Overview

URL https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/
IP192.0.78.24
ASNAS2635 Automattic, Inc
Location United States
Report completed2018-05-10 20:52:21 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 192.0.78.24

Date UQ / IDS / BL URL IP
2018-10-14 09:11:48 +0200
0 - 2 - 0 wp.me/p1qltQ-3u 192.0.78.24
2018-10-13 06:26:25 +0200
0 - 0 - 0 192.0.78.24 192.0.78.24
2018-10-12 23:02:51 +0200
0 - 0 - 0 ema.alabama.gov 192.0.78.24
2018-10-12 22:59:53 +0200
0 - 0 - 0 ema.alabama.gov 192.0.78.24
2018-10-11 19:48:59 +0200
0 - 0 - 0 simplenote.com 192.0.78.24
2018-10-11 19:39:43 +0200
0 - 0 - 2 wp.me/p1VsTV-Wj 192.0.78.24
2018-10-11 19:33:59 +0200
0 - 0 - 1 wp.me/P3PtpU-w 192.0.78.24
2018-10-11 17:44:27 +0200
0 - 0 - 0 https://ema.alabama.gov/ 192.0.78.24
2018-10-11 15:58:41 +0200
0 - 0 - 0 salesforcesidekick.com 192.0.78.24
2018-10-10 19:14:56 +0200
0 - 0 - 2 wp.me/p42wzP-2hK 192.0.78.24

Last 10 reports on ASN: AS2635 Automattic, Inc

Date UQ / IDS / BL URL IP
2018-10-15 15:54:52 +0200
0 - 0 - 0 i2.wp.com 192.0.77.2
2018-10-15 11:50:17 +0200
0 - 0 - 0 www.gravatar.com 192.0.73.2
2018-10-15 06:47:16 +0200
0 - 0 - 0 https://werkohneautor2018ganzerfilmhdgermande (...) 192.0.78.12
2018-10-15 06:42:38 +0200
0 - 0 - 0 https://werkohneautor2018ganzerfilmhdgermande (...) 192.0.78.13
2018-10-15 06:11:40 +0200
0 - 0 - 0 https://werkohneautor2018ganzerfilmhdgermande (...) 192.0.78.12
2018-10-15 05:02:15 +0200
0 - 0 - 0 https://watchonlineshow15.wordpress.com/2018/ (...) 192.0.78.13
2018-10-14 17:34:31 +0200
0 - 0 - 0 https://watchonlineshow15.wordpress.com/2018/ (...) 192.0.78.13
2018-10-14 13:40:57 +0200
0 - 0 - 0 https://watchonlineshow15.wordpress.com/2018/ (...) 192.0.78.13
2018-10-14 13:39:00 +0200
0 - 0 - 0 https://watchonlineshow15.wordpress.com/2018/ (...) 192.0.78.13
2018-10-14 13:35:17 +0200
0 - 0 - 0 https://watchonlineshow15.wordpress.com/2018/ (...) 192.0.78.13

No other reports on domain: postmodernsecurity.com



JavaScript

Executed Scripts (27)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (52)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         91.135.34.107
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "DDFC6ED65537A042D1A3FED35CB0FA7B0541D366217E8FB45297A83FB8E3EE7D"
Last-Modified: Tue, 08 May 2018 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=43200
Expires: Fri, 11 May 2018 06:51:47 GMT
Date: Thu, 10 May 2018 18:51:47 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    651c60d0f906da91e58db514bf1644ad
Sha1:   3a04f120887f5b0af589d1dc9ae13801d4ddc149
Sha256: ddfc6ed65537a042d1a3fed35cb0fa7b0541d366217e8fb45297a83fb8e3ee7d
                                        
                                            POST / HTTP/1.1 
Host: isrg.trustid.ocsp.identrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.122
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Transfer-Encoding: Binary
Last-Modified: Tue, 08 May 2018 10:11:36 GMT
Etag: "fd842f4eec80987120b2ae5d520399525152cb6b"
Content-Length: 1396
Cache-Control: public, no-transform, must-revalidate, max-age=30662
Expires: Fri, 11 May 2018 03:22:50 GMT
Date: Thu, 10 May 2018 18:51:48 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1396
Md5:    af48c161d6d96f79678f0fccc120b304
Sha1:   fd842f4eec80987120b2ae5d520399525152cb6b
Sha256: 2178b586624295f23290447795bcf145436bd5de3066948cc2347e51670fd2e2
                                        
                                            POST / HTTP/1.1 
Host: ocsp.godaddy.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         50.63.243.230
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 10 May 2018 18:51:48 GMT
Server: Apache
Content-Transfer-Encoding: Binary
Cache-Control: max-age=119389, public, no-transform, must-revalidate
Last-Modified: Thu, 10 May 2018 17:46:21 GMT
Expires: Sat, 12 May 2018 05:46:21 GMT
Etag: "88445a378b97b0bdff66659076ebb0f6c3403d24"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
Content-Length: 1776
Connection: close


--- Additional Info ---
Magic:  data
Size:   1776
Md5:    51362a985a4f79bcd9f1845849aa887a
Sha1:   88445a378b97b0bdff66659076ebb0f6c3403d24
Sha256: 3e2449ef0e2244b23f83a4ca601132d82e5012f5ef8cbde37a46f112bd94fe50
                                        
                                            GET /2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/ HTTP/1.1 
Host: postmodernsecurity.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         192.0.78.25
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=86400
Vary: Accept-Encoding, Cookie
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-Pingback: https://postmodernsecurity.com/xmlrpc.php
Link: <https://wp.me/p434MA-3Z>; rel=shortlink
Content-Encoding: gzip
X-ac: 3.arn _dca


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   23752
Md5:    60d15ee0dc452f1277ca299ffd40faca
Sha1:   be9f456a122818a6c58e51f2414e9c2c50f8ce56
Sha256: 47dc77354e788ec2dc914050933a3245011eae478da9efa739ef454e8c4c00d5
                                        
                                            GET /wp-content/plugins/custom-fonts/js/webfont.js HTTP/1.1 
Host: s0.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.77.32
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"573b08bd-30cd"
Content-Encoding: gzip
Expires: Fri, 05 Oct 2018 10:26:17 GMT
Cache-Control: max-age=31536000
X-ac: 4.arn _dca
X-nc: HIT arn 32


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4946
Md5:    2b9efe19af7e1173015e0d8c3d22a79a
Sha1:   59bb1cecfbe319c3311b9c34a183f05716e4fb02
Sha256: ac50341163bb539b574eb492d02fa494e4f375d4f8f10ab9ee1380171baa3bd8
                                        
                                            POST / HTTP/1.1 
Host: ocsp.godaddy.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         50.63.243.230
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 10 May 2018 18:51:49 GMT
Server: Apache
Content-Transfer-Encoding: Binary
Cache-Control: max-age=120276, public, no-transform, must-revalidate
Last-Modified: Thu, 10 May 2018 18:01:56 GMT
Expires: Sat, 12 May 2018 06:01:56 GMT
Etag: "23caac938a99127fbd1a0ad2b40a517c468ab113"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
Content-Length: 1776
Connection: close


--- Additional Info ---
Magic:  data
Size:   1776
Md5:    c8aa35bec83cd96f7433f4fe8063ce09
Sha1:   23caac938a99127fbd1a0ad2b40a517c468ab113
Sha256: 7716c9a6bf85c10b4dc29feb351fdf15a457936ddeabba868feb6f8b3ba47540
                                        
                                            POST / HTTP/1.1 
Host: ocsp.godaddy.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         50.63.243.230
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 10 May 2018 18:51:49 GMT
Server: Apache
Content-Transfer-Encoding: Binary
Cache-Control: max-age=121882, public, no-transform, must-revalidate
Last-Modified: Thu, 10 May 2018 18:30:06 GMT
Expires: Sat, 12 May 2018 06:30:06 GMT
Etag: "6d375efe1b4adf89f53c0758fb1edb3fee8adf05"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
Content-Length: 1776
Connection: close


--- Additional Info ---
Magic:  data
Size:   1776
Md5:    a5ecf85fbf2505e1a5aac99ce8634c07
Sha1:   6d375efe1b4adf89f53c0758fb1edb3fee8adf05
Sha256: d399e03e1e22ca3f705c47daaa8db250830261b1c636faec1c9ee74afd4d7669
                                        
                                            GET /2014/01/cropped-boris_eyes.png HTTP/1.1 
Host: mrsyiswhy.files.wordpress.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.72.28
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:49 GMT
Content-Length: 99222
Connection: keep-alive
Last-Modified: Wed, 01 Jan 2014 18:03:52 GMT
Expires: Tue, 05 Jun 2018 16:37:05 GMT
X-Orig-Src: 01_mogdir
X-nc: HIT arn 28 np
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 800 x 256, 8-bit/color RGBA, non-interlaced
Size:   99222
Md5:    baccbba0dc3cb24a6484ecbaae64099c
Sha1:   0f073fe5f3e33edc5b86919f5a79685644cd255c
Sha256: a62dd293c47a09e55c370854fdc44c3c791d4e86a05f63a31a43fd224c303902
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=167621
Date: Thu, 10 May 2018 18:51:49 GMT
Etag: "5af46c84-1d7"
Expires: Sat, 12 May 2018 17:10:33 GMT
Last-Modified: Thu, 10 May 2018 16:00:04 GMT
Server: ECS (arn/45E2)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    c80c0de2a400d799d406d2652cc92ed6
Sha1:   e79419d98fe67c9a072e3c935b7c52d62ad9e3ae
Sha256: b4e8b7beeedcc37edd5dd964b2808cd55cd3917f0b266499fa1fefdc03c55e88
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=157350
Date: Thu, 10 May 2018 18:51:49 GMT
Etag: "5af43dad-1d7"
Expires: Sat, 12 May 2018 14:31:32 GMT
Last-Modified: Thu, 10 May 2018 12:40:13 GMT
Server: ECS (arn/4692)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    8f7abd97d681bce0533f8f52b47d2a8c
Sha1:   2b5e7be89ced069879a1fa4dbed0607f3849d0db
Sha256: 5010b98f2a23537c7c8b3c92a4b62a8d65d4770b65d6232b6c65f638785a2dc7
                                        
                                            GET /?custom-css=1&csblog=434MA&cscache=6&csrev=7 HTTP/1.1 
Host: s2.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.77.32
HTTP/1.1 200 OK
Content-Type: text/css;charset=utf-8
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
Expires: Fri, 10 May 2019 08:43:29 GMT
Content-Encoding: gzip
X-ac: 4.arn _dca
X-nc: HIT arn 32


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   331
Md5:    d2412dc6bbd3940d7f1c1c47704a394b
Sha1:   114d4bd42432d4a0be07b5bcdd89acaed300b56f
Sha256: c6bba5ade9bad280d475bdd4e66a5a2a2e217c415cc85d8e82fa6e089579adf9
                                        
                                            GET /remote-login.php?action=js&host=postmodernsecurity.com&id=59838716&t=1525978308&back=https%3A%2F%2Fpostmodernsecurity.com%2F2015%2F09%2F11%2Fmalware-analysis-and-incident-response-tools-for-the-frugal-and-lazy%2F HTTP/1.1 
Host: r-login.wordpress.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.78.18
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:49 GMT
Content-Length: 0
Connection: keep-alive
Vary: Cookie


--- Additional Info ---
                                        
                                            GET /wp-content/mu-plugins/highlander-comments/style.css?m=1522184747h&cssminify=yes HTTP/1.1 
Host: s1.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.77.32
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5abab2a5-5d0c"
Content-Encoding: gzip
Expires: Wed, 27 Mar 2019 21:07:51 GMT
Cache-Control: max-age=31536000
X-ac: 4.arn _dca
X-nc: HIT arn 32


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   3435
Md5:    1fbc3f717fc105a54a0aa0620dccaeb5
Sha1:   8e2e2fa6b42e2e965df01bffe122f098e09bfc0e
Sha256: 8509381fbb5d0f531759c5d6045d7cc7c889ecb1ad6a35564d011ee6301c5f15
                                        
                                            GET /_static/??-eJyFkdFuwyAMRX9onreq7bSHad9CiJe4sTEKoKp/P1JUae0m9oJ8zblcA3iO4C1kChm1QJQycUh4jt4UkrLQ5UE9+5Se8G+b8EIJT5Sj8wtcVQ9fSVymEaKl/KB6Nm8r1b5GlzdCaWRHQlqxnk3j8ebayrmO2I1ptx6GuFJKUFflopDnGvTb19oYy4B+LmHBlC9C/2McfEPhGtedh8eJ6jsl8+wEuCL3opkZg+W2eSt6p05kIOZdZgt3Ar7E8dr/vkFsquWElfohN9Onfrwedvu34/vL7nD6Bqmy5zs=?cssminify=yes HTTP/1.1 
Host: s2.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.77.32
HTTP/1.1 200 OK
Content-Type: text/css;charset=utf-8
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 26 Apr 2018 18:57:38 GMT
Etag: W/"5ae22122-e495"
Content-Encoding: gzip
Expires: Sat, 27 Apr 2019 06:34:37 GMT
Cache-Control: max-age=31536000
X-ac: 4.arn _dca
X-nc: HIT arn 32


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   27780
Md5:    b27b3967a56be4db6a0b0f7fae47e890
Sha1:   e693ab03149bd420c575e85e4bf0dbc9723e14a5
Sha256: b837030d6c8bf88126c5d5b2956b64917cd4f956d6cb7380f08925101eca4774
                                        
                                            GET /_static/??-eJyFj90KwjAMhV/IrAw6xQvxWWoXS2r/bNoNfXo70At1KARCTr4cTsScgIJ2dUQWttW1Yr49W2d5I34B4MlkVbDzFF6wjqFgKAvr44kcQmXMyjStGZ3jCpciF4/MDVrZvkeiMBHOfzGLJSl9gYxM9y9XXyG5aiiwyOjaAyMsGT6mdnX0h17uh36Qcre1DyuucHk= HTTP/1.1 
Host: s2.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.77.32
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 19 May 2017 00:42:51 GMT
Etag: W/"591e3f8b-2835f"
Content-Encoding: gzip
Expires: Sat, 19 May 2018 00:42:58 GMT
Cache-Control: max-age=31536000
X-ac: 4.arn _dca
X-nc: HIT arn 32


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   51529
Md5:    f600330cbb110d61f0ac667c98b1e2f2
Sha1:   cb604ed2026ca3660eca93be638d8d350ea9f26f
Sha256: a130226dbf3851b3ee26205e1446cc6414647947d6728ccef2c16c7ce1e4f4c4
                                        
                                            POST / HTTP/1.1 
Host: ocsp.godaddy.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 108
Content-Type: application/ocsp-request

                                         
                                         50.63.243.230
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 10 May 2018 18:51:50 GMT
Server: Apache
Content-Transfer-Encoding: Binary
Cache-Control: max-age=119481, public, no-transform, must-revalidate
Last-Modified: Thu, 10 May 2018 17:48:00 GMT
Expires: Sat, 12 May 2018 05:48:00 GMT
Etag: "261d80069e314e6b04c5c99a25f1f4f0bb762c9f"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
Content-Length: 1777
Connection: close


--- Additional Info ---
Magic:  data
Size:   1777
Md5:    c88b49d0ad71ea0bd6d3d932b600e7a0
Sha1:   261d80069e314e6b04c5c99a25f1f4f0bb762c9f
Sha256: 9b0c4a0e48636ecc783349090a7b1013d9d9a0a7e987857d1ab59285f30eb0f1
                                        
                                            GET /zcz6bjb.js HTTP/1.1 
Host: use.typekit.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         23.43.132.224
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=600, stale-while-revalidate=604800
Content-Encoding: gzip
Server: nginx
Status: 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains;
Timing-Allow-Origin: *
Vary: Accept-Encoding
Content-Length: 7454
Date: Thu, 10 May 2018 18:51:50 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   7454
Md5:    5f8e27d54629a1dda0559e2b549421c0
Sha1:   eceb1a7192a79cd0a924982316da78291535e90e
Sha256: 6c8d1c623f703cd4326e85d17dc764bdb9792cb8cab07e90d255da7f66dbe9b2
                                        
                                            GET /_static/??-eJyVj0kOwjAMRS9EamhFYYM4Cgqp27rNhJ0w3J50AWJViZUt//+eZHhEZYJP6BNMAh3eyWB8VpNs4CdyWUWbB/IClmYUuGXMOGrfWeRPmbyxuSthEZngXAEVY7SvypFfMequ5OqqGZyWhFw2Fe7ITIvse/vTkFibWdYgkyj4Bfpua+2ZxGFSTbWFS/kU+sBupR+DJNVbTQwyaiY/fGaBzu6029d1226b42F6Axw4kCI= HTTP/1.1 
Host: s2.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.77.32
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 02 Apr 2018 09:13:15 GMT
Etag: W/"5ac1f42b-1198b"
Content-Encoding: gzip
Expires: Tue, 02 Apr 2019 09:13:36 GMT
Cache-Control: max-age=31536000
X-ac: 4.arn _dca
X-nc: HIT arn 32


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   19407
Md5:    75c7d48b78f3ce507f8c78ef9163265e
Sha1:   459a5e45350086768ee76f5572667eadc0b78832
Sha256: f8628678edd86eba2ceb209da481a7af2ee4432521aab5f4bfaffd6661a2093b
                                        
                                            GET /avatar/502960dea2f48d76f9418b820c879d9b?s=32&d=identicon&r=G HTTP/1.1 
Host: 2.gravatar.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.73.2
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:50 GMT
Content-Length: 1221
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2011 21:16:16 GMT
Link: <https://www.gravatar.com/avatar/502960dea2f48d76f9418b820c879d9b?s=32&d=identicon&r=G>; rel="canonical"
Content-Disposition: inline; filename="502960dea2f48d76f9418b820c879d9b.jpeg"
Access-Control-Allow-Origin: *
X-nc: HIT arn 4
Accept-Ranges: bytes
Expires: Thu, 10 May 2018 18:56:50 GMT
Cache-Control: max-age=300
Source-Age: 655483


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, comment: "CREATOR: gd-jpeg v1.0 (using IJ"
Size:   1221
Md5:    9f1ece8fb8f6230ecc493566647d1535
Sha1:   8acc9c3b4b28066b8aa32ee8910eeac82edbc689
Sha256: 0f5db494b06323d54cd1c334b781d96766bb8d7bd903e2b4fef6d8e2f1c71c4f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.godaddy.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         50.63.243.230
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 10 May 2018 18:51:51 GMT
Server: Apache
Content-Transfer-Encoding: Binary
Cache-Control: max-age=121058, public, no-transform, must-revalidate
Last-Modified: Thu, 10 May 2018 18:15:41 GMT
Expires: Sat, 12 May 2018 06:15:41 GMT
Etag: "77e7b5700e9cc881bca6ba658ac80388028cf7dc"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
Content-Length: 1776
Connection: close


--- Additional Info ---
Magic:  data
Size:   1776
Md5:    f8c60db1f455c68b3896363870261698
Sha1:   77e7b5700e9cc881bca6ba658ac80388028cf7dc
Sha256: 42f663d1976f936d51ed95c7878c4a6a63b5d61e997646f1e0ac6a0301dc0076
                                        
                                            GET /2018/03/cropped-sig-logo-big.png?w=32 HTTP/1.1 
Host: richardplatt.files.wordpress.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.72.29
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:50 GMT
Content-Length: 2767
Connection: keep-alive
Last-Modified: Thu, 29 Mar 2018 07:54:55 GMT
Expires: Mon, 11 Jun 2018 09:04:05 GMT
X-Orig-Src: 0_imageresize
Vary: Accept
X-nc: HIT arn 29 np
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 32 x 32, 8-bit/color RGBA, non-interlaced
Size:   2767
Md5:    921d94de73acf0d50065be4611746034
Sha1:   131560d7ef95c3b030278073a1decc67de08f5c7
Sha256: 9a38bd36a9da3ee3d12c2e6733691d7f782eb5e44ea68398a644307373f4a68b
                                        
                                            GET /w.js?56 HTTP/1.1 
Host: stats.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.76.3
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5a572e16-4ab1"
Content-Encoding: gzip
Expires: Thu, 31 Jan 2019 20:49:17 GMT
Cache-Control: max-age=31536000


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4284
Md5:    94b6e5cc4830d3648777a0cea50d554a
Sha1:   38adf70b1db025e5b16140c0c0c264bc2c641045
Sha256: fe4ad89d2fa5ade17619293d6d4db17af0ac51544ea70cc7bfc746b26a01c937
                                        
                                            GET /wp-content/mu-plugins/global-print/global-print.css?m=1465851035h&cssminify=yes HTTP/1.1 
Host: s2.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.77.32
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"575f1ca1-1f6c"
Content-Encoding: gzip
Expires: Wed, 19 Sep 2018 17:53:53 GMT
Cache-Control: max-age=31536000
X-ac: 4.arn _dca
X-nc: HIT arn 32


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1954
Md5:    47d1bc086f644cc741bcfbf61d66d807
Sha1:   e7111de42b74b72279b03a68bcde1c8b4507e3a9
Sha256: d66254c2dfbbda4e98ea858066e9b049bff0a4138b350bf751c9d8b0cae292e1
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?m=1516999477h&ver=4.9.6-beta1-43182 HTTP/1.1 
Host: s2.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.77.32
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5a6b938a-2dc9"
Content-Encoding: gzip
Expires: Thu, 09 May 2019 17:39:51 GMT
Cache-Control: max-age=31536000
X-ac: 4.arn _dca
X-nc: HIT arn 32


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4266
Md5:    c87a12c293566f4c880409079a4f906b
Sha1:   0eba5b488c2f2e095b4e3cc3a1e5d474589497e0
Sha256: 3d8ee68146d6a32a9a2afe5cdc6042798a7c647d313f32ac494ff32e037be568
                                        
                                            GET /af/43e611/00000000000000000000d8e2/27/d?subset_id=2&fvd=n4&v=3 HTTP/1.1 
Host: use.typekit.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/
Origin: https://postmodernsecurity.com

                                         
                                         23.43.132.224
HTTP/1.1 200 OK
Content-Type: application/font-woff
                                        
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=8640000
Etag: "08595b27fdf155387a1df542b6aed2a064cc0157"
Server: nginx
Status: 200 OK
Timing-Allow-Origin: *
Content-Length: 15612
Date: Thu, 10 May 2018 18:51:51 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   15612
Md5:    09049561cd1de1a53c961195ee52d64c
Sha1:   b3e0c870af48597d3773ba154006f98b07bda03d
Sha256: d1a7ca5453ffb3f51ad8223670c6b77664b8e42340253b1066925ce014c6d190
                                        
                                            GET /af/4dfbe0/00000000000000000000d8e4/27/d?subset_id=2&fvd=n7&v=3 HTTP/1.1 
Host: use.typekit.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/
Origin: https://postmodernsecurity.com

                                         
                                         23.43.132.224
HTTP/1.1 200 OK
Content-Type: application/font-woff
                                        
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=8640000
Etag: "1e0070baf49f87f995d5933f996fdbf9f3ac747c"
Server: nginx
Status: 200 OK
Timing-Allow-Origin: *
Content-Length: 16252
Date: Thu, 10 May 2018 18:51:51 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   16252
Md5:    1fc6aae8377952e2ce801a6553f3f92d
Sha1:   874359745c19949c12de2ee0f120ebbb1d4c330d
Sha256: c17be8219af380b93e0308dfc1f37069eeeac066f188bf5f4be7b61ac0534593
                                        
                                            GET /wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1380573781h HTTP/1.1 
Host: s1.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.77.32
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"54c2cddb-2f0"
Content-Encoding: gzip
Expires: Fri, 05 Oct 2018 10:26:17 GMT
Cache-Control: max-age=31536000
X-ac: 4.arn _dca
X-nc: HIT arn 32


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   322
Md5:    d67cdb8e036cc688497c3f2e146456ae
Sha1:   c64b7e27c73662c5746f464f221ea959371836ad
Sha256: eec06c181eab2bd840b01c5074070891246a097f6669eed9f05e41864af6c809
                                        
                                            GET /avatar/502960dea2f48d76f9418b820c879d9b?s=128&d=identicon&r=G HTTP/1.1 
Host: 2.gravatar.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.73.2
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:51 GMT
Content-Length: 6727
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2011 21:16:16 GMT
Link: <https://www.gravatar.com/avatar/502960dea2f48d76f9418b820c879d9b?s=128&d=identicon&r=G>; rel="canonical"
Content-Disposition: inline; filename="502960dea2f48d76f9418b820c879d9b.jpeg"
Access-Control-Allow-Origin: *
X-nc: HIT arn 4
Accept-Ranges: bytes
Expires: Thu, 10 May 2018 18:56:51 GMT
Cache-Control: max-age=300
Source-Age: 2111879


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, comment: "CREATOR: gd-jpeg v1.0 (using IJ"
Size:   6727
Md5:    e36a2f50a2cd78bb5ae3dbc1fe4c5c99
Sha1:   24e8f57b43e7e56ec3831a01b2937e4b2cc96e94
Sha256: 814bd97d5d336ead0539ad963ee9e76b1485b68e512f47d94a4bbfd8e527c8c5
                                        
                                            GET /js/gprofiles.js?ver=201819y HTTP/1.1 
Host: 0.gravatar.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.73.2
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 17 Sep 2015 14:13:14 GMT
Etag: W/"55faca7a-50aa"
Content-Encoding: gzip
Expires: Thu, 17 May 2018 18:51:51 GMT
Cache-Control: max-age=604800


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6790
Md5:    ff36b4357f0ea3917228ae97b5e6235e
Sha1:   74ccb81763373e358dc62e3289aaf53c11c2fdcc
Sha256: b1ad3f05ad77fb3147e88ac46f9af538ab7a79e072fd3b53a4c6017656980815
                                        
                                            GET /_static/??-eJx9i0EKQjEMBS9kDdVfXIlnyS+1jaRJafLx+uJCRBRXbx7MwH2ErOJFHPoWBm+VxACzk8qK8037bLaD3/pQ83BlpAnWcJLU1/6rTDMhB9aqn+cr8lZ6MWgLVNYV+Slc+jmmQzrFtMTj7QHFQEmu?cssminify=yes HTTP/1.1 
Host: s0.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.77.32
HTTP/1.1 200 OK
Content-Type: text/css;charset=utf-8
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 07 May 2018 17:50:26 GMT
Etag: W/"5af091e2-d8d3"
Content-Encoding: gzip
Expires: Tue, 07 May 2019 17:50:30 GMT
Cache-Control: max-age=31536000
X-ac: 4.arn _dca
X-nc: HIT arn 32


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   24973
Md5:    1ebf24212c42859c0ea18d805ba85751
Sha1:   65f832bfb5dca38fcf35d427f291f959c7f55d07
Sha256: 4921b627da9c1ef0a2bc1066629ee8828530fe9fb4e3e74c650498de2ca2d274
                                        
                                            GET /pbs.twimg.com/profile_images/764956887909486592/yUjuEnwK_normal.jpg?resize=48%2C48 HTTP/1.1 
Host: i1.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.77.2
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:51 GMT
Content-Length: 1754
Connection: keep-alive
Last-Modified: Thu, 10 May 2018 08:43:30 GMT
Expires: Sat, 09 May 2020 20:43:30 GMT
Cache-Control: public, max-age=63115200
Link: <http://pbs.twimg.com/profile_images/764956887909486592/yUjuEnwK_normal.jpg>; rel="canonical"
X-Content-Type-Options: nosniff
Etag: "30ec9b99bbf1d6d7"
Vary: Accept
X-nc: HIT arn 16


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   1754
Md5:    19c027a1d8d9ae4c11cfe4cf30e2562a
Sha1:   ad2af6b7a3d3d46548e4d924291a90d8ef0bad55
Sha256: e59c2a10573d82f05ca262d0684d94cb1be0c6ca06cbcfa48c4435f931971efa
                                        
                                            GET /avatar/502960dea2f48d76f9418b820c879d9b?s=48&d=identicon&r=G HTTP/1.1 
Host: 2.gravatar.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.73.2
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:51 GMT
Content-Length: 1849
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2011 21:16:16 GMT
Link: <https://www.gravatar.com/avatar/502960dea2f48d76f9418b820c879d9b?s=48&d=identicon&r=G>; rel="canonical"
Content-Disposition: inline; filename="502960dea2f48d76f9418b820c879d9b.jpeg"
Access-Control-Allow-Origin: *
X-nc: HIT arn 2
Accept-Ranges: bytes
Expires: Thu, 10 May 2018 18:56:51 GMT
Cache-Control: max-age=300
Source-Age: 3113281


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, comment: "CREATOR: gd-jpeg v1.0 (using IJ"
Size:   1849
Md5:    a7a4434931dfca2adca241a864029030
Sha1:   484a1be173cab208f137e093392a041f1712f3e5
Sha256: 38c68768e74726df9ccd33ead0f053e7c8245cfd59adb766fac629de20727af7
                                        
                                            GET /af/8f10d6/00000000000000000000d8e5/27/d?subset_id=2&fvd=i7&v=3 HTTP/1.1 
Host: use.typekit.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/
Origin: https://postmodernsecurity.com

                                         
                                         23.43.132.224
HTTP/1.1 200 OK
Content-Type: application/font-woff
                                        
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=8640000
Etag: "353e73467985eaa42d71b943f5eb2060ddff41c8"
Server: nginx
Status: 200 OK
Timing-Allow-Origin: *
Content-Length: 16120
Date: Thu, 10 May 2018 18:51:51 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   16120
Md5:    43abe73d7eb80f315045133b50ff79f7
Sha1:   5761e7f126a8639f6daf0ff98761e8cfc8f43137
Sha256: 7f3f309b665cb87794d75168bdc1648d85897135c682127d632cfe0eead012cd
                                        
                                            GET /avatar/2305802a2da8dd488dbadedfcaa737e2?s=32&d=identicon&r=G HTTP/1.1 
Host: 2.gravatar.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.73.2
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:51 GMT
Content-Length: 582
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <https://www.gravatar.com/avatar/2305802a2da8dd488dbadedfcaa737e2?s=32&d=identicon&r=G>; rel="canonical"
Access-Control-Allow-Origin: *
X-nc: HIT arn 2
Accept-Ranges: bytes
Expires: Thu, 10 May 2018 18:56:51 GMT
Cache-Control: max-age=300
Source-Age: 3113282


--- Additional Info ---
Magic:  PNG image, 32 x 32, 8-bit/color RGBA, non-interlaced
Size:   582
Md5:    5e32b12f33abb6e2e78c16189e8e5bdb
Sha1:   366e75c7fe91f2d128a5c414d6c079289250f2d8
Sha256: d75e99e209c5d8fb9403ea67294cc118f3a0d067ade3b343bcf454c24381878c
                                        
                                            GET /af/b04354/00000000000000000000d8e3/27/d?subset_id=2&fvd=i4&v=3 HTTP/1.1 
Host: use.typekit.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/
Origin: https://postmodernsecurity.com

                                         
                                         23.43.132.224
HTTP/1.1 200 OK
Content-Type: application/font-woff
                                        
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=8640000
Etag: "9d4dc4a81bf4bb0e950b9aa03ed0533207228562"
Server: nginx
Status: 200 OK
Timing-Allow-Origin: *
Content-Length: 15484
Date: Thu, 10 May 2018 18:51:51 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   15484
Md5:    143a870dbcb490779ce3ef5f6b63ba20
Sha1:   37dd1415f1fcc8c966702b0b8850e3590a9003a8
Sha256: 9bde1a2724399dca2b3e41660f0ac5982b10a18dd20956cc2fbf6f998e519274
                                        
                                            GET /wp-content/mu-plugins/highlander-comments/images/button-back.gif HTTP/1.1 
Host: s1.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://s1.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1522184747h&cssminify=yes

                                         
                                         192.0.77.32
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:52 GMT
Content-Length: 1232
Connection: keep-alive
Last-Modified: Sat, 31 Jan 2015 06:24:11 GMT
Etag: "54cc750b-4d0"
Expires: Fri, 05 Oct 2018 10:26:18 GMT
Cache-Control: max-age=31536000
X-ac: 4.arn _dca
X-nc: HIT arn 32
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 2 x 26
Size:   1232
Md5:    41570c42d47e846f51422b154ebe8cc8
Sha1:   eed821bb5bf98caf32c563a56a1ebf145f7aca74
Sha256: 0dab369eac5fd3a06420395d02d292bc3e3ab0bf62add857c72804fd9f4edd35
                                        
                                            GET /_static/??/wp-content/js/jquery/jquery.autoresize.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1521806916j HTTP/1.1 
Host: s2.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.77.32
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 23 Mar 2018 12:08:53 GMT
Etag: W/"5ab4ee55-a6ba"
Content-Encoding: gzip
Expires: Sat, 23 Mar 2019 12:08:56 GMT
Cache-Control: max-age=31536000
X-ac: 4.arn _dca
X-nc: HIT arn 32


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   11339
Md5:    05db951ea5de62bbc1f4a8fa50d3528b
Sha1:   1f47c4a34c55bc50bb3daad03fcff34578e2a623
Sha256: a02b953b899f92a49455d3e574b8b6148f5a6c41f1c217a6f2173737fcbe89e4
                                        
                                            GET /wp-content/mu-plugins/social-logos/social-logos.ttf?51b607ee5b5cb2a0e4517176475a424c HTTP/1.1 
Host: s0.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://s0.wp.com/_static/??-eJx9i0EKQjEMBS9kDdVfXIlnyS+1jaRJafLx+uJCRBRXbx7MwH2ErOJFHPoWBm+VxACzk8qK8037bLaD3/pQ83BlpAnWcJLU1/6rTDMhB9aqn+cr8lZ6MWgLVNYV+Slc+jmmQzrFtMTj7QHFQEmu?cssminify=yes
Origin: https://postmodernsecurity.com

                                         
                                         192.0.77.32
HTTP/1.1 200 OK
Content-Type: application/font-ttf
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 05 Apr 2016 19:48:08 GMT
Vary: Accept-Encoding
Etag: W/"57041678-2640"
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Expires: Fri, 05 Oct 2018 10:42:34 GMT
Cache-Control: max-age=31536000
X-ac: 4.arn _dca
X-nc: HIT arn 32


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6442
Md5:    acefc3767e21fa7e5616e50c8cff7a3b
Sha1:   76db7ae556a923655a1a986be94d78b16c39298c
Sha256: a6fa650a19737a8d473ad87280652501a11e62c7ce8cf7bb2c654fde4349ec08
                                        
                                            GET /blavatar/9d58e23e9163b1c2591ac84fbfbe6ea6?s=32 HTTP/1.1 
Host: secure.gravatar.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         192.0.73.2
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:53 GMT
Content-Length: 1205
Connection: keep-alive
Last-Modified: Sat, 26 Oct 2013 15:23:48 GMT
Link: <https://www.gravatar.com/blavatar/9d58e23e9163b1c2591ac84fbfbe6ea6?s=32>; rel="canonical"
Content-Disposition: inline; filename="9d58e23e9163b1c2591ac84fbfbe6ea6.jpeg"
Access-Control-Allow-Origin: *
X-nc: HIT arn 2
Accept-Ranges: bytes
Expires: Thu, 10 May 2018 18:56:53 GMT
Cache-Control: max-age=300
Source-Age: 3120392


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, comment: "CREATOR: gd-jpeg v1.0 (using IJ"
Size:   1205
Md5:    f3fcb6ad4ff7260c0973bf48cf69c605
Sha1:   4026d521cf3be2f31626ef5892cd6dd1ec3c81ba
Sha256: 4c9fb6a0621d86acd77d8beabdfe1fda4c8f1eac184e6e6fe796c44dce49cf52
                                        
                                            GET /pbs.twimg.com/profile_images/764956887909486592/yUjuEnwK_normal.jpg?resize=32%2C32 HTTP/1.1 
Host: i1.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.77.2
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:52 GMT
Content-Length: 1328
Connection: keep-alive
Last-Modified: Thu, 10 May 2018 18:51:52 GMT
Expires: Sun, 10 May 2020 06:51:52 GMT
Cache-Control: public, max-age=63115200
Link: <http://pbs.twimg.com/profile_images/764956887909486592/yUjuEnwK_normal.jpg>; rel="canonical"
X-Content-Type-Options: nosniff
Etag: "5781965c3d690f04"
Vary: Accept
X-nc: MISS arn 16


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   1328
Md5:    d27e7a0673d66902b0919b069d9b8b14
Sha1:   7a095977a6c476de2685b7c7b1093ff422ec631d
Sha256: 77c3809d97709ee2e070c03e51eb3a26ae7187b6cec039e06024473fdcf9d56e
                                        
                                            GET /pbs.twimg.com/profile_images/1420911084/andre-min_normal.jpg?resize=48%2C48 HTTP/1.1 
Host: i0.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.77.2
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:51 GMT
Content-Length: 1146
Connection: keep-alive
Last-Modified: Thu, 10 May 2018 08:43:30 GMT
Expires: Sat, 09 May 2020 20:43:30 GMT
Cache-Control: public, max-age=63115200
Link: <http://pbs.twimg.com/profile_images/1420911084/andre-min_normal.jpg>; rel="canonical"
X-Content-Type-Options: nosniff
Etag: "e7b91b849d4e712d"
Vary: Accept
X-nc: HIT arn 17


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, comment: "CREATOR: gd-jpeg v1.0 (using IJ"
Size:   1146
Md5:    892e690b8c8b14734a6b74a077b14d1c
Sha1:   c30885db582c510ea8f80721accf28efacb13639
Sha256: 8dd8b4581ca1c01b1387b07f3adafa3b480d93ce759acc3ec275ed89dbdca7d7
                                        
                                            GET /g.gif?crypt=UE40eW5QN0p8M2Y%2FRE1TaVhzUzFMbjdWNHpwZGhTayxPSUFCMGRVYVNrSFguN3FwSmQ5RGtNX3VQcj1yVzhiflM1THQtLGFdQ2toOXYlX3dsc1J6Rk12aF8lfi10N09RRzFBQWEtaGhCcS0rWmJUTXolcXZob3FHYzFwRG1GLCwyZm15diVmYWV5VTVMVkRoUl1mOUwva0hlZVl2ZmFFRWdGRE8wa0tadkc9aXxuUXhQSVBOUjFDcHkrNjdiek5XenhqNnVaVnhLOH4vSj9zVDIxb0UxZVdUaWNoODVXemlabzFMcG8%2FTlpST1Qrd1hBJSswblVXZjErNm53VGU2c2J4X353fDYrYktCVDIuYWZYd0poQkg9JjFBVGk4ZCwzbTFvWloveFNQenlKLVFtdS80T2RWSWFLJXdTTndLaGxwdU1pNiY%3D&v=wpcom-no-pv&rand=0.7318194803461485 HTTP/1.1 
Host: pixel.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.76.3
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:53 GMT
Content-Length: 50
Connection: keep-alive
Cache-Control: no-cache


--- Additional Info ---
Magic:  GIF image data, version 89a, 6 x 5
Size:   50
Md5:    e4d673a55c5656f19ef81563fb10884c
Sha1:   1f2d8ed221d39329251ad3a6ff1edb20b7219443
Sha256: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
                                        
                                            GET /g.gif?blog=59838716&v=wpcom&tz=-4&user_id=0&post=247&subd=mrsyiswhy&host=postmodernsecurity.com&ref=&rand=0.29097196585044893 HTTP/1.1 
Host: pixel.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.76.3
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:53 GMT
Content-Length: 50
Connection: keep-alive
Cache-Control: no-cache


--- Additional Info ---
Magic:  GIF image data, version 89a, 6 x 5
Size:   50
Md5:    e4d673a55c5656f19ef81563fb10884c
Sha1:   1f2d8ed221d39329251ad3a6ff1edb20b7219443
Sha256: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
                                        
                                            GET /avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=identicon&forcedefault=y&r=G HTTP/1.1 
Host: 1.gravatar.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.73.2
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:53 GMT
Content-Length: 1749
Connection: keep-alive
Last-Modified: Sat, 01 Mar 2008 02:44:06 GMT
Link: <https://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=identicon&forcedefault=y&r=G>; rel="canonical"
Access-Control-Allow-Origin: *
X-nc: HIT arn 2
Accept-Ranges: bytes
Expires: Thu, 10 May 2018 18:56:53 GMT
Cache-Control: max-age=300
Source-Age: 3132817


--- Additional Info ---
Magic:  PNG image, 25 x 25, 8-bit/color RGBA, non-interlaced
Size:   1749
Md5:    c8bda296a72e6301c14c1124d07ab97e
Sha1:   7aac3141fa8864cdf18f6d8cbe1db48c800606c7
Sha256: f587f2eeda0e13d45a92fb6fe8ee588ef1990c46c94b6cf4c18d5393f7ba2b02
                                        
                                            GET /pbs.twimg.com/profile_images/438769202329960448/vuZUeYJt_normal.jpeg?resize=32%2C32 HTTP/1.1 
Host: i2.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.77.2
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:53 GMT
Content-Length: 1421
Connection: keep-alive
Last-Modified: Wed, 02 May 2018 08:20:39 GMT
Expires: Fri, 01 May 2020 20:20:39 GMT
Cache-Control: public, max-age=63115200
Link: <http://pbs.twimg.com/profile_images/438769202329960448/vuZUeYJt_normal.jpeg>; rel="canonical"
X-Content-Type-Options: nosniff
Etag: "ecffb6f2ba297cf9"
Vary: Accept
X-nc: HIT arn 20


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   1421
Md5:    772d15e82f8ac07f817d0fa65c4e52d3
Sha1:   df32cd5ec72380598e33192d415b34e8d6c05509
Sha256: cd8f6004681f02b259f8bedb9beaf546032ecd419562e1811f89af6058361a5e
                                        
                                            GET /pbs.twimg.com/profile_images/453886106207911936/8-prn6-i_normal.jpeg?resize=32%2C32 HTTP/1.1 
Host: i0.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.77.2
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:53 GMT
Content-Length: 1453
Connection: keep-alive
Last-Modified: Wed, 02 May 2018 08:20:39 GMT
Expires: Fri, 01 May 2020 20:20:39 GMT
Cache-Control: public, max-age=63115200
Link: <http://pbs.twimg.com/profile_images/453886106207911936/8-prn6-i_normal.jpeg>; rel="canonical"
X-Content-Type-Options: nosniff
Etag: "9a716dde380825b5"
Vary: Accept
X-nc: HIT arn 16


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   1453
Md5:    285524b3af61006fcbf031f1e7aa23a2
Sha1:   8015ff08764bbe0743bcac31f17593bbff4e7e33
Sha256: 92476249fba7fe3d1169af3afd89554c2facaed1a0770da789d79c9911589c50
                                        
                                            GET /g.gif?x_stats-initial-visibility=unknown&v=wpcom-no-pv&rand=0.39245427431554414 HTTP/1.1 
Host: pixel.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.76.3
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:53 GMT
Content-Length: 50
Connection: keep-alive
Cache-Control: no-cache


--- Additional Info ---
Magic:  GIF image data, version 89a, 6 x 5
Size:   50
Md5:    e4d673a55c5656f19ef81563fb10884c
Sha1:   1f2d8ed221d39329251ad3a6ff1edb20b7219443
Sha256: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
                                        
                                            GET /likes/master.html?ver=20180319 HTTP/1.1 
Host: widgets.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/

                                         
                                         192.0.77.32
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Feb 2018 16:57:15 GMT
Vary: Accept-Encoding
Etag: W/"5a8da4eb-84e"
Content-Encoding: gzip
X-ac: 4.arn _dca
X-nc: HIT arn 32


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   750
Md5:    f08180f5ee4808f962fbd2c3c28f17ed
Sha1:   add0cc72fbc85f895b660c30fdd27b8b2c8c9888
Sha256: 434769ad4877acb0696cb8244d91bac918a8c21dd636457ac36ad67f248318ac
                                        
                                            GET /_static/??/wp-content/js/postmessage.js,/wp-content/js/jed/jed.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20180221 HTTP/1.1 
Host: s0.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://widgets.wp.com/likes/master.html?ver=20180319

                                         
                                         192.0.77.32
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 21 Feb 2018 00:19:26 GMT
Etag: W/"5a8cbb0e-1bbe1"
Content-Encoding: gzip
Expires: Thu, 21 Feb 2019 16:57:29 GMT
Cache-Control: max-age=31536000
X-ac: 4.arn _dca
X-nc: HIT arn 32


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   29423
Md5:    de0b257040ba324c94e0b29545054270
Sha1:   72c4e8b4ece377cc448d90d38d839c9ee2fa6a52
Sha256: cbec0bef4edc191b981888d1aafee4975748aa348a2dd5c69f96016ce3c06be3
                                        
                                            GET /2015/09/17/is-your-security-architecture-default-open-or-default-closed/ HTTP/1.1 
Host: postmodernsecurity.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/
X-Moz: prefetch

                                         
                                         192.0.78.25
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 10 May 2018 18:51:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=86400
Vary: Accept-Encoding, Cookie
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-Pingback: https://postmodernsecurity.com/xmlrpc.php
Link: <https://wp.me/p434MA-4m>; rel=shortlink
Last-Modified: Thu, 10 May 2018 18:51:53 GMT
Cache-Control: max-age=300, must-revalidate
X-nananana: Batcache
Content-Encoding: gzip
X-ac: 3.arn _dca


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   17118
Md5:    0f16c09657cf583a75e972edbb4dfa65
Sha1:   01476b2595167945de92aa2c1efc12132e468274
Sha256: 85c4ff262192f87051e2cca9248731d87c4d276f1eaf556958ca2c3b3555141e
                                        
                                            GET /af/b04354/00000000000000000000d8e3/27/d?subset_id=2&fvd=i4&v=3 HTTP/1.1 
Host: use.typekit.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/
Origin: https://postmodernsecurity.com

                                         
                                         0.0.0.0
                                        


--- Additional Info ---
                                        
                                            GET /af/8f10d6/00000000000000000000d8e5/27/d?subset_id=2&fvd=i7&v=3 HTTP/1.1 
Host: use.typekit.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/
Origin: https://postmodernsecurity.com

                                         
                                         0.0.0.0
                                        


--- Additional Info ---