blog.sonatype.com Open in urlscan Pro
199.60.103.228 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.sonatype.com/npm-malware-xpc.js
Submission: On January 26 via manual (January 26th 2021, 3:07:28 pm UTC) from US

Summary HTTP 148 Redirects Links 93 Behaviour Indicators

Summary

This website contacted 43 IPs in 6 countries across 37 domains to perform 148 HTTP transactions. The main IP is 199.60.103.228, located in Canada and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.sonatype.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 21st 2020. Valid for: a year.

This is the only time blog.sonatype.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
54	199.60.103.228 199.60.103.228	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
2	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba79	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:825::2008	15169 (GOOGLE) (GOOGLE)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
7	2606:4700::68... 2606:4700::6811:f2cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	108.161.188.228 108.161.188.228	33438 (HIGHWINDS2) (HIGHWINDS2)
1	13.224.196.41 13.224.196.41	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE)
1	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
6	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1	2a02:26f0:6c0... 2a02:26f0:6c00:28c::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	151.101.113.140 151.101.113.140	54113 (FASTLY) (FASTLY)
1	163.171.132.119 163.171.132.119	54994 (QUANTILNE...) (QUANTILNETWORKS)
1	2a02:26f0:6c0... 2a02:26f0:6c00:299::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:6c0... 2a02:26f0:6c00:28d::19fd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
1	206.19.49.24 206.19.49.24	7018 (ATT-INTER...) (ATT-INTERNET4)
1 2	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba0a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
1	3.220.33.83 3.220.33.83	14618 (AMAZON-AES) (AMAZON-AES)
5	13.224.94.21 13.224.94.21	16509 (AMAZON-02) (AMAZON-02)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	2606:4700::68... 2606:4700::6811:cccc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
6	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6811:eacc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:43b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:14bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.197.143.221 54.197.143.221	14618 (AMAZON-AES) (AMAZON-AES)
10	2a00:1450:400... 2a00:1450:4001:817::2004	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
1	13.224.94.71 13.224.94.71	16509 (AMAZON-02) (AMAZON-02)
1	34.120.207.148 34.120.207.148	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:6d2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5805	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	52.44.242.176 52.44.242.176	14618 (AMAZON-AES) (AMAZON-AES)
148	43

54 199.60.103.228 (Canada)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

blog.sonatype.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.sonatype.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.11 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)

use.fonticons.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00::210:ba79 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

consent.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:825::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6811:f2cc (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.161.188.228 (United States)

ASN33438 (HIGHWINDS2, US)

fonticons-free-fonticons.netdna-ssl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.196.41 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-196-41.fra2.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.74.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:28c::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.140 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.171.132.119 (Germany)

ASN54994 (QUANTILNETWORKS, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:299::f09 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

consentcdn.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:28d::19fd (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.19.49.24 (United States)

ASN7018 (ATT-INTERNET4, US)

apt.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:11:101::b93f:9005 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba0a (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.220.33.83 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-220-33-83.compute-1.amazonaws.com

t.sf14g.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.224.94.21 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-94-21.zrh50.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
scripts.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:cccc (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:eacc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:43b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.197.143.221 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-197-143-221.compute-1.amazonaws.com

js.driftqa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:817::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.94.71 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-94-71.zrh50.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.207.148 (United States)

ASN15169 (GOOGLE, US)
PTR: 148.207.120.34.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:6d2 (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5805 (United States)

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.44.242.176 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-44-242-176.compute-1.amazonaws.com

lltrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
54	sonatype.com blog.sonatype.com www.sonatype.com	3 MB
10	google.com www.google.com	2 KB
7	google.de www.google.de	1 KB
7	doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	3 KB
7	google-analytics.com www.google-analytics.com	19 KB
7	hubspot.net cdn2.hubspot.net	116 KB
6	facebook.com www.facebook.com	960 B
6	facebook.net connect.facebook.net	293 KB
5	demandbase.com tag.demandbase.com scripts.demandbase.com	93 KB
4	linkedin.com 2 redirects platform.linkedin.com px.ads.linkedin.com www.linkedin.com	57 KB
3	twitter.com platform.twitter.com analytics.twitter.com	29 KB
3	cookiebot.com consent.cookiebot.com consentcdn.cookiebot.com	18 KB
2	lltrck.com 1 redirects lltrck.com	521 B
2	hubspot.com app.hubspot.com forms.hubspot.com	3 KB
2	t.co t.co	618 B
2	typekit.net p.typekit.net use.typekit.net	19 KB
2	techtarget.com trk.techtarget.com apt.techtarget.com	3 KB
2	googletagmanager.com www.googletagmanager.com	84 KB
1	hsforms.com perf.hsforms.com	593 B
1	hsappstatic.net static.hsappstatic.net	1 KB
1	gstatic.com www.gstatic.com	130 KB
1	rlcdn.com id.rlcdn.com	66 B
1	company-target.com api.company-target.com segments.company-target.com Failed	925 B
1	driftqa.com js.driftqa.com
1	hs-banner.com js.hs-banner.com	14 KB
1	hs-analytics.net js.hs-analytics.net	20 KB
1	hsleadflows.net js.hsleadflows.net	77 KB
1	hubapi.com api.hubapi.com	2 KB
1	sf14g.com t.sf14g.com	36 KB
1	reddit.com alb.reddit.com	125 B
1	redditstatic.com www.redditstatic.com	6 KB
1	licdn.com snap.licdn.com	2 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	googleadservices.com www.googleadservices.com	13 KB
1	driftt.com js.driftt.com	81 KB
1	netdna-ssl.com fonticons-free-fonticons.netdna-ssl.com	6 KB
1	fonticons.com use.fonticons.com	643 B
148	37

	Domain	Requested by
52	blog.sonatype.com	blog.sonatype.com
10	www.google.com	blog.sonatype.com www.gstatic.com
7	www.google.de	blog.sonatype.com
7	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
7	cdn2.hubspot.net	blog.sonatype.com cdn2.hubspot.net
6	www.facebook.com	blog.sonatype.com
6	stats.g.doubleclick.net	www.google-analytics.com
6	connect.facebook.net	blog.sonatype.com connect.facebook.net
4	tag.demandbase.com	blog.sonatype.com tag.demandbase.com
2	lltrck.com	1 redirects blog.sonatype.com
2	platform.twitter.com	blog.sonatype.com platform.twitter.com
2	px.ads.linkedin.com	1 redirects blog.sonatype.com
2	t.co	blog.sonatype.com static.ads-twitter.com
2	www.sonatype.com	blog.sonatype.com
2	www.googletagmanager.com	blog.sonatype.com
2	consent.cookiebot.com	blog.sonatype.com consent.cookiebot.com
1	forms.hubspot.com	js.hsleadflows.net
1	perf.hsforms.com	blog.sonatype.com
1	scripts.demandbase.com	tag.demandbase.com
1	static.hsappstatic.net	blog.sonatype.com
1	www.gstatic.com	www.google.com
1	id.rlcdn.com	blog.sonatype.com
1	api.company-target.com	tag.demandbase.com
1	js.driftqa.com	blog.sonatype.com
1	js.hs-banner.com	blog.sonatype.com
1	js.hs-analytics.net	blog.sonatype.com
1	js.hsleadflows.net	blog.sonatype.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	app.hubspot.com	blog.sonatype.com
1	api.hubapi.com	blog.sonatype.com
1	analytics.twitter.com	static.ads-twitter.com
1	t.sf14g.com	blog.sonatype.com
1	use.typekit.net	www.sonatype.com
1	www.linkedin.com	1 redirects
1	apt.techtarget.com	blog.sonatype.com
1	alb.reddit.com	blog.sonatype.com
1	p.typekit.net	www.sonatype.com
1	consentcdn.cookiebot.com	consent.cookiebot.com
1	trk.techtarget.com	blog.sonatype.com
1	www.redditstatic.com	blog.sonatype.com
1	snap.licdn.com	blog.sonatype.com
1	static.ads-twitter.com	blog.sonatype.com
1	www.googleadservices.com	www.googletagmanager.com
1	js.driftt.com	blog.sonatype.com
1	fonticons-free-fonticons.netdna-ssl.com	use.fonticons.com
1	platform.linkedin.com	blog.sonatype.com
1	use.fonticons.com	blog.sonatype.com
0	segments.company-target.com Failed	blog.sonatype.com
148	48

This site contains links to these domains. Also see Links.

Domain
www.sonatype.com
twitter.com
www.linkedin.com
www.facebook.com
www.instagram.com
www.youtube.com
github.com
ossindex.sonatype.org
video.sonatype.com
help.sonatype.com
my.sonatype.com
exchange.sonatype.com
support.sonatype.com
www.npmjs.com
en.wikipedia.org
www.fileinspect.com
www.virustotal.com
www.bleepingcomputer.com

Subject Issuer	Validity	Valid
blog.sonatype.com Cloudflare Inc ECC CA-3	`2020-07-21` - `2021-07-21`	a year	crt.sh
use.fonticons.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-13` - `2021-12-14`	a year	crt.sh
consent.cookiebot.com DigiCert ECC Extended Validation Server CA	`2020-06-11` - `2022-06-11`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2019-10-10` - `2021-10-14`	2 years	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2020-07-03` - `2021-07-03`	a year	crt.sh
*.netdna-ssl.com Sectigo RSA Domain Validation Secure Server CA	`2020-02-18` - `2021-03-18`	a year	crt.sh
drift.com Amazon	`2020-09-21` - `2021-10-23`	a year	crt.sh
www.sonatype.com Cloudflare Inc ECC CA-3	`2020-08-16` - `2021-08-16`	a year	crt.sh
www.googleadservices.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-12-22` - `2021-03-21`	3 months	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
www.redditstatic.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-08` - `2021-07-06`	6 months	crt.sh
trk.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2020-02-17` - `2022-05-17`	2 years	crt.sh
*.cookiebot.com DigiCert Secure Site ECC CA-1	`2020-09-03` - `2021-09-03`	a year	crt.sh
*.typekit.net DigiCert SHA2 Secure Server CA	`2019-12-06` - `2021-12-10`	2 years	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-08` - `2021-07-06`	6 months	crt.sh
*.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2019-10-25` - `2021-10-24`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-01-06` - `2021-07-05`	6 months	crt.sh
use.typekit.net DigiCert SHA2 Secure Server CA	`2020-01-28` - `2022-02-01`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
t.sf14g.com Go Daddy Secure Certificate Authority - G2	`2020-09-09` - `2021-09-09`	a year	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2020-10-14` - `2021-11-15`	a year	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-30` - `2021-11-29`	a year	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2020-07-03` - `2021-07-03`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2020-07-27` - `2021-07-27`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-07` - `2021-08-07`	a year	crt.sh
driftqa.com Amazon	`2020-06-18` - `2021-07-18`	a year	crt.sh
www.google.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
www.google.de GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2020-10-09` - `2021-10-28`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-14` - `2021-04-23`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2020-07-05` - `2021-07-05`	a year	crt.sh
*.google.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
*.google.de GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
lltrck.com Go Daddy Secure Certificate Authority - G2	`2020-09-23` - `2021-09-23`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://blog.sonatype.com/npm-malware-xpc.js
Frame ID: 7811CAD2B192468216C9ED8CC47E83F7
Requests: 144 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v2.min.html
Frame ID: 9AB449A0E9CFE48D38CACCE979485299
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.96fd96193cc66c3e11d4c5e4c7c7ec97.html?origin=https%3A%2F%2Fblog.sonatype.com
Frame ID: CC2430B48931EE7511EBF4F9DC4A55CB
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLnNvbmF0eXBlLmNvbTo0NDM.&hl=en&v=_KUxfxvAoJ4k7SaKyLbja4Mi&size=invisible&badge=inline&cb=y3d70gxfgosn
Frame ID: BA8F997B73410B260A10650C7BDE71DD
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=_KUxfxvAoJ4k7SaKyLbja4Mi&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=dhgyicu336vh
Frame ID: 3CB488C65C72FFFCA427F46537B98337
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

FancyBox (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery\.fancybox(?:\.pack|\.min)?\.js(?:\?v=([\d.]+))?$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html //i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /jquery\.fancybox(?:\.pack|\.min)?\.js(?:\?v=([\d.]+))?$/i

Page Statistics

148
Requests

99 %
HTTPS

60 %
IPv6

37
Domains

48
Subdomains

43
IPs

6
Countries

3823 kB
Transfer

6952 kB
Size

0
Cookies

93 Outgoing links

These are links going to different origins than the main page.

URL: https://www.sonatype.com/press-release-blog/advanced-development-pack
Title: Press Release

Search URL Search Domain Scan URL

URL: https://twitter.com/sonatype

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/sonatype

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Sonatype

Search URL Search Domain Scan URL

URL: https://www.instagram.com/sonatypedotcom/?hl=en

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/sonatype

Search URL Search Domain Scan URL

URL: https://github.com/sonatype

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/nexus/lifecycle
Title: Lifecycle

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/nexus/firewall
Title: Firewall

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/nexus/lifecycle-foundation
Title: Lifecycle Foundation

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/nexus/auditor
Title: Auditor

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/nexus/repository-pro
Title: Professional Edition

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/nexus/repository-oss
Title: OSS Edition

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/nexus/intelligence
Title: Nexus Intelligence

Search URL Search Domain Scan URL

URL: https://ossindex.sonatype.org/
Title: OSS Index

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/nexus/integrations
Title: Nexus Integrations

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/nexus/free-developer-tools
Title: Free Developer Tools

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/nexus/vulnerability-scanner
Title: Nexus Vulnerability Scanner

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/nexus/product-pricing
Title: Nexus Platform Pricing

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/customer-success
Title: Success Stories

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/software-developers
Title: Developers

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/appsec-professionals
Title: Application Security

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/devsecops-leaders
Title: DevSecOps

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/government
Title: Government

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/banking-and-financial-services
Title: Financial Services

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/manufacturing
Title: Manufacturing

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/technology-and-software
Title: Technology

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/healthcare
Title: Healthcare

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/learn-white-papers
Title: White Papers

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/resources/webinars
Title: Webinars

Search URL Search Domain Scan URL

URL: https://video.sonatype.com/
Title: Videos

Search URL Search Domain Scan URL

URL: https://help.sonatype.com/
Title: Documentation

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/partners
Title: Partner Program

Search URL Search Domain Scan URL

URL: https://my.sonatype.com/
Title: my.sonatype.com

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/training
Title: Workshops

Search URL Search Domain Scan URL

URL: https://exchange.sonatype.com/
Title: Nexus Exchange

Search URL Search Domain Scan URL

URL: https://support.sonatype.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/resources/upcoming-events
Title: Events

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/company/
Title: About Sonatype

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/company/management
Title: Management

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/company/investors
Title: Investors

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/press-releases
Title: Press Releases

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/company/media
Title: Media

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/company/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/contactus
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/product-nexus-lifecycle
Title: Nexus LifecycleEliminate OSS risk across the entire SDLC.

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/nexus/advanced-development-pack
Title: NEW! Advanced Development Pack

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/product-nexus-firewall
Title: Nexus FirewallProtect Nexus and Artifactory repos from OSS risk.

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products-nexus-lifecycle-foundation
Title: Nexus Lifecycle FoundationIdentify open source risk at CI and deployment.

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/product-nexus-auditor
Title: Nexus AuditorMonitor production apps for OSS risk.

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/product-nexus-repository
Title: Professional EditionUniversally manage binaries and artifacts with HA and support.

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/nexus-repository-oss
Title: OSS EditionUniversally manage binaries and artifacts for FREE.

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/nexus-intelligence
Title: Nexus IntelligenceLearn the whole truth about open source risk.

Search URL Search Domain Scan URL

URL: https://ossindex.sonatype.org/?__hstc=31049440.d5ab0fbc6553211f149a678e47fa8ad9.1538587991933.1587569548669.1587580047350.1192&__hssc=31049440.6.1587580047350&__hsfp=751634049
Title: OSS IndexVisit our free database of known open source vulnerabilities.

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products-integrations
Title: Nexus IntegrationsIntegrate Nexus with your favorite tools and languages.

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products-dev-tools
Title: Free Developer ToolsA free, developer-friendly suite of tools to find and fix open source vulns.

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/product-pricing
Title: Nexus Platform PricingWe have the right package for you.

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/get-nexus-sonatype
Title: SCHEDULE A CALL

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/legal-and-compliance-officers
Title: Legal & Compliance

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/learn-webinars
Title: Webinars

Search URL Search Domain Scan URL

URL: http://video.sonatype.com/
Title: Videos

Search URL Search Domain Scan URL

URL: https://my.sonatype.com/exchange
Title: Nexus Exchange

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/upcoming-events
Title: Events

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/2020ssc

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/company
Title: About Sonatype

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/about/careers

Search URL Search Domain Scan URL

URL: http://www.facebook.com/share.php?u=http%3A%2F%2Fnpm-malware-xpc.js%3Futm_medium%3Dsocial%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=http%3A%2F%2Fnpm-malware-xpc.js%3Futm_medium%3Dsocial%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=http%3A%2F%2Fnpm-malware-xpc.js%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&url=http%3A%2F%2Fnpm-malware-xpc.js%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&source=tweetbutton&text=Massive%20threat%20campaign%20strikes%20open-source%20repos%2C%20Sonatype%20spots%20new%20CursedGrabber%20malware

Search URL Search Domain Scan URL

URL: https://www.npmjs.com/~luminate_
Title: luminate_

Search URL Search Domain Scan URL

URL: https://github.com/Luminate-D
Title: Luminate-D

Search URL Search Domain Scan URL

URL: https://www.npmjs.com/package/xpc.js
Title: xpc.js

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Number_of_the_beast
Title: pun

Search URL Search Domain Scan URL

URL: https://github.com/Fody/Costura
Title: Fody-Costura

Search URL Search Domain Scan URL

URL: https://www.fileinspect.com/fileinfo/winresume-exe/
Title: winresume.exe

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/5ac15e584b3a530a9aa62ea0e490b3dc14357155bebe7e5b71b3f680f2117e3c/detection
Title: osloader.exe

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/3b2605312429165bde5a1423afb932e89deb0c218c8b5adf6b005b7efad1c138/detection
Title: Backdoor.dll

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/21cefa7debf535cf389c5f150428f2b40be7222706896df17a9d529b76b79b1a/detection
Title: BackdoorApi.dll

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/new-troublegrabber-discord-malware-steals-passwords-system-info/
Title: TroubleGrabber

Search URL Search Domain Scan URL

URL: https://github.com/netskopeoss/NetskopeThreatLabsIOCs/blob/main/TroubleGrabber/TroubleGrabber_hashes.txt
Title: 2,000 file hashes

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/appscan
Title: Nexus Vulnerability Scanner

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/nexus-intelligence-insights
Title: Nexus Intelligence Insights

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/axsharma/

Search URL Search Domain Scan URL

URL: https://twitter.com/Ax_Sharma

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/resources/nexus-intelligence-insights
Title: CVE Insights

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/company/press-kit
Title: Press Kit

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products-overview
Title: Products

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/developers-solutions
Title: Solutions

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/about-sonatype
Title: About

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/terms-of-service
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/privacy-policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/events-terms-and-conditions
Title: Event Terms and Conditions

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 72

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&time=1611673611793&url=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39209%26time%3D1611673611793%26url%3Dhttps%253A%252F%252Fblog.sonatype.com%252Fnpm-malware-xpc.js%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&time=1611673611793&url=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&liSync=true

Request Chain 108

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AADNeE7AIGAAABC37Hj1ug HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AADNeE7AIGAAABC37Hj1ug&verifyHash=a4f8c861a7533913fb11d3b82731dca3f4e6b6f8

Request Chain 141

https://lltrck.com/api/tracking?accountId=29592&page=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&referer=&fp=7fe850233a9dba8d28e74b09104d56e1 HTTP 302
https://lltrck.com/tracking.png

148 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request npm-malware-xpc.js Show response
blog.sonatype.com/ 140 KB
24 KB 64ms
43ms Document
text/html 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / HubSpot

Resource Hash

f393013a11873456e78481d5a5b631a1cdcb31f790f93d2f9b049ca637c48704

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=0

Request headers

:method: GET
:authority: blog.sonatype.com
:scheme: https
:path: /npm-malware-xpc.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
content-type: text/html;charset=utf-8
set-cookie: __cfduid=d7e0c9faf0e1b806fc91268c32311bf901611673611; expires=Thu, 25-Feb-21 15:06:51 GMT; path=/; domain=.blog.sonatype.com; HttpOnly; SameSite=Lax __cfruid=c4f150c19f59b8eafe558fc47bd3f4aaea145bbd-1611673611; path=/; domain=.blog.sonatype.com; HttpOnly; Secure; SameSite=None
cf-ray: 617b23e74aca05e4-FRA
age: 6235
cache-control: s-maxage=7200,max-age=5
link: </hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.27/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/AsyncSupport/static-1.89/js/comment_listing_asset.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script, </hs/hsstatic/HubspotToolsMenu/static-1.79/js/index.js>; rel=preload; as=script
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: false
cf-request-id: 07e0d4c491000005e4aa3bd000000001
content-security-policy: upgrade-insecure-requests
edge-cache-tag: CT-37540882555,CG-3737438004,P-1958393,L-3906896744,L-4063610545,L-6651455434,W-28631988575,W-28744292279,W-4001614731,CW-28632893861,CW-28681865486,CW-5737565851,E-3797839657,E-3937994511,E-5296077409,E-5296081041,MENU-28631988575,MENU-28744292279,MENU-4001614731,PGS-ALL,SW-4,B-3737438004,GC-29116883585,GC-32156494138
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy: no-referrer-when-downgrade
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
x-hs-combine-css: Media
x-hs-content-id: 37540882555
x-hs-hub-id: 1958393
x-powered-by: HubSpot
x-trace: 2B02A2B2C8F65C7D37A55466892159FA0D747945A2000000000000000000
server: cloudflare
content-encoding: br
cf-h2-pushed: </hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>,</hs/hsstatic/cos-i18n/static-1.27/bundles/project.js>,</hs/hsstatic/AsyncSupport/static-1.89/js/comment_listing_asset.js>,</_hcms/forms/v2.js>,</hs/hsstatic/HubspotToolsMenu/static-1.79/js/index.js>

GET
H2 200 project.js Show response
blog.sonatype.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
686 B 21ms
0ms Script
application/javascript 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 5317564e96c9dceb46123f6c5f149a03.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
age: 1927930
x-amz-server-side-encryption: AES256
cf-ray: 617b23e78b6505e4-FRA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 07e0d4c4b4000005e49b921000000001
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
server: cloudflare
etag: W/"ef84f26c310485299d6b75777414eddb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: xxeWg1rqiSz-MXZ-Mowga3YcGx5z39YIfG8KMohcqZCCnUvneZAEwA==
expires: Wed, 26 Jan 2022 15:06:51 GMT

GET
H2 200 project.js Show response
blog.sonatype.com/hs/hsstatic/cos-i18n/static-1.27/bundles/ 1 KB
1 KB 40ms
0ms Script
application/javascript 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs/hsstatic/cos-i18n/static-1.27/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3f99c65ea3d6186991a21add80eeea6d79500fcb3c9d8263680e0de270e0753

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
age: 1933124
x-amz-server-side-encryption: AES256
cf-ray: 617b23e78b6605e4-FRA
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 07e0d4c4b4000005e4a0001000000001
last-modified: Wed, 19 Aug 2020 22:31:39 GMT
server: cloudflare
etag: W/"d0cd32f08bf823a0389da03beed61887"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-version-id: 2tzxWhBqhFrbWNOKYsoHIauxtaBoTuuO
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: 0qIkH9heo_asQ_BMuAI9BPEMFh1bP2YfNtx1xmnP6R6oOYA2q5fgfw==
expires: Wed, 26 Jan 2022 15:06:51 GMT

GET
H2 200 comment_listing_asset.js Show response
blog.sonatype.com/hs/hsstatic/AsyncSupport/static-1.89/js/ 8 KB
3 KB 19ms
0ms Script
application/javascript 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs/hsstatic/AsyncSupport/static-1.89/js/comment_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d1727bd82b767b5a6122bad9776dd8ccc1b765b154c0d1714275850513c19c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 17af39b4ee92855346b22603f9fa56ab.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
age: 2377220
x-amz-server-side-encryption: AES256
cf-ray: 617b23e78b6805e4-FRA
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 07e0d4c4b4000005e47723a000000001
last-modified: Fri, 09 Oct 2020 17:06:38 GMT
server: cloudflare
etag: W/"db1aaaabe87d2cd6b23b3da27adf5142"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-version-id: _MNnC7kCCHWp983DFs3n9X9gMvwUNtF0
cache-control: public, max-age=31536000
x-amz-cf-pop: LHR3-C1
content-type: application/javascript
x-amz-cf-id: 8J1gHUi8M0_ZRFGyDVRR90s1sY3GdWX4SgLze0aP2ISaDuCN_RSPMg==
expires: Wed, 26 Jan 2022 15:06:51 GMT

GET
H2 200 v2.js Show response
blog.sonatype.com/_hcms/forms/ 519 KB
126 KB 43ms
0ms Script
application/javascript 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bfcdb9d96c3ea1c25f83d508de8fa66009643df4ab1dd0bbb211b3ee07231f3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 20579d8c7e6a7d159f211e9ee1d4003c.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
age: 176
x-amz-server-side-encryption: AES256
cf-ray: 617b23e78b6905e4-FRA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 07e0d4c4b5000005e4d090a000000001
last-modified: Fri, 22 Jan 2021 10:01:46 UTC
server: cloudflare
etag: W/"c64d2109b53269fbee6e170c7dd22a70"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-version-id: pfKSjz1OHaVyRsFYtQICQgQK1dGjkXP7
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-C3
content-type: application/javascript; charset=utf-8
x-amz-cf-id: 2hCV3q5wLSnco__TprXy6vMVbnzeyI7HK-WlVUFHClHu_8yFOXpttg==

GET
H2 200 index.js Show response
blog.sonatype.com/hs/hsstatic/HubspotToolsMenu/static-1.79/js/ 10 KB
4 KB 22ms
0ms Script
application/javascript 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs/hsstatic/HubspotToolsMenu/static-1.79/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd3eb59038a5df086653388d9394fed2f2f1d72d9c01cfdc4920247a9d371e83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
age: 2367405
x-amz-server-side-encryption: AES256
cf-ray: 617b23e78b6b05e4-FRA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 07e0d4c4b5000005e498905000000001
last-modified: Mon, 14 Sep 2020 20:19:23 GMT
server: cloudflare
etag: W/"e669ca94e2fffafc96a88184dda30834"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-version-id: RcBG9DPSu_6ZVzKnktPJ4cTzKi_y_4VM
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: yYYRqDDbQC-3gnv4UYhy-dSgLHx84HSWZBF9ZeFN-GuPg3UhnI6v5Q==
expires: Wed, 26 Jan 2022 15:06:51 GMT

GET
H2 200 jquery-1.7.1.js Show response
blog.sonatype.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ 92 KB
33 KB 42ms
35ms Script
application/javascript 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 92ab13182d4b89ed20b3b5c10adc4f23.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
age: 2034773
cf-ray: 617b23e7abdb05e4-FRA
x-cache: Hit from cloudfront
content-encoding: br
cf-request-id: 07e0d4c4cb000005e48208e000000001
last-modified: Tue, 25 Nov 2014 17:03:30 GMT
server: cloudflare
etag: W/"ddb84c1587287b2df08966081ef063bf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-version-id: null
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA6-C1
content-type: application/javascript
x-amz-cf-id: tGYjifGliBPvreCuHyZn4cJ0CDR-2wBfDgXBVWt8f6XOJntN8FRjqQ==
expires: Wed, 26 Jan 2022 15:06:51 GMT

GET
H2 200 module_28681865486_Mega_Menu_Module.min.css
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/28681865486/1605718437408/ 1 KB
851 B 52ms
46ms Stylesheet
text/css 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/28681865486/1605718437408/module_28681865486_Mega_Menu_Module.min.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 63279143e2dfe38a00a94c6aa4a6e28bc71683dbb5bfd1151664ce3ab1107a21

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 0fbab52df0695e2a561cd26eb7f9484d.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 33
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 512FFD46C462FD50
cf-request-id: 07e0d4c4c9000005e4a0003000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Wed, 18 Nov 2020 16:53:58 GMT
server: cloudflare
etag: W/"b04c1b7fbcf7b5479d91e067a9deea1c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-meta-created-unix-time-millis: 1605718437408
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: CpmnGTmRHlZYxl7hZl.xlfiY3zFdvnCL
x-amz-cf-pop: IAD89-C1
cf-ray: 617b23e7abcc05e4-FRA
x-amz-cf-id: GQp6Y4WtuUBe02pJrCXeEgvvoSsHZm4CuDNQjTjTNTbuHfSRqzczhg==
x-amz-id-2: neEfXgsP5rP049yuVSAu/X1KvaPcvl/z38STgN9Q9OW2qBHXaqb5J0/HXWqZ+ouW600XnFxWsSQ=

GET
H2 200 module_28632893861_MEGA_Menu_Code.min.css
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/28632893861/1611092854635/ 2 KB
1 KB 49ms
44ms Stylesheet
text/css 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/28632893861/1611092854635/module_28632893861_MEGA_Menu_Code.min.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd8ce1a4f774077007e9e94f64744316749702775e94428ef222f2739f8a8fe7

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 263d97c176fc51d1d08116820c013de4.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 33
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 1BE4EC0244F3294A
cf-request-id: 07e0d4c4c9000005e4cb1aa000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Tue, 19 Jan 2021 21:47:35 GMT
server: cloudflare
etag: W/"33bf7cd403369262c266eed935ff89a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-meta-created-unix-time-millis: 1611092854635
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: 59uEdizyuHzxmOre4UzLHlfLd6W09VLP
x-amz-cf-pop: IAD89-C1
cf-ray: 617b23e7abcf05e4-FRA
x-amz-cf-id: W_B_GZ7Gu2_ymNRB4k8kbhjMGDFiywOOUoZf3V5RRoW_6Dtv8JdbUQ==
x-amz-id-2: NADw1XsUtlQBlJNbrApiaThZklF/PHVOoPfMMJrZgbokMPKB/+xvqTc1GgC/YtRLIKZfOHBzC0U=

GET
H2 200 comments_listing_asset.css
blog.sonatype.com/hs/hsstatic/AsyncSupport/static-1.89/sass/ 1 KB
779 B 59ms
54ms Stylesheet
text/css 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs/hsstatic/AsyncSupport/static-1.89/sass/comments_listing_asset.css

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

895371b22358988c93ca9e5318fdf9784782e44efff401ea65d7171cd9a12bc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 2ef0748a2a8fca13fd6065b6b046c33c.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
age: 299310
x-amz-server-side-encryption: AES256
cf-ray: 617b23e7abd005e4-FRA
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 07e0d4c4cc000005e47d8b8000000001
last-modified: Fri, 09 Oct 2020 17:06:38 GMT
server: cloudflare
etag: W/"c968756b365e11e754dac723e04806b7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-version-id: 6ekD4Vx9XeTxF5BzZeb1sJe9rb5WwDSz
cache-control: public, max-age=31536000
x-amz-cf-pop: FRA6-C1
content-type: text/css
x-amz-cf-id: JYN0km7eSpxqbMwTyo9sJmMC20UNz9KDvrB6LVgqsZuQXGbeU4MIQw==
expires: Wed, 26 Jan 2022 15:06:51 GMT

GET
H2 200 Form-quality-check.min.js Show response
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3937994511/1591984849376/In_Use/In_Use_JS/ 5 KB
1 KB 37ms
31ms Script
application/javascript 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3937994511/1591984849376/In_Use/In_Use_JS/Form-quality-check.min.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 649608e574d0bd7ea291196bc900c2001903ad5e188a3211d627c9940476c9fe

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 55b6418a8a2f714a67d8e4d292154ef3.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 33
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 8698AD9EE2C84E0F
cf-request-id: 07e0d4c4cb000005e4aa3c3000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Fri, 12 Jun 2020 18:00:50 GMT
server: cloudflare
etag: W/"9419bd1cbfef42c242cc20a5ef55f14b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: ixP9zRm6k_iyP_Gd8Rjtyznd6k3Hrisb
x-amz-cf-pop: IAD89-C1
cf-ray: 617b23e7abdd05e4-FRA
x-amz-cf-id: xu6YLsijiZWRn3ItFfr5gRzSAu_uvKXTwmR6tSzfX_gZrtpwVkSioQ==
x-amz-id-2: m89pWPUL+mzSTQ4ibh9nE4vRYE04sPu9RmdyOdWLCD2yX/+3qY9Aj+rKaI4fKvxphvcpRW1b9U4=

GET
H2 200 jquery.mousewheel-3.0.6.pack.js Show response
blog.sonatype.com/hubfs/Plugins/fancybox/lib/ 1 KB
1 KB 36ms
30ms Script
application/javascript 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hubfs/Plugins/fancybox/lib/jquery.mousewheel-3.0.6.pack.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 687be205607d7985c36d90cacc8d60ef919a61bfc72c630cda50e90467b75879

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 980059f199bdd603b925d049efedf130.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-3954371994,P-1958393,FLS-ALL
age: 439562
edge-cache-tag: F-3954371994,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 467CF72B91047612
cf-request-id: 07e0d4c4cb000005e4b186a000000001
last-modified: Sun, 08 Oct 2017 10:31:43 GMT
server: cloudflare
etag: W/"fde6509fae2cafdb6d97e4a9a60cce66"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-amz-id-2: oDsUBbTJYJ7dkJ0uMq1t9B11FFp7pKYcHYcfdcJ/yQkI9saZLksZqhyKFEWKIERjOwjvhE6Dd4o=
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: N239Basx9RkFh4_62Uj5Cg29YYiW1qQm
x-amz-cf-pop: FRA56-C1
cf-ray: 617b23e7abe005e4-FRA
x-amz-cf-id: 4qlp7SEQaRpJzL4kwrdR2ZP87TTXPTlACMif1M-Jq8hZrOvMhDil_A==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 jquery.fancybox.css
blog.sonatype.com/hubfs/Plugins/fancybox/source/ 5 KB
2 KB 69ms
63ms Stylesheet
text/css 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hubfs/Plugins/fancybox/source/jquery.fancybox.css?v=2.1.5
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 968a8e56e4adaf8c135199ebd7f6cc065424ca45974d4dfbeb5607e69fe72fcd

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 37e2872b8b14122ba8fe3a34c3bb506b.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-4027706718,P-1958393,FLS-ALL
age: 439562
edge-cache-tag: F-4027706718,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: F20AF75A2A692F20
cf-request-id: 07e0d4c4cc000005e46a147000000001
last-modified: Sun, 08 Oct 2017 10:36:24 GMT
server: cloudflare
etag: W/"6c55951ce1e3115711f63f99b7501f3a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-amz-id-2: eGq7i9UZsGtv8DzGWWRwO8sOEhuH8aOFW5fKjP786/QtStVlkA+gHuMTEztc/12dpyxYwy/KqYw=
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: 9yxq9z2gwYzktl5V7kdSL2c3_MI6Xjxy
x-amz-cf-pop: MUC50-C1
cf-ray: 617b23e7abd105e4-FRA
x-amz-cf-id: fjT_U1VGUpehlPk62VjM8ayxOQ-NmyC2xF66v4_QF3-6hw0ItOymcg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 jquery.fancybox.pack.js Show response
blog.sonatype.com/hubfs/Plugins/fancybox/source/ 23 KB
8 KB 51ms
46ms Script
application/javascript 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hubfs/Plugins/fancybox/source/jquery.fancybox.pack.js?v=2.1.5
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc50bf49cbe79ee49b4ee8b56f26ff4877bc4945c16f260b1481ba2355c96347

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 106758604a7f1ae0fa6678cd3d828d62.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-4136544545,P-1958393,FLS-ALL
age: 439562
edge-cache-tag: F-4136544545,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: BACB200548C9026D
cf-request-id: 07e0d4c4ce000005e491800000000001
last-modified: Sun, 08 Oct 2017 10:41:13 GMT
server: cloudflare
etag: W/"cc9e759f24ba773aeef8a131889d3728"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-amz-id-2: xpCEN38rCjHFVCwjN1/Z9oMro5Al00X1Uqpw3BM3Z5fR/7Tx9svtU6IhFmDyGiujx/XsWHGRGPM=
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: gK_R8lKQW19_z5wOz.PPr9fie3q4S3DG
x-amz-cf-pop: FRA56-C1
cf-ray: 617b23e7abe905e4-FRA
x-amz-cf-id: wDDOkd5R-uHKRYzEOmdRpdSVAtlMkvyIEtGbpZSAiE5jsKS7MSRLBA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 jquery.fancybox-buttons.css
blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/ 2 KB
1 KB 38ms
33ms Stylesheet
text/css 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-buttons.css?v=1.0.5
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae270bcb50f2d50d85d66e5fa909ad765d6a899b387bb6508d3d3e94bad43ec1

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 afb3db4ac63e94a7684b97827417941d.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-4027706753,P-1958393,FLS-ALL
age: 439562
edge-cache-tag: F-4027706753,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 79E2B1FAFFB215FF
cf-request-id: 07e0d4c4ca000005e47723d000000001
last-modified: Sun, 08 Oct 2017 10:36:25 GMT
server: cloudflare
etag: W/"cac75538c2e3ddfadef839feaca8e356"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-amz-id-2: oQ3CieCbhrqZcKiXcWwaOfQTGUAWHr8UEqsi9xxKFgaBXIuU+cCL06l123XApchYkZlgg89iAes=
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: kbrCPSDCUsY8GVlkKM29UBD.BEcZBDz2
x-amz-cf-pop: FRA56-C1
cf-ray: 617b23e7abd305e4-FRA
x-amz-cf-id: qGg1uuN2TdnE98LviNgaMM0WqVJF5wF6KRDKoqw8tVrlm9l2opSeRw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 jquery.fancybox-buttons.js Show response
blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/ 3 KB
1 KB 49ms
44ms Script
application/javascript 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-buttons.js?v=1.0.5
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d63b8ad7966c80ce51051da38da14f52b99cfb019aec650b2437fc74fac1560

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 c4a2e8b9ec0bdec016055cf127d5dad8.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-4136544565,P-1958393,FLS-ALL
age: 439562
edge-cache-tag: F-4136544565,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 0F85EB72EC097A4F
cf-request-id: 07e0d4c4ce000005e4bcb22000000001
last-modified: Sun, 08 Oct 2017 10:41:13 GMT
server: cloudflare
etag: W/"f53c246661fb995a3f12e67fa38e0fa0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-amz-id-2: GS6Nti6lLDs/Hg+B71O3cpe78MTH5DhVGs/TyLygmsdKPAUK0DL1OJgUAHyR98BIU7ILN+NKy54=
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: ZE12P4Vy5anoj21v8aesIIqe9Ci1UkLB
x-amz-cf-pop: FRA56-C1
cf-ray: 617b23e7abec05e4-FRA
x-amz-cf-id: el4sqpVshiaEJmKdOvrcz9gOyDI6EQlcTXrA6nrC8XYEXl4r4hWoug==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 jquery.fancybox-media.js Show response
blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/ 5 KB
2 KB 64ms
59ms Script
application/javascript 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-media.js?v=1.0.6
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e53e650a83dbce1ab8d93c365299f2e8f5070c414c9ea302f2422ca65f5fdab4

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-4006500847,P-1958393,FLS-ALL
age: 439562
edge-cache-tag: F-4006500847,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: D30BE7374C3FAC26
cf-request-id: 07e0d4c4cf000005e491220000000001
last-modified: Sun, 08 Oct 2017 10:34:56 GMT
server: cloudflare
etag: W/"c017067f48d97ec4a077ccdf056e6a2e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-amz-id-2: IkEFBUB8dmad2V7kteDgT3533APCkCuwnbLPpGg//s0a3aiLrsCghthUJUQHwhqtyI9he94JxpM=
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: mHmECpOxlpTVvF.m76YYZ2gUPPyel1xG
x-amz-cf-pop: FRA56-C1
cf-ray: 617b23e7abef05e4-FRA
x-amz-cf-id: vseWcNdVdKI6WvJOJF6JlkZLCcgKJNTNLj81HFk1Cd1I6ihhN8EtGA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 jquery.fancybox-thumbs.css
blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/ 735 B
822 B 68ms
64ms Stylesheet
text/css 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-thumbs.css?v=1.0.7
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d836d81acb5d5e712c55c4f7911d93513fe1d7d0336353085aa5bd0f36b6998c

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-4027706748,P-1958393,FLS-ALL
age: 439562
edge-cache-tag: F-4027706748,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 15B1DD9613BDA30B
cf-request-id: 07e0d4c4ca000005e4b7951000000001
last-modified: Sun, 08 Oct 2017 10:36:25 GMT
server: cloudflare
etag: W/"52ddd84a9f42c1d4cd86d518a7f7e8bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-amz-id-2: Au7F1vqQxkJeaMxS91V2YA3YcQYgexMaqZhGhcJMX4lMviZoymuS3+wVCLO3rVplkxtKPnnrRfg=
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: uEwu_H_pGSmwXIYOLYGG4BSsHEGUDz4P
x-amz-cf-pop: FRA56-C1
cf-ray: 617b23e7abd505e4-FRA
x-amz-cf-id: VFDu-DiOc-a_2yAWc87KIa9EMwipL-LbJxERBLHTBrw3OCrhbfA7Ow==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 jquery.fancybox-thumbs.js Show response
blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/ 4 KB
2 KB 69ms
65ms Script
application/javascript 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-thumbs.js?v=1.0.7
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ba02b924fc5beeb370ed64d478401e94a513e970cac2c46266c708348135cf2

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-4136544560,P-1958393,FLS-ALL
age: 439562
edge-cache-tag: F-4136544560,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: A705B432C06C4079
cf-request-id: 07e0d4c4cf000005e46e153000000001
last-modified: Sun, 08 Oct 2017 10:41:13 GMT
server: cloudflare
etag: W/"cf1fc1df534eede4cb460c5cbd71aba6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-amz-id-2: wHaoR8iuI+W4zUX+PLV3f1SMbRmho1PVDMwGyzDFpYwY521UQpGPexQGjFXsZcNId3uzSagZIvw=
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: TslnQYfkYOrp30w5R4Xsi5EhshX1lwMn
x-amz-cf-pop: FRA56-C1
cf-ray: 617b23e7abf005e4-FRA
x-amz-cf-id: vnkh6KuuC5qtREPsYK9IoMOjYLFRVdS2N_cLWJVZkpK3svrkmWVAbw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 cae69742.js Show response
use.fonticons.com/ 601 B
643 B 34ms
10ms Script
text/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fonticons.com/cae69742.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 92861ccd95894977f67967b2c673b19ac3079ce2ba73eb409560b08a2e756ec4

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
content-encoding: gzip
last-modified: Fri, 22 Apr 2016 13:22:04 GMT
etag: "e50d1c66e0803c94f9a401405de86e90"
vary: Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-hw: 1611673611.cds017.fr8.hn,1611673611.cds225.fr8.c
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60, private, must-revalidate
accept-ranges: bytes
content-length: 384

GET
H2 200 uc.js Show response
consent.cookiebot.com/ 71 KB
17 KB 79ms
6ms Script
application/javascript 2a02:26f0:6c00::210:ba79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/uc.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba79 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 928d6e0560d801b58e6fa7868646bcb80bed2ed89eaae2aa165219825a3ee2b5

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
content-encoding: gzip
last-modified: Thu, 14 Jan 2021 10:39:13 GMT
server: Microsoft-IIS/10.0
etag: "809ebf7f61ead61:0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=638
accept-ranges: bytes
content-length: 17320
expires: Tue, 26 Jan 2021 15:17:29 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 98 KB
39 KB 55ms
16ms Script
application/javascript 2a00:1450:4001:825::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-137036301-1

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d08501ebfbcdced71d3164f50d826b79235428edb6374b3ad6688565ace0d980

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39649
x-xss-protection: 0
expires: Tue, 26 Jan 2021 15:06:51 GMT

GET
H2 200 in.js Show response
platform.linkedin.com/ 181 KB
55 KB 30ms
6ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8F0A) /
Resource Hash: 2c666864babd01234e141cf63de6d7144ab88d53652d619869ec3a6adbc6fae8

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
content-encoding: gzip
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 3191
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 55604
x-li-uuid: G5F8YbXNXRYgCmmBMSsAAA==
server: ECAcc (frc/8F0A)
last-modified: Tue, 26 Jan 2021 14:13:40 GMT
x-li-pop: prod-ech2
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
accept-ranges: bytes
x-li-proto: http/1.1
x-li-fabric: prod-lva1
expires: Tue, 26 Jan 2021 15:13:40 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1611655691145/hubspot/hubspot_default/shared/responsive/ 5 KB
2 KB 56ms
36ms Stylesheet
text/css 2606:4700::6811:f2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1611655691145/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
content-encoding: br
cf-cache-status: HIT
age: 17744
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
cf-request-id: 07e0d4c4da00004a5b28264000000001
last-modified: Tue, 26 Jan 2021 10:08:12 GMT
server: cloudflare
etag: W/"0b0c633d59ab0af9553a98c0e7d97349"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-meta-created-unix-time-millis: 1611655691145
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop: IAD89-C1
cf-ray: 617b23e7cbc84a5b-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 hs_default_custom_style.min.css
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1611535992332/In_Use/In_Use_CSS/default/ 50 KB
10 KB 52ms
48ms Stylesheet
text/css 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1611535992332/In_Use/In_Use_CSS/default/hs_default_custom_style.min.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a951ebf24f77ba7af298601bafa26d348c65710110b3ad7da629c7efe7f19a5

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 f2c051917a765f1d1a1cd2ce1622adb9.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 33
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 90F4B7CC4E0FFD30
cf-request-id: 07e0d4c4ca000005e471aa6000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Mon, 25 Jan 2021 00:53:13 GMT
server: cloudflare
etag: W/"0e0f1fb36027973a9cd37988885c39e1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-meta-created-unix-time-millis: 1611535992332
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: SVIz_yUuxncPRbTE9j7Fb4fDD9WrpxT3
x-amz-cf-pop: IAD89-C1
cf-ray: 617b23e7abd705e4-FRA
x-amz-cf-id: lIdQfwg-x07ZIClSXyiM_DTE1QKROKAPpfRfQJAre-ysHyXTTeMMVA==
x-amz-id-2: niYluBBHt1/6t/hBkHWK+ewCGCjZZVR9RrhWIljChZ8+jZtDiUC8pWxcIzlEu/ZKlR0gHOrA4vc=

GET
H2 200 Updates-Fall-2017.min.css
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/5296081041/1604958980339/In_Use/In_Use_CSS/ 139 KB
23 KB 35ms
32ms Stylesheet
text/css 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/5296081041/1604958980339/In_Use/In_Use_CSS/Updates-Fall-2017.min.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac41d4915006679f2820ac6e989b5a7baf1d2e01f97453b5d35f97f3d069f769

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 b5e757a7da6f6fe6261f56a8a9646881.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 33
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 2DD2A01C25982C3C
cf-request-id: 07e0d4c4ca000005e4a71a1000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Mon, 09 Nov 2020 21:56:21 GMT
server: cloudflare
etag: W/"6ac2bbfdede14562449f648e323d553c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-meta-created-unix-time-millis: 1604958980340
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: pf6Vy3vGq1kajD__0XIfADop7.F8.9yv
x-amz-cf-pop: IAD89-C1
cf-ray: 617b23e7abd905e4-FRA
x-amz-cf-id: 9N_rakDaqAsYhhzevndHL3Wto86CL1RFGsSl9FgMjJXxvcyy4qCmKQ==
x-amz-id-2: HkaXwcQgtAegavHsHqyNGC1LRj2nOmE2l05KYMxk6hD3MCWbgCpJOCslkwvfF20De+/NSNuNluE=

GET
H2 200 SON_logo_blog_2.svg
blog.sonatype.com/hubfs/blog%20refresh%202019/ 4 KB
2 KB 58ms
42ms Image
image/svg+xml 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hubfs/blog%20refresh%202019/SON_logo_blog_2.svg
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93e89f408fdf0e4815d897db24b13189298d5c4717598cea5dc40eeb1ddb8800

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 af3abf09293a5c762de5e451f8d6a913.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-7596580702,FD-7315118305,P-1958393,FLS-ALL
age: 439561
edge-cache-tag: F-7596580702,FD-7315118305,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 37370C945DDE7AC3
cf-request-id: 07e0d4c54b000005e4b3367000000001
x-amz-id-2: j+YMSvYNTHB090g4B1C60BDzS99hevfVz9dp2B1tYw2tppNsE4qB8fY9wjywczo5JYxfsYPP6gc=
last-modified: Thu, 05 Dec 2019 18:21:31 GMT
server: cloudflare
etag: W/"dbf0a60db68d67234e5163acc8cacd39"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: IPbFSPSVjjLbEsPQIRGn2SaVoLpjb1km
x-amz-cf-pop: MUC50-C1
cf-ray: 617b23e87de705e4-FRA
x-amz-cf-id: 8cbREAaKu6sZHwCSsqjibGhLE4IDTzRHxsQn4KH22AxZLVU4XhCyhg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 Navigation_Highlight_TryNexus@2x.png
blog.sonatype.com/hs-fs/hubfs/Mega%20Menu/ 71 KB
72 KB 74ms
57ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/Mega%20Menu/Navigation_Highlight_TryNexus@2x.png?width=400&name=Navigation_Highlight_TryNexus@2x.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb9998887acfe0796b1c599154d85671c0c0c79361c037167ac9c0f1a628ae18

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 6def1f0ddc805dce17407cce01d5b32d.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-28835501552,FD-28685810051,P-1958393,FLS-ALL
age: 439561
cf-polished: origFmt=png, origSize=118408
edge-cache-tag: F-28835501552,FD-28685810051,P-1958393,FLS-ALL
content-disposition: inline; filename="Navigation_Highlight_TryNexus@2x.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: DDA6736ADA6370F5
cf-request-id: 07e0d4c54b000005e47724f000000001
x-amz-server-side-encryption: AES256
accept-ranges: bytes
last-modified: Mon, 27 Apr 2020 16:11:16 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "8021d66ebf091d1da96425ae01f65b8e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
x-amz-id-2: 6yFxhLQ0xRnUR9vw2A91X4gEG+0s8pej1A9vv+jA6sAnUoYa/w2/ZIvusJpguM9XRwJhVTCWZSg=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: ..1.Lu4FAFcfEdmd5SLL3QOQNWApVDlW
x-amz-cf-pop: FRA56-C1
content-length: 72704
cf-ray: 617b23e87ded05e4-FRA
x-amz-cf-id: 2pDnYAKdUQ4Kzd1p19kIhXUvPF-dcHDi60JrPbbH_V_f64ZTA_wOIw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 Navigation_Highlight_%20NexusPlatform@2x.png
blog.sonatype.com/hs-fs/hubfs/Mega%20Menu/ 42 KB
43 KB 78ms
62ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/Mega%20Menu/Navigation_Highlight_%20NexusPlatform@2x.png?width=400&name=Navigation_Highlight_%20NexusPlatform@2x.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65d038a4f0c4243c9759b2eb09d74939db86f9d9f2266f31de66d99522e5e09d

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 df7c0ba7857d5300ae11e7566c926f17.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-28835501551,FD-28685810051,P-1958393,FLS-ALL
age: 439561
cf-polished: origFmt=png, origSize=72799
edge-cache-tag: F-28835501551,FD-28685810051,P-1958393,FLS-ALL
content-disposition: inline; filename="Navigation_Highlight_%20NexusPlatform@2x.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: CA7858A3C3F3F3FA
cf-request-id: 07e0d4c54b000005e4a0010000000001
x-amz-server-side-encryption: AES256
accept-ranges: bytes
last-modified: Mon, 27 Apr 2020 16:11:15 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "3f7ba7361ed6be7c113db62ac3849744"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
x-amz-id-2: 7SDoP1HtNXFj/HukzlgAyDrvltBb0/eZaGUNR4uo12atr6PJuw5vCkAx5EhS739RBrzMKp6GIUY=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: 1ohDiWKnXJYRKLn41TeTmfUw.oiXT23C
x-amz-cf-pop: FRA56-C1
content-length: 43342
cf-ray: 617b23e87dee05e4-FRA
x-amz-cf-id: qK7e9ec0JBuEiZdr-XzE1TDKSaprTBwJ4CQi2wZkMzkNZb3wge01Tg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 Navigation_SSC_Pacman@2x.png
blog.sonatype.com/hs-fs/hubfs/ 49 KB
50 KB 81ms
66ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/Navigation_SSC_Pacman@2x.png?width=400&name=Navigation_SSC_Pacman@2x.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7acd127ae78e9b838e7f69fef470054a11e76ffade77867ab474062fc7f3e5f8

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-request-id: 07e0d4c54b000005e4d0917000000001
x-amz-meta-cache-tag: F-34845237156,P-1958393,FLS-ALL
age: 439561
x-amz-server-side-encryption: AES256
edge-cache-tag: F-34845237156,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Navigation_SSC_Pacman@2x.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 480E62D57E775AF1
cf-bgj: imgq:85,h2pri
etag: "e4a937040ba06fb23f9d2a9d788f1e2d"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1599842950857
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 47a7b8b932d91b0edbfc42f1ba94ebc1.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: FRA56-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=82315
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 50326
x-amz-id-2: wQobtZKE0PRYM1k3YB6Q9DiwR3GVHz+Ehhota3+xWztfARDIbSXX6Wy+Y8DMr3xRjqLrhNTJvWg=
last-modified: Fri, 11 Sep 2020 16:49:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-version-id: PjqdcF6wr9LqY5XL9wYByjQaqzVVU1aA
accept-ranges: bytes
cf-ray: 617b23e87df105e4-FRA
x-amz-cf-id: Bm4f2kS1nXME_JV06DFGb7Fzkc1HQjX7PJicXQTlb5TEavQ7FEUJ_A==

GET
H2 200 Navigation_Highlight_Careers@2x.png
blog.sonatype.com/hs-fs/hubfs/Mega%20Menu/ 52 KB
52 KB 88ms
72ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/Mega%20Menu/Navigation_Highlight_Careers@2x.png?width=400&name=Navigation_Highlight_Careers@2x.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cde7a1802fe1062fe828b9daf5e8549871590adba896f174b6a76a9bab3f1595

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 72e8bbddfffeeec486003f867d631025.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-28835416895,FD-28685810051,P-1958393,FLS-ALL
age: 439561
cf-polished: origFmt=png, origSize=89362
edge-cache-tag: F-28835416895,FD-28685810051,P-1958393,FLS-ALL
content-disposition: inline; filename="Navigation_Highlight_Careers@2x.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 08669050EE15F779
cf-request-id: 07e0d4c54b000005e4c333b000000001
x-amz-server-side-encryption: AES256
accept-ranges: bytes
last-modified: Mon, 27 Apr 2020 16:11:16 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "522dd42f85181d39dc2ce53c7ae401a1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
x-amz-id-2: rEZYerdPxYhKPVEOJ/pCBqarVALTFZAZNDrGmpvUtEJgQ3d+urqX0Vi904MhTEy/DNJ5O6Bm6rs=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: apErcCQPMKtq2LV.w3.vIbJ2LZfDs9Vn
x-amz-cf-pop: FRA56-C1
content-length: 53014
cf-ray: 617b23e87df205e4-FRA
x-amz-cf-id: 5dmLxFW4ZOFsluQ8sorSXgyZ_zkF4KuveRVvDSYVl4UvInvWd7G5Qw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 GettyImages-1206471872.png
blog.sonatype.com/hubfs/ 189 KB
190 KB 74ms
60ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hubfs/GettyImages-1206471872.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a09c46f99dadab47a670dbcc0dbd1bd906ea6014ec9a4eea1605c8d5209159a

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-request-id: 07e0d4c54c000005e4bdb4e000000001
x-amz-meta-cache-tag: F-37635948018,P-1958393,FLS-ALL
age: 432236
x-amz-server-side-encryption: AES256
edge-cache-tag: F-37635948018,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="GettyImages-1206471872.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 3DF2ECF87B6783E6
cf-bgj: imgq:85,h2pri
etag: "0ef9fc55d66973f463b74a79cabb35bc"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1605554748570
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 d947c3ab534102b2c9a7f0a4541d2ed9.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: FRA56-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=285677
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 193368
x-amz-id-2: y07n4XjcygB/VzBnBQ+MMDZwCRr2G+LcDo0KMtHZxENfOFbw7ZKsPpNV8O+Tz0o8RXLpQGnM1Rk=
last-modified: Mon, 16 Nov 2020 19:25:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-version-id: QnvwVYV_4VkWnqZD5.m5fg0HNnM_u4pA
accept-ranges: bytes
cf-ray: 617b23e87df405e4-FRA
x-amz-cf-id: 8RiB1-0-IlFQqV6_q7DhEc37cz8acTYoOUNp_5mJHbfrf2vuuMK2Xg==

GET
H2 200 XPC1.png
blog.sonatype.com/hs-fs/hubfs/ 77 KB
78 KB 80ms
67ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/XPC1.png?width=408&name=XPC1.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6bf90f359dc82de7970ab0f86a70049933404734fc7c90e94a8e7426228ded21

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-request-id: 07e0d4c54c000005e482be2000000001
x-amz-meta-cache-tag: F-37635005517,P-1958393,FLS-ALL
age: 36158
x-amz-server-side-encryption: AES256
edge-cache-tag: F-37635005517,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="XPC1.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 9CFCDD9C11FF879C
cf-bgj: imgq:85,h2pri
etag: "f867ca600473100896fe42382176017f"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1605551515524
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 980059f199bdd603b925d049efedf130.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: FRA56-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=131256
x-cache: Miss from cloudfront
x-amz-meta-index-tag: all
content-length: 78750
x-amz-id-2: P933kKM6Wz3bZDMMVxYWAMY82pxRzGP10un8nfilnljvXdIaqzS8brOLE3isOzia5eh8KK/v/Z4=
last-modified: Mon, 16 Nov 2020 18:31:56 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-version-id: 4WDz_wVxXZ4JyN_C4j3OdwLTZOzjmmQO
accept-ranges: bytes
cf-ray: 617b23e87df505e4-FRA
x-amz-cf-id: 1_7lpjkdJUjAEj5F22RQsRcop2_KrmKW7mO7lvgJywa0Y20JJ6NTGg==

GET
H2 200 xpc2.png
blog.sonatype.com/hs-fs/hubfs/ 25 KB
26 KB 84ms
71ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/xpc2.png?width=610&name=xpc2.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f1e6df547a031b13fd017893bb4c21d9134e6f72164fdc0e4792527070cd7d9

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 2ad0cde89ab58d454177893ae4447f50.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 36158
cf-polished: origFmt=png, origSize=53493
edge-cache-tag: F-37635248436,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="xpc2.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-length: 25598
cf-request-id: 07e0d4c54e000005e4bf0d7000000001
x-amz-server-side-encryption: AES256
last-modified: Tue, 05 Jan 2021 13:44:43 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "ae93f33a59038ee96b9eea5f4459b6ae"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 617b23e87df605e4-FRA
x-amz-cf-id: tSULOvzaKITf7F9g7X1qvauGxVO3syxW-8YGo5j-sxpRrOIptUOa9g==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 xpc3.png
blog.sonatype.com/hs-fs/hubfs/ 118 KB
118 KB 48ms
36ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/xpc3.png?width=625&name=xpc3.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1bb0bdcb93c4e6c2dd633e7f56b10cb857058352a0fa31474e600d770575faad

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 936f33bed45438343f0ef2adff442815.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 36157
cf-polished: origFmt=png, origSize=201927
edge-cache-tag: F-37629499048,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="xpc3.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-length: 120612
cf-request-id: 07e0d4c54c000005e4cb1ba000000001
x-amz-server-side-encryption: AES256
last-modified: Wed, 06 Jan 2021 14:31:08 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "20c822cc70132c0644108f2803fe8569"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 617b23e87df805e4-FRA
x-amz-cf-id: pp_s2CGv73n0-72WS0mWvO1hSMacVpmnVFyZdAbRDp0W1ZDxIkuJ2Q==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 xpc4.png
blog.sonatype.com/hs-fs/hubfs/ 16 KB
16 KB 77ms
64ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/xpc4.png?width=637&height=130&name=xpc4.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c6a84e7c15e338dc58c3efe21caa0695e8e889cfd6e10a07113ec17b8f6c4bb

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 c9bc0840da506c3f9fd4715a063463a7.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 36156
cf-polished: origFmt=png, origSize=39767
edge-cache-tag: F-37629499066,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="xpc4.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-length: 16428
cf-request-id: 07e0d4c54d000005e49122e000000001
x-amz-server-side-encryption: AES256
last-modified: Wed, 06 Jan 2021 13:45:41 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "a7451b0b5887045a146f4e6dae1fb738"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 617b23e87dfa05e4-FRA
x-amz-cf-id: UsC2rE7u0LCLXwAQjaLOQhAMZzqHsKsckWodPi6BU29Z0xaZKhiREQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 xpc5.png
blog.sonatype.com/hs-fs/hubfs/ 117 KB
117 KB 40ms
28ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/xpc5.png?width=636&name=xpc5.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fbb4d31d328afc7d2cd1a2f54bc3093da6cc504f8bcedf4c8046cf523902f23b

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 5195de19cbc5ce842ac6538e9a6850cb.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 36156
cf-polished: origFmt=png, origSize=196800
edge-cache-tag: F-37635005643,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="xpc5.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-length: 119528
cf-request-id: 07e0d4c54d000005e468b4e000000001
x-amz-server-side-encryption: AES256
last-modified: Wed, 06 Jan 2021 15:54:07 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "e59fa39dc735ad5f8d83756409bd7539"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 617b23e87dfd05e4-FRA
x-amz-cf-id: rmVsHZpqH-bIqKT-v8NxciRK0OQA9kXVoxBxJdzkHCT1PbpVfSRTrQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 xpc6.png
blog.sonatype.com/hs-fs/hubfs/ 32 KB
32 KB 46ms
35ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/xpc6.png?width=624&name=xpc6.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9dbd6758e6c8a8ac58ac96705f73733008b2ff94d13c491ac8a04acc1ba5995

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 f88487c9214731db4c82619c9183bf7b.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 36155
cf-polished: origFmt=png, origSize=80551
edge-cache-tag: F-37634761460,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="xpc6.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-length: 32410
cf-request-id: 07e0d4c54d000005e4c3b37000000001
x-amz-server-side-encryption: AES256
last-modified: Wed, 06 Jan 2021 15:54:06 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "903ffed19b2d297bb5029ff01b3066cf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 617b23e87dff05e4-FRA
x-amz-cf-id: XQ2PT-vzRgs5wCxzUaiOhEBP2fIETORYMWJ2MotYm0WUtUbc4WCqIQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 xpc7.png
blog.sonatype.com/hs-fs/hubfs/ 63 KB
64 KB 53ms
43ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/xpc7.png?width=623&name=xpc7.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 572e727da2d987e405e5d6c5b14f3e0ada5d17c52ba10e0dc84dcc56b84ad132

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 1448f69604d5be1f9c9f0c64cfa90595.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 36154
cf-polished: origFmt=png, origSize=152028
edge-cache-tag: F-37635248660,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="xpc7.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-length: 64774
cf-request-id: 07e0d4c54d000005e48209d000000001
x-amz-server-side-encryption: AES256
last-modified: Wed, 06 Jan 2021 06:50:38 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "f14919fe576f6dc920ff55773c44f435"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 617b23e87e0205e4-FRA
x-amz-cf-id: bI6_2PZdBpsPll1L4wwU8uxFrp8rZsvZZ3rHi4ojghZytfgLm9UypQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 xpc8.png
blog.sonatype.com/hs-fs/hubfs/ 45 KB
46 KB 56ms
45ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/xpc8.png?width=624&name=xpc8.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 478db0a9387a7f17b1d5d698e29a337d8aefa4a9b04997c0c1fcb1bba4b61018

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 36154
cf-polished: origFmt=png, origSize=101059
edge-cache-tag: F-37635248673,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="xpc8.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-length: 46324
cf-request-id: 07e0d4c54d000005e463b9b000000001
x-amz-server-side-encryption: AES256
last-modified: Wed, 06 Jan 2021 18:34:20 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "dd045733a70c4eb27791d1aecc5854a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 617b23e87e0405e4-FRA
x-amz-cf-id: 2Ub-NlQWvGJARvx3ye1LfG_mrZeaCCNkwKCKai23rLpFqOnt21zw7A==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 akshay%20ax%20sharma.jpeg
blog.sonatype.com/hubfs/ 33 KB
33 KB 57ms
47ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hubfs/akshay%20ax%20sharma.jpeg
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e57bed5ad74d01e390c6c88cff69a8a573c8d08a127f4dfe8fc80f397504d51

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 6def1f0ddc805dce17407cce01d5b32d.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-7618951662,P-1958393,FLS-ALL
age: 438061
cf-polished: qual=85, origFmt=jpeg, origSize=58267
edge-cache-tag: F-7618951662,P-1958393,FLS-ALL
content-disposition: inline; filename="akshay%20ax%20sharma.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 51ED60EFC1025369
cf-request-id: 07e0d4c54e000005e471ab6000000001
x-cache: RefreshHit from cloudfront
accept-ranges: bytes
last-modified: Fri, 15 Feb 2019 17:59:33 GMT
server: cloudflare
etag: "05bf826725f866d18596285df12261d6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
x-amz-id-2: HvLZ7pSkC65ER11qn3rexdQ5uwXda9C157/upmUhzm8kKjpYi/7wA+fo3ppK/2QjWT1X6kE/Nj8=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: eJ4YI7RINvXgKM3v312ykCq5Y_UAIELs
x-amz-cf-pop: FRA56-C1
content-length: 33742
cf-ray: 617b23e87e0805e4-FRA
x-amz-cf-id: HWBIXAOSIuRfDsSJgkD09ASFaURF271ziyHmR8KT2uYbBzfjrl7jjw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 GettyImages-612260664.jpg
blog.sonatype.com/hubfs/ 36 KB
37 KB 62ms
51ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hubfs/GettyImages-612260664.jpg
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: de6e4c78b090b7b2371a98953047a40d8e37efc727bb55858a95df6cd6afa8f7

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-request-id: 07e0d4c54e000005e49180d000000001
x-amz-meta-cache-tag: F-38844464743,P-1958393,FLS-ALL
age: 439372
x-amz-server-side-encryption: AES256
edge-cache-tag: F-38844464743,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="GettyImages-612260664.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: DS3K1RBY0H2S5MBJ
cf-bgj: imgq:85,h2pri
etag: "882f5bda32d314f101833e7512208758"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1608134356288
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 f7b7cf90592cf6a380fd34cc45e9c4b5.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: FRA50-C1
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=177289
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 36956
x-amz-id-2: 6xbfh8Tq+To5D5MWKJdo/OnZZuqaDMcFQvG0iIN7v+sh6PRirpjhj/8M1TtoKwISr0QjcL/7MC0=
last-modified: Wed, 16 Dec 2020 15:59:17 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-version-id: QnYszmVqKXrtukKupjbmudaF4KtS4RpH
accept-ranges: bytes
cf-ray: 617b23e87e0905e4-FRA
x-amz-cf-id: -opi4LZTsRhI4vr-TpnUD4dVmuy9dfE4SyNfcRCQTAfwUq0OAtfKpQ==

GET
H2 200 GettyImages-939247822.png
blog.sonatype.com/hubfs/ 469 KB
470 KB 48ms
38ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hubfs/GettyImages-939247822.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29373b41d75c567ff1c98f5cfa4e6aa6bbb0519b917c2fe3c74da1da9708621e

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-request-id: 07e0d4c54e000005e498914000000001
x-amz-meta-cache-tag: F-38757637321,P-1958393,FLS-ALL
age: 59871
x-amz-server-side-encryption: AES256
edge-cache-tag: F-38757637321,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="GettyImages-939247822.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 5E4CEC3117565366
cf-bgj: imgq:85,h2pri
etag: "2b468e2cea3b5d3674f4c67a50411798"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1607980185098
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 9810d82af8847b51b9c3048141069a65.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: FRA6-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=706240
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 480032
x-amz-id-2: oanxMY66YgWfpKg+oEu/zohY090P85Rbfc+1PGGk3jkeUQvhVYUTGjIMZbiFuEMgwRBuL8uH+cc=
last-modified: Mon, 14 Dec 2020 21:09:46 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-version-id: 6mwnf3QbCPcQLuqPDliyfgp_zurpKthm
accept-ranges: bytes
cf-ray: 617b23e87e0a05e4-FRA
x-amz-cf-id: F0TFxj5fbyYeYSeTUqzXgwh3s254aMj4M-t-mv1ku0O369oWIvAMmg==

GET
H2 200 GettyImages-622206776.png
blog.sonatype.com/hubfs/ 342 KB
343 KB 58ms
49ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hubfs/GettyImages-622206776.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00ca9a61b904065b0eeaae8bd7f5effdf5c98bf1bce2404ad580f0f92fb57133

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-request-id: 07e0d4c54e000005e4b800e000000001
x-amz-meta-cache-tag: F-38216919170,P-1958393,FLS-ALL
age: 59871
x-amz-server-side-encryption: AES256
edge-cache-tag: F-38216919170,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="GettyImages-622206776.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: FEBD774E2AA66B78
cf-bgj: imgq:85,h2pri
etag: "adf5ba58c51d21f85563a64cd3390e4f"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1606833567583
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 82e9051d8d41080bd3028731e0e8677f.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: FRA6-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=485045
x-cache: Miss from cloudfront
x-amz-meta-index-tag: all
content-length: 350190
x-amz-id-2: AkQM8SEMdkFPE3pxqAhRDV9d+0vF5SzLg5dvGNRQx2CuJIS6SP9pCLtQIewPvQXOZ60baFJAkNc=
last-modified: Tue, 01 Dec 2020 14:39:28 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-version-id: 6X_BQ_8nDZRY6UGm58QBoiEwhPllqK1u
accept-ranges: bytes
cf-ray: 617b23e87e0d05e4-FRA
x-amz-cf-id: 3Vi6xxZSzLZ3by7xKNB43v1Fh5kWaX3i43ixvKieYp-pwBBXgb1EbQ==

GET
H2 200 GettyImages-887166952.jpg
blog.sonatype.com/hubfs/ 28 KB
29 KB 47ms
37ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hubfs/GettyImages-887166952.jpg
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ac2874390cf3b1562087fd32bf6e541b6fdf1bc914a72b730e3f00446e94e32

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-request-id: 07e0d4c54f000005e477252000000001
x-amz-meta-cache-tag: F-40816169170,P-1958393,FLS-ALL
age: 439495
x-amz-server-side-encryption: AES256
edge-cache-tag: F-40816169170,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="GettyImages-887166952.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: CF7AB2B42D674493
cf-bgj: imgq:85,h2pri
etag: "ba44ab467af48f1020ef0de75c83a7b1"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1611086437921
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 c888f786e25e6e3c7dbb7e9da462d715.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: FRA56-C1
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=86194
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 28530
x-amz-id-2: uAmWcDKnDeJXH5CuldD0ag5+WESMfSX+xSrOXD69PLFXy7seeRP6qG/cEew7DZwMTWoqmX+UbsM=
last-modified: Tue, 19 Jan 2021 20:00:39 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-version-id: VufZpLueA5uvh6RQwMH7L92aZsFVY6qD
accept-ranges: bytes
cf-ray: 617b23e87e0f05e4-FRA
x-amz-cf-id: 8V-7FHahhN5fhXDTwxpQ4msDxOwB7xYCAVLpKymqAR1eYf9U9aTxNA==

GET
H2 200 GettyImages-1182226451.png
blog.sonatype.com/hubfs/ 531 KB
532 KB 62ms
53ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hubfs/GettyImages-1182226451.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: be00986fac24c7ff236021542c6f17ebb8a4c8cde811c2cde1164152d651fac3

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 5cf5bc69324ade55eebb5e539fa6c2fa.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-29835669815,P-1958393,FLS-ALL
age: 70574
cf-polished: origFmt=png, origSize=717789
cf-ray: 617b23e87e1205e4-FRA
edge-cache-tag: F-29835669815,P-1958393,FLS-ALL
x-amz-meta-index-tag: all
content-disposition: inline; filename="GettyImages-1182226451.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 2D8E7ED8E0C98B14
cf-request-id: 07e0d4c54f000005e4778c9000000001
x-amz-server-side-encryption: AES256
accept-ranges: bytes
last-modified: Wed, 27 May 2020 20:32:10 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "b8b03780a551741b40b466ebd0650c52"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
x-amz-id-2: SHPXQdMTt4F8cGMnb9SC6b4S8ZOVbfCAjvkQULxOoDftkgeDaKKdC1nZjkkQ+gahMo027juwWvc=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: 2efG0.xWBkdlcNX788Pxg3tZnotwkucX
x-amz-cf-pop: TXL52-C1
content-length: 543326
x-robots-tag: all
x-amz-cf-id: cHatKi0aHCuwDGqiKpxpZYlppOcIFmjA5TlsP9hzBOFCwQtHLTAlIQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 GettyImages-984835220.jpg
blog.sonatype.com/hubfs/ 63 KB
63 KB 42ms
33ms Image
image/jpeg 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hubfs/GettyImages-984835220.jpg
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ffd7c8ba78cbd6f65df7714a8551fe932907e8b96c0b38512ec9b69f4647b457

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-7652723571,P-1958393,FLS-ALL
age: 59910
cf-polished: origSize=106465, status=webp_bigger
edge-cache-tag: F-7652723571,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: BAC6CFA5BAFC77BD
cf-request-id: 07e0d4c54f000005e47d8c8000000001
accept-ranges: bytes
last-modified: Mon, 18 Feb 2019 16:17:59 GMT
server: cloudflare
etag: "86ae44b49eee632ebdeaf26a5b02ddd0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
x-amz-id-2: XKvAzFfBRPkwE82LL9G6vxVna9llnVIhvQRTPu8BqZFO4SFFyWdT9o4nSn6aB66JydGb6TiPvZQ=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: DLZgWQQyN50iP6OXV8iytZPDzFxKKyWw
x-amz-cf-pop: FRA6-C1
content-length: 64298
cf-ray: 617b23e87e1405e4-FRA
x-amz-cf-id: hmdBlRZEMsZ2RgRjvMxLcFhAHaKa2oDMiynK_8Nnh1x71sqqQuQVrg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 SON_logo_white@2x%20copy%20trimmed.png
blog.sonatype.com/hs-fs/hubfs/ 1 KB
2 KB 64ms
57ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=130&name=SON_logo_white@2x%20copy%20trimmed.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bb569351e01a343124bf4a87bc8348669a5850a82d9fff7d476372e22da386af

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 7dc4818c830423900ae855831181d2b8.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 72436
cf-polished: origFmt=png, origSize=2706
edge-cache-tag: F-7285975615,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="SON_logo_white@2x%20copy%20trimmed.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-length: 1414
cf-request-id: 07e0d4c54f000005e478176000000001
x-amz-server-side-encryption: AES256
last-modified: Sat, 09 Jan 2021 12:15:27 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "32dbf9382daa5d9a7728626bb4ae0fa2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 617b23e87e1605e4-FRA
x-amz-cf-id: _P_TIYIItwSRQlOawuFMufIe_YWgcwTnLns3lMVjbzN4S4oMjx9mPw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 SON_logo_white@2x%20copy%20trimmed.png
blog.sonatype.com/hs-fs/hubfs/ 2 KB
2 KB 71ms
64ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=145&name=SON_logo_white@2x%20copy%20trimmed.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e0c082f8f5ea340d2efba890eb6d39f2c589448c58d36fdb57d9f85b41aae9f

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 2ad0cde89ab58d454177893ae4447f50.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 439561
cf-polished: origFmt=png, origSize=3091
edge-cache-tag: F-7285975615,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="SON_logo_white@2x%20copy%20trimmed.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-length: 1536
cf-request-id: 07e0d4c54f000005e4d0918000000001
x-amz-server-side-encryption: AES256
last-modified: Sat, 09 Jan 2021 11:53:18 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "db3a315c588334c34b9882aad1cd8a69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 617b23e87e1705e4-FRA
x-amz-cf-id: HBi1yHB3QiCY5_rjdKPNheOxMq3aC0jhYA-zJU8WpSmtFTrOEjiRFw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 module_28632893861_MEGA_Menu_Code.min.js Show response
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/28632893861/1611092854548/ 1 KB
874 B 46ms
45ms Script
application/javascript 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/28632893861/1611092854548/module_28632893861_MEGA_Menu_Code.min.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 815dbc562b821da8d973dc0e81e78c883758da7f4b44d3a61218b7e44f71d02a

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 1448f69604d5be1f9c9f0c64cfa90595.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 33
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 0AF6556B5A84D4A2
cf-request-id: 07e0d4c512000005e4a9847000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Tue, 19 Jan 2021 21:47:35 GMT
server: cloudflare
etag: W/"9c27f3d5e2647393c06a38c575cb0868"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-meta-created-unix-time-millis: 1611092854548
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: NEjlMSaDb32Yd.W.EfhdNp6Eb4wZNYEc
x-amz-cf-pop: IAD89-C1
cf-ray: 617b23e81d0c05e4-FRA
x-amz-cf-id: P9J2fEb_gwxv6giMJosvcK2AnBojgwHtZJEXICLhP6j8jDeONCHTsA==
x-amz-id-2: rLEQy8Ke7Xo/qOU+qMytfdTqVBay7plUFjYECqOf0eXUFNFXJtMPa5+MeQiIInpMZBf60TeBqJE=

GET
H2 200 1958393.js Show response
blog.sonatype.com/hs/scriptloader/ 1 KB
640 B 191ms
185ms Script
application/javascript 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs/scriptloader/1958393.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca1fd3a75d1e825ec0cd6541a29e72c8fd2fde86a856d6a015164e3792958b35

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 33
cf-polished: origSize=1329
cf-request-id: 07e0d4c550000005e460acc000000001
cf-bgj: minify
server: cloudflare
x-trace: 2B7B820B1EED2A3AE236878D1E9FEB53A0669E69C1000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 617b23e87e1805e4-FRA
expires: Tue, 26 Jan 2021 15:07:51 GMT

GET
H2 200 Sonatype-Main.min.js Show response
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/5296077409/1591124939867/Not_in_Use/ 1 KB
811 B 26ms
26ms Script
application/javascript 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/5296077409/1591124939867/Not_in_Use/Sonatype-Main.min.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c746ec617a393d32926056ad52d0069fa5ef72877ded40903ce0f5ebde49d97

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 0fbab52df0695e2a561cd26eb7f9484d.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 33
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 22F6107E0F7CC1C9
cf-request-id: 07e0d4c518000005e468b47000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Tue, 02 Jun 2020 19:09:00 GMT
server: cloudflare
etag: W/"305b87334a6634b554a9967df3d70402"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: FK0Wa_jlSA2D9H4B08wvMA0eavgnomHP
x-amz-cf-pop: IAD89-C1
cf-ray: 617b23e82d2105e4-FRA
x-amz-cf-id: RoHRV1VM9309V3woKkqkWkmUQMRJ_dNHm98m9wTSpw20FpAROTUwSQ==
x-amz-id-2: CP6UkeklBWuQTcpi5ueiQMur+hUYZ51rxPJzw9C9qfwRdJVL9FlMfhawiQoR+HZfHzZ/AJ7Wllk=

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 167 KB
45 KB 54ms
25ms Script
application/javascript 2a00:1450:4001:825::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TT8R4P

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

45d881a6b576682a45d055b8a9795486e76109941dfa98e8c93d4712898984f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45731
x-xss-protection: 0
expires: Tue, 26 Jan 2021 15:06:51 GMT

GET
H2 200 cae69742.css
fonticons-free-fonticons.netdna-ssl.com/kits/cae69742/ 9 KB
6 KB 35ms
6ms Stylesheet
text/css 108.161.188.228
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://fonticons-free-fonticons.netdna-ssl.com/kits/cae69742/cae69742.css
Requested by: Host: use.fonticons.com
URL: https://use.fonticons.com/cae69742.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: a9d2e153861f6e5ba4b46024c013ae7765411ac3df1976d625c8a5e5dbd032b5

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
content-encoding: gzip
last-modified: Fri, 22 Apr 2016 13:22:03 GMT
server: NetDNA-cache/2.2
etag: W/"c1f1042b6b09a16128262df725078926"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-cache: HIT
content-type: text/css
cache-control: max-age=60, private, must-revalidate

GET
H2 200 99hz8ezzd9gu.js Show response
js.driftt.com/include/1611673800000/ 285 KB
81 KB 144ms
115ms Script
application/javascript 13.224.196.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1611673800000/99hz8ezzd9gu.js

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.196.41 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-196-41.fra2.r.cloudfront.net

Software

nginx /

Resource Hash

4e7e8d12c5f9feac30f2bcd634d82786156eeb6d51cd3356cb53e57c16522ce4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: oRz6Me4Z3mezeUOhWQOkSWK8yoV7bokD
content-encoding: gzip
etag: W/"e1ece76a05495807fdf5fdcbccfb560e"
x-amz-cf-pop: FRA2-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 26 Jan 2021 15:00:26 GMT
server: nginx
date: Tue, 26 Jan 2021 15:06:51 GMT
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
via: 1.1 d8328954e51c0912a8419c1a67cea1dc.cloudfront.net (CloudFront)
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: WTnrFthtTDsWB7civ3eYI_pogABiB4wIc6NFrm2iAFaicYx3PTBlEg==

GET
H2 200 ressponsive.min.css
cdn2.hubspot.net/hub/1958393/hub_generated/template_assets/1470395970193/custom/page/web_page_basic/ 77 B
248 B 51ms
48ms Stylesheet
text/css 2606:4700::6811:f2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/1958393/hub_generated/template_assets/1470395970193/custom/page/web_page_basic/ressponsive.min.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1611535992332/In_Use/In_Use_CSS/default/hs_default_custom_style.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7fc32dbd9d7ba36243de341ee5f34a64a9ae095afee6ada8ce1f3d14c22c1dfd

Request headers

Referer: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1611535992332/In_Use/In_Use_CSS/default/hs_default_custom_style.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
content-encoding: br
cf-cache-status: HIT
age: 1505014
x-amz-meta-md5-hash: e1be8528cd2b50bd34b2434539994980
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
cf-request-id: 07e0d4c54100004a5bc73f6000000001
last-modified: Fri, 05 Aug 2016 11:19:31 GMT
server: cloudflare
etag: W/"e1be8528cd2b50bd34b2434539994980"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop: IAD89-C1
cf-ray: 617b23e86d874a5b-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 Proxima-Nova-Extras.css
www.sonatype.com/hubfs/Fonts/ 6 KB
2 KB 105ms
68ms Stylesheet
text/css 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sonatype.com/hubfs/Fonts/Proxima-Nova-Extras.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1611535992332/In_Use/In_Use_CSS/default/hs_default_custom_style.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d4308de018a95634260c56b7806ed795a797b9352e36dc10ed3cfd8262fc39f3

Request headers

Referer: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1611535992332/In_Use/In_Use_CSS/default/hs_default_custom_style.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 980059f199bdd603b925d049efedf130.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-28057205616,FD-3797246449,P-1958393,FLS-ALL
age: 439560
x-amz-server-side-encryption: AES256
edge-cache-tag: F-28057205616,FD-3797246449,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: E512C5AB1881F6EE
cf-request-id: 07e0d4c55700004aaa84834000000001
last-modified: Mon, 06 Apr 2020 20:03:28 GMT
server: cloudflare
etag: W/"081ee9523e1034ef58341ede01254dfb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-amz-id-2: BQAkQ2fR8Q+pviWUQ8P3g8Y8e645luBUjRVQLqHRDXM2TAmLTpv98giE3Q5fky/S4yfwDE+T86w=
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: YgXnGlF4WQ1AstClwlTILsPDXJB27Jsh
x-amz-cf-pop: FRA56-C1
cf-ray: 617b23e88d634aaa-FRA
x-amz-cf-id: 5SQr1ogMG6qD0Ez5bFKhdG4HjjFONod36ZfWQPaFqq6q6nfnTfsKBA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 proximanova.css
cdn2.hubspot.net/hubfs/1958393/Fonts/ 4 KB
1 KB 43ms
41ms Stylesheet
text/css 2606:4700::6811:f2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hubfs/1958393/Fonts/proximanova.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1611535992332/In_Use/In_Use_CSS/default/hs_default_custom_style.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 549bf3e4406e886adc00448706a432b1c5633532df4098acc5235be3459da32d

Request headers

Referer: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1611535992332/In_Use/In_Use_CSS/default/hs_default_custom_style.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-3944818967,P-1958393,FLS-ALL
age: 900886
edge-cache-tag: F-3944818967,P-1958393,FLS-ALL
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 7A67B40450847FBC
cf-request-id: 07e0d4c54500004a5b2710c000000001
last-modified: Sun, 08 Oct 2017 10:31:18 GMT
server: cloudflare
etag: W/"82d3f802db703aec190e50c8ae99deab"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-amz-id-2: jMbCtJTKT2D5QyGgmhMS1oUde8z6K0Rbbf4HvYGoQxtsj+UXn7s0oZyxn+G8yWjg9vl/KWwbisE=
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: Nx1ip_m09IOUG29Oo2hvpQOOKZSH0Vcn
x-amz-cf-pop: FRA50-C1
cf-ray: 617b23e86d984a5b-FRA
x-amz-cf-id: uzgl6M7Enn-SX9klFGLPQdCFVSR1qozG67jGEHPVNRobtSCk7psoBA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 font-awesome.css
cdn2.hubspot.net/hubfs/1958393/Fonts/font-awesome/css/ 32 KB
7 KB 40ms
38ms Stylesheet
text/css 2606:4700::6811:f2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hubfs/1958393/Fonts/font-awesome/css/font-awesome.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1611535992332/In_Use/In_Use_CSS/default/hs_default_custom_style.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 082b0736a3408950e50fd65a090921003fe83d89ec6e3084549a01d5dfa9e854

Request headers

Referer: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1611535992332/In_Use/In_Use_CSS/default/hs_default_custom_style.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 479d15a99f4dd073131fba1516541469.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-3948811917,P-1958393,FLS-ALL
age: 900886
edge-cache-tag: F-3948811917,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: A7CB6C733C05476A
cf-request-id: 07e0d4c54100004a5bc10fd000000001
last-modified: Sun, 08 Oct 2017 10:31:29 GMT
server: cloudflare
etag: W/"5343ee1a287a65ff20961476fd8a6188"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-amz-id-2: PQNlGBMduzqRdH2EzRzSZlp/v50YyVcjXalUjG4li0CNTWpNkEcfaNPbnpt+ddCgzwKyMvot5h8=
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: m9Z5f4v3tZv6bWFPUKxjPuJ3lp5IXZnA
x-amz-cf-pop: FRA50-C1
cf-ray: 617b23e86d9a4a5b-FRA
x-amz-cf-id: whz7vIRJrr6wO69Eu9CkkLRn-8pQd-RWIAZstV-dkxX6t_CA6UcEwQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 31ms
5ms Script
text/javascript 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-137036301-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 4176
date: Tue, 26 Jan 2021 13:57:15 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Tue, 26 Jan 2021 15:57:15 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 30 KB
13 KB 56ms
34ms Script
text/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TT8R4P

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

34fcae3cf94e02d46c230a5b7dd3827d612587164e048dcfe146518da1cb4ab0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 12189
x-xss-protection: 0
server: cafe
etag: 8926089356025331971
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 26 Jan 2021 15:06:51 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 91 KB
24 KB 18ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9e7ea2b4ba8e2bcc4a964d6192e4671dc5f6863a1c7e35b52b229a3c1e67a68d

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23762
x-fb-rlafr: 0
pragma: public
x-fb-debug: o7bsOBgyidC3yWPBbEo44AeJdNquuAU/Y2HkElRnqCazKOPw7hUe0HHVsty8T3w5DrlZNcSkrhEgfpkwRmsMHg==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Tue, 26 Jan 2021 15:06:51 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 20ms
8ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 varnish
last-modified: Fri, 04 Dec 2020 00:21:46 GMT
age: 54492
etag: "cbc512946c8abb461c6215ed5b454e5f+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1957
x-timer: S1611673612.685914,VS0,VE0
x-served-by: cache-fra19157-FRA

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 28ms
14ms Script
application/x-javascript 2a02:26f0:6c00:28c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 26 Jan 2021 15:06:51 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=9083
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 17 KB
6 KB 25ms
6ms Script
application/javascript 151.101.113.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.140 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: e88e0ed354170d8b73435fadf714ab8fff7c00b985295495d146b5eb92dc3e50

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 varnish, 1.1 varnish
last-modified: Tue, 30 Jun 2020 17:04:46 GMT
server: snooserv
etag: "85ee817cda81317b49d1d3056f6bdf95"
vary: Accept-Encoding,Origin
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-encoding: gzip
content-length: 5809

GET
H/1.1 200
OK tracking.js Show response
trk.techtarget.com/ 4 KB
2 KB 26ms
7ms Script
text/javascript 163.171.132.119
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.132.119 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 26 Jan 2021 15:06:51 GMT
Content-Encoding: gzip
Last-Modified: Fri, 21 Jun 2019 20:11:17 GMT
Server: PWS/8.3.1.0.8
Age: 195
X-Ws-Request-Id: 6010300b_PSdgflkfFRA2po7_4881-63580
Content-Type: text/javascript
Via: 1.1 PS-JFK-04af1235:4 (W), 1.1 PSdgflkfFRA1hb199:0 (W), 1.1 PSdgflkfFRA2gb73:3 (W)
Cache-Control: max-age=600
X-Px: ht PSdgflkfFRA2gb73FRA
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1711
Expires: Tue, 26 Jan 2021 15:13:36 GMT

GET
H2 200 bc-v2.min.html
consentcdn.cookiebot.com/sdk/ Frame 9AB4 0
0 22ms
6ms Document
text/html 2a02:26f0:6c00:299::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consentcdn.cookiebot.com/sdk/bc-v2.min.html
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:299::f09 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

:method: GET
:authority: consentcdn.cookiebot.com
:scheme: https
:path: /sdk/bc-v2.min.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.sonatype.com/npm-malware-xpc.js
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blog.sonatype.com/npm-malware-xpc.js

Response headers

accept-ranges: bytes
content-type: text/html
etag: "3748ab610968562df868e615f4c38fac:1607548992.671916"
last-modified: Wed, 09 Dec 2020 21:23:12 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=488
expires: Tue, 26 Jan 2021 15:14:59 GMT
date: Tue, 26 Jan 2021 15:06:51 GMT
content-length: 997
server-timing: cdn-cache; desc=HIT edge; dur=1

GET
H2 200 p.css
p.typekit.net/ 5 B
149 B 22ms
6ms Stylesheet
text/css 2a02:26f0:6c00:28d::19fd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=ymj3prt&ht=tk&f=137.138.139.140.169.170.171.172.173.174.175.176.5474.5475.25136.25137&a=28114372&app=typekit&e=css
Requested by: Host: www.sonatype.com
URL: https://www.sonatype.com/hubfs/Fonts/Proxima-Nova-Extras.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28d::19fd , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer: https://www.sonatype.com/hubfs/Fonts/Proxima-Nova-Extras.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
last-modified: Tue, 01 Sep 2020 23:51:26 GMT
server: nginx
etag: "5f4ede7e-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5

GET
H2 200 adsct
t.co/i/ 43 B
448 B 142ms
128ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nv7ri&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 122
pragma: no-cache
last-modified: Tue, 26 Jan 2021 15:06:51 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 2d774058ec4b7adb0f00dc616882835c
x-transaction: 0070bd8e00112a7e
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 186951338452760 Show response
connect.facebook.net/signals/config/ 242 KB
70 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/186951338452760?v=2.9.33&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4256f2f78328ee65ad8349d8ec6077125e7a43346b8cb58c830047e65fa83f3b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 71093
x-fb-rlafr: 0
pragma: public
x-fb-debug: bVsZaWLnFPnT4v0WPi2C0sTwjeZDZl1sev/BL/jFExoeD2qE7J5QmvB5oSkfRWAo1QM00BMtT+lFN531JPmbGg==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Tue, 26 Jan 2021 15:06:51 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-content-id: 1365088141
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
69 B 14ms
13ms XHR
text/plain 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1722014294&t=pageview&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&ul=en-us&de=UTF-8&dt=Massive%20threat%20campaign%20strikes%20open-source%20repos%2C%20Sonatype%20spots%20new%20CursedGrabber%20malware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=937186118&gjid=1368673537&cid=806365184.1611673612&tid=UA-137036301-1&_gid=2111143229.1611673612&_r=1&gtm=2ou1d0&z=1328911294

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
125 B 125ms
110ms Image
image/gif 151.101.113.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1611673611789&id=t2_2fnbqoqz&event=PageVisit&uuid=6878190e-0233-46e3-858e-f421671caf5b&s=3v23slOVzojmVWe5f8JH%2F56QuBxwJrpgubD6hcPDOek%3D
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.140 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 varnish
server: Varnish
accept-ranges: bytes
content-length: 42
retry-after: 0
content-type: image/gif

GET
H/1.1 200
OK activity.gif
apt.techtarget.com/activity/ 43 B
450 B 431ms
110ms Image
image/gif 206.19.49.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=1534989&version=2.0&ref=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&r=1611673611792
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 206.19.49.24 , United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 26 Jan 2021 15:06:52 GMT
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
ETag: "2b-5850384023492"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=52
Content-Length: 43

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&time=1611673611793&url=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39209%26time%3D1611673611793%26url%3Dhttps%253A%252F%252Fblog.sonatype.com%252Fnp...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&time=1611673611793&url=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&liSync=true

0
58 B

180ms
180ms

Image
application/javascript

2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&time=1611673611793&url=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&liSync=true
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:52 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 0
x-li-uuid: MY/noJzQXRYAbZHS7SoAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-content-type-options: nosniff
linkedin-action: 1
content-length: 0
x-li-uuid: ntXNmZzQXRYgOs1KKCsAAA==
pragma: no-cache
x-li-pop: afd-prod-lor1
x-msedge-ref: Ref A: C41BC587378846BF8842DA43F8A6F9E7 Ref B: FRAEDGE0910 Ref C: 2021-01-26T15:06:52Z
x-frame-options: sameorigin
date: Tue, 26 Jan 2021 15:06:52 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=31536000
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&time=1611673611793&url=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&liSync=true
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 fontawesome-webfont.woff2
cdn2.hubspot.net/hubfs/1958393/Fonts/font-awesome/fonts/ 65 KB
66 KB 51ms
36ms Font
application/font-woff2 2606:4700::6811:f2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hubfs/1958393/Fonts/font-awesome/fonts/fontawesome-webfont.woff2?v=4.5.0
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hubfs/1958393/Fonts/font-awesome/css/font-awesome.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Request headers

Origin: https://blog.sonatype.com
Referer: https://cdn2.hubspot.net/hubfs/1958393/Fonts/font-awesome/css/font-awesome.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 aec69d2871c7aeb74988020f07480fa4.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-4079175725,P-1958393,FLS-ALL
age: 963038
edge-cache-tag: F-4079175725,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 70A845B4B47D4B86
cf-request-id: 07e0d4c62d000005e46f38a000000001
x-amz-id-2: n3wg5umBUEi0DQ2SJHVn6hUzNabAgJxn9VH5DBaCDwXpRj6Yem5taFitHBWvgT1ExqvM66TxqjY=
accept-ranges: bytes
last-modified: Sun, 08 Oct 2017 10:38:42 GMT
server: cloudflare
etag: "db812d8a70a4e88e888744c1c9a27e89"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: 3UroynpaV5eWzCWsV891qGxKLQ155y_G
x-amz-cf-pop: TXL52-C1
content-length: 66624
cf-ray: 617b23e9ea1005e4-FRA
x-amz-cf-id: 8n0YaV24Zi3c0o0HxE7PZ3VIsQubz_eBRzfUKD_Mc4ROz0gsesLl1Q==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 ProximaNova-Light-webfont.woff2
cdn2.hubspot.net/hubfs/1958393/Fonts/ 20 KB
20 KB 56ms
42ms Font
application/font-woff2 2606:4700::6811:f2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hubfs/1958393/Fonts/ProximaNova-Light-webfont.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hubfs/1958393/Fonts/proximanova.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3a24ee554eac3f45e56c23dbd2c6a00823b4f98fff5cd252715d1f818142dad

Request headers

Origin: https://blog.sonatype.com
Referer: https://cdn2.hubspot.net/hubfs/1958393/Fonts/proximanova.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-3944811672,P-1958393,FLS-ALL
age: 1413139
edge-cache-tag: F-3944811672,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: A206D7F9775740A5
cf-request-id: 07e0d4c62d000005e4cb1d7000000001
x-amz-id-2: 9HoMPH38Xd8vmqumzzlVt2nGFSCmDpEdWWW4UDOGmDbD/BarZ5DMwAEMcjE4mCiask4yMXn3koQ=
accept-ranges: bytes
last-modified: Sun, 08 Oct 2017 10:31:17 GMT
server: cloudflare
etag: "8b7a2ea3ead03ba763da54c65bc6975c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: _8yz9ZjF7LQYfTsY7yUCaRvghdOgqaN0
x-amz-cf-pop: FRA50-C1
content-length: 20128
cf-ray: 617b23e9ea1305e4-FRA
x-amz-cf-id: k1yyQSCRE7DCDQP67dzGNMeybDMierAtvtTwELU5rFEUkTnwKCGqQg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 ProximaNova-Sbold-webfont.woff2
cdn2.hubspot.net/hubfs/1958393/Fonts/ 20 KB
20 KB 57ms
42ms Font
application/font-woff2 2606:4700::6811:f2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hubfs/1958393/Fonts/ProximaNova-Sbold-webfont.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hubfs/1958393/Fonts/proximanova.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a

Request headers

Origin: https://blog.sonatype.com
Referer: https://cdn2.hubspot.net/hubfs/1958393/Fonts/proximanova.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 0c17d43ed0068cac968c920774378b84.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-3943825497,P-1958393,FLS-ALL
age: 1668929
edge-cache-tag: F-3943825497,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 1GFP2Z0X5QDP8H9Y
cf-request-id: 07e0d4c630000005e478194000000001
x-amz-id-2: UsYkkxY1+VWFaXXBHCfffLfZnQC4OymD4uxdBThfa2alvW017RcbbVw1nUQQtTulO4AHlOM6kwU=
accept-ranges: bytes
last-modified: Sun, 08 Oct 2017 10:31:15 GMT
server: cloudflare
etag: "a96ff4477074c6395b7305d2d98fde8e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: 9IshFJybfsXsTU7IggT7Rm3P84yGu_.L
x-amz-cf-pop: DUS51-C1
content-length: 20344
cf-ray: 617b23e9ea1705e4-FRA
x-amz-cf-id: pxSi12yuMgxZQEMGyFebergK25GTGWNDeJdtNE_csLmCKiFLCDtGLQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 l
use.typekit.net/af/6e816b/00000000000000003b9b3064/27/ 19 KB
19 KB 18ms
6ms Font
application/font-woff2 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/6e816b/00000000000000003b9b3064/27/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n5&v=3
Requested by: Host: www.sonatype.com
URL: https://www.sonatype.com/hubfs/Fonts/Proxima-Nova-Extras.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0a , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 0c459beae849053d9104612c83a2746c3953c9d6f703eb927e5903842c6db4c5

Request headers

Origin: https://blog.sonatype.com
Referer: https://www.sonatype.com/hubfs/Fonts/Proxima-Nova-Extras.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
server: nginx
etag: "189a667f664e55d860e015add84222b22aeab918"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 19520

GET
H2 200 facebook-circle-trim.png
blog.sonatype.com/hs-fs/hubfs/ 352 B
967 B 31ms
29ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=24&name=facebook-circle-trim.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b00f293c3285a01ee643cab82de73207181f75903bd29b69cb23283bc034b821

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 f2c051917a765f1d1a1cd2ce1622adb9.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 439560
cf-polished: origFmt=png, origSize=981
edge-cache-tag: F-6716653300,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="facebook-circle-trim.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-length: 352
cf-request-id: 07e0d4c677000005e46a171000000001
x-amz-server-side-encryption: AES256
last-modified: Tue, 05 Jan 2021 08:21:33 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "e77db299fee4d5fa142b26e582d602fc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 617b23ea5b6205e4-FRA
x-amz-cf-id: BzcwStoXlvND6QTDVqa61wZCOt-BRssFek-74mLyH2zgSHumf5JqmA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 Linked-In-Circle-trim.png
blog.sonatype.com/hs-fs/hubfs/ 386 B
734 B 43ms
41ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=24&name=Linked-In-Circle-trim.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66dfe73819ce6524eb90c7e5ee5cd24888e7bd3b10d913cd897b5851c7f3952b

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 6b8cdd1ce925ccd88cc918dd35811d07.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 439559
cf-polished: origFmt=png, origSize=1013
edge-cache-tag: F-6716653299,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Linked-In-Circle-trim.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-length: 386
cf-request-id: 07e0d4c677000005e4aabab000000001
x-amz-server-side-encryption: AES256
last-modified: Sat, 09 Jan 2021 13:21:48 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "8b02712e4139a1e2b16d7a73678143ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 617b23ea5b6705e4-FRA
x-amz-cf-id: 4hjjCnTI-rmpDQ8Bc6Wq4UnJ5URdzFwnC08lFrGJzRDyXyiakuUdqQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 Twitter-circle-trim.png
blog.sonatype.com/hs-fs/hubfs/ 380 B
730 B 34ms
33ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=24&name=Twitter-circle-trim.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 949e1fa3257c3858c76febfdec7cc3b47ac0fee3f877b2ca9b6450230ae7772c

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 547c5e28f010be7961f641c3903c0954.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 439560
cf-polished: origFmt=png, origSize=1004
edge-cache-tag: F-6716653301,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Twitter-circle-trim.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-length: 380
cf-request-id: 07e0d4c678000005e48c2ab000000001
x-amz-server-side-encryption: AES256
last-modified: Sat, 09 Jan 2021 13:21:48 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "0999ea81fc5c161a53c8060cd412e0c2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 617b23ea5b6a05e4-FRA
x-amz-cf-id: 92vc4FxR8LuylTChZA2biZtsWJebFi18SbD-rwczJpvHV-yu3rfMxQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 mail-circle.png
blog.sonatype.com/hs-fs/hubfs/ 384 B
734 B 28ms
27ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=24&name=mail-circle.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05bb75a7fe65fa8c26a10b4b0ef0f404b9b079a198cf08da345fd2448533d36f

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
via: 1.1 148f45d892bd2198be5295012ed59888.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 439560
cf-polished: origFmt=png, origSize=1178
edge-cache-tag: F-6653767664,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="mail-circle.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-length: 384
cf-request-id: 07e0d4c679000005e4b8034000000001
x-amz-server-side-encryption: AES256
last-modified: Tue, 05 Jan 2021 09:16:57 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "ec4f28120ab71f90e69a42e7d9dd55bb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 617b23ea5b6d05e4-FRA
x-amz-cf-id: 077bMe0uizs-2ueYkyU-heIkIrSJN8sp3dJVq_EhCpJUXzo2w8uV3Q==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
447 B 103ms
31ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-137036301-1&cid=806365184.1611673612&jid=937186118&gjid=1368673537&_gid=2111143229.1611673612&_u=IEBAAUAAAAAAAC~&z=1532547705

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 26 Jan 2021 15:06:51 GMT
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 57d70dc2-fdae-4a95-864a-471335c8677b Show response
blog.sonatype.com/_hcms/forms/embed/v3/form/1958393/ 19 KB
4 KB 132ms
132ms Script
application/javascript 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/_hcms/forms/embed/v3/form/1958393/57d70dc2-fdae-4a95-864a-471335c8677b?callback=hs_reqwest_0&hutk=

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e62b0c296fd075916618d45d10fd247da55f87dac1f8d974037cc2df653bf1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-trace: 2B3F1E3CF94F0F92C24057220082C11EE34556D1E6000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
content-disposition: attachment; filename=no-rfd.txt
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 617b23ea8bf605e4-FRA
cf-request-id: 07e0d4c697000005e46e188000000001

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 4 B
27 B 14ms
13ms XHR
text/plain 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1722014294&t=pageview&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&ul=en-us&de=UTF-8&dt=Massive%20threat%20campaign%20strikes%20open-source%20repos%2C%20Sonatype%20spots%20new%20CursedGrabber%20malware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KEDAAUABAAAAAC~&jid=725982668&gjid=2104025923&cid=806365184.1611673612&tid=UA-1693297-38&_gid=2111143229.1611673612&_r=1&_slc=1&z=112653730

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 4 B
27 B 13ms
13ms XHR
text/plain 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1722014294&t=pageview&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&ul=en-us&de=UTF-8&dt=Massive%20threat%20campaign%20strikes%20open-source%20repos%2C%20Sonatype%20spots%20new%20CursedGrabber%20malware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KEDAAUABAAAAAC~&jid=2030732251&gjid=1678518484&cid=806365184.1611673612&tid=UA-1693297-29&_gid=2111143229.1611673612&_r=1&_slc=1&z=362430890

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sf14g.js Show response
t.sf14g.com/ 36 KB
36 KB 289ms
96ms Script
application/javascript 3.220.33.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://t.sf14g.com/sf14g.js

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.220.33.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-220-33-83.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

6b171db7ca7ffee17e14f5d432d37e4ec87d6e7a5ce361670e329f705ee34364

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:52 GMT
last-modified: Fri, 11 Dec 2020 13:31:50 GMT
server: Kestrel
etag: "1d6cfc1faf4774c"
strict-transport-security: max-age=2592000
content-type: application/javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 36940
expires: -1

GET
H2 200 eUSOivES.min.js Show response
tag.demandbase.com/ 72 KB
18 KB 63ms
12ms Script
application/javascript 13.224.94.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/eUSOivES.min.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.94.21 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-94-21.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 73f0d0b03e4004a52edfcc895577193399d81670e00291ade240aa84efb37ea2

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: mG6f6FY7CfqIEiPYtwvIHGL2brf3odFo
content-encoding: gzip
last-modified: Tue, 08 Dec 2020 00:28:29 GMT
server: AmazonS3
age: 2670
etag: W/"bc6d486c6f15574fcb1a08075ee30aa1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
date: Tue, 26 Jan 2021 14:22:45 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: 1ld6IFuUSbaEtvy97-MUrBUJC7E81ZAhnnJBKxZm-bUu1jFDIPkFVQ==

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f5ca4d188faf2d55419bf0a4013a891f1769d301cd87cc1c0688d754b9caee14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: IuYodguEjkJfa4p8pVLz/A==
cross-origin-resource-policy: cross-origin
expires: Tue, 26 Jan 2021 15:20:14 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1780
x-fb-rlafr: 0
x-fb-debug: MOGoXYhhINhkr+Zz71IKjhd2SrzdbYI9uP9uQ7Cza6vWaQnHGQmmmuskCwQw/NKQhYTtK3RtMJNarR1bGcUIaw==
x-fb-trip-id: 686109401
x-fb-content-md5: 328f1d4dba330ae27a358dac11630065
date: Tue, 26 Jan 2021 15:06:51 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "99c374bbe961a2f48d906c743e170bd8"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 56ms
14ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B9D) /
Resource Hash: 2b418a10ba4680c77fa07fb0e736eec6306cba0dbbbc8deac94a25e679178e15

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 26 Jan 2021 15:06:51 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Oct 2020 21:52:09 GMT
Server: ECS (amb/6B9D)
Age: 576
Etag: "a671d4d584ef50954e5cebb21da17065+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28698

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
651 B 136ms
124ms Script
application/javascript 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nv7ri&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 116
pragma: no-cache
last-modified: Tue, 26 Jan 2021 15:06:52 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 3f91e4664d8072ffa75bc43cd50c28dd
x-transaction: 00f6c2d200ff8f02
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 public Show response
api.hubapi.com/comments/v3/comments/thread/ 2 KB
2 KB 144ms
130ms Script
application/javascript 2606:4700::6811:cccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/comments/v3/comments/thread/public?portalId=1958393&offset=0&limit=1000&contentId=37540882555&collectionId=3737438004&callback=jsonp_1611673611949_40065

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs/hsstatic/AsyncSupport/static-1.89/js/comment_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cccc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

372879f01e74f755ad4195016313e172c73904ebe9b0f2a9f04890cc793a196d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:52 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-trace: 2BB9270E9E8D9505A27D8A301EED05935B919AC0B5000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6uM2mVfILOlXvX80g48qXvAGe3MgZRbcbcmm2GRJ9NzjJ%2FsizDZZSsaqnk5N%2FcIZiYMDs38mny%2BjUGZ7rKKvo1xFj6DXfpWpi6HB%2FIXG%2BOU4WHBUQxlldI2k5A%3D%3D"}],"group":"cf-nel"}
content-type: application/javascript; charset=utf-8
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 617b23eacfc805b3-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 07e0d4c6bb000005b346a30000000001

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
738 B 131ms
113ms Script
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=1958393&callback=jsonpHandler

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs/hsstatic/HubspotToolsMenu/static-1.79/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:52 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
x-trace: 2B7E96DE8CFE2C1ECF993D138749F8950CA5E71BC0000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZNf%2FZxfb4DyBWGvWPNlD4ChNbT%2FkS2BXQ27MfdIkuDEAKOWRmDhblaQRhBzDlQaisx9rJKf8ORstAHTgwRS7fjW30%2F0Voy06BOggiNMsmeXLpKmwUSCcBmErFFA%3D"}],"max_age":604800,"group":"cf-nel"}
cache-control: max-age=0
access-control-allow-credentials: false
cf-ray: 617b23eacac64a91-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 07e0d4c6bf00004a913f83b000000001

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/981320274/ 2 KB
2 KB 49ms
29ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/981320274/?random=1611673611957&cv=9&fst=1611673611957&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg1d0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&tiba=Massive%20threat%20campaign%20strikes%20open-source%20repos%2C%20Sonatype%20spots%20new%20CursedGrabber%20malware&hn=www.googleadservices.com&us_privacy=1YNY&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad719169a57a25ee11e599eccdc3bfe5c5e18ec8efe8254bc14b826169582dfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1059
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1127487224079104 Show response
connect.facebook.net/signals/config/ 241 KB
70 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1127487224079104?v=2.9.33&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

52fc951dea528023d516bbaa768592adeff23fde0bb1007927f09edafeed22b7

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 71004
x-fb-rlafr: 0
pragma: public
x-fb-debug: 7JNtHMHE5WNQ4HaoeIVhOQz224dpG9pK8tIxwvbBx8Kf5wz6HJwutL0qMi2iFLmIcXq/4uBVe7cHNHcAg008VQ==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Tue, 26 Jan 2021 15:06:51 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-content-id: 636998578
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
409 B 19ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=186951338452760&ev=PageView&dl=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&rl=&if=false&ts=1611673611974&sw=1600&sh=1200&v=2.9.33&r=stable&ec=0&o=30&fbp=fb.1.1611673611973.55862614&it=1611673611708&coo=false&rqm=GET

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:51 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 26 Jan 2021 15:06:51 GMT

POST
H3-Q050 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
425 B 44ms
17ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-1693297-38&cid=806365184.1611673612&jid=725982668&gjid=2104025923&_gid=2111143229.1611673612&_u=KEDAAUABAAAAAC~&z=1675060587

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 26 Jan 2021 15:06:52 GMT
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
28 B 44ms
18ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-1693297-29&cid=806365184.1611673612&jid=2030732251&gjid=1678518484&_gid=2111143229.1611673612&_u=KEDAAUABAAAAAC~&z=255182116

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 26 Jan 2021 15:06:52 GMT
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
170 B 137ms
137ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 117
pragma: no-cache
last-modified: Tue, 26 Jan 2021 15:06:52 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 2d774058ec4b7adb0f00dc616882835c
x-transaction: 009a8b040083afa3
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 448 KB
77 KB 50ms
32ms Script
application/javascript 2606:4700::6811:eacc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs/scriptloader/1958393.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:eacc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 91ed6ce02b6c75337190849469779a4bd41848b76017521bf4544f268c011ad4

Request headers

Origin: https://blog.sonatype.com
Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:52 GMT
via: 1.1 368146333bf1a1071e8432a7d4e41e1a.cloudfront.net (CloudFront)
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
age: 24508
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.969/bundle/main/lead-flows-release.js&cfRay=6178cd966f9d2c36-IAD
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 07e0d4c7070000c2bd5e3ad000000001
cf-ray: 617b23eb3b22c2bd-FRA
last-modified: Thu, 17 Dec 2020 10:03:39 UTC
server: cloudflare
etag: W/"a566ab0a8f74bc7424c04febd0ea0ce7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: rhp8gAMuDbTLsXApeWVaA5lKkewB4A5p
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
x-amz-cf-pop: IAD89-C3
content-type: application/javascript; charset=utf-8
x-amz-cf-id: LOBmjcU76CsrJqP4ZsM9mM5bHILEFt3W7w3GE2EfjDjNJC77igk9oQ==

GET
H2 200 1958393.js Show response
js.hs-analytics.net/analytics/1611673500000/ 71 KB
20 KB 33ms
19ms Script
text/javascript 2606:4700::6811:43b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1611673500000/1958393.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs/scriptloader/1958393.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:43b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b7e22a50359eb0dc1cb3e7ccc0836debbecb467aa8e5c55604d2bf5f4b63741

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:52 GMT
content-encoding: br
cf-cache-status: HIT
age: 32
x-amz-server-side-encryption: AES256
x-amz-request-id: 6X5X2PBK6GEK7T1G
x-amz-id-2: S0WMJPetkF0Kn76S+YdXO/3fuUv8wb6Btszs48SypqI5ZCwlAzkeMbjq6sGItX1NJTqqTw3HWNw=
last-modified: Thu, 14 Jan 2021 16:55:42 GMT
server: cloudflare
etag: W/"b81ab257a3c287453da922cd5ec8f528"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300, public
access-control-allow-credentials: false
x-amz-version-id: null
cf-request-id: 07e0d4c7030000c2ae098fd000000001
cf-ray: 617b23eb3ce0c2ae-FRA
expires: Tue, 26 Jan 2021 15:11:20 GMT

GET
H2 200 1958393.js Show response
js.hs-banner.com/ 56 KB
14 KB 39ms
26ms Script
text/javascript 2606:4700::6812:14bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/1958393.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs/scriptloader/1958393.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b777ae5b5b9835b357d28a52014ef1feddd9127164e1aabc0e547f7deda6151e

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash: crc32c=LQnF+Q==, md5=7nm6N1Z/Gd0KGT2p4SDeYA==
date: Tue, 26 Jan 2021 15:06:52 GMT
content-encoding: br
cf-cache-status: HIT
age: 290
x-guploader-uploadid: ABg5-UwfoO_JlAvN76I1fJpcDCdVREOmi-vTiPVGHyvcLQWfU0b-F7vYRRcV8OgZl4qvMZsPh1tW8_9j11F9e817YXc
x-goog-storage-class: STANDARD
access-control-max-age: 604800
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: text/javascript; charset=UTF-8
cf-request-id: 07e0d4c70300002fa517243000000001
timing-allow-origin: *
last-modified: Tue, 05 Jan 2021 17:23:53 GMT
server: cloudflare
etag: W/"ee79ba37567f19dd0a193da9e120de60"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-goog-generation: 1609867433842532
access-control-allow-origin: https://de.sonatype.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
x-goog-stored-content-length: 57394
cf-ray: 617b23eb3ea12fa5-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Tue, 26 Jan 2021 15:07:02 GMT

GET
H2 206 notification.d46d7db1.mp3
js.driftqa.com/conductor/assets/media/ 8 KB
0 572ms
395ms Media
audio/mpeg 54.197.143.221
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftqa.com/conductor/assets/media/notification.d46d7db1.mp3

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.197.143.221 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-197-143-221.compute-1.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 26 Jan 2021 15:06:52 GMT
last-modified: Tue, 26 Jan 2021 15:03:09 GMT
server: nginx
access-control-allow-origin: *
etag: "d46d7db110874da77e094dcbc4bec8e6"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, OPTIONS
content-type: audio/mpeg
Content-Range: bytes 0-20896/20897
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 20897

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 51ms
29ms Image
image/gif 2a00:1450:4001:817::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-137036301-1&cid=806365184.1611673612&jid=937186118&_u=IEBAAUAAAAAAAC~&z=304525618

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 58ms
33ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-137036301-1&cid=806365184.1611673612&jid=937186118&_u=IEBAAUAAAAAAAC~&z=304525618

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 189 KB
57 KB 18ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=b4a1f30d934df42bff68b6f572833dc9&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e558722226e9464978d1be45e8410d01ff725c183aca471e61680cb43b3d7bbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://blog.sonatype.com
Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 4uwvIcfV7rviZlXU+8d6mA==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 57964
x-fb-rlafr: 0
x-fb-debug: 8O9VtJSzLzeMa7FNm5S4dwJq8RdSMuELGdjyFv0hcVi/ymK1DUoOFHLA+k1sv3xswVYdenZh0DR0tEnpsJ4vtw==
x-fb-trip-id: 686109401
x-fb-content-md5: 347bc0bc876d11370cbfa18243f6a57b
x-frame-options: DENY
date: Tue, 26 Jan 2021 15:06:52 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "d9a3ca8b0d8e74e8403169a63531c45e"
timing-allow-origin: *
expires: Wed, 26 Jan 2022 14:53:48 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/981320274/ 42 B
552 B 21ms
21ms Image
image/gif 2a00:1450:4001:817::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/981320274/?random=1611673611957&cv=9&fst=1611673200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg1d0&sendb=1&frm=0&url=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&tiba=Massive%20threat%20campaign%20strikes%20open-source%20repos%2C%20Sonatype%20spots%20new%20CursedGrabber%20malware&async=1&fmt=3&is_vtc=1&random=1454889467&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/981320274/ 42 B
552 B 32ms
23ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/981320274/?random=1611673611957&cv=9&fst=1611673200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg1d0&sendb=1&frm=0&url=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&tiba=Massive%20threat%20campaign%20strikes%20open-source%20repos%2C%20Sonatype%20spots%20new%20CursedGrabber%20malware&async=1&fmt=3&is_vtc=1&random=1454889467&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 423 B
925 B 91ms
64ms XHR
application/json 13.224.94.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&page_title=Massive%20threat%20campaign%20strikes%20open-source%20repos%2C%20Sonatype%20spots%20new%20CursedGrabber%20malware&src=tag&key=48b7caced1a1844ac23da2ca1d20cc6c
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/eUSOivES.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.94.71 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-94-71.zrh50.r.cloudfront.net
Software: nginx /
Resource Hash: 5b4f7ddf2cbd5ef8611f5fd90529a7c0b42bedb4c6f5a8f08d1c328b55043372

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:52 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
request-id: 2b0e7190-401b-4948-ac23-085d43d3b266
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://blog.sonatype.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ZtMgIqggPI6b9JaxJASakFbPQFSR36lSq8tdTAOXWzTd5X62wZbzwQ==
expires: Mon, 25 Jan 2021 15:06:52 GMT

GET

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AADNeE7AIGAAABC37Hj1ug
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AADNeE7AIGAAABC37Hj1ug&verifyHash=a4f8c861a7533913fb11d3b82731dca3f4e6b6f8

0
0

GET
H2 451 464526.gif
id.rlcdn.com/ 0
66 B 33ms
14ms Image
text/plain 34.120.207.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.207.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 148.207.120.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:52 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H/1.1 200
OK widget_iframe.96fd96193cc66c3e11d4c5e4c7c7ec97.html
platform.twitter.com/widgets/ Frame CC24 0
0 14ms
14ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.96fd96193cc66c3e11d4c5e4c7c7ec97.html?origin=https%3A%2F%2Fblog.sonatype.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B94) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://blog.sonatype.com/npm-malware-xpc.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blog.sonatype.com/npm-malware-xpc.js

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 29598
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Tue, 26 Jan 2021 15:06:52 GMT
Etag: "9fa476ae827f556d5b037fe43632370d+gzip"
Last-Modified: Thu, 01 Oct 2020 21:50:01 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (amb/6B94)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 5825

GET
H2 200 645539512625749 Show response
connect.facebook.net/signals/config/ 241 KB
70 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/645539512625749?v=2.9.33&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

12ae91f99c59c0c8c561a9accc1984a3a004d9489d4f72637ccbc34f41c47849

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 71042
x-fb-rlafr: 0
pragma: public
x-fb-debug: 9TNrMVSNpvzy6u7b3WUCnuOcE1V6Rg2BJ0pwoEfJS702vmI2aNLJuQSwhY8fJlkJyWQF5Euf1aGTmmnUh4N1oQ==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Tue, 26 Jan 2021 15:06:52 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-content-id: 739097706
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
147 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1127487224079104&ev=PageView&dl=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&rl=&if=false&ts=1611673612069&sw=1600&sh=1200&v=2.9.33&r=stable&ec=0&o=30&fbp=fb.1.1611673611973.55862614&it=1611673611708&coo=false&rqm=GET

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:52 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 26 Jan 2021 15:06:52 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 30ms
30ms Image
image/gif 2a00:1450:4001:817::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-1693297-38&cid=806365184.1611673612&jid=725982668&_u=KEDAAUABAAAAAC~&z=1999575250

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 30ms
30ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-1693297-38&cid=806365184.1611673612&jid=725982668&_u=KEDAAUABAAAAAC~&z=1999575250

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 29ms
28ms Image
image/gif 2a00:1450:4001:817::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-1693297-29&cid=806365184.1611673612&jid=2030732251&_u=KEDAAUABAAAAAC~&z=1554337646

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 31ms
30ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-1693297-29&cid=806365184.1611673612&jid=2030732251&_u=KEDAAUABAAAAAC~&z=1554337646

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 enterprise.js Show response
www.google.com/recaptcha/ 1008 B
806 B 16ms
16ms Script
text/javascript 2a00:1450:4001:817::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7a4207293be233867356b2866a38116bfc4b54e700854eed86386f2a59c68227

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 614
x-xss-protection: 1; mode=block
expires: Tue, 26 Jan 2021 15:06:52 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
101 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=645539512625749&ev=PageView&dl=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&rl=&if=false&ts=1611673612172&sw=1600&sh=1200&v=2.9.33&r=stable&ec=0&o=30&fbp=fb.1.1611673611973.55862614&it=1611673611708&coo=false&rqm=GET

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:52 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 26 Jan 2021 15:06:52 GMT

GET
H2 200 forms_f79029b2cb.min.js Show response
tag.demandbase.com/shared/ 177 KB
57 KB 12ms
12ms Script
application/javascript 13.224.94.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/shared/forms_f79029b2cb.min.js
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/eUSOivES.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.94.21 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-94-21.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 69a12e6a2c6dff14902de0fec7a22b138a389be30d22265fa1f3c629373c295e

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 25 Jan 2021 16:49:31 GMT
content-encoding: gzip
last-modified: Mon, 07 Dec 2020 19:53:05 GMT
server: AmazonS3
age: 80242
etag: W/"297f27393505134e72a57f78a067e26d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: ZdfV2hyb4.f3iYT1bTpwGYnAcDBeMBIJ
via: 1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=UTF-8
x-amz-cf-id: rYpUGlqpbvPCbLYO92amOP7dtaqhteG9450KsiQWo8kwMwclm0CaIQ==

GET
H2 200 siteOptimization_f79029b2cb.min.js Show response
tag.demandbase.com/shared/ 29 KB
8 KB 12ms
12ms Script
application/javascript 13.224.94.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/shared/siteOptimization_f79029b2cb.min.js
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/eUSOivES.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.94.21 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-94-21.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e9c03e549f6b33808532162019d6f2b0aa09cff718705c4a073b9829324ed8b6

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: pyAWKpmxZjoivhOdfMVoxyAV7r_16ciJ
content-encoding: gzip
last-modified: Mon, 07 Dec 2020 19:53:05 GMT
server: AmazonS3
age: 6718
etag: W/"e0ca164a0ab5a8d0ff4b0e17370b5e77"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront)
date: Tue, 26 Jan 2021 13:14:55 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: dQEEVYXU8_00cUlfXUyY-rS5Y7x8GkEfqO7vBoT1KZ-n7RsMinM6hg==

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
48 B 13ms
13ms XHR
text/plain 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1722014294&t=event&ni=1&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&ul=en-us&de=UTF-8&dt=Massive%20threat%20campaign%20strikes%20open-source%20repos%2C%20Sonatype%20spots%20new%20CursedGrabber%20malware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHDAAUABAAAAAC~&jid=680193172&gjid=31600431&cid=806365184.1611673612&tid=UA-137036301-1&_gid=2111143229.1611673612&_r=1&gtm=2wg1d0TT8R4P&cd1=(Non-Company%20Visitor)&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=Bot&cd7=&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=(Non-Company%20Visitor)&cd11=country_name&cd12=(Non-AccountWatch%20Visitor)&cd13=(Non-AccountWatch%20Visitor)&cd14=(Non-AccountWatch%20Visitor)&cd15=(Non-AccountWatch%20Visitor)&cd16=(Non-AccountWatch%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-AccountWatch%20Visitor)&cd19=(Non-AccountWatch%20Visitor)&cd20=(Non-AccountWatch%20Visitor)&z=1737785068

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
25 B 13ms
12ms XHR
text/plain 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1722014294&t=event&ni=1&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&ul=en-us&de=UTF-8&dt=Massive%20threat%20campaign%20strikes%20open-source%20repos%2C%20Sonatype%20spots%20new%20CursedGrabber%20malware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHDAAUABAAAAAC~&jid=1926486975&gjid=80094472&cid=806365184.1611673612&tid=UA-1693297-38&_gid=2111143229.1611673612&_r=1&gtm=2wg1d0TT8R4P&cd1=(Non-Company%20Visitor)&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=Bot&cd7=&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=(Non-Company%20Visitor)&cd11=country_name&cd12=(Non-AccountWatch%20Visitor)&cd13=(Non-AccountWatch%20Visitor)&cd14=(Non-AccountWatch%20Visitor)&cd15=(Non-AccountWatch%20Visitor)&cd16=(Non-AccountWatch%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-AccountWatch%20Visitor)&cd19=(Non-AccountWatch%20Visitor)&cd20=(Non-AccountWatch%20Visitor)&z=844078790

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
25 B 13ms
12ms XHR
text/plain 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1722014294&t=event&ni=1&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&ul=en-us&de=UTF-8&dt=Massive%20threat%20campaign%20strikes%20open-source%20repos%2C%20Sonatype%20spots%20new%20CursedGrabber%20malware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHDAAUABAAAAAC~&jid=1530637189&gjid=927224067&cid=806365184.1611673612&tid=UA-1693297-29&_gid=2111143229.1611673612&_r=1&gtm=2wg1d0TT8R4P&cd1=(Non-Company%20Visitor)&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=Bot&cd7=&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=(Non-Company%20Visitor)&cd11=country_name&cd12=(Non-AccountWatch%20Visitor)&cd13=(Non-AccountWatch%20Visitor)&cd14=(Non-AccountWatch%20Visitor)&cd15=(Non-AccountWatch%20Visitor)&cd16=(Non-AccountWatch%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-AccountWatch%20Visitor)&cd19=(Non-AccountWatch%20Visitor)&cd20=(Non-AccountWatch%20Visitor)&z=1716804485

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/_KUxfxvAoJ4k7SaKyLbja4Mi/ 331 KB
130 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/_KUxfxvAoJ4k7SaKyLbja4Mi/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ab2ee6c6698b57f2f3c79839a574a6808197ac57b7fbc6295b1be3ab8a4d279

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://blog.sonatype.com
Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 14:21:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2738
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132786
x-xss-protection: 0
last-modified: Sun, 17 Jan 2021 15:08:17 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 26 Jan 2022 14:21:14 GMT

GET
H2 200 pictos-set1-21.png
static.hsappstatic.net/pictos_images/static-1.25/img/pictos-1-png/16/ 142 B
1 KB 42ms
27ms Image
image/webp 2606:4700::6811:6d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.hsappstatic.net/pictos_images/static-1.25/img/pictos-1-png/16/pictos-set1-21.png

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs/hsstatic/AsyncSupport/static-1.89/sass/comments_listing_asset.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:6d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97f7fa907808a80f6ce7bd01d75b18da12a39880c9be5fe085eb0a492500953d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/hs/hsstatic/AsyncSupport/static-1.89/sass/comments_listing_asset.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:52 GMT
via: 1.1 41232b1248b5064ae14550b383a46695.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 69385
cf-polished: origFmt=png, origSize=215
cf-ray: 617b23ec88aa05cc-FRA
x-cache: Hit from cloudfront
content-disposition: inline; filename="pictos-set1-21.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 142
cf-request-id: 07e0d4c7d1000005cc4c9ae000000001
last-modified: Tue, 12 Apr 2016 02:23:37 GMT
server: cloudflare
etag: "db6b3db47de6f28259ac3c2d361fcd5d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PTOAchuFeAisbeIO6nW6WeysP88GNMewK8zAVTHv%2BnTbH5IvGVmZ88NLbf8g%2FVOOAFtPl3gljSrj8bZz7KIuFYjWod818uIOUAK1HYvCEPYC4fVH2tmA82S5Lhrm67pHmQ%2Fv"}],"max_age":604800}
x-amz-version-id: null
expires: Wed, 26 Jan 2022 15:06:52 GMT
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-type: image/webp
x-amz-cf-id: twLBkCrXHuHC-xqYtNqLg4XC9JGGmc9uudnexSbUimTHloGgwmIPOg==
cf-bgj: imgq:85,h2pri

POST
H3-Q050 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
28 B 15ms
15ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-137036301-1&cid=806365184.1611673612&jid=680193172&gjid=31600431&_gid=2111143229.1611673612&_u=aHDAAUABAAAAAC~&z=1596357356

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 26 Jan 2021 15:06:52 GMT
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
28 B 15ms
15ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-1693297-38&cid=806365184.1611673612&jid=1926486975&gjid=80094472&_gid=2111143229.1611673612&_u=aHDAAUABAAAAAC~&z=1978705671

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 26 Jan 2021 15:06:52 GMT
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
28 B 16ms
15ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-1693297-29&cid=806365184.1611673612&jid=1530637189&gjid=927224067&_gid=2111143229.1611673612&_u=aHDAAUABAAAAAC~&z=2054253099

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 26 Jan 2021 15:06:52 GMT
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 siteOptimization_f79029b2cb.css
tag.demandbase.com/shared/ 38 KB
5 KB 12ms
11ms Stylesheet
text/css 13.224.94.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/shared/siteOptimization_f79029b2cb.css
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/shared/siteOptimization_f79029b2cb.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.94.21 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-94-21.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d512f38537665079721a0c2fe5072f064c576142f8d14e72763ec86317e9d8e1

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: RW8zfsY62rY43eZzVi0yT_lwH1ljlcA9
content-encoding: gzip
last-modified: Mon, 07 Dec 2020 19:53:05 GMT
server: AmazonS3
age: 19390
etag: W/"d3c2e350fda0ba83dd607bfe8f813a70"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=UTF-8
via: 1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront)
date: Tue, 26 Jan 2021 09:44:34 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: CzRkXv0zg-BzBfDp-NvFjCc0_4xdi2OQoIL5ETE5GwiPmQN_AvvXuA==

GET
H3-Q050 200 ga-audiences
www.google.com/ads/ 42 B
101 B 36ms
32ms Image
image/gif 2a00:1450:4001:817::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-137036301-1&cid=806365184.1611673612&jid=680193172&_u=aHDAAUABAAAAAC~&z=1916423001

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ga-audiences
www.google.de/ads/ 42 B
65 B 62ms
45ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-137036301-1&cid=806365184.1611673612&jid=680193172&_u=aHDAAUABAAAAAC~&z=1916423001

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ga-audiences
www.google.com/ads/ 42 B
65 B 37ms
32ms Image
image/gif 2a00:1450:4001:817::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-1693297-38&cid=806365184.1611673612&jid=1926486975&_u=aHDAAUABAAAAAC~&z=1841609529

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ga-audiences
www.google.de/ads/ 42 B
483 B 61ms
44ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-1693297-38&cid=806365184.1611673612&jid=1926486975&_u=aHDAAUABAAAAAC~&z=1841609529

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ga-audiences
www.google.com/ads/ 42 B
432 B 34ms
30ms Image
image/gif 2a00:1450:4001:817::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-1693297-29&cid=806365184.1611673612&jid=1530637189&_u=aHDAAUABAAAAAC~&z=1914963581

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ga-audiences
www.google.de/ads/ 42 B
65 B 62ms
46ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-1693297-29&cid=806365184.1611673612&jid=1530637189&_u=aHDAAUABAAAAAC~&z=1914963581

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 stylesheet_f79029b2cb.v2.css
scripts.demandbase.com/shared/ 27 KB
4 KB 13ms
11ms Stylesheet
text/css 13.224.94.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.demandbase.com/shared/stylesheet_f79029b2cb.v2.css
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/shared/forms_f79029b2cb.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.94.21 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-94-21.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fa176af3695a7e918096d7d71a501167980482180f48dc0e4515855901b42969

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: csDn.NNS9VGplSm_6jcpT8H1jYl4C4Qr
content-encoding: gzip
last-modified: Mon, 07 Dec 2020 19:53:05 GMT
server: AmazonS3
age: 11124
etag: W/"178916ae2031afd4e0b75797aa965718"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=UTF-8
via: 1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront)
date: Tue, 26 Jan 2021 12:01:36 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: oR0xMNZsFdoZsxMuqgNeThdNNnG1e_A4oE_f4AtLwFkUsQSjki_lAA==

GET
H3-Q050 200 anchor
www.google.com/recaptcha/enterprise/ Frame BA8F 0
0 26ms
26ms Document
text/html 2a00:1450:4001:817::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLnNvbmF0eXBlLmNvbTo0NDM.&hl=en&v=_KUxfxvAoJ4k7SaKyLbja4Mi&size=invisible&badge=inline&cb=y3d70gxfgosn

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_KUxfxvAoJ4k7SaKyLbja4Mi/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-eNruOxbRyTcJa0nKGHcjSA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLnNvbmF0eXBlLmNvbTo0NDM.&hl=en&v=_KUxfxvAoJ4k7SaKyLbja4Mi&size=invisible&badge=inline&cb=y3d70gxfgosn
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.sonatype.com/npm-malware-xpc.js
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blog.sonatype.com/npm-malware-xpc.js

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 26 Jan 2021 15:06:52 GMT
content-security-policy: script-src 'report-sample' 'nonce-eNruOxbRyTcJa0nKGHcjSA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 11064
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
593 B 149ms
131ms Image
image/gif 2606:4700::6810:5805
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=forms-next-recaptcha-viewed&count=1&portalId=1958393

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5805 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:52 GMT
cf-cache-status: MISS
server: cloudflare
x-trace: 2BB8BE7421E16F6D208640AF2C8E1C080556BC4B4D000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
cf-ray: 617b23ed19e9634d-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
cf-request-id: 07e0d4c8310000634d690cf000000001

GET
H2 200 /
www.facebook.com/tr/ 44 B
101 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=186951338452760&ev=Microdata&dl=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&rl=&if=false&ts=1611673612588&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Massive%20threat%20campaign%20strikes%20open-source%20repos%2C%20Sonatype%20spots%20new%20CursedGrabber%20malware%22%2C%22meta%3Adescription%22%3A%22Sonatype%20has%20discovered%20more%20malware%20in%20the%20npm%20registry%2C%20xpc.js%2C%20which%20has%20led%20to%20the%20discovery%20of%20a%20novel%20and%20large%20scale%20malware%20campaign%20leveraging%20the%20open-source%20ecosystem.%5Cn%22%7D&cd[OpenGraph]=%7B%22og%3Adescription%22%3A%22Sonatype%20has%20discovered%20more%20malware%20in%20the%20npm%20registry%2C%20xpc.js%2C%20which%20has%20led%20to%20the%20discovery%20of%20a%20novel%20and%20large%20scale%20malware%20campaign%20leveraging%20the%20open-source%20ecosystem.%5Cn%22%2C%22og%3Atitle%22%3A%22Massive%20threat%20campaign%20strikes%20open-source%20repos%2C%20Sonatype%20spots%20new%20CursedGrabber%20malware%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fblog.sonatype.com%2Fhubfs%2FGettyImages-1206471872.png%23keepProtocol%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js%22%2C%22og%3Atype%22%3A%22article%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.33&r=stable&ec=1&o=30&fbp=fb.1.1611673611973.55862614&it=1611673611708&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:52 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 26 Jan 2021 15:06:52 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
101 B 6ms
5ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1127487224079104&ev=Microdata&dl=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&rl=&if=false&ts=1611673612589&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Massive%20threat%20campaign%20strikes%20open-source%20repos%2C%20Sonatype%20spots%20new%20CursedGrabber%20malware%22%2C%22meta%3Adescription%22%3A%22Sonatype%20has%20discovered%20more%20malware%20in%20the%20npm%20registry%2C%20xpc.js%2C%20which%20has%20led%20to%20the%20discovery%20of%20a%20novel%20and%20large%20scale%20malware%20campaign%20leveraging%20the%20open-source%20ecosystem.%5Cn%22%7D&cd[OpenGraph]=%7B%22og%3Adescription%22%3A%22Sonatype%20has%20discovered%20more%20malware%20in%20the%20npm%20registry%2C%20xpc.js%2C%20which%20has%20led%20to%20the%20discovery%20of%20a%20novel%20and%20large%20scale%20malware%20campaign%20leveraging%20the%20open-source%20ecosystem.%5Cn%22%2C%22og%3Atitle%22%3A%22Massive%20threat%20campaign%20strikes%20open-source%20repos%2C%20Sonatype%20spots%20new%20CursedGrabber%20malware%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fblog.sonatype.com%2Fhubfs%2FGettyImages-1206471872.png%23keepProtocol%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js%22%2C%22og%3Atype%22%3A%22article%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.33&r=stable&ec=1&o=30&fbp=fb.1.1611673611973.55862614&it=1611673611708&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:52 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 26 Jan 2021 15:06:52 GMT

GET
H2

200

tracking.png
lltrck.com/
Redirect Chain

https://lltrck.com/api/tracking?accountId=29592&page=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&referer=&fp=7fe850233a9dba8d28e74b09104d56e1
https://lltrck.com/tracking.png

68 B
296 B

102ms
102ms

Image
image/png

52.44.242.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lltrck.com/tracking.png

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.44.242.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-44-242-176.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Jan 2021 15:06:53 GMT
last-modified: Fri, 11 Dec 2020 13:31:45 GMT
server: Kestrel
etag: "1d6cfc1f7f9f6c4"
strict-transport-security: max-age=2592000
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 68
expires: -1

Redirect headers

location: /tracking.png
date: Tue, 26 Jan 2021 15:06:52 GMT
server: Kestrel
access-control-allow-origin: *
content-length: 0
strict-transport-security: max-age=2592000

GET
H3-Q050 200 bframe
www.google.com/recaptcha/enterprise/ Frame 3CB4 0
0 16ms
16ms Document
text/html 2a00:1450:4001:817::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=_KUxfxvAoJ4k7SaKyLbja4Mi&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=dhgyicu336vh

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_KUxfxvAoJ4k7SaKyLbja4Mi/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-jEZrNkRXnPNe0i2DPIK0YQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/enterprise/bframe?hl=en&v=_KUxfxvAoJ4k7SaKyLbja4Mi&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=dhgyicu336vh
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.sonatype.com/npm-malware-xpc.js
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blog.sonatype.com/npm-malware-xpc.js

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 26 Jan 2021 15:06:52 GMT
content-security-policy: script-src 'report-sample' 'nonce-jEZrNkRXnPNe0i2DPIK0YQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1126
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 /
www.facebook.com/tr/ 44 B
101 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=645539512625749&ev=Microdata&dl=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js&rl=&if=false&ts=1611673612758&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Massive%20threat%20campaign%20strikes%20open-source%20repos%2C%20Sonatype%20spots%20new%20CursedGrabber%20malware%22%2C%22meta%3Adescription%22%3A%22Sonatype%20has%20discovered%20more%20malware%20in%20the%20npm%20registry%2C%20xpc.js%2C%20which%20has%20led%20to%20the%20discovery%20of%20a%20novel%20and%20large%20scale%20malware%20campaign%20leveraging%20the%20open-source%20ecosystem.%5Cn%22%7D&cd[OpenGraph]=%7B%22og%3Adescription%22%3A%22Sonatype%20has%20discovered%20more%20malware%20in%20the%20npm%20registry%2C%20xpc.js%2C%20which%20has%20led%20to%20the%20discovery%20of%20a%20novel%20and%20large%20scale%20malware%20campaign%20leveraging%20the%20open-source%20ecosystem.%5Cn%22%2C%22og%3Atitle%22%3A%22Massive%20threat%20campaign%20strikes%20open-source%20repos%2C%20Sonatype%20spots%20new%20CursedGrabber%20malware%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fblog.sonatype.com%2Fhubfs%2FGettyImages-1206471872.png%23keepProtocol%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js%22%2C%22og%3Atype%22%3A%22article%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.33&r=stable&ec=1&o=30&fbp=fb.1.1611673611973.55862614&it=1611673611708&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:52 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 26 Jan 2021 15:06:52 GMT

GET
H2 200 cc.js Show response
consent.cookiebot.com/9958dd21-8504-4dbf-8e2f-e736792a6843/ 268 B
641 B 146ms
145ms Script
application/x-javascript 2a02:26f0:6c00::210:ba79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/9958dd21-8504-4dbf-8e2f-e736792a6843/cc.js?renew=false&referer=blog.sonatype.com&dnt=false&forceshow=false&cbid=9958dd21-8504-4dbf-8e2f-e736792a6843&whitelabel=false&brandid=Cookiebot&framework=
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba79 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 392a5d5951384a53c04191fe9d06ad5b5f802e9070428ffd1504dc8c4ddb1bbf

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:06:53 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private
access-control-allow-headers: cache-control, expires, Access-Control-Allow-Headers, Origin, Pragma, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
content-length: 293

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 2 KB
2 KB 206ms
191ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=1958393&contentId=37540882555&currentUrl=https%3A%2F%2Fblog.sonatype.com%2Fnpm-malware-xpc.js

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb36cd081d38e4658b3b1ab6e4fdd2abe6ba383098848b15e2030dd4939c526a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:07:02 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 07e0d4eea8000032609d33d000000001
x-robots-tag: none
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8Mij0j%2FfISafpC0B2Qen60SUpo%2FgFS6%2BXguCD4hj3L13VlbMz9PEzE%2B%2BmjzJHPkXFzk1d%2F8Vjz4xzOeXgBZg0CQAbghRRM4m29642CXL848P8D4x98%2F%2FEKMif%2FIjgw%3D%3D"}]}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.sonatype.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 617b242aaf0b3260-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent

GET
H2 200 SON_logo_main_vertical@2x.png
www.sonatype.com/hubfs/ 15 KB
16 KB 10112ms
67ms Image
image/webp 199.60.103.228
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.sonatype.com/hubfs/SON_logo_main_vertical@2x.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/npm-malware-xpc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.228 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9f4f65338171f98928573d861d0112815164712ce5852f350815a5be38777721

Request headers

Referer: https://blog.sonatype.com/npm-malware-xpc.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 15:07:13 GMT
via: 1.1 5e95d2e6aebe43cabd9dcdad89ad0a42.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-8394970578,P-1958393,FLS-ALL
age: 439502
cf-polished: origFmt=png, origSize=36710
edge-cache-tag: F-8394970578,P-1958393,FLS-ALL
content-disposition: inline; filename="SON_logo_main_vertical@2x.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 79820BE9ACB5862C
cf-request-id: 07e0d51a9600000b4be01e3000000001
x-cache: RefreshHit from cloudfront
accept-ranges: bytes
last-modified: Mon, 25 Mar 2019 18:33:44 GMT
server: cloudflare
etag: "ffe124164081e47b0202badee0bbaa0d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
x-amz-id-2: Sb2k5PYdOSyjWOtaOAHBUBZ4F6Pmq0WGBRZV3uddzct8/d/rUSmgQAmuHg2NZ2+rgtnn7kUlL/E=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: MnUHUcTCjQTgMJ0Keljxf8w4xRW1J_86
x-amz-cf-pop: AMS54-C1
content-length: 15624
cf-ray: 617b2470ef420b4b-AMS
x-amz-cf-id: erArsi5RzKOFFrSUFZSCcYZqFMBOY62X0VjfdQk8Om3nDWfiwQt6Uw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: segments.company-target.com
URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AADNeE7AIGAAABC37Hj1ug&verifyHash=a4f8c861a7533913fb11d3b82731dca3f4e6b6f8

Verdicts & Comments Add Verdict or Comment

170 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://consent.cookiebot.com/uc.js(Line 1) Message: WARNING: Cookiebot script is included twice - please remove one instance to avoid unexpected results.
console-api	warning	URL: https://consent.cookiebot.com/9958dd21-8504-4dbf-8e2f-e736792a6843/cc.js?renew=false&referer=blog.sonatype.com&dnt=false&forceshow=false&cbid=9958dd21-8504-4dbf-8e2f-e736792a6843&whitelabel=false&brandid=Cookiebot&framework=(Line 1) Message: Error: BLOG.SONATYPE.COM is not a valid domain. Please add it to the cookie consent manager to authorize the domain.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alb.reddit.com
analytics.twitter.com
api.company-target.com
api.hubapi.com
app.hubspot.com
apt.techtarget.com
blog.sonatype.com
cdn2.hubspot.net
connect.facebook.net
consent.cookiebot.com
consentcdn.cookiebot.com
fonticons-free-fonticons.netdna-ssl.com
forms.hubspot.com
googleads.g.doubleclick.net
id.rlcdn.com
js.driftqa.com
js.driftt.com
js.hs-analytics.net
js.hs-banner.com
js.hsleadflows.net
lltrck.com
p.typekit.net
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
scripts.demandbase.com
segments.company-target.com
snap.licdn.com
static.ads-twitter.com
static.hsappstatic.net
stats.g.doubleclick.net
t.co
t.sf14g.com
tag.demandbase.com
trk.techtarget.com
use.fonticons.com
use.typekit.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.redditstatic.com
www.sonatype.com
segments.company-target.com
104.244.42.67
104.244.42.69
108.161.188.228
13.224.196.41
13.224.94.21
13.224.94.71
142.250.74.194
151.101.113.140
151.101.12.157
151.139.128.11
163.171.132.119
199.60.103.228
206.19.49.24
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:59:254c:406:2366:268c
2606:4700::6810:5805
2606:4700::6811:43b0
2606:4700::6811:6d2
2606:4700::6811:cccc
2606:4700::6811:eacc
2606:4700::6811:f2cc
2606:4700::6812:14bf
2606:4700::6813:9a53
2620:1ec:21::14
2a00:1450:4001:802::2002
2a00:1450:4001:803::2003
2a00:1450:4001:817::2004
2a00:1450:4001:824::200e
2a00:1450:4001:825::2008
2a00:1450:4001:82a::2003
2a00:1450:400c:c00::9a
2a02:26f0:6c00:28c::25ea
2a02:26f0:6c00:28d::19fd
2a02:26f0:6c00:299::f09
2a02:26f0:6c00::210:ba0a
2a02:26f0:6c00::210:ba79
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:11:101::b93f:9005
3.220.33.83
34.120.207.148
52.44.242.176
54.197.143.221
00ca9a61b904065b0eeaae8bd7f5effdf5c98bf1bce2404ad580f0f92fb57133
05bb75a7fe65fa8c26a10b4b0ef0f404b9b079a198cf08da345fd2448533d36f
082b0736a3408950e50fd65a090921003fe83d89ec6e3084549a01d5dfa9e854
0a951ebf24f77ba7af298601bafa26d348c65710110b3ad7da629c7efe7f19a5
0ba02b924fc5beeb370ed64d478401e94a513e970cac2c46266c708348135cf2
0c459beae849053d9104612c83a2746c3953c9d6f703eb927e5903842c6db4c5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12ae91f99c59c0c8c561a9accc1984a3a004d9489d4f72637ccbc34f41c47849
1bb0bdcb93c4e6c2dd633e7f56b10cb857058352a0fa31474e600d770575faad
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1e0c082f8f5ea340d2efba890eb6d39f2c589448c58d36fdb57d9f85b41aae9f
21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a
29373b41d75c567ff1c98f5cfa4e6aa6bbb0519b917c2fe3c74da1da9708621e
2a09c46f99dadab47a670dbcc0dbd1bd906ea6014ec9a4eea1605c8d5209159a
2ab2ee6c6698b57f2f3c79839a574a6808197ac57b7fbc6295b1be3ab8a4d279
2b418a10ba4680c77fa07fb0e736eec6306cba0dbbbc8deac94a25e679178e15
2c666864babd01234e141cf63de6d7144ab88d53652d619869ec3a6adbc6fae8
2c6a84e7c15e338dc58c3efe21caa0695e8e889cfd6e10a07113ec17b8f6c4bb
2d63b8ad7966c80ce51051da38da14f52b99cfb019aec650b2437fc74fac1560
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f1e6df547a031b13fd017893bb4c21d9134e6f72164fdc0e4792527070cd7d9
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170
34fcae3cf94e02d46c230a5b7dd3827d612587164e048dcfe146518da1cb4ab0
372879f01e74f755ad4195016313e172c73904ebe9b0f2a9f04890cc793a196d
392a5d5951384a53c04191fe9d06ad5b5f802e9070428ffd1504dc8c4ddb1bbf
4256f2f78328ee65ad8349d8ec6077125e7a43346b8cb58c830047e65fa83f3b
45d881a6b576682a45d055b8a9795486e76109941dfa98e8c93d4712898984f3
478db0a9387a7f17b1d5d698e29a337d8aefa4a9b04997c0c1fcb1bba4b61018
4ac2874390cf3b1562087fd32bf6e541b6fdf1bc914a72b730e3f00446e94e32
4b7e22a50359eb0dc1cb3e7ccc0836debbecb467aa8e5c55604d2bf5f4b63741
4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a
4e57bed5ad74d01e390c6c88cff69a8a573c8d08a127f4dfe8fc80f397504d51
4e7e8d12c5f9feac30f2bcd634d82786156eeb6d51cd3356cb53e57c16522ce4
52fc951dea528023d516bbaa768592adeff23fde0bb1007927f09edafeed22b7
549bf3e4406e886adc00448706a432b1c5633532df4098acc5235be3459da32d
572e727da2d987e405e5d6c5b14f3e0ada5d17c52ba10e0dc84dcc56b84ad132
5b4f7ddf2cbd5ef8611f5fd90529a7c0b42bedb4c6f5a8f08d1c328b55043372
5d1727bd82b767b5a6122bad9776dd8ccc1b765b154c0d1714275850513c19c0
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
63279143e2dfe38a00a94c6aa4a6e28bc71683dbb5bfd1151664ce3ab1107a21
649608e574d0bd7ea291196bc900c2001903ad5e188a3211d627c9940476c9fe
65d038a4f0c4243c9759b2eb09d74939db86f9d9f2266f31de66d99522e5e09d
66dfe73819ce6524eb90c7e5ee5cd24888e7bd3b10d913cd897b5851c7f3952b
687be205607d7985c36d90cacc8d60ef919a61bfc72c630cda50e90467b75879
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
69a12e6a2c6dff14902de0fec7a22b138a389be30d22265fa1f3c629373c295e
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b171db7ca7ffee17e14f5d432d37e4ec87d6e7a5ce361670e329f705ee34364
6bf90f359dc82de7970ab0f86a70049933404734fc7c90e94a8e7426228ded21
73f0d0b03e4004a52edfcc895577193399d81670e00291ade240aa84efb37ea2
7a4207293be233867356b2866a38116bfc4b54e700854eed86386f2a59c68227
7acd127ae78e9b838e7f69fef470054a11e76ffade77867ab474062fc7f3e5f8
7c746ec617a393d32926056ad52d0069fa5ef72877ded40903ce0f5ebde49d97
7fc32dbd9d7ba36243de341ee5f34a64a9ae095afee6ada8ce1f3d14c22c1dfd
815dbc562b821da8d973dc0e81e78c883758da7f4b44d3a61218b7e44f71d02a
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
895371b22358988c93ca9e5318fdf9784782e44efff401ea65d7171cd9a12bc6
8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e
8e62b0c296fd075916618d45d10fd247da55f87dac1f8d974037cc2df653bf1f
91ed6ce02b6c75337190849469779a4bd41848b76017521bf4544f268c011ad4
92861ccd95894977f67967b2c673b19ac3079ce2ba73eb409560b08a2e756ec4
928d6e0560d801b58e6fa7868646bcb80bed2ed89eaae2aa165219825a3ee2b5
93e89f408fdf0e4815d897db24b13189298d5c4717598cea5dc40eeb1ddb8800
949e1fa3257c3858c76febfdec7cc3b47ac0fee3f877b2ca9b6450230ae7772c
968a8e56e4adaf8c135199ebd7f6cc065424ca45974d4dfbeb5607e69fe72fcd
97f7fa907808a80f6ce7bd01d75b18da12a39880c9be5fe085eb0a492500953d
9e7ea2b4ba8e2bcc4a964d6192e4671dc5f6863a1c7e35b52b229a3c1e67a68d
9f4f65338171f98928573d861d0112815164712ce5852f350815a5be38777721
a9d2e153861f6e5ba4b46024c013ae7765411ac3df1976d625c8a5e5dbd032b5
ac41d4915006679f2820ac6e989b5a7baf1d2e01f97453b5d35f97f3d069f769
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad719169a57a25ee11e599eccdc3bfe5c5e18ec8efe8254bc14b826169582dfa
ae270bcb50f2d50d85d66e5fa909ad765d6a899b387bb6508d3d3e94bad43ec1
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b00f293c3285a01ee643cab82de73207181f75903bd29b69cb23283bc034b821
b777ae5b5b9835b357d28a52014ef1feddd9127164e1aabc0e547f7deda6151e
bb569351e01a343124bf4a87bc8348669a5850a82d9fff7d476372e22da386af
bc50bf49cbe79ee49b4ee8b56f26ff4877bc4945c16f260b1481ba2355c96347
be00986fac24c7ff236021542c6f17ebb8a4c8cde811c2cde1164152d651fac3
bfcdb9d96c3ea1c25f83d508de8fa66009643df4ab1dd0bbb211b3ee07231f3e
c3a24ee554eac3f45e56c23dbd2c6a00823b4f98fff5cd252715d1f818142dad
c3f99c65ea3d6186991a21add80eeea6d79500fcb3c9d8263680e0de270e0753
ca1fd3a75d1e825ec0cd6541a29e72c8fd2fde86a856d6a015164e3792958b35
cde7a1802fe1062fe828b9daf5e8549871590adba896f174b6a76a9bab3f1595
d08501ebfbcdced71d3164f50d826b79235428edb6374b3ad6688565ace0d980
d4308de018a95634260c56b7806ed795a797b9352e36dc10ed3cfd8262fc39f3
d512f38537665079721a0c2fe5072f064c576142f8d14e72763ec86317e9d8e1
d836d81acb5d5e712c55c4f7911d93513fe1d7d0336353085aa5bd0f36b6998c
d9dbd6758e6c8a8ac58ac96705f73733008b2ff94d13c491ac8a04acc1ba5995
dd3eb59038a5df086653388d9394fed2f2f1d72d9c01cfdc4920247a9d371e83
dd8ce1a4f774077007e9e94f64744316749702775e94428ef222f2739f8a8fe7
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de6e4c78b090b7b2371a98953047a40d8e37efc727bb55858a95df6cd6afa8f7
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e53e650a83dbce1ab8d93c365299f2e8f5070c414c9ea302f2422ca65f5fdab4
e558722226e9464978d1be45e8410d01ff725c183aca471e61680cb43b3d7bbb
e88e0ed354170d8b73435fadf714ab8fff7c00b985295495d146b5eb92dc3e50
e9c03e549f6b33808532162019d6f2b0aa09cff718705c4a073b9829324ed8b6
eb36cd081d38e4658b3b1ab6e4fdd2abe6ba383098848b15e2030dd4939c526a
eb9998887acfe0796b1c599154d85671c0c0c79361c037167ac9c0f1a628ae18
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f393013a11873456e78481d5a5b631a1cdcb31f790f93d2f9b049ca637c48704
f5ca4d188faf2d55419bf0a4013a891f1769d301cd87cc1c0688d754b9caee14
fa176af3695a7e918096d7d71a501167980482180f48dc0e4515855901b42969
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fbb4d31d328afc7d2cd1a2f54bc3093da6cc504f8bcedf4c8046cf523902f23b
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995
ffd7c8ba78cbd6f65df7714a8551fe932907e8b96c0b38512ec9b69f4647b457

blog.sonatype.com Open in urlscan Pro 199.60.103.228 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

148 Requests

99 %HTTPS

60 %IPv6

37 Domains

48 Subdomains

43 IPs

6 Countries

3823 kBTransfer

6952 kBSize

0 Cookies

93 Outgoing links

Redirected requests

148 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

blog.sonatype.com Open in urlscan Pro
199.60.103.228 Public Scan

Screenshot
Live screenshot

Full Image

148
Requests

99 %
HTTPS

60 %
IPv6

37
Domains

48
Subdomains

43
IPs

6
Countries

3823 kB
Transfer

6952 kB
Size

0
Cookies

148 HTTP transactions
0 data transactions