtmP5QJiQ517gfx4rybIxv4ChnDITqEh5A/2kRVYF0vxjCOYIpDdUG+16BpXXIqiBCIVraTfLyFPCPNfFkCT8zeTQfC5tJ7o2Hb9Yde3+24bXjRNW9I=
Protocol: SPDY
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: ab7e2ffdc04169e144920d681f782403d86113dd0a50dee1eb0522fb4c92375b

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
last-modified: Wed, 19 Mar 2014 21:35:23 GMT
server: nginx
etag: W/"532a0d9b-bd8"
content-type: text/css
status: 200
cache-control: max-age=604800
expires: Thu, 10 May 2018 12:26:13 GMT

GET
S 200 / Show response
graph.facebook.com/ 283 B
539 B 65ms
47ms Script
text/javascript 185.60.216.15
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fthreatreconblog.com%2F2017%2F02%2F03%2Fapt28-malicious-document%2F&_=1525350373288

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyFztEKwjAMBdAfsquTiXsRv6XWOFKXtDbphn69HeiDMBQCgdzDJXZOBtmP5QJiQ517gfx4rybIxv4ChnDITqEh5A/2kRVYF0vxjCOYIpDdUG+16BpXXIqiBCIVraTfLyFPCPNfFkCT8zeTQfC5tJ7o2Hb9Yde3+24bXjRNW9I=

Protocol

SPDY

Server

185.60.216.15 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

59a2318965065f6884695e83bf766fec37c1d68acb4e8376d131696e1a104abc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: gzip
etag: "a547fd3fe63566f00d7cc00f89b26bec28c21bdd"
status: 200
x-fb-rev: 3874367
content-length: 177
pragma: no-cache
x-fb-debug: gudhFGmetbsJuC6JipytxyV8dO5YvMJND7kUIKksPO5MognFLt/59zMo6Ri/RCyb/Pmt9BCa3uzKzLe09QyJyQ==
x-fb-trace-id: HCyDWOmvx4z
date: Thu, 03 May 2018 12:26:13 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.6
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 200 g.gif
pixel.wp.com/ 50 B
130 B 11ms
7ms Image
image/gif 192.0.76.3
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.2890309804167781
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

status: 200
date: Thu, 03 May 2018 12:26:13 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
S 200 g.gif
pixel.wp.com/ 50 B
130 B 9ms
5ms Image
image/gif 192.0.76.3
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.2661931193024978
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

status: 200
date: Thu, 03 May 2018 12:26:13 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
S 200 g.gif
pixel.wp.com/ 50 B
130 B 9ms
6ms Image
image/gif 192.0.76.3
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?blog=109515044&v=wpcom&tz=-4&user_id=0&post=1205&subd=ctiwagon&host=threatreconblog.com&ref=&rand=0.010674829025548283
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

status: 200
date: Thu, 03 May 2018 12:26:13 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
S 200 g.gif
pixel.wp.com/ 50 B
130 B 10ms
6ms Image
image/gif 192.0.76.3
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?crypt=UE40eW5QN0p8M2Y%2FRE1TaVhzUzFMbjdWNHpwZGhTayxPSUFCMGRVYVNrSFguN3FwSmQ5RGtNX3VQcj1yVzhiflM1THQtLGFdQ2toOXYlVH5XclFjcktRMXhfUFFKZTlQd290eWMtZmU%2FVX5CMm56eGtXTFBbdThHSHVkZT98JVhqUlhqWVBYNmYrSF98TTh8QTdbbWY%2FPVVfUm1MYmNSenNRQmJdVSxpYnNoVVdqcURjTkJnWVd5Kz0way8wUCZmNHBLVXVLL0RLVGh6PUtGdHxnLDRuejgySXZBdDVuZzBybUZIbGxbODM1VEhJW3w2bXVqb1I2REIseTJWSDdKZ1BhR01aJXlNdFJPPW0mSG4mVnpNQndYViYtV0U4M2QzNGsxZHotV115fjNPZ19nLTV6TVYrPytC&v=wpcom-no-pv&rand=0.9495193715196946
Requested by: Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Protocol: SPDY
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

status: 200
date: Thu, 03 May 2018 12:26:13 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
S 200 timeline.e7653a8bc8be5342f5ecf22ae2e65c92.js Show response
platform.twitter.com/js/ 26 KB
8 KB 10ms
10ms Script
application/javascript 199.96.57.6
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/timeline.e7653a8bc8be5342f5ecf22ae2e65c92.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: SPDY
Server: 199.96.57.6 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software: /
Resource Hash: d77bc1018a13b0b64284086c8cfa0f44e649a02833bbd7dcbdf869a42af95f05

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
age: 567950
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 8517
x-served-by: cache-tw-fra1-cr1-11-TWFRA1
last-modified: Thu, 26 Apr 2018 22:34:35 GMT
x-timer: S1525350374.633636,VS0,VE0
etag: "32472870e6511fb800f980c5ab4e58f6+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: public, max-age=315360000
accept-ranges: bytes

GET
H/1.1 200
OK profile Show response
cdn.syndication.twimg.com/timeline/ 30 KB
5 KB 195ms
194ms Script
application/javascript 68.232.35.172
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/timeline/profile?callback=__twttr.callbacks.tl_i0_profile_threat_recon_old&dnt=false&domain=threatreconblog.com&lang=en&screen_name=threat_recon&suppress_response_codes=true&t=1694833&tweet_limit=5&tz=GMT%2B0000&with_replies=false

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

HTTP/1.1

Server

68.232.35.172 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

tsa_o /

Resource Hash

b6a0dc30039c5c24d1c474f3ae12a96efd1c6da64b520122536d31309ea5c95e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:26:13 GMT
Content-Encoding: gzip
x-content-type-options: nosniff
content-disposition: attachment; filename=jsonp.jsonp
Content-Length: 4165
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 187
last-modified: Thu, 03 May 2018 12:26:13 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
Content-Type: application/javascript;charset=utf-8
cache-control: must-revalidate, max-age=300
x-connection-hash: 3fd26b09081004c29782bf1662e5ed9e
timing-allow-origin: *
x-transaction: 00f3ffc8002b2e86
expires: Thu, 03 May 2018 12:31:13 GMT

GET
S 200 syndication
syndication.twitter.com/i/jot/ 43 B
170 B 113ms
113ms Image
image/gif 104.244.42.8
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/syndication?l=%7B%22_category_%22%3A%22syndicated_impression%22%2C%22triggered_on%22%3A1525350373671%2C%22dnt%22%3Afalse%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/

Protocol

SPDY

Server

104.244.42.8 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 107
pragma: no-cache
last-modified: Thu, 03 May 2018 12:26:13 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: a67907039f359ba22671907f8b27baab
x-transaction: 00e9deb7005c193a
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
S 200 timeline.e783991e0672c909d3fc09a8416757c3.light.ltr.css
platform.twitter.com/css/ Frame E4E0 59 KB
13 KB 6ms
6ms Stylesheet
text/css 199.96.57.6
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/css/timeline.e783991e0672c909d3fc09a8416757c3.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: SPDY
Server: 199.96.57.6 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software: /
Resource Hash: 9e87ce756ae559a43eb7f7c8e3bedaf1d31bb9fcbd36d87e48bc2551bb8d6d12

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
age: 567950
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 13308
x-served-by: cache-tw-fra1-cr1-11-TWFRA1
last-modified: Thu, 26 Apr 2018 22:34:34 GMT
x-timer: S1525350374.874894,VS0,VE0
etag: "66dbb50c6c7535374984e5fccef39d71+gzip"
vary: Accept-Encoding,Host
content-type: text/css; charset=utf-8
via: 1.1 varnish
cache-control: public, max-age=315360000
accept-ranges: bytes

GET
S 200 timeline.e783991e0672c909d3fc09a8416757c3.light.ltr.css
platform.twitter.com/css/ 59 KB
59 KB 7ms
7ms Image
text/css 199.96.57.6
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform.twitter.com/css/timeline.e783991e0672c909d3fc09a8416757c3.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: SPDY
Server: 199.96.57.6 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:26:13 GMT
content-encoding: gzip
age: 567950
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 13308
x-served-by: cache-tw-fra1-cr1-11-TWFRA1
last-modified: Thu, 26 Apr 2018 22:34:34 GMT
x-timer: S1525350374.876022,VS0,VE0
etag: "66dbb50c6c7535374984e5fccef39d71+gzip"
vary: Accept-Encoding,Host
content-type: text/css; charset=utf-8
via: 1.1 varnish
cache-control: public, max-age=315360000
accept-ranges: bytes

GET
S 200 v499oH59_normal.jpg
pbs.twimg.com/profile_images/816863627705622528/ Frame E4E0 2 KB
2 KB 9ms
8ms Image
image/jpeg 192.229.233.50
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/816863627705622528/v499oH59_normal.jpg

Requested by

Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/

Protocol

SPDY

Server

192.229.233.50 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/40D4) /

Resource Hash

1a6a361be5e4f031e089d664ccf0698f9b5ab56bb62324eabc35ef0be3aa722a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:26:13 GMT
x-content-type-options: nosniff
content-md5: dKGc+RXWxh1CmqM8mEUy9w==
x-cache: HIT
status: 200
content-length: 2187
x-response-time: 120
surrogate-key: profile_images profile_images/bucket/6 profile_images/816863627705622528
last-modified: Thu, 05 Jan 2017 04:25:20 GMT
server: ECS (fcn/40D4)
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: bb9486488da148b67b2dfa3485f1191b
accept-ranges: bytes

GET
S 200 A4mG0U5P_normal.jpg
pbs.twimg.com/profile_images/885169621795565573/ Frame E4E0 2 KB
2 KB 7ms
6ms Image
image/jpeg 192.229.233.50
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/885169621795565573/A4mG0U5P_normal.jpg

Requested by

Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/

Protocol

SPDY

Server

192.229.233.50 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/419C) /

Resource Hash

25b438de3e944547e69c6de98e403f46a9aa4fb98e6d1bb34954fd30ebc19b56

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:26:13 GMT
x-content-type-options: nosniff
content-md5: XYJm9RrynObuKMwoj2vFqw==
x-cache: HIT
status: 200
content-length: 1883
x-response-time: 118
surrogate-key: profile_images profile_images/bucket/8 profile_images/885169621795565573
last-modified: Wed, 12 Jul 2017 16:08:58 GMT
server: ECS (fcn/419C)
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 4c37dd9acccb78aec42a3d33fbc4f986
accept-ranges: bytes

GET
S 200 DnuEXe4M_normal.jpeg
pbs.twimg.com/profile_images/533001970626621440/ Frame E4E0 2 KB
2 KB 7ms
6ms Image
image/jpeg 192.229.233.50
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/533001970626621440/DnuEXe4M_normal.jpeg

Requested by

Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/

Protocol

SPDY

Server

192.229.233.50 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/419C) /

Resource Hash

e7eea5490ae4a16d6d01274135f05102f04afdea4b6a5d5667932fa831ce75d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:26:13 GMT
x-content-type-options: nosniff
content-md5: xkmvtY9p2frFNNfYIP1osw==
x-cache: HIT
status: 200
content-length: 1655
x-response-time: 213
surrogate-key: profile_images profile_images/bucket/9 profile_images/533001970626621440
last-modified: Thu, 13 Nov 2014 21:00:27 GMT
server: ECS (fcn/419C)
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 260162f560ff2ec073cd39234bc8bc98
accept-ranges: bytes

GET
S 200 n1XGsdga_normal.jpg
pbs.twimg.com/profile_images/988236122315636736/ Frame E4E0 2 KB
2 KB 10ms
9ms Image
image/jpeg 192.229.233.50
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/988236122315636736/n1XGsdga_normal.jpg

Requested by

Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/

Protocol

SPDY

Server

192.229.233.50 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/4198) /

Resource Hash

64a9b7904b89312c30978e9944c69ede5782fa76a1c941554bdc7ad8bb924646

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-response-time: 117
date: Thu, 03 May 2018 12:26:13 GMT
x-content-type-options: nosniff
surrogate-key: profile_images profile_images/bucket/3 profile_images/988236122315636736
last-modified: Mon, 23 Apr 2018 01:58:26 GMT
server: ECS (fcn/4198)
status: 200
x-cache: HIT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 08d7fb66d51131a46ada5ab51b3d8708
accept-ranges: bytes
content-length: 1959

GET
S 200 io4rCEZja6HqDrHF
pbs.twimg.com/ext_tw_video_thumb/845263076991668226/pu/img/ Frame E4E0 10 KB
10 KB 8ms
8ms Image
image/jpeg 192.229.233.50
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/ext_tw_video_thumb/845263076991668226/pu/img/io4rCEZja6HqDrHF?format=jpg&name=360x360

Requested by

Host: threatreconblog.com
URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/

Protocol

SPDY

Server

192.229.233.50 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/41B9) /

Resource Hash

26b1a512ad826aaa0ea004233add43a61946855dc531b7eb2ab3e4462a686204

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-response-time: 108
date: Thu, 03 May 2018 12:26:13 GMT
x-content-type-options: nosniff
surrogate-key: ext_tw_video_thumb ext_tw_video_thumb/bucket/6 ext_tw_video_thumb/845263076991668226
last-modified: Fri, 24 Mar 2017 13:14:36 GMT
server: ECS (fcn/41B9)
status: 200
x-cache: HIT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 06bd1b2b00bb5c9e357e39608a9d63c7
accept-ranges: bytes
content-length: 9914

GET
DATA 200
OK truncated
/ Frame E4E0 618 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b051420a41347f3e04fbe6745d5fa58c3dfd40a7209b8dc09a138bc6381bd8dc

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame E4E0 559 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cd7887cf9a61431f64864df1e5fe9823e163638bf811dc97ee556268886bf865

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame E4E0 607 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 059d7f76a7662405100374530359da8f439f4b945864fafab45b834320a429e2

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame E4E0 739 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame E4E0 825 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame E4E0 707 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 338e5578a7b3021caec1db415b93b214c378029d3cd8d19adc833d8b85ea7d29

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml;charset=utf-8

GET
S 200 jot
syndication.twitter.com/i/ 43 B
166 B 110ms
110ms Image
image/gif 104.244.42.8
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fthreatreconblog.com%2F2017%2F02%2F03%2Fapt28-malicious-document%2F%22%2C%22widget_frame%22%3Afalse%2C%22widget_partner%22%3A%22jetpack%22%2C%22widget_site_screen_name%22%3A%22wordpressdotcom%22%2C%22widget_data_source%22%3A%22profile%3Athreat_recon%22%2C%22query%22%3Anull%2C%22profile_id%22%3Anull%2C%22message%22%3A%22timelineFallback%3Auser%3Auser%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1525350374155%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22b01bc23%3A1524723743670%22%2C%22format_version%22%3A%22b01bc23%3A1524723743670%22%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline%22%2C%22element%22%3A%22notice%22%2C%22section%22%3A%22header%22%2C%22action%22%3A%22seen%22%7D%7D&notice_seen=true

Protocol

SPDY

Server

104.244.42.8 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:26:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 104
pragma: no-cache
last-modified: Thu, 03 May 2018 12:26:14 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: a67907039f359ba22671907f8b27baab
x-transaction: 00d0efab00e6210b
expires: Tue, 31 Mar 1981 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

75 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://s0.wp.com/_static/??-eJyFztEKwjAMBdAfsquTiXsRv6XWOFKXtDbphn69HeiDMBQCgdzDJXZOBtmP5QJiQ517gfx4rybIxv4ChnDITqEh5A/2kRVYF0vxjCOYIpDdUG+16BpXXIqiBCIVraTfLyFPCPNfFkCT8zeTQfC5tJ7o2Hb9Yde3+24bXjRNW9I=(Line 9) Message: JQMIGRATE: Migrate is installed, version 1.4.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=86400

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.gravatar.com
1.gravatar.com
cdn.syndication.twimg.com
ctiwagon.files.wordpress.com
fonts.googleapis.com
fonts.gstatic.com
graph.facebook.com
pbs.twimg.com
pixel.wp.com
platform.twitter.com
r-login.wordpress.com
s0.wp.com
s1.wp.com
s2.wp.com
stats.wp.com
syndication.twitter.com
threatreconblog.com
104.244.42.8
185.60.216.15
192.0.72.23
192.0.73.2
192.0.76.3
192.0.77.32
192.0.78.19
192.0.78.25
192.229.233.50
199.96.57.6
216.58.207.67
216.58.207.74
68.232.35.172
0380c5d55c4f9b20d5b358c4d410c74a8cc388d34218b1ecf07cb2acedeb42dd
059d7f76a7662405100374530359da8f439f4b945864fafab45b834320a429e2
083415fce9f107416009acf4e1b84d0a272ea99caf112dc3265cfb505b48667d
08d3764653cba296a0f9b57a8b1356f976bf780c6944628552342a3b16831772
0dab369eac5fd3a06420395d02d292bc3e3ab0bf62add857c72804fd9f4edd35
1a6a361be5e4f031e089d664ccf0698f9b5ab56bb62324eabc35ef0be3aa722a
1cc8b847a98eeed52a6ff290262820de6a3c58e95a3b81e61871613b3e12ede0
21c557180f1bd074974eb41ae4228b6aa9c41234ab1729d780bc8f05761110bb
25b438de3e944547e69c6de98e403f46a9aa4fb98e6d1bb34954fd30ebc19b56
26b1a512ad826aaa0ea004233add43a61946855dc531b7eb2ab3e4462a686204
338e5578a7b3021caec1db415b93b214c378029d3cd8d19adc833d8b85ea7d29
39082fac325df025d42b8ef04a4af8ba810e7a2e621298f7bac99f49cbd82569
3d8e94fed6cc8ea56ee5ec6174efb68cb7197d2e729149cb43e85505bf175779
3f10442336cd9b12279a4662345ca628aa1dc48b9993a7cc75c2077b6ecbaf6b
45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc
4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b
59a2318965065f6884695e83bf766fec37c1d68acb4e8376d131696e1a104abc
5f8e21998371f848f3f62f7a549314cb6ed3097dc28e55b8d24d6df2a68c50e2
64a9b7904b89312c30978e9944c69ede5782fa76a1c941554bdc7ad8bb924646
682faf236eb80dd1a3353fc2eae4ff34b39e2883ef1ffc27ed984842ebfc47e2
6f50d9b50d28d77158091654773bf86ebdf4a98236174d4b4e4ceb6e0b5fb9c0
7d08e9159f7d2bf0835085cbd1ffb0252b0e11de45ed07db4447f8e63f181dbf
7e1549d8014a30c3c17fdca43be710f1c4acbe33706b008f7ef45b99f6b2bbe5
803fc5fe628d0a7f403250879ffe5beb8c17eddc29363b8f439928515b9c6373
895964971ebdb56ee76d08850bcb4c5a88ec4c65e6a235882304e8ff6767cd7c
920c9189a522af2214445b9b592232c64c6bcb262bd4bcf1e1abad27c5cbe606
970a3fa15876d16dcc0fd70eb7c9ab44d733108b3ddca1a449edd0356c1b79a7
9e87ce756ae559a43eb7f7c8e3bedaf1d31bb9fcbd36d87e48bc2551bb8d6d12
9f0c1dc7bb2b53b28e8df2fdc67c22fb762251a9e76f3784646572c13f9442d7
a3bb010753cdea8f85d4818b714db8227ab3da816b080d4f2a01f2a5a8e82f17
ab7e2ffdc04169e144920d681f782403d86113dd0a50dee1eb0522fb4c92375b
ac6a2a0e9db81cb1c4a6d9a04f355c68d866ef0b58d7d0323899ae6d64c21e65
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b051420a41347f3e04fbe6745d5fa58c3dfd40a7209b8dc09a138bc6381bd8dc
b6a0dc30039c5c24d1c474f3ae12a96efd1c6da64b520122536d31309ea5c95e
b77066312d6f915e7d1ffca2fa3e6eeb61b5245227255e8cfd05172e265d0f56
c0e93b5ebf107af77d9e7d101d186b3b93e9d5ad4fbb6a74e2dea60173cc04f8
c7ff6934cb2a3fdf03bbedd4373db26034f4d06a8ea0f3112e6e5699d1160d68
cb3e87ff58a5e66937ffb6013c8265ed549658a4ff59c1f8d8ae193f488390a5
cd7887cf9a61431f64864df1e5fe9823e163638bf811dc97ee556268886bf865
d77bc1018a13b0b64284086c8cfa0f44e649a02833bbd7dcbdf869a42af95f05
e006b2e9c836d246df8e779c911d71302fc8c17dcb0320b386c3f2ee3e6e04ae
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7eea5490ae4a16d6d01274135f05102f04afdea4b6a5d5667932fa831ce75d1
e7f6a232138a2992064e3f39aae317a816a4b892340be34695e42089e0e95cdc
f2c25547f6b4673f116b1360b9b2e2018cc4dcbcba4437e4d1c8c45b4e4cb6ba
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f42e61b30cb83accea960fe7f759d91101742869b8c81ec0b542a428f4cf05d2
f8f6bd7fcecf7443663fe5fccbd5f8f9e2e88b582e5e73bd40e9c3ffe92eb8f7
ff3ae511ad442902d07cda794ab776342099fc909a06e630b758bd9a99109b50
ffb0a1f440d57011b67a8b03c6af798a79a02cb24010a6030f23c9d13da9c59b

threatreconblog.com Open in urlscan Pro 192.0.78.25 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

48 Requests

4 %HTTPS

0 %IPv6

9 Domains

17 Subdomains

14 IPs

2 Countries

999 kBTransfer

1879 kBSize

0 Cookies

11 Outgoing links

Redirected requests

48 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

threatreconblog.com Open in urlscan Pro
192.0.78.25 Public Scan

Screenshot
Live screenshot

Full Image

48
Requests

4 %
HTTPS

0 %
IPv6

9
Domains

17
Subdomains

14
IPs

2
Countries

999 kB
Transfer

1879 kB
Size

0
Cookies

48 HTTP transactions
8 data transactions