urlscan.io logo urlscan.io
SecurityTrails logo

gridinsoft.com Open in urlscan Pro
2606:4700:20::681a:f4f  Public Scan

Go To Rescan Add Verdict Report
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Submission: On September 10 via manual from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 1 countries across 7 domains to perform 36 HTTP transactions. The main IP is 2606:4700:20::681a:f4f, located in United States and belongs to CLOUDFLARENET, US. The main domain is gridinsoft.com. The Cisco Umbrella rank of the primary domain is 811357.
TLS certificate: Issued by WE1 on August 25th 2024. Valid for: 3 months.
This is the only time gridinsoft.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

26    2606:4700:20::681a:f4f (United States)

ASN13335 (CLOUDFLARENET, US)
gridinsoft.com
2    2606:4700:3037::ac43:8ef5 (United States)

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
1    2607:f8b0:4006:820::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
stats.wp.com
pixel.wp.com
1    2607:f8b0:4006:806::200e (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2607:f8b0:4006:81f::2002 (United States)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2607:f8b0:4006:816::2002 (United States)

ASN15169 (GOOGLE, US)
td.doubleclick.net
1    2607:f8b0:4006:821::2004 (United States)

ASN15169 (GOOGLE, US)
www.google.com
Apex Domain
Subdomains		 Transfer
26 gridinsoft.com
gridinsoft.com — Cisco Umbrella Rank: 811357
294 KB
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 77
td.doubleclick.net — Cisco Umbrella Rank: 481
2 KB
2 wp.com
stats.wp.com — Cisco Umbrella Rank: 4519
pixel.wp.com — Cisco Umbrella Rank: 4225
3 KB
2 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1950
18 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 10
64 B
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 104
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
120 KB
36 7
Domain Requested by
26 gridinsoft.com gridinsoft.com
2 use.fontawesome.com gridinsoft.com
1 www.google.com gridinsoft.com
1 td.doubleclick.net www.googletagmanager.com
1 googleads.g.doubleclick.net www.googletagmanager.com
1 www.google-analytics.com www.googletagmanager.com
1 pixel.wp.com gridinsoft.com
1 stats.wp.com gridinsoft.com
1 www.googletagmanager.com gridinsoft.com
36 9

This site contains links to these domains. Also see Links.

Domain
cookiedatabase.org
help.gridinsoft.com
www.reddit.com
Subject Issuer Validity Valid
gridinsoft.com
WE1		 2024-08-25 -
2024-11-23		 3 months crt.sh
use.fontawesome.com
WE1		 2024-09-09 -
2024-12-09		 3 months crt.sh
*.google-analytics.com
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
*.wp.com
Sectigo ECC Domain Validation Secure Server CA		 2023-11-28 -
2024-12-28		 a year crt.sh
*.g.doubleclick.net
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
*.doubleclick.net
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
*.google.com
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Frame ID: 88A2718410C6304DBD80A7C5BCD30B8F
Requests: 34 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/940364021?random=1725978580946&cv=11&fst=1725978580946&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45je4940v875497828za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fgridinsoft.com%2Fblogs%2Ftrojan-win32-wacatac-h-ml%2F&hn=www.googleadservices.com&frm=0&tiba=Trojan%3AWin32%2FWacatac.H!ml%20Detection%20Analysis%20%26%20Removal%20Guide%20%E2%80%93%20Gridinsoft%20Blog&npa=0&pscdl=noapi&auid=953461044.1725978581&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: E2AA1323DC76B2848F5F0FD7F15D3410
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Trojan:Win32/Wacatac.H!ml Detection Analysis & Removal Guide – Gridinsoft Blog

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

36
Requests

97 %
HTTPS

88 %
IPv6

7
Domains

9
Subdomains

9
IPs

1
Countries

437 kB
Transfer

1189 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

36 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/ 		71 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c39ade0bff3eaa0058cef984673fe492aff87146b12b5f53706be9447b04919

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

age
24454
alt-svc
h3=":443"; ma=86400
cache-control
max-age=14400, must-revalidate
cf-apo-via
tcache
cf-cache-status
HIT
cf-edge-cache
cache,platform=wordpress
cf-ray
8c101c8bfdf7c344-EWR
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 10 Sep 2024 14:29:39 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
last-modified
Tue, 10 Sep 2024 07:42:05 GMT
link
<https://gridinsoft.com/blogs/wp-json/>; rel="https://api.w.org/", <https://gridinsoft.com/blogs/wp-json/wp/v2/posts/22930>; rel="alternate"; title="JSON"; type="application/json", <https://gridinsoft.com/blogs/?p=22930>; rel=shortlink
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5rsfDTFhpV%2FIudEOKlBUr2xVgEd139KyjTg9jAsDtgJi6uVZKWrmpmeE4eiKT278X7Nk6VHlPVvgjHexSBJy5tajQWgouNz4lhOTPl8Oi92WtHWoKnPrTU%2FECC7KN%2FDNXLs2ppn1gKIq4Zas"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-pingback
https://gridinsoft.com/blogs/xmlrpc.php
style.min.css
gridinsoft.com/blogs/wp-includes/css/dist/block-library/ 		110 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/wp-includes/css/dist/block-library/style.min.css?ver=84400
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
885c89e82436cfa3d0a0a5a9b2f6be6e1503457c810cc88ed2c09b4570ae9fd6

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:39 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
last-modified
Wed, 24 Jul 2024 19:03:49 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"66a15015-1b723"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iYYZ8Q%2FjhkPFZ5JQrmJKuB5B%2FvQ0biZaVcluGf%2BQTOrLqXsy5Do%2F3kKBBx3jLhdjl5BRejcOt6OrA25UGxLrJCOqPmpJrD9hgIg23fzBjGKjFChSB2rUEVxHOvLKqBfHSO%2F5FJs7YluxGg1b"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8c101c8c5e50c344-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 10 Sep 2024 15:29:39 GMT
mediaelementplayer-legacy.min.css
gridinsoft.com/blogs/wp-includes/js/mediaelement/ 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:39 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 15 Apr 2022 08:46:43 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2103
etag
W/"625930f3-2bf8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ubK1wX0wr2rqLrO%2BXDq992sXVbg%2BlwUhkb6VGa2vDwOh9Qbyn9%2FY%2BlePzp9Yd6GXowXrU9wypODb9nHrnRFqB4s1BmDpcR5m0zvq9G8GfDEYF7LGheM6qMk58p0ZMdNSSpIbMoCDFPN%2B44y5"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8c101c8c5e5fc344-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 10 Sep 2024 14:54:36 GMT
wp-mediaelement.min.css
gridinsoft.com/blogs/wp-includes/js/mediaelement/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=84400
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:39 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
last-modified
Fri, 15 Apr 2022 08:46:43 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"625930f3-105a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rwzUhqq9u7ZghNjarCMXH8fad0mzPYYrxmaU9KI3QyBl1eq2a1NKZL21abDZ3Is%2FVxMh83grUOh%2BwZjPpjyGvc%2FxC%2BdU70yVrjNhRBmb%2BWmbQFnPB4sI8F1aaoGJBlVSt9dyKmf7USQsVEoa"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8c101c8c6e69c344-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 10 Sep 2024 15:29:39 GMT
custom-color-overrides.css
gridinsoft.com/blogs/wp-content/themes/twentytwentyone/assets/css/ 		0
512 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/wp-content/themes/twentytwentyone/assets/css/custom-color-overrides.css?ver=2.1
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:39 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2103
cf-polished
origSize=130
alt-svc
h3=":443"; ma=86400
content-length
0
cf-bgj
minify
last-modified
Sat, 20 Jan 2024 20:00:55 GMT
server
cloudflare
etag
"65ac2677-82"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g%2FUy2kYSKapXeu8tsRwVl6mpmKaIZxUQkXMMoFf8RcdHj%2FIn3VRH9dp5YDolfxc63qWRPQrqLn0DRpY2AdVGb8wOy2AHTPQULTPG3MydSJ9iv50L%2Fr0G7QCHihFGDt6S3i%2B9F9L8L2Jm01M6"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8c101c8c6e6dc344-EWR
expires
Tue, 10 Sep 2024 14:54:36 GMT
style.css
gridinsoft.com/blogs/wp-content/plugins/ultimate-blocks/src/extensions/ 		250 B
592 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/wp-content/plugins/ultimate-blocks/src/extensions/style.css?ver=84400
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43844c1db1f6297fde35378913d63a1cd77d9385b5cc241dc6c1550c5679b82b

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:39 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Sun, 04 Aug 2024 18:54:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"66afce4a-fa"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=atYwj0swSzTqRnm8CaKJJbAzOgf8kw1AKCIQcfjzEbyxxzP%2Fe%2BJPMAaK%2FU3PBdumvryR%2FgIBf21r9XTzxk6XxMTvgCtRyhJj9nMkgPeoWz3H44ze%2BjFSkUhRGXwJsc0yhkjMrv0EQ8xkMquU"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8c101c8c6e71c344-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 10 Sep 2024 15:29:39 GMT
cookieblocker.min.css
gridinsoft.com/blogs/wp-content/plugins/complianz-gdpr/assets/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/wp-content/plugins/complianz-gdpr/assets/css/cookieblocker.min.css?ver=1717690686
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d5f949fcf84560d013b596b51856d6bc487bedc510bc712e82458f00b2506e5

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:39 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 06 Jun 2024 16:18:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2103
etag
W/"6661e13e-ade"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AYpo4xFLfLQY12o%2Bp4QW9c2CQlB8RNm70aOP8KMBH8TuY7wdJ9gptUor1i7rl%2BuQlwdHpOlv6J6k5Y6g7Nhj5dsgfYsROBWxE%2BoIDiSv4zQ%2BGWQ6we%2BAZgFpukMysZun4D%2BVsCtF1%2BZqIFo4"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8c101c8c6e72c344-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 10 Sep 2024 14:54:36 GMT
style.css
gridinsoft.com/blogs/wp-content/themes/twentytwentyone/ 		126 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/wp-content/themes/twentytwentyone/style.css?ver=2.1
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
959567dd2e47d46d3cbdee4a1b8b6e0d91dc2bfab8662692b3dc6f40005041cd

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:39 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2103
cf-polished
origSize=155461
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sat, 20 Jan 2024 20:00:55 GMT
server
cloudflare
etag
W/"65ac2677-25f45"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iLKhTpdlP51uKjmu3XkfQedxd%2FwCfS2Zszf0ihnqCrJ5CDgXk%2FsdALK2U0wNMUeqy7uzHLoiCsVsX%2FF%2BQLjADlHT5Oaifj9B8qca%2BRXKEheBQBuONKpW0C5Avf5e38ELmfIp0jKiNFUO8DhO"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8c101c8c6e74c344-EWR
expires
Tue, 10 Sep 2024 14:54:36 GMT
twentytwentyone.css
gridinsoft.com/blogs/wp-content/plugins/jetpack/modules/theme-tools/compat/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/wp-content/plugins/jetpack/modules/theme-tools/compat/twentytwentyone.css?ver=13.7
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22091175a4d0e473b20a737f357b5831348dffe7cc192fc7dfbac69f6b2b39c8

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:39 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2103
cf-polished
origSize=2926
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Thu, 08 Aug 2024 03:19:29 GMT
server
cloudflare
etag
W/"66b43941-b6e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DZk8usDwyv7tD7j2o1LNrJWx1qd50IPjvpU5ecmZ9FF%2Beb8%2BTK8U3Hm%2FulqC2Ujos2IPS6JP36B4Xqwt%2F1Cglbbi8TZIZKbj5c%2BwBLK1TaiVVsl%2BxzunKmKw7Ty5a8hogYEuKIq%2B0VT8kERo"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8c101c8c6e77c344-EWR
expires
Tue, 10 Sep 2024 14:54:36 GMT
all.css
use.fontawesome.com/releases/v5.15.4/css/ 		58 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.15.4/css/all.css
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:8ef5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

Request headers

Referer
https://gridinsoft.com/
Origin
https://gridinsoft.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:39 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 22 Sep 2023 01:45:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
280836
etag
W/"ecd507b3125edc4d2a03aa6ae5d07da9"
vary
Origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dbFsaQbk8BeOP%2B0gHLpQgPXk7dpw%2BE0O4oafRDHOzXCZCIA5VC93I3o7KoktO8%2B6gZHa3ZV7CWHZ%2BSAzOqEYPioHM7hLt4Ra5SZRQmTcLeRlSvdKExHNnH5gmTj0p9K52E7OjDCuCDijnxIIFsEoUnnX"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
8c101c8c9a767cb1-EWR
alt-svc
h3=":443"; ma=86400
v4-shims.css
use.fontawesome.com/releases/v5.15.4/css/ 		26 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.15.4/css/v4-shims.css
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:8ef5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8fe2f1cb7bc41c640ad3ea24449cfa1ba5291e16dbbbab0ef61bfe43f3212910

Request headers

Referer
https://gridinsoft.com/
Origin
https://gridinsoft.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:39 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 22 Sep 2023 01:45:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2229292
etag
W/"a034d3c71bee546f625877d7932917f8"
vary
Origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VIwFFUcGaL6Tsyt6leR9vGHznCa%2BzX%2FH5Vccq2O6dJN4jIxqylLZE45TV8j74wYbu%2F3Ub%2BleKl%2FLgKnawmqABK0GY5BTy047i3YRFH8ihdFOhz4skSsxr5Dct0PG5rTPuQnSkmN7D0xV2ygMMAASJhsQ"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
8c101c8c9a787cb1-EWR
alt-svc
h3=":443"; ma=86400
jetpack.css
gridinsoft.com/blogs/wp-content/plugins/jetpack/css/ 		106 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/wp-content/plugins/jetpack/css/jetpack.css?ver=13.7
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32d5700587b6c9e3c4dbb404bfd2afe1a36f7ece0a9e2761bf487fca687df08c

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:39 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2103
cf-polished
origSize=108968
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Thu, 08 Aug 2024 03:19:28 GMT
server
cloudflare
etag
W/"66b43940-1a9a8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EtlvkorrPRNbyWVizDLvZroZ9k7C0Fe6U85pMpVU1qd06xN%2FoJkQtuKv3wBqIhRTHPn%2BzSSpQ%2B2i8tOMZD7MSLikWfoTciM24iEKoTmZas8OjANSMkCNC4JH%2Fk4f1%2BpgmAj79nTzSRdbWNdk"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8c101c8c6e7ac344-EWR
expires
Tue, 10 Sep 2024 14:54:36 GMT
related-posts.min.js
gridinsoft.com/blogs/wp-content/plugins/jetpack/_inc/build/related-posts/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20240116
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:39 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 08 Aug 2024 03:19:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1307
etag
W/"66b43940-1661"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0KEprGSEVCYEq6XBew9WbfoCGSwryHgTGOVCJCuqrplLNaC259rDAXc0t131AM9p7FCXWqbOk1lxCmIZx6QGOyGehWH5vnNaPXowfQj0iDXVGQfy2D2I4I7t74PlVIddOSrHU5%2FCQtkQ8q7s"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=14400
cf-ray
8c101c8c6e7dc344-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 10 Sep 2024 15:07:52 GMT
primary-navigation.js
gridinsoft.com/blogs/wp-content/themes/twentytwentyone/assets/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/wp-content/themes/twentytwentyone/assets/js/primary-navigation.js?ver=2.1
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d1b4ac759c42db2ee852af2a8ee97fcfcc54f924ed52d5e37344c20c8312ff28

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:40 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2101
cf-polished
origSize=6046
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sat, 20 Jan 2024 20:00:55 GMT
server
cloudflare
etag
W/"65ac2677-179e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=knV3qL3xsB8Ts%2BsxnXnhHsTpM8bikwXJa6Ms9e%2FTx5%2FAAHBM6OE4ZSuiIJMpeqqfSPoIKIaPH%2BlYsWdZhtduUuYAe0t65xF96obvh2N81gQV67PQ0ErQkX4ybK20sNLvqWKdJ1bC6LxIt3PD"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=14400
cf-ray
8c101c8d3f71c344-EWR
expires
Tue, 10 Sep 2024 14:54:39 GMT
/
gridinsoft.com/blogs/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/?custom-css=92805fdf42
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
51c8b8c21712c5380862c742c02c448fe62e5cb49456581fcec9153b60be8028

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cf-edge-cache
cache,platform=wordpress
date
Tue, 10 Sep 2024 14:29:40 GMT
content-encoding
gzip
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Encoding, Cookie
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x4c6chQdtq%2Bfe9j0MSqur2UaMdcV3Un8Mb7uq1dPjO%2BwxJ6vc6FGgNWz0hLc%2Fee09g3Hb2LJ0AYXyMVJSo2DT%2Btq13jKyIGMGTbOx6b1Kc7ykZ%2BtrZvfO7kyCm7EmDaw9iHYEDgl96cCZqYe"}],"group":"cf-nel","max_age":604800}
content-type
text/css;charset=UTF-8
cf-apo-via
origin,qs
cf-ray
8c101c8c6e7fc344-EWR
alt-svc
h3=":443"; ma=86400
expires
Wed, 10 Sep 2025 14:29:40 GMT
gridinsoft-blog.webp
gridinsoft.com/blogs/wp-content/uploads/2022/07/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gridinsoft.com/blogs/wp-content/uploads/2022/07/gridinsoft-blog.webp
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f9cbef012abc87034a912f5750d3f1642acced4622bfe151ecffdda271bd0f1

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:39 GMT
cf-cache-status
BYPASS
last-modified
Sun, 03 Jul 2022 21:04:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"62c2045e-1390"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B1IVVMpbFHhgbbz2A0TkFgDXLEo5J92U4RETbOOWJ8RI93gpcZsIdin74BRj%2FfdmXGhtXpkztU5EBoeBulhFER5HmWmn706EyQPtkqCW9xwSsAhIThUI7GonKqWG8LD52%2FDCRv7NI37%2FdVdy"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=31536000, private
accept-ranges
bytes
cf-ray
8c101c8c6e82c344-EWR
alt-svc
h3=":443"; ma=86400
content-length
5008
expires
Wed, 10 Sep 2025 14:29:39 GMT
Trojan-Win32Wacatac.Hml_.webp
gridinsoft.com/blogs/wp-content/uploads/2024/06/ 		81 KB
81 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gridinsoft.com/blogs/wp-content/uploads/2024/06/Trojan-Win32Wacatac.Hml_.webp
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7c018ab670311cffffd0b9cfb90f220920f32418cb3baf9aadfc68b68107d78

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:39 GMT
cf-cache-status
BYPASS
last-modified
Thu, 20 Jun 2024 16:42:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"66745be5-1428e"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZXiufbf7xJhi5mLkyVe1o1QZ291ZnXVJ%2BnBx%2F%2FPezO0GYFmggEK9Lj715vdVJ7UIK9jklc9IRsA49HeZRmKNOA1%2BJFsdjWu6jKmxzSKD8EOEUH%2Bu3GGMEyAvvDRnY9bfqCmlRB2ncCbkNRNT"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=31536000, private
accept-ranges
bytes
cf-ray
8c101c8c6e84c344-EWR
alt-svc
h3=":443"; ma=86400
content-length
82574
expires
Wed, 10 Sep 2025 14:29:39 GMT
Trojan_Win32_Wacatac_H_ml.webp
gridinsoft.com/blogs/wp-content/uploads/2024/06/ 		28 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gridinsoft.com/blogs/wp-content/uploads/2024/06/Trojan_Win32_Wacatac_H_ml.webp
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f64bb5837352f440371592701f1d2680a2c581700d6d8eece0c3625ac5fcfac

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:39 GMT
cf-cache-status
BYPASS
last-modified
Thu, 20 Jun 2024 16:13:47 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"6674553b-71f6"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5UHS%2FkGASkhC%2B4Hffn8UN8OzSRXhluqrkPjYg8dahGHNgzm6TlafIgg9OX4GoUD%2BYNytxDLDdRkHIVFsfDDGzZx5GSO%2FuhGF871aX30EF6LVeEPbVEwVPOdc%2BdgUuiP%2BrxssmLs4u7KO4KFw"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=31536000, private
accept-ranges
bytes
cf-ray
8c101c8cbef0c344-EWR
alt-svc
h3=":443"; ma=86400
content-length
29174
expires
Wed, 10 Sep 2025 14:29:39 GMT
reddit-wacatac-hml.png
gridinsoft.com/blogs/wp-content/uploads/2024/06/ 		58 KB
59 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gridinsoft.com/blogs/wp-content/uploads/2024/06/reddit-wacatac-hml.png
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b9283016c4e5580dbc21c0bfb3c516591d37475e20c55bcbcb836abda455cab

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:40 GMT
cf-cache-status
BYPASS
last-modified
Fri, 21 Jun 2024 12:00:37 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"66756b65-e823"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Osr0MfGXuTmZlatZkWkZ13HVWtLve5NLbgdY5RIgkiUnonLhqgkEdUFyJTAqPg0ORFrkf6LmmPsOT9mvPE7d%2F9vb1Q%2FZjp6iewoM%2BFMnajcBkdZ7MOEiXvKhaIHMhTyhZAw5zdINcFX3saV"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000, private
accept-ranges
bytes
cf-ray
8c101c8cdf15c344-EWR
alt-svc
h3=":443"; ma=86400
content-length
59427
expires
Wed, 10 Sep 2025 14:29:40 GMT
comment-reply.min.js
gridinsoft.com/blogs/wp-includes/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/wp-includes/js/comment-reply.min.js?ver=84400
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:40 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
last-modified
Thu, 26 May 2022 17:55:38 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"628fbf1a-ba5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PGlAGHReEAabpDxB0Ot8r9sRt5MRr5BmWnWMDIQioV4M0u12w3mDNEPVgG3Cbxz%2FRSEt3vH2Vic9ExBN4PLRdntj%2FwSMgMFP%2B%2Bb5sd3g%2Fu2k0%2FLroAWOLdaKBIPG%2B3Y7IZZkmWZEKPgjoF9F"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=14400
cf-ray
8c101c8d5f9ac344-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 10 Sep 2024 15:29:40 GMT
responsive-embeds.js
gridinsoft.com/blogs/wp-content/themes/twentytwentyone/assets/js/ 		514 B
809 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/wp-content/themes/twentytwentyone/assets/js/responsive-embeds.js?ver=2.1
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b6d942711f1721a2458ec48d431a328384b7f955086cdcf4252b51e4a4ee2ff

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:40 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2101
cf-polished
origSize=1127
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sat, 20 Jan 2024 20:00:55 GMT
server
cloudflare
etag
W/"65ac2677-467"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DjKg8uN0ij8MI77h0ZI5b%2B8akpzglwt9iitocGNw06pnMtXS%2FSX6nXsBdk1XqnCDId32MqNw2nmFdQZbWwJDNZveUbab6Hg7U7hGZJacq6m1Klip%2F2wsuL2%2BH%2FXIorIFoQRDsR9s6FpgHx7C"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=14400
cf-ray
8c101c8d1f4bc344-EWR
expires
Tue, 10 Sep 2024 14:54:39 GMT
complianz.min.js
gridinsoft.com/blogs/wp-content/plugins/complianz-gdpr/cookiebanner/js/ 		39 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/wp-content/plugins/complianz-gdpr/cookiebanner/js/complianz.min.js?ver=1717690686
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e48afa0ca2fdaed77ef3d14202f805ab16829b42e321b71635d538f9e9efa4e2

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:40 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 06 Jun 2024 16:18:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2101
etag
W/"6661e13e-9dee"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f5ongzpSAyiet%2By6lHj6sFg0l13OZeAuuf8Bt7lJ9BSf7sjyJHoLy7TPm2bcxOVT1Ck%2F1al3BnZpRnUvZVFEhMqs1TAyqLFJe%2FdBAHSSl2GvRHOychnnVxtT4bMVW8ijaMcUFcUnKqcYHl7o"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=14400
cf-ray
8c101c8daff5c344-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 10 Sep 2024 14:54:39 GMT
akismet-frontend.js
gridinsoft.com/blogs/wp-content/plugins/akismet/_inc/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1721240342
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a1b9ae60c527ccefdbbc092245aa6c85aedcaa6ebb4c69d22060ece8ade180d

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:40 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1308
cf-polished
origSize=11388
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 17 Jul 2024 18:19:02 GMT
server
cloudflare
etag
W/"66980b16-2c7c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UHaQ0xX8DPSYACyGRaiAj9jgsb1G2vZpBG7ToyUqeSqNuC%2BAmCKDQ8ig9vpKmWsjPkSxPkw084tJdGNEggxjqRabz3cXnF6nWnPcYdJJKlNi9F1PBPUHMe%2Bxn%2FJpks8QHgP9OyZeSFWrg5iI"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=14400
cf-ray
8c101c8dc82fc344-EWR
expires
Tue, 10 Sep 2024 15:07:52 GMT
3fe3188e-5b5a-4941-9e48-a2288287c00a
https://gridinsoft.com/ Frame 		0
0
print.css
gridinsoft.com/blogs/wp-content/themes/twentytwentyone/assets/css/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/wp-content/themes/twentytwentyone/assets/css/print.css?ver=2.1
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e137691c561e3a0ff6ed790709af1e5b95ded96549c4fef9e2a90e0635bcc99f

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:40 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2095
cf-polished
origSize=2897
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sat, 20 Jan 2024 20:00:55 GMT
server
cloudflare
etag
W/"65ac2677-b51"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fdz%2BxgzwIXLVr8Sv23nHJxNkzT%2BY%2FhCFMs9UAa1pYpWsMpk2ZYHoshgxj3oS85L8kPavKrSqfLDH8%2FmHB49XQNVVKckwLQjNwXrZRjClzaHswIqFm9MTmpuaAyliH6sbgbhbECafl033fwQX"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8c101c8df85bc344-EWR
expires
Tue, 10 Sep 2024 14:54:45 GMT
js
www.googletagmanager.com/gtag/ 		370 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-5N4B7Q122M
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/wp-content/plugins/complianz-gdpr/cookiebanner/js/complianz.min.js?ver=1717690686
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1072c7437e779905fcc110e2d8df6d0e832407afd7c95f1b4d99247890f22c32
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://gridinsoft.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:40 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
122865
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 10 Sep 2024 14:29:40 GMT
e-202437.js
stats.wp.com/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.wp.com/e-202437.js
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/wp-content/plugins/complianz-gdpr/cookiebanner/js/complianz.min.js?ver=1717690686
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5badd609a51ede5bab5b89534fc3011a4dd1ab487cc7081d7cf38479bcbab855

Request headers

Referer
https://gridinsoft.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-minify-cache
hit
x-nc
HIT jfk
date
Tue, 10 Sep 2024 14:29:40 GMT
content-encoding
br
server
nginx
x-minify
t
etag
W/14421-1717166114261.106
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
alt-svc
h3=":443"; ma=86400
expires
Sat, 06 Sep 2025 10:20:55 GMT
banner-1-optout.css
gridinsoft.com/blogs/wp-content/uploads/complianz/css/ 		15 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/wp-content/uploads/complianz/css/banner-1-optout.css?v=15
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/wp-content/plugins/complianz-gdpr/cookiebanner/js/complianz.min.js?ver=1717690686
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db2c9e6a585ad8843008c831065c57acedff8e8a5a392a5848e619a502abef40

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:40 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2094
cf-polished
origSize=16264
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 08 May 2024 16:49:37 GMT
server
cloudflare
etag
W/"663bad21-3f88"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qv3PqCdVJQ54S4caQGWpuFBb1oQ%2BnSgGac77vaeRj0fqo1aUUxZuRuXHdZSOTBewswrtLoPTfUkNytvirM6IfYz1sZLGNbAN1l9IEc%2FqOiz%2FD2jWy6rRXqICbf2zrn2VAx6CZWdDw5qYbQ2R"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8c101c90dbdbc344-EWR
expires
Tue, 10 Sep 2024 14:54:46 GMT
wp-emoji-release.min.js
gridinsoft.com/blogs/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/wp-includes/js/wp-emoji-release.min.js?ver=84400
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:40 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
last-modified
Wed, 03 Apr 2024 01:28:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"660cb0ad-4926"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FTVC8XVq9EkGptEi3oC5oZlyPkVwzM84NhI81Zofe5P7vVegBRYcGRSZ8ABo6wZUkfPIIiCUPyzQkhiN%2FgXy%2B9C74l85o9W%2BMP64fldH4DzUV865gnPsCNnCimh2pZ2ELpba7%2B1LjSz3u7MS"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=14400
cf-ray
8c101c90fbf2c344-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 10 Sep 2024 15:29:40 GMT
/
gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/?relatedposts=1
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20240116
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
26b893e5ad46842c8c987ad88923910752fc99639d3e612a73b0483c531477c3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
x-requested-with
XMLHttpRequest

Response headers

cf-edge-cache
cache,platform=wordpress
date
Tue, 10 Sep 2024 14:29:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pingback
https://gridinsoft.com/blogs/xmlrpc.php
alt-svc
h3=":443"; ma=86400
pragma
no-cache
server
cloudflare
vary
Accept-Encoding, Accept-Encoding, Cookie
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lCZp0GpuP1Cmdkchjt9MThjG0N6qDCmiz%2F0E2RTGaf1pACVmj%2FBC3JvPbKy9BFo9ye%2B3JWlFJ2CBhP4%2BMZuOAIn6XAfz00e7Z6EM2FHXPIdbAVwEFAWoDipY8Ra8SePN8g%2F8Bkw0pLgIu%2FX%2F"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
cache-control
no-store, no-cache, must-revalidate
cf-apo-via
origin,qs
cf-ray
8c101c90fbf4c344-EWR
expires
Thu, 19 Nov 1981 08:52:00 GMT
g.gif
pixel.wp.com/ 		50 B
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=ext&blog=200474804&post=22930&tz=0&srv=gridinsoft.com&j=1%3A13.7&host=gridinsoft.com&ref=&fcp=850&rand=0.2760686159462389
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer
https://gridinsoft.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 10 Sep 2024 14:29:40 GMT
cache-control
no-cache
server
nginx
alt-svc
h3=":443"; ma=86400
content-length
50
content-type
image/gif
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-5N4B7Q122M&gtm=45je4940v875497828za200&_p=1725978580533&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=2056620134.1725978581&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1725978580&sct=1&seg=0&dl=https%3A%2F%2Fgridinsoft.com%2Fblogs%2Ftrojan-win32-wacatac-h-ml%2F&dt=Trojan%3AWin32%2FWacatac.H!ml%20Detection%20Analysis%20%26%20Removal%20Guide%20%E2%80%93%20Gridinsoft%20Blog&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1152
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5N4B7Q122M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://gridinsoft.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 Sep 2024 14:29:40 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://gridinsoft.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/940364021/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/940364021/?random=1725978580946&cv=11&fst=1725978580946&bg=ffffff&guid=ON&async=1&gtm=45je4940v875497828za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fgridinsoft.com%2Fblogs%2Ftrojan-win32-wacatac-h-ml%2F&hn=www.googleadservices.com&frm=0&tiba=Trojan%3AWin32%2FWacatac.H!ml%20Detection%20Analysis%20%26%20Removal%20Guide%20%E2%80%93%20Gridinsoft%20Blog&npa=0&pscdl=noapi&auid=953461044.1725978581&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5N4B7Q122M
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
96bbb7a39c7970a70cab69902b9c3a62a15a701ae6e3b63e05345b158d4fe4ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gridinsoft.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 Sep 2024 14:29:40 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2360
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
940364021
td.doubleclick.net/td/rul/ Frame E2AA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/rul/940364021?random=1725978580946&cv=11&fst=1725978580946&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45je4940v875497828za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fgridinsoft.com%2Fblogs%2Ftrojan-win32-wacatac-h-ml%2F&hn=www.googleadservices.com&frm=0&tiba=Trojan%3AWin32%2FWacatac.H!ml%20Detection%20Analysis%20%26%20Removal%20Guide%20%E2%80%93%20Gridinsoft%20Blog&npa=0&pscdl=noapi&auid=953461044.1725978581&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5N4B7Q122M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gridinsoft.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 10 Sep 2024 14:29:41 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
www.google.com/pagead/1p-user-list/940364021/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/940364021/?random=1725978580946&cv=11&fst=1725976800000&bg=ffffff&guid=ON&async=1&gtm=45je4940v875497828za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fgridinsoft.com%2Fblogs%2Ftrojan-win32-wacatac-h-ml%2F&hn=www.googleadservices.com&frm=0&tiba=Trojan%3AWin32%2FWacatac.H!ml%20Detection%20Analysis%20%26%20Removal%20Guide%20%E2%80%93%20Gridinsoft%20Blog&npa=0&pscdl=noapi&auid=953461044.1725978581&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfFx2871Fk5awjS-XRVqTrY90Iz-P_Ig&random=3516185487&rmt_tld=0&ipr=y
Requested by
Host: gridinsoft.com
URL: https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://gridinsoft.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 Sep 2024 14:29:41 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
favicon.ico
gridinsoft.com/ 		15 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://gridinsoft.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:f4f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31994dda4d5118e5983d8f50eedfde71c17474fd41f5939b1844126ac29b1694

Request headers

Referer
https://gridinsoft.com/blogs/trojan-win32-wacatac-h-ml/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:29:41 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 05 Jul 2022 12:29:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
3011
etag
W/"62c42ebe-3aee"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wxlLdht%2FxbBt96P%2FurS5294qtoSCZuCFkXB1GzCMVsrA6KSSoRrnXSmxFaoWpW%2F8VVzHJIZnCqtRTzoSXhOGE6nI5QnoBZOZv50HolQ%2FBrxB5NRKmgh2OAkMUo4lZW1mccZdXbqrUEymNuBu"}],"group":"cf-nel","max_age":604800}
content-type
image/x-icon
cache-control
max-age=14400
cf-ray
8c101c93eee2c344-EWR
alt-svc
h3=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
gridinsoft.com
URL
blob:https://gridinsoft.com/3fe3188e-5b5a-4941-9e48-a2288287c00a

Verdicts & Comments Add Verdict or Comment

104 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| _wpemojiSettings object| related_posts_js_options function| gtag object| dataLayer function| twentytwentyoneResponsiveEmbeds object| _stq object| complianz object| addComment function| twentytwentyoneToggleAriaExpanded function| twentytwentyoneCollapseMenuOnClickOutside function| twentytwentyoneSubmenuPosition function| twentytwentyoneExpandSubMenu function| cmplz_create_element function| cmplz_add_event function| cmplz_is_hidden function| cmplz_html_decode function| cmplzLoadConsentAreaContent object| cmplz_banner object| cmplz_manage_consent_button object| cmplz_banner_container object| cmplz_waiting_inline_scripts object| cmplz_waiting_scripts object| cmplz_fired_scripts boolean| cmplz_all_scripts_hook_fired object| cmplz_fired_category_events object| cmplz_fired_service_events object| cmplz_categories function| cmplz_run_script function| cmplz_maybe_run_waiting_scripts function| cmplz_set_blocked_content_container function| cmplz_insert_placeholder_text function| cmplz_set_blocked_content_container_aspect_ratio function| cmplz_has_blocked_scripts function| cmplz_enable_category function| cmplz_remove_placeholder function| cmplz_get_waiting_script function| cmplz_array_is_empty function| cmplz_is_waiting_script function| cmplz_run_after_all_scripts object| cmplz_fired_events function| cmplz_run_tm_event function| cmplz_fire_before_categories_consent function| cmplz_check_cookie_policy_id function| cmplz_do_not_track function| cmplz_get_services_on_page function| cmplz_is_bot function| cmplz_is_speedbot function| cmplz_exists_service_consent function| cmplz_set_service_consent function| cmplz_clear_all_service_consents function| cmplz_get_all_service_consents function| cmplz_get_cookie_path function| cmplz_get_cookie_domain function| cmplz_reload_browser_compatible object| cmplz_user_data function| cmplz_track_status_end function| cmplz_set_up_auto_dismiss function| cmplz_fire_categories_event function| cmplz_track_status function| cmplz_accepted_categories function| cmplz_sync_category_checkboxes function| cmplz_merge_object function| cmplz_clear_cookies function| cmplz_set_accepted_cookie_policy_id function| cmplz_integrations_init function| cmplz_integrations_revoke function| cmplz_set_integrations_cookies function| cmplz_get_url_parameter function| cmplz_maybe_auto_redirect function| cmplz_wp_set_consent object| cmplz_cookie_data function| cmplz_start_clean function| cmplz_do_cleanup function| cmplz_setup_clean_interval function| cmplz_clear_storage function| cmplz_load_manage_consent_container function| cmplz_equals function| cmplzCopyAttributes function| cmplz_get_cookie function| cmplz_set_cookie function| cmplz_in_array function| cmplz_highest_accepted_category function| cmplz_accept_all function| cmplz_deny_all function| conditionally_show_banner function| show_cookie_banner function| cmplz_get_banner_status function| cmplz_set_banner_status function| cmplz_has_consent function| cmplz_is_service_denied function| cmplz_has_service_consent function| cmplz_set_consent string| wp_consent_type function| st_go function| linktracker_init object| wpcom object| twemoji object| wp object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal object| GooglebQhCsO

6 Cookies

Domain/Path Name / Value
gridinsoft.com/blogs/ Name: ultp_view_22930
Value: 1
.gridinsoft.com/ Name: _ga_5N4B7Q122M
Value: GS1.1.1725978580.1.0.1725978580.0.0.0
.gridinsoft.com/ Name: _ga
Value: GA1.1.2056620134.1725978581
.gridinsoft.com/ Name: _gcl_au
Value: 1.1.953461044.1725978581
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
gridinsoft.com/ Name: PHPSESSID
Value: lbumob8j18d76jihskr8so8222

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

googleads.g.doubleclick.net
gridinsoft.com
pixel.wp.com
stats.wp.com
td.doubleclick.net
use.fontawesome.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
gridinsoft.com
192.0.76.3
2606:4700:20::681a:f4f
2606:4700:3037::ac43:8ef5
2607:f8b0:4006:806::200e
2607:f8b0:4006:816::2002
2607:f8b0:4006:81f::2002
2607:f8b0:4006:820::2008
2607:f8b0:4006:821::2004
0b6d942711f1721a2458ec48d431a328384b7f955086cdcf4252b51e4a4ee2ff
0c39ade0bff3eaa0058cef984673fe492aff87146b12b5f53706be9447b04919
0d5f949fcf84560d013b596b51856d6bc487bedc510bc712e82458f00b2506e5
0f9cbef012abc87034a912f5750d3f1642acced4622bfe151ecffdda271bd0f1
1072c7437e779905fcc110e2d8df6d0e832407afd7c95f1b4d99247890f22c32
1a1b9ae60c527ccefdbbc092245aa6c85aedcaa6ebb4c69d22060ece8ade180d
1f64bb5837352f440371592701f1d2680a2c581700d6d8eece0c3625ac5fcfac
22091175a4d0e473b20a737f357b5831348dffe7cc192fc7dfbac69f6b2b39c8
26b893e5ad46842c8c987ad88923910752fc99639d3e612a73b0483c531477c3
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
31994dda4d5118e5983d8f50eedfde71c17474fd41f5939b1844126ac29b1694
32d5700587b6c9e3c4dbb404bfd2afe1a36f7ece0a9e2761bf487fca687df08c
43844c1db1f6297fde35378913d63a1cd77d9385b5cc241dc6c1550c5679b82b
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
51c8b8c21712c5380862c742c02c448fe62e5cb49456581fcec9153b60be8028
5badd609a51ede5bab5b89534fc3011a4dd1ab487cc7081d7cf38479bcbab855
885c89e82436cfa3d0a0a5a9b2f6be6e1503457c810cc88ed2c09b4570ae9fd6
8b9283016c4e5580dbc21c0bfb3c516591d37475e20c55bcbcb836abda455cab
8fe2f1cb7bc41c640ad3ea24449cfa1ba5291e16dbbbab0ef61bfe43f3212910
959567dd2e47d46d3cbdee4a1b8b6e0d91dc2bfab8662692b3dc6f40005041cd
96bbb7a39c7970a70cab69902b9c3a62a15a701ae6e3b63e05345b158d4fe4ee
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
d1b4ac759c42db2ee852af2a8ee97fcfcc54f924ed52d5e37344c20c8312ff28
d7c018ab670311cffffd0b9cfb90f220920f32418cb3baf9aadfc68b68107d78
db2c9e6a585ad8843008c831065c57acedff8e8a5a392a5848e619a502abef40
e137691c561e3a0ff6ed790709af1e5b95ded96549c4fef9e2a90e0635bcc99f
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e48afa0ca2fdaed77ef3d14202f805ab16829b42e321b71635d538f9e9efa4e2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1