urlscan.io logo urlscan.io
SecurityTrails logo

jfrog.com Open in urlscan Pro
13.224.195.83  Public Scan

Go To Rescan Add Verdict Report
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Submission: On November 19 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 20 IPs in 3 countries across 14 domains to perform 202 HTTP transactions. The main IP is 13.224.195.83, located in United States and belongs to AMAZON-02, US. The main domain is jfrog.com.
TLS certificate: Issued by Amazon on January 7th 2021. Valid for: a year.
This is the only time jfrog.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
66 13.224.195.83 16509 (AMAZON-02)
3 2600:9000:21f... 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
6 13.225.78.122 16509 (AMAZON-02)
3 2600:9000:21f... 16509 (AMAZON-02)
3 12 2a00:1450:400... 15169 (GOOGLE)
12 2600:1f18:e8a... 14618 (AMAZON-AES)
9 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
6 2a03:2880:f01... 32934 (FACEBOOK)
3 2a00:1450:400... 15169 (GOOGLE)
6 2a03:2880:f11... 32934 (FACEBOOK)
6 142.250.185.226 15169 (GOOGLE)
2 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
3 6 2a00:1450:400... 15169 (GOOGLE)
3 142.250.186.34 15169 (GOOGLE)
4 4 2620:119:50e7... 14413 (LINKEDIN)
2 2 2620:1ec:21::14 8068 (MICROSOFT...)
2 108.174.10.14 14413 (LINKEDIN)
6 2a00:1450:400... 15169 (GOOGLE)
1 52.18.236.11 16509 (AMAZON-02)
202 20
66    13.224.195.83 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-195-83.fra2.r.cloudfront.net
jfrog.com
3    2600:9000:21f3:1600:7:4902:e200:93a1 (United States)

ASN16509 (AMAZON-02, US)
d.rageagainstthesoap.com
3    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googleoptimize.com
6    13.225.78.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-122.fra2.r.cloudfront.net
speedmedia.jfrog.com
3    2600:9000:21f3:2200:1:a64e:d7c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
sec.webeyez.com
12    2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
12    2600:1f18:e8a:cd04:9b88:a313:d24d:af44 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
en.rageagainstthesoap.com
9    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
5    2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
6    2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
3    2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
6    2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
6    142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net
www.googleadservices.com
2    2a02:26f0:6c00::210:ba11 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
6    2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
3    142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net
982905749.privacysandbox.googleadservices.com
4    2620:119:50e7:101::9002:e05 (San Francisco, United States)

ASN14413 (LINKEDIN, US)
px.ads.linkedin.com
2    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
2    108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com
px4.ads.linkedin.com
6    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    52.18.236.11 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-236-11.eu-west-1.compute.amazonaws.com
send.webeyez.com
Domain Requested by
66 jfrog.com jfrog.com
d.rageagainstthesoap.com
12 en.rageagainstthesoap.com jfrog.com
sec.webeyez.com
d.rageagainstthesoap.com
12 www.google.com 3 redirects jfrog.com
www.google.com
www.gstatic.com
9 www.gstatic.com jfrog.com
www.google.com
www.gstatic.com
6 www.google.de jfrog.com
6 googleads.g.doubleclick.net 3 redirects www.googleadservices.com
6 www.googleadservices.com www.googletagmanager.com
www.googleadservices.com
6 www.facebook.com jfrog.com
6 connect.facebook.net jfrog.com
6 speedmedia.jfrog.com jfrog.com
5 fonts.gstatic.com www.google.com
jfrog.com
4 px.ads.linkedin.com 4 redirects
3 982905749.privacysandbox.googleadservices.com jfrog.com
3 www.googletagmanager.com d.rageagainstthesoap.com
3 sec.webeyez.com jfrog.com
3 www.googleoptimize.com jfrog.com
3 d.rageagainstthesoap.com jfrog.com
2 px4.ads.linkedin.com jfrog.com
2 www.linkedin.com 2 redirects
2 snap.licdn.com jfrog.com
1 send.webeyez.com sec.webeyez.com
0 media.jfrog.com Failed jfrog.com
202 22
Subject Issuer Validity Valid
jfrog.com
Amazon		 2021-01-07 -
2022-02-05		 a year crt.sh
d.rageagainstthesoap.com
Amazon		 2021-06-14 -
2022-07-13		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
speedmedia.jfrog.com
Amazon		 2021-09-29 -
2022-10-28		 a year crt.sh
*.webeyez.com
Go Daddy Secure Certificate Authority - G2		 2020-12-31 -
2022-02-01		 a year crt.sh
www.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
en.rageagainstthesoap.com
R3		 2021-10-06 -
2022-01-04		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-08-28 -
2021-11-26		 3 months crt.sh
www.googleadservices.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2021-07-15 -
2022-07-20		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.privacysandbox.googleadservices.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
www.google.de
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.google.de
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh

This page contains 11 frames:

Primary Page: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Frame ID: 12CB02430EA9400D7161A74323DF789F
Requests: 57 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcL7jYUAAAAAHrAxlQ-iqYhcgQ_kWY5fgfKZs-u&co=aHR0cHM6Ly9qZnJvZy5jb206NDQz&hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&cb=be86cvrg004n
Frame ID: CBB9AEE8E62A9F42223B686F6047BEC0
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&k=6LcL7jYUAAAAAHrAxlQ-iqYhcgQ_kWY5fgfKZs-u
Frame ID: E894B1A0F61340DBDF0A0905EB88B578
Requests: 11 HTTP requests in this frame

Frame: https://www.googletagmanager.com/gtag/js?id=AW-982905749
Frame ID: 5B58D475A9F3BFD41A7B1236111B4D68
Requests: 8 HTTP requests in this frame

Frame: https://jfrog.com/invalidppc/
Frame ID: E58EA0B7D0D436F77D119B31D8C1B933
Requests: 50 HTTP requests in this frame

Frame: https://www.googletagmanager.com/gtag/js?id=AW-982905749
Frame ID: 7F3B2C1F9126C2112F90BAFAE383EBBF
Requests: 8 HTTP requests in this frame

Frame: https://jfrog.com/invalidppc/
Frame ID: 5C2CF14D56CFF4244E1D7B7F88285EAE
Requests: 50 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 72BD1A7F565BD32C651949F697C048F7
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/gtag/js?id=AW-982905749
Frame ID: 42CD09F2F3167D8C673210C942988C0E
Requests: 8 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 50E0950360989EA8ACDF38D211096BBC
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 3EB6ABC39E3144674CABBB8259817FA9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Malicious packages in PyPI use stealthy exfiltration methods

Page Statistics

202
Requests

74 %
HTTPS

71 %
IPv6

14
Domains

22
Subdomains

20
IPs

3
Countries

3466 kB
Transfer

12011 kB
Size

19
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 119
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1637338793000&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D20396%26time%3D1637338793000%26url%3Dhttps%253A%252F%252Fjfrog.com%252Fblog%252Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%252F%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1637338793000&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1637338793000&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&liSync=true&e_ipv6=AQKW3j3Aji27EgAAAX04_0dn6kyD5Za7vm2OYUr0YYFVg_fF2Oo9kWEhKhc49V78ToPFsaik
Request Chain 120
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/?random=126831013&cv=9&fst=1637338792936&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=qM6XYazrOquqx_AP_--JqAY&sscte=1&crd= HTTP 302
  • https://www.google.com/pagead/1p-conversion/982905749/?random=126831013&cv=9&fst=1637338792936&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=qM6XYazrOquqx_AP_--JqAY&cid=CAQSKQCNIrLMOxU85fKZMqvjbfHkJo74x88pg3HJBodUds9F0E6kOHRZjJQ9&random=915331144&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/982905749/?random=126831013&cv=9&fst=1637338792936&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=qM6XYazrOquqx_AP_--JqAY&cid=CAQSKQCNIrLMOxU85fKZMqvjbfHkJo74x88pg3HJBodUds9F0E6kOHRZjJQ9&random=915331144&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Request Chain 175
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1637338793271&url=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D20396%26time%3D1637338793271%26url%3Dhttps%253A%252F%252Fjfrog.com%252Finvalidppc%252F%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1637338793271&url=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1637338793271&url=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F&liSync=true&e_ipv6=AQIBCDcgpNK-uwAAAX04_0djXhNBIpxl2PhyOFYOZWQyZ6fDiY6LXUZ5kdjngbwXPq40wg7p
Request Chain 176
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/?random=1860576248&cv=9&fst=1637338793181&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=qc6XYZbfC-bKx_APtcqV6AU&sscte=1&crd= HTTP 302
  • https://www.google.com/pagead/1p-conversion/982905749/?random=1860576248&cv=9&fst=1637338793181&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=qc6XYZbfC-bKx_APtcqV6AU&cid=CAQSKQCNIrLMWu9DDZ3FbmQiLgJlS2lUBhCPo22mDXYPdXrKMkZvGwkdMBjv&random=3863590884&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/982905749/?random=1860576248&cv=9&fst=1637338793181&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=qc6XYZbfC-bKx_APtcqV6AU&cid=CAQSKQCNIrLMWu9DDZ3FbmQiLgJlS2lUBhCPo22mDXYPdXrKMkZvGwkdMBjv&random=3863590884&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Request Chain 189
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/?random=690712238&cv=9&fst=1637338793415&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=qc6XYYOGGr2ex_APrbOFUA&sscte=1&crd= HTTP 302
  • https://www.google.com/pagead/1p-conversion/982905749/?random=690712238&cv=9&fst=1637338793415&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=qc6XYYOGGr2ex_APrbOFUA&cid=CAQSKQCNIrLMUPjJ0juhozKFQFZyJemM_CXEA9OSQlKDoO03JrYHINPXa9t0&random=991310846&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/982905749/?random=690712238&cv=9&fst=1637338793415&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=qc6XYYOGGr2ex_APrbOFUA&cid=CAQSKQCNIrLMUPjJ0juhozKFQFZyJemM_CXEA9OSQlKDoO03JrYHINPXa9t0&random=991310846&resp=GooglemKTybQhCsO&ipr=y&prhg=0

202 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ 		176 KB
38 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
60d46fc699749f87ba44a1bdbcc55d189ea8a5ce738aae3201d9675d80025cd9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

content-type
text/html; charset=UTF-8
date
Thu, 18 Nov 2021 20:35:34 GMT
access-control-allow-origin
https://jfrog.com
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/;
etag
W/"34c21a6f3c9c491633db45fb1bae2a8b615f1e6d"
last-modified
Thu, 18 Nov 2021 16:06:36 GMT
expires
Thu, 25 Nov 2021 20:35:33 GMT
cache-control
public, max-age=604800
pragma
public
link
<https://jfrog.com/wp-json/>; rel="https://api.w.org/" <https://jfrog.com/wp-json/wp/v2/posts/83986>; rel="alternate"; type="application/json" <https://jfrog.com/?p=83986>; rel=shortlink
content-encoding
gzip
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
VDZmJw2xkfCHSRcLa3u8_KvtvsHnEKjE0GzNyqYvh0A2FYRPfNfwdw==
age
71058
clicktrue_invocation.js
d.rageagainstthesoap.com/ 		71 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:1600:7:4902:e200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
b6d3032c62e0b6be92ce37e7b95e04320c012fdbc139d164f8cec5bed220fe76

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 07:13:58 GMT
content-encoding
gzip
cheq_headers_order
Content-Type Cache-Control Expires Etag Content-Length Content-Encoding Date Connection
age
32852
etag
"11d79-BXMjne5KrqT2B/Ft+3jbob6HVLo"
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
via
1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
cache-control
max-age=43200
x-amz-cf-pop
FRA2-C2
content-length
26470
x-amz-cf-id
b5uynqUq4eIKg_st9TFFZVs94LZi3KTLnxLKLn0dA2pimig3kxxOUw==
expires
Fri, 19 Nov 2021 19:12:20 GMT
styles.css
jfrog.com/wp-content/plugins/better-click-to-tweet/assets/css/ 		2 KB
982 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/plugins/better-click-to-tweet/assets/css/styles.css?ver=3.0
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
ac588a22069fd96f7979ef0eb66728f0c45d9594c49bea515afe79d229591cdd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:01 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:28:36 GMT
age
73130
etag
W/"6194f574-809"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
YO09am8jUa-kH3w2VUh6OtVZaN_tYKhaLl_Pr8oL-jnnd8QbzGZSGA==
expires
Thu, 31 Dec 2037 23:55:55 GMT
default.min.css
jfrog.com/wp-content/plugins/tablepress/css/ 		5 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/plugins/tablepress/css/default.min.css?ver=1.12
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:33:02 GMT
age
73130
etag
W/"6194f67e-13e4"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
SoUhP2hyNZKBrwieXQw4CwnBE0vye7oScE25V6B3m2g6GTPWpEP_fw==
expires
Thu, 31 Dec 2037 23:55:55 GMT
vendor~main~pages.chunk.2b929294162109572d74.css
jfrog.com/wp-content/themes/jfrog.com/dist/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~main~pages.chunk.2b929294162109572d74.css?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
3b1841149421a8ed1d6a26126f7779aa0d709d92d75e9a1d74493727889b3a2a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Sun, 14 Nov 2021 09:29:40 GMT
age
73130
etag
W/"6190d704-d29"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
-0Q1tfrYcvHYNeqhBdJvoKySBhSzin_aYLCAD1j3NhBRPsw2gXffGA==
expires
Thu, 31 Dec 2037 23:55:55 GMT
pages.bundle.90f02a46994e2f414f57.css
jfrog.com/wp-content/themes/jfrog.com/dist/ 		1 MB
160 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.90f02a46994e2f414f57.css?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
66442d3f2286711fafe6324fcc0ee84821381b09820f8174c23f57e13041b7d6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:34:58 GMT
age
73130
etag
W/"6194f6f2-12fe02"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
09uZMH30eGlM0vPz2vgkVJNy2baeGgdZCShx8sD8D0in_jjtkhPxvA==
expires
Thu, 31 Dec 2037 23:55:55 GMT
vendor~pages.chunk.71b15ed2ddead51d65ba.css
jfrog.com/wp-content/themes/jfrog.com/dist/ 		28 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~pages.chunk.71b15ed2ddead51d65ba.css?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
18f60ee36fca3f25c02cbc3d6db022d5c2af96e9b01bea3a3c4486753916ed20

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Thu, 21 Oct 2021 07:39:26 GMT
age
73130
etag
W/"6171192e-7139"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
f4kx6hCgvQwELnH3d1-v37M_wI1PqFqF71Bn6nfek3ZXYQ5VBolBLQ==
expires
Thu, 31 Dec 2037 23:55:55 GMT
flag-icon.css
jfrog.com/wp-content/themes/jfrog.com/node_modules/flag-icon-css/css/ 		37 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/node_modules/flag-icon-css/css/flag-icon.css?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
f4c6d858f9444d1603c69ae3416514024894e89b50698d44bacb71416750c219

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Thu, 16 Nov 2017 15:45:52 GMT
age
73130
etag
W/"5a0db2b0-93d8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
N02Vryhhsj0G0M-7jDzaazghYZOsb1vo8H7DeAMz6g3B_e8C-P23yQ==
expires
Thu, 31 Dec 2037 23:55:55 GMT
bebasneue-webfont.woff2
jfrog.com/wp-content/themes/jfrog.com/assets/fonts/bebasneue/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/bebasneue/bebasneue-webfont.woff2
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
f25af0023f3898c94965f07dd066692f6541970ca482b9fc8631225676531bc0

Request headers

Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Origin
https://jfrog.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
last-modified
Wed, 17 Nov 2021 12:33:02 GMT
age
73130
etag
"6194f67e-3d48"
x-cache
Hit from cloudfront
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
15688
x-amz-cf-id
fNw6O3G-M9Xs325y5zc_uZX4qYXC4qtdN1NyXLnKSgp2lz-Mp8kKLA==
expires
Thu, 31 Dec 2037 23:55:55 GMT
FontAwesome.woff2
jfrog.com/wp-content/themes/jfrog.com/assets/fonts/jfrogfontawesome/ 		4 KB
5 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/jfrogfontawesome/FontAwesome.woff2
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
df740a8ffe6449fe8b5404a650078723908ea9b95403dd0327983ce26b6fd7ba

Request headers

Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Origin
https://jfrog.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
last-modified
Wed, 17 Nov 2021 12:28:36 GMT
age
73130
etag
"6194f574-115c"
x-cache
Hit from cloudfront
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
4444
x-amz-cf-id
5X1wIRIUA--6AQ0TwRj2ouq7r2Qf8SkNGXMHGM7VAvRqgVnmwEHrVQ==
expires
Thu, 31 Dec 2037 23:55:55 GMT
OpenSans-Bold.woff2
jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/ 		45 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/OpenSans-Bold.woff2
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
46b518780343f2262e168bea5146d1ff30a6253191cc61b486657c76a58fb2bb

Request headers

Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Origin
https://jfrog.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
last-modified
Wed, 17 Nov 2021 12:33:02 GMT
age
73130
etag
"6194f67e-b57c"
x-cache
Hit from cloudfront
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
46460
x-amz-cf-id
MMmqDQouPhWzkgL8Fg-wwkc2ECKoyJ7xva5KjgdjW-0xmDiHhb9Bwg==
expires
Thu, 31 Dec 2037 23:55:55 GMT
OpenSans-Regular.woff2
jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/OpenSans-Regular.woff2
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
408fe165dff48eb2f8cb3a2fcbc1dd92b94d56b4ab11813be55c776871c691cf

Request headers

Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Origin
https://jfrog.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
last-modified
Wed, 17 Nov 2021 12:28:36 GMT
age
73130
etag
"6194f574-ae68"
x-cache
Hit from cloudfront
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
44648
x-amz-cf-id
EmYuQWR4yELmD6QSn0PvNJaCPYaNZ5_Hgana8MohW2G1SYUWVHbqXQ==
expires
Thu, 31 Dec 2037 23:55:55 GMT
Jfrog-Logo.svg
media.jfrog.com/wp-content/uploads/2017/12/20133032/ 		0
0
optimize.js
www.googleoptimize.com/ 		87 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleoptimize.com/optimize.js?id=GTM-MDG4GXG
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b6952942ef78709c920598a68813d80b4b9d9cba80d772e0d16ff3789f53ed7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:19:52 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34859
x-xss-protection
0
last-modified
Fri, 19 Nov 2021 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 19 Nov 2021 16:19:52 GMT
icon-artifactory-1.png
media.jfrog.com/wp-content/uploads/2017/08/20132433/ 		0
0
icon_jfrog-pipeline.png
media.jfrog.com/wp-content/uploads/2017/08/20130739/ 		0
0
jcr40PX-1.png
media.jfrog.com/wp-content/uploads/2017/08/20130019/ 		0
0
icon-xray.png
media.jfrog.com/wp-content/uploads/2017/08/20132432/ 		0
0
icon-bintray_40x40.png
media.jfrog.com/wp-content/uploads/2017/08/20132433/ 		0
0
close.png
media.jfrog.com/wp-content/uploads/2019/12/20130026/ 		0
0
frog-hand-green.png
media.jfrog.com/wp-content/uploads/2019/10/20130240/ 		0
0
flag_us.png
media.jfrog.com/wp-content/uploads/2020/01/20125954/ 		0
0
jfrog-logo.svg
media.jfrog.com/wp-content/uploads/2019/12/20130011/ 		0
0
flag_chinese.png
media.jfrog.com/wp-content/uploads/2020/01/20125954/ 		0
0
vdoo-popup_jfrog-logo.png
media.jfrog.com/wp-content/uploads/2021/09/13130230/ 		0
0
vdoo-popup_graphic.png
media.jfrog.com/wp-content/uploads/2021/09/13130228/ 		0
0
jquery-3.5.1.min.js
jfrog.com/wp-content/themes/jfrog.com/assets/scripts/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/assets/scripts/jquery-3.5.1.min.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
DPR
1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Viewport-Width
1600

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:33:02 GMT
age
73130
etag
W/"6194f67e-15d84"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
_fXnySirj6VSaT1Zt-1Y9k71HOcF-N4mu6CBaFcRIWHFKu1kT-Bg9g==
expires
Thu, 31 Dec 2037 23:55:55 GMT
underscore.min.js
jfrog.com/wp-includes/js/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-includes/js/underscore.min.js?ver=1.8.3
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
6cd0d6897b3d4779f7d88ce72531f22fbf75851b195fb14e6f3f23d051b3d1e9

Request headers

Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
DPR
1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Viewport-Width
1600

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:33:03 GMT
age
73130
etag
W/"6194f67f-3ead"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
l4oTf9bCmE5vXPepmat-26catmrkI0UhZtP8sQmFPTaO9TLwDe9KHA==
expires
Thu, 31 Dec 2037 23:55:55 GMT
backbone.min.js
jfrog.com/wp-includes/js/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-includes/js/backbone.min.js?ver=1.4.0
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
bfa9441fac08fbebcfc65e202a788744aab8e4b1f634eaaf800256dce5012813

Request headers

Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
DPR
1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Viewport-Width
1600

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:33:02 GMT
age
73130
etag
W/"6194f67e-5d0a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
erO17e2oZGKtPO-J6C330IsLmEcm6qeHUOLggkym_XdRi6Ty0mfCdQ==
expires
Thu, 31 Dec 2037 23:55:55 GMT
api-request.min.js
jfrog.com/wp-includes/js/ 		1 KB
983 B 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-includes/js/api-request.min.js?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
243d0318292081b26db69dad7403b07a4f8c302076bad5ff2f51ce135e19390e

Request headers

Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
DPR
1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Viewport-Width
1600

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:28:37 GMT
age
73130
etag
W/"6194f575-401"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
u-JZqA75MjoHUla4mbSFwdoJh_09BWWynEtH5Jwx3NZQ5qd5SvhNnQ==
expires
Thu, 31 Dec 2037 23:55:55 GMT
wp-api.min.js
jfrog.com/wp-includes/js/ 		14 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-includes/js/wp-api.min.js?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
bdd9517fdb9df0b1631029d96536adb3a35cbdef273de0e877411c47af444f90

Request headers

Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
DPR
1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Viewport-Width
1600

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:33:03 GMT
age
73130
etag
W/"6194f67f-395f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
Z0NrWUSPiWssmR6hEmBQQXTXjvMrI7CzyTSJo4hv6DSejw87D0kzww==
expires
Thu, 31 Dec 2037 23:55:55 GMT
vendor~main~pages.chunk.3b00837ff00b32580555.js
jfrog.com/wp-content/themes/jfrog.com/dist/ 		340 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~main~pages.chunk.3b00837ff00b32580555.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
230c90309b04f1769f06162f165b7b6e995c3dc963184d12d7651e95ea034dce

Request headers

Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
DPR
1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Viewport-Width
1600

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Thu, 21 Oct 2021 07:43:50 GMT
age
73130
etag
W/"61711a36-550e3"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
eGMBQbNvsKehLn_YCYuft0mYLAPAaEVR7j0wGjJTD42shQ1cisH4kg==
expires
Thu, 31 Dec 2037 23:55:55 GMT
pages.bundle.ebe077a12670ebd124c0.js
jfrog.com/wp-content/themes/jfrog.com/dist/ 		372 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.ebe077a12670ebd124c0.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
d7af2e30f08a166fe6cbd0696bef8d59cd2c7b707199cb19d758421aba9aeab3

Request headers

Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
DPR
1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Viewport-Width
1600

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:34:58 GMT
age
73130
etag
W/"6194f6f2-5d139"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
Lj9-nri3nTHCI3hNoyzutNwpRg1j3SymTBWTr8ipEf3OUyUZnOOe8g==
expires
Thu, 31 Dec 2037 23:55:55 GMT
vendor~pages.chunk.60ce83c02bae3a380a6e.js
jfrog.com/wp-content/themes/jfrog.com/dist/ 		122 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~pages.chunk.60ce83c02bae3a380a6e.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
0660f199cc3d8d5a4126a252f3ea5de5a7083c1b03b699a580c7067514f22c34

Request headers

Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
DPR
1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Viewport-Width
1600

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Mon, 01 Nov 2021 13:12:32 GMT
age
73130
etag
W/"617fe7c0-1e915"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
F4giN-WZqSi1sxfHYbSiO0gmFM4NxPzJJmF_3_pWqB6h5_jdpz1asA==
expires
Thu, 31 Dec 2037 23:55:55 GMT
wp-embed.min.js
jfrog.com/wp-includes/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-includes/js/wp-embed.min.js?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
DPR
1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Viewport-Width
1600

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:33:03 GMT
age
73130
etag
W/"6194f67f-592"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
pLL5DEcVPptAsscH0D1DGthJr7FRz9J-94YRcjv6448cVDYt_MZarw==
expires
Thu, 31 Dec 2037 23:55:55 GMT
mxw_1650,f_auto
speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/07/29141240/background.png/ 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/07/29141240/background.png/mxw_1650,f_auto
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-122.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
07812baa0e9b7a86675ea47f0a918a948dbfac2fc20b963478c928755cc0145f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 20 Oct 2021 16:13:01 GMT
via
1.1 04ce5a607a98db6d08257633417b84d7.cloudfront.net (CloudFront)
last-modified
Thu, 29 Jul 2021 12:14:20 GMT
server
AmazonS3
age
2592412
etag
"6672fe5fac391ee18012c21f4108ca8c"
x-cache
Hit from cloudfront
content-type
image/avif
x-amz-storage-class
STANDARD_IA
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
25082
x-amz-cf-id
wWe7WFTcjZi9TmVAKxzGXK29XZylRLnM4dil9MyxR8T-z3tdx-KgbA==
OpenSans-SemiBold.woff2
jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/ 		45 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/OpenSans-SemiBold.woff2
Requested by
Host: jfrog.com
URL: https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.90f02a46994e2f414f57.css?ver=5.7.2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
7a32484e166e1337fbb0cf4f4262bb385ed9081f1ac20f9efe39e8e50490367a

Request headers

Referer
https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.90f02a46994e2f414f57.css?ver=5.7.2
Origin
https://jfrog.com
DPR
1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Viewport-Width
1600

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
last-modified
Wed, 17 Nov 2021 12:33:02 GMT
age
73130
etag
"6194f67e-b5f0"
x-cache
Hit from cloudfront
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
46576
x-amz-cf-id
N-UV4lZPhrVIjxw82_hXJdtu0AUE7pHF31jjwDObNicG7SmOUsb9NA==
expires
Thu, 31 Dec 2037 23:55:55 GMT
OpenSans-Italic.woff2
jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/ 		42 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/OpenSans-Italic.woff2
Requested by
Host: jfrog.com
URL: https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.90f02a46994e2f414f57.css?ver=5.7.2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
54fef01d833f38c14a69a3cb14792e03ad94812ef180ee5e10a83bcf2d62cde3

Request headers

Referer
https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.90f02a46994e2f414f57.css?ver=5.7.2
Origin
https://jfrog.com
DPR
1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Viewport-Width
1600

Response headers

date
Thu, 18 Nov 2021 20:00:49 GMT
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
last-modified
Wed, 17 Nov 2021 12:28:36 GMT
age
73143
etag
"6194f574-a614"
x-cache
Hit from cloudfront
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
42516
x-amz-cf-id
_M7iZzhW7-qSeGfvu1VRb2g4QlGYxkEOP7UtFzZJvEpbxthAHaWTjA==
expires
Thu, 31 Dec 2037 23:55:55 GMT
mxw_96,f_auto
speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2017/12/20133032/Jfrog-Logo.svg/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2017/12/20133032/Jfrog-Logo.svg/mxw_96,f_auto
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-122.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6a724739bf4b2902e98cde920bfcd3207556da6917252c76d142438fb119014c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 30 Aug 2021 16:41:36 GMT
content-encoding
br
last-modified
Tue, 24 Aug 2021 12:37:21 GMT
server
AmazonS3
age
6997097
etag
W/"193def2154a370af95a8ba5a3e53acfa"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
x-amz-storage-class
STANDARD_IA
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
iHeg9BDesXzqXESWSLcwPf4dIhHLldPYzfNi-sUlidBF0LRhURcPNQ==
via
1.1 04ce5a607a98db6d08257633417b84d7.cloudfront.net (CloudFront)
mxw_1024,f_auto
speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/11/01161038/PyPI-Malware-Round-2-863x300-1.png/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/11/01161038/PyPI-Malware-Round-2-863x300-1.png/mxw_1024,f_auto
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-122.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1c162f4bd025ac9bdc657566d7190108436ecd710149635a89484be564627924

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 03:09:19 GMT
via
1.1 04ce5a607a98db6d08257633417b84d7.cloudfront.net (CloudFront)
last-modified
Mon, 01 Nov 2021 14:45:00 GMT
server
AmazonS3
age
47434
etag
"3ac31ad3484d1084e57c459a3b4be74d"
x-cache
Hit from cloudfront
content-type
image/avif
x-amz-storage-class
STANDARD_IA
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
6801
x-amz-cf-id
XSyS2d5FwSayKYiQJinpLStZUCF1ce_P4y-CfPHJfRckCJy-sCmWSA==
mxw_1600,f_auto
speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/11/01161309/1_outgoing-encrypted-request.png/ 		46 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/11/01161309/1_outgoing-encrypted-request.png/mxw_1600,f_auto
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-122.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6a4763315fcb0009747d48dd80b0f4d7bd0a9956e8ee4141f52adb4bf82a24a4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 03:09:21 GMT
via
1.1 04ce5a607a98db6d08257633417b84d7.cloudfront.net (CloudFront)
last-modified
Mon, 01 Nov 2021 21:19:25 GMT
server
AmazonS3
age
47432
etag
"53f612ce49b18b27032a912bdcbbd0dd"
x-cache
Hit from cloudfront
content-type
image/webp
x-amz-storage-class
STANDARD_IA
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
47326
x-amz-cf-id
J1X4g0ytXoI7CESvgDBODUe4lqyn0vnc2GTGRYc0wLYgUSh_kFwjqA==
mxw_1024,f_auto
speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/11/01161354/2_backend-server-unencrypted-request-1024x262.png/ 		87 KB
87 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/11/01161354/2_backend-server-unencrypted-request-1024x262.png/mxw_1024,f_auto
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-122.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
df60c97d425292c5c0d019af88c1ddcefa8dc08424be1b9c7cd5b45d092a878a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 03:09:21 GMT
via
1.1 04ce5a607a98db6d08257633417b84d7.cloudfront.net (CloudFront)
last-modified
Mon, 01 Nov 2021 14:47:44 GMT
server
AmazonS3
age
47432
etag
"5c3cfeee8ff4429e88ffc75cbf53af76"
x-cache
Hit from cloudfront
content-type
image/webp
x-amz-storage-class
STANDARD_IA
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
89050
x-amz-cf-id
5md0r5MW0medwLr2ioWaXSD1UR78jj4zjvyHCPAdGlQ4t1_BSFQRqQ==
mxw_828,f_auto
speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/11/01161423/3_abusing-CDN-TLS-termination-for-data-exfiltration-1024x429.jpg/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/11/01161423/3_abusing-CDN-TLS-termination-for-data-exfiltration-1024x429.jpg/mxw_828,f_auto
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-122.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6d207fca17c761b8cd9e4c98126599ae3f6d6171a62858040e9bf6b03d1c18f1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 03:09:22 GMT
via
1.1 04ce5a607a98db6d08257633417b84d7.cloudfront.net (CloudFront)
last-modified
Mon, 01 Nov 2021 14:50:10 GMT
server
AmazonS3
age
47431
etag
"c526e0d51dc083a943c0be4a99fcdf43"
x-cache
Hit from cloudfront
content-type
image/avif
x-amz-storage-class
STANDARD_IA
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
4953
x-amz-cf-id
sZ22tFgOVa1kZ7y-krjxYhzqpqWavnnGuTtCgQQl4TW6num4gdWAWQ==
/
jfrog.com/wp-json/wp/v2/ 		146 B
362 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-json/wp/v2/
Requested by
Host: jfrog.com
URL: https://jfrog.com/wp-content/themes/jfrog.com/assets/scripts/jquery-3.5.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
X-Requested-With
XMLHttpRequest
DPR
1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Viewport-Width
1600

Response headers

date
Fri, 19 Nov 2021 16:19:52 GMT
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
vary
Accept-Encoding
x-cache
Error from cloudfront
content-type
text/html
content-encoding
gzip
x-amz-cf-id
dowL-rxj6eI5zvEyx4UjfiHCmXiD2dMemuDY4VkKknn_up_tQ5_1wQ==
vendor~main~pages.chunk.3b00837ff00b32580555.js
jfrog.com/wp-content/themes/jfrog.com/dist/ 		340 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~main~pages.chunk.3b00837ff00b32580555.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
230c90309b04f1769f06162f165b7b6e995c3dc963184d12d7651e95ea034dce

Request headers

Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
DPR
1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Viewport-Width
1600

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Thu, 21 Oct 2021 07:43:50 GMT
age
73130
etag
W/"61711a36-550e3"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
PZp5QAS3YUZBdxCq3J9mzaHTiYbfBi-o1AqsJhi3kATN5yB3x13yIA==
expires
Thu, 31 Dec 2037 23:55:55 GMT
cbd64522-1c3a-4e9c-9145-20c9153c9334
https://jfrog.com/ 		1 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://jfrog.com/cbd64522-1c3a-4e9c-9145-20c9153c9334
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ac579e6cad7128feaa094d35b01467ed849615ae2cf675ef24fae055a19f5621

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Length
1108
wzbody.js
sec.webeyez.com/js/wDv55PKmTtpCTH14WWzDXw2yJ3Gz/ 		114 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sec.webeyez.com/js/wDv55PKmTtpCTH14WWzDXw2yJ3Gz/wzbody.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:2200:1:a64e:d7c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
d718b77204326f8de5c33a9639060fad03ea63c9fc4eb8c3b0917e24f208585c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 17:29:42 GMT
via
1.1 d6b9c7bad28b271f1e800a50d49ab8a4.cloudfront.net (CloudFront)
age
82210
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public, max-age=900
x-amz-cf-pop
FRA2-C2
content-encoding
gzip
content-length
26887
x-amz-cf-id
InX7swZGHtLmy9qSAmaHEhc7kjZHGQAg57qCMIYovVuMtRU-OHDJ7Q==
expires
Thu, 18 Nov 2021 17:29:43 GMT
api.js
www.google.com/recaptcha/ 		910 B
994 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?onload=CaptchaCallback&render=explicit&ver=5.5.1
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
af893638a2d983d9d79b699ab8ae2f7f507a67c4bca1911b9a377a7c6f44a2e9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:19:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
581
x-xss-protection
1; mode=block
expires
Fri, 19 Nov 2021 16:19:52 GMT
ct
en.rageagainstthesoap.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://en.rageagainstthesoap.com/ct?id=11825&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1637338792314&hl=2&op=0&ag=3581699936&rand=83082605117092958151011138106206045086082119952978252100185174266721&fs=1600x1200&fst=1600x1200&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDQ2MTVdLFsiY2IiLCIwLDAsMCwwLDEsMCwwLDAsMCwxLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAiXSxbLTEsIi0iXSxbLTIsIi0iXSxbLTMsIltcImludGVybmFsLXBkZi12aWV3ZXJcIixcIm1oamZibWRnY2ZqYmJwYWVvam9mb2hvZWZnaWVoamFpXCIsXCJpbnRlcm5hbC1uYWNsLXBsdWdpblwiXSJdLFstNCwiLSJdLFstNSwiLSJdLFstNiwie1wid1wiOltcIjBcIixcImNocm9tZVwiLFwiaW5pdEdUTU9uRXZlbnRcIixcImluaXRHVE1cIixcIkxvYWREcmlmdFdpZGdldFwiLFwiaW5pdERyaWZ0T25FdmVudFwiLFwiaW5pdERyaWZ0XCIsXCJhbGdvbGlhXCIsXCJpc01vYmlsZVwiLFwiJFwiLFwialF1ZXJ5XCIsXCJfXCIsXCJCYWNrYm9uZVwiLFwid3BBcGlTZXR0aW5nc1wiLFwid3BcIixcImpmcm9nX2dlbmVyYWxcIixcIndlYnBhY2tKc29ucFwiLFwiX19jdGNnX2N0XzExODI1X2V4ZWNcIl0sXCJuXCI6W10sXCJkXCI6W119Il0sWy03LCItIl0sWy04LCItIl0sWy05LCIrIl0sWy0xMCwiLSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcImRlc2NyaXB0aW9uXCIsXCJvZzp0aXRsZVwiLFwib2c6ZGVzY3JpcHRpb25cIl19Il0sWy0xMiwibnVsbCJdLFstMTMsIi0iXSxbLTE0LCItIl0sWy0xNSwiLSJdLFstMTYsIjAiXSxbLTE3LCI0Il0sWy0xOCwiWzAsMCwwLDFdIl0sWy0xOSwiWzAsMCwwLDAsMCwwLDEsMjQsMjQsXCItXCIsMTYwMCwxMjAwLDE2MDAsMTIwMCwxNjAwLDEyMDAsMTYwMCwxMjAwLDAsMCwwLDAsXCItXCIsXCItXCJdIl0sWy0yMCwiLSJdLFstMjEsIi0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy0yMywiKyJdLFstMjQsIltdIl0sWy0yNSwiLSJdLFstMjYsIntcInRqaHNcIjoxMDAwMDAwMCxcInVqaHNcIjoxMDAwMDAwMCxcImpoc2xcIjozNzYwMDAwMDAwfSJdLFstMjcsIlswLDkuNCwwLFwiNGdcIixudWxsXSJdLFstMjgsImVuLVVTIl0sWy0yOSwiLSJdLFstMzAsIltcInZcIiwwXSJdLFstMzEsImZhbHNlIl0sWy0zMiwiMCJdLFstMzMsIi0iXSxbLTM0LCItIl0sWy0zNSwiWzE2MzczMzg3OTIyMjYsMF0iXSxbLTM2LCJbXCI0LzNcIixcIjQvM1wiXSJdLFstMzcsIi0xNDQtNjYtMTgwLSJdLFstMzgsImwsLTEsLTEsMCwwLDIsMCw5LDE4LDIwLC0xLDAsLCwyNTIsMjUyIl0sWy0zOSwiW1wiMjAwMzAxMDdcIiwwLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsbnVsbCxudWxsLHRydWUsOCxmYWxzZSxudWxsLDBdIl0sWy00MCwiMzMiXSxbLTQxLCItIl0sWy00MiwiMTcyNDI5NzY1MyJdLFstNDMsIjAwMDAwMDAxMDEwMDAwMDEwMDExMTAxMTAwIl0sWy00NCwiMCwwLDAsNSJdLFstNDUsIi0iXSxbLTQ2LCIwIl0sWy00NywiRXRjL1Vua25vd24sZW4tVVMsbGF0bixncmVnb3J5Il0sWy00OCwiMCwwIl0sWy00OSwiLSJdLFstNTAsIi0iXSxbLTUxLCItIl0sWyJkZGIiLCIwLDAsMCwwLDAsMSwwLDAsMCwxLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwxLDAsMCwwLDAsMCwxLDEsMCwwLDYsMCwxLDAsMCJdLFsiYm5jaCIsMTldLFsiYXdnbCIsIntcImN0eFwiOlwid2ViZ2xcIixcInZcIjpcImdvb2dsZSBpbmMuIChnb29nbGUpXCIsXCJyXCI6XCJhbmdsZSAoZ29vZ2xlLCB2dWxrYW4gMS4yLjAgKHN3aWZ0c2hhZGVyIGRldmljZSAoc3ViemVybykgKDB4MDAwMGMwZGUpKSwgc3dpZnRzaGFkZXIgZHJpdmVyLTUuMC4wKVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMCAob3BlbmdsIGVzIGdsc2wgZXMgMS4wIGNocm9taXVtKVwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wIChvcGVuZ2wgZXMgMi4wIGNocm9taXVtKVwiLFwiZ3ZlblwiOlwid2Via2l0XCIsXCJiZW5cIjo3LFwid2dsXCI6MCxcImdyZW5cIjpcIndlYmtpdCB3ZWJnbFwiLFwiYWJlblwiOjc2fSJdLFsiYWJuY2giLDk2XV0%3D&dep=0&pre=0&sdd=%7B%7D&cri=bxKVjsVs3A&pto=340&ver=42&gac=-&mei=&ap=&duid=1.1637338792.3ju8FqeC43weCH1J&suid=1.1637338792.dKMKq9tjhgcCazv0&tuid=1.1637338792.eg0Sjs9SP2csLYBG&fbc=-&gtm=W10%3D&it=46%2C63%2C58&fbcl=-&gacl=-&gacsd=-
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
173b53f6edccd7f81bd3b482574866f4a5b813c8ec6b7279a5442e0d7f48053f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:52 GMT
content-encoding
gzip
content-type
text/javascript
cache-control
no-cache, no-store, must-revalidate
cheq_headers_order
Content-Type Cache-Control Pragma Expires Set-Cookie Content-Length Content-Encoding Date Connection
content-length
1419
expires
Fri, 01 Jan 1990 00:00:00 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/ 		347 KB
136 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/recaptcha__de.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0a56234241a7dd6d1f2a13b3d521d260c999c9bf50e97f255859649775eec6ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Origin
https://jfrog.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:16:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
230
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
138691
x-xss-protection
0
last-modified
Mon, 15 Nov 2021 05:04:02 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Sat, 19 Nov 2022 16:16:02 GMT
anchor
www.google.com/recaptcha/api2/ Frame CBB9 		40 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcL7jYUAAAAAHrAxlQ-iqYhcgQ_kWY5fgfKZs-u&co=aHR0cHM6Ly9qZnJvZy5jb206NDQz&hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&cb=be86cvrg004n
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
2352861533651f10316e3f79ba9832ff09a2a062dd5f7be1f3fd1258c3082cd9
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-4GWXK8xX39VK+2aPRFLzxQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Fri, 19 Nov 2021 16:19:52 GMT
content-security-policy
script-src 'report-sample' 'nonce-4GWXK8xX39VK+2aPRFLzxQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
21092
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
styles__ltr.css
www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/ Frame CBB9 		51 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcL7jYUAAAAAHrAxlQ-iqYhcgQ_kWY5fgfKZs-u&co=aHR0cHM6Ly9qZnJvZy5jb206NDQz&hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&cb=be86cvrg004n
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
509bf9e83d3ca5add614196c02c8e0ce59731d3d1a10552c944b74d86019d866
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 01:53:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
51964
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24065
x-xss-protection
0
last-modified
Mon, 15 Nov 2021 05:04:02 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Sat, 19 Nov 2022 01:53:48 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/ Frame CBB9 		347 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcL7jYUAAAAAHrAxlQ-iqYhcgQ_kWY5fgfKZs-u&co=aHR0cHM6Ly9qZnJvZy5jb206NDQz&hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&cb=be86cvrg004n
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0a56234241a7dd6d1f2a13b3d521d260c999c9bf50e97f255859649775eec6ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:16:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
230
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
138691
x-xss-protection
0
last-modified
Mon, 15 Nov 2021 05:04:02 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Sat, 19 Nov 2022 16:16:02 GMT
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame CBB9 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/logo_48.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 03:05:30 GMT
x-content-type-options
nosniff
age
220462
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2228
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Wed, 24 Nov 2021 03:05:30 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame CBB9 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcL7jYUAAAAAHrAxlQ-iqYhcgQ_kWY5fgfKZs-u&co=aHR0cHM6Ly9qZnJvZy5jb206NDQz&hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&cb=be86cvrg004n
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:06:41 GMT
x-content-type-options
nosniff
age
256391
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 16 Nov 2022 17:06:41 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame CBB9 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcL7jYUAAAAAHrAxlQ-iqYhcgQ_kWY5fgfKZs-u&co=aHR0cHM6Ly9qZnJvZy5jb206NDQz&hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&cb=be86cvrg004n
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 14:17:54 GMT
x-content-type-options
nosniff
age
266518
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 16 Nov 2022 14:17:54 GMT
webworker.js
www.google.com/recaptcha/api2/ Frame CBB9 		102 B
134 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcL7jYUAAAAAHrAxlQ-iqYhcgQ_kWY5fgfKZs-u&co=aHR0cHM6Ly9qZnJvZy5jb206NDQz&hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&cb=be86cvrg004n
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
23d4875896a0991fa45cd27b4935dc479b16e1a0774d10cf2d7ccc5406ef2764
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcL7jYUAAAAAHrAxlQ-iqYhcgQ_kWY5fgfKZs-u&co=aHR0cHM6Ly9qZnJvZy5jb206NDQz&hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&size=invisible&cb=be86cvrg004n
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:19:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
cross-origin-embedder-policy
require-corp
x-frame-options
SAMEORIGIN
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112
x-xss-protection
1; mode=block
expires
Fri, 19 Nov 2021 16:19:52 GMT
bframe
www.google.com/recaptcha/api2/ Frame E894 		7 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&k=6LcL7jYUAAAAAHrAxlQ-iqYhcgQ_kWY5fgfKZs-u
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a8d79113241a5676e8d398190c461151b7ba2b11ae30711225f960a0ceac13ca
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-fMfgg8O9j+WN28Iz6U76TA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Fri, 19 Nov 2021 16:19:52 GMT
content-security-policy
script-src 'report-sample' 'nonce-fMfgg8O9j+WN28Iz6U76TA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
1112
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
fbevents.js
connect.facebook.net/en_US/ 		98 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
25965
x-xss-protection
0
pragma
public
x-fb-debug
1byzwqIcuC4s2AKNWlyri4pUqlRoq1bmeAh2Ot4qpYJOK4v3/j+pSEnLvpzQ49chtcguCYwANaPKxXKIR5KJKw==
x-fb-trip-id
686109401
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Fri, 19 Nov 2021 16:19:52 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
js
www.googletagmanager.com/gtag/ Frame 5B58 		97 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-982905749
Requested by
Host: d.rageagainstthesoap.com
URL: https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d862c29df6fdd9419d27afa23f4588cc3e47812865eb0bbcbc5a140ab15d3f71
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:19:52 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39545
x-xss-protection
0
last-modified
Fri, 19 Nov 2021 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 19 Nov 2021 16:19:52 GMT
/
jfrog.com/invalidppc/ Frame E58E 		146 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/invalidppc/
Requested by
Host: d.rageagainstthesoap.com
URL: https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
2feaece00c0e978ea55b04cd2f26c2763f7a8adb66702c880bb358ba8a5ef89c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/

Response headers

content-type
text/html; charset=UTF-8
date
Fri, 19 Nov 2021 04:48:08 GMT
access-control-allow-origin
https://jfrog.com
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/;
etag
W/"ee81c8e73d1830e39d166c626f574e9d8e621c45"
last-modified
Wed, 27 Oct 2021 07:13:53 GMT
expires
Fri, 26 Nov 2021 04:48:08 GMT
cache-control
public, max-age=604800
pragma
public
link
<https://jfrog.com/wp-json/>; rel="https://api.w.org/" <https://jfrog.com/wp-json/wp/v2/pages/82184>; rel="alternate"; type="application/json" <https://jfrog.com/?p=82184>; rel=shortlink
content-encoding
gzip
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
_HOqLdi_4wurfmzNxrWIqOMldSBGFF7IqDKUspmUHh_nzk8fPi158A==
age
41504
tc_imp.gif
en.rageagainstthesoap.com/tracker/ 		43 B
135 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://en.rageagainstthesoap.com/tracker/tc_imp.gif?e=37dfbd8ee84e001369e9c436e240839f9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5f10856f2217071a10acf9f29f671b848388552d6b4df779730d8433d762c30d640c71c707065a30520acebd381a77be26bb25cb43e2913bf05365ac5c7e721bda53ef40f497d7df3bbb2805ff2fcaa8556d8e0e3143714493d60264f460b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c4b92177af998ffe4198b6dec06c213f85e162ae7d133722b325f817c99ec59b058609fc6e359143e3dd385293e88864c06513c157a77bb9e70392652b48d1c2ad7f4ec3ee3b8192d4079b4afa38a9869badbd85ef55299485d339bb9d8ece93193dbfc68912112c3bb9c6d0a1ce5353dabc11237eb8bfa218f03f842b38c11914bcc9d29c66e379f9820dd3193d2faef9db1b60b20f127b3a7e86c1368aed971c8f006f3064c1ec8070cc78f8684c0f18a7dc824dd9bf89a63f8767638cb77289a81925e209fe37ca017e4854a8738be76474753ca79ad16cecce169a8843cc317e6c0d7d7288254506af31113497a4270d1bc60a24ed9c0c832a29f6ff19b3fcd85a4be33cfb6e01f3e2dc6a94e43d8a6045642acbdb260b828c9f856fd945ba060b2638759d508c5ed6dd51023f8bcd033696a22417f494e1db8f3907e815aa54f5c1071adf54b9fd84b1ee2aa81ebfa3595bca0a5d9a6bdfb59112ee755d1e72a32da163b5fae374f7b7eeb69b3644f90989d3adf3e935cdfb926dfa51f85694d7d3208171280c3e4d22078579c044690dbc5b8b1c94f1898b0bc618bc9737fc4cf113a69e58cdf5623da3b970bda43b72d9100dad612feb935e19880d591457cecba7e6bf437f3feb4a851c91f4c177f86745113f4fa0b9de606cb879ace57ca84843b093e45a069d078d114bbc533ce65105210703b7ff3469cc5760ced7dcab5f42bd8c94e8b7770a716752e81bd860a39b432fced70d854727c23ce4c3e9ebd95289d4534f1e80fb3869e86c030860206794cac203758cac1501fef71&cri=bxKVjsVs3A&ts=358&cb=1637338792672
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:52 GMT
cache-control
no-cache, no-store, must-revalidate
cheq_headers_order
Cache-Control Pragma Expires Content-Type Date Connection Content-Length
content-type
image/gif
content-length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT
styles__ltr.css
www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/ Frame E894 		51 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&k=6LcL7jYUAAAAAHrAxlQ-iqYhcgQ_kWY5fgfKZs-u
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
509bf9e83d3ca5add614196c02c8e0ce59731d3d1a10552c944b74d86019d866
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 01:53:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
51964
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24065
x-xss-protection
0
last-modified
Mon, 15 Nov 2021 05:04:02 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Sat, 19 Nov 2022 01:53:48 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/ Frame E894 		347 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&k=6LcL7jYUAAAAAHrAxlQ-iqYhcgQ_kWY5fgfKZs-u
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0a56234241a7dd6d1f2a13b3d521d260c999c9bf50e97f255859649775eec6ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:16:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
230
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
138691
x-xss-protection
0
last-modified
Mon, 15 Nov 2021 05:04:02 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Sat, 19 Nov 2022 16:16:02 GMT
clicktrue_invocation.js
d.rageagainstthesoap.com/ Frame E58E 		71 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:1600:7:4902:e200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
b6d3032c62e0b6be92ce37e7b95e04320c012fdbc139d164f8cec5bed220fe76

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 07:13:58 GMT
content-encoding
gzip
cheq_headers_order
Content-Type Cache-Control Expires Etag Content-Length Content-Encoding Date Connection
age
32852
etag
"11d79-BXMjne5KrqT2B/Ft+3jbob6HVLo"
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
via
1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
cache-control
max-age=43200
x-amz-cf-pop
FRA2-C2
content-length
26470
x-amz-cf-id
6IKKuOOVqNsUjLJ8Z76jMQ8EEUnjj8oKYxN5Rc-ApXKcf6QiSdTgIw==
expires
Fri, 19 Nov 2021 19:12:20 GMT
styles.css
jfrog.com/wp-content/plugins/better-click-to-tweet/assets/css/ Frame E58E 		2 KB
983 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/plugins/better-click-to-tweet/assets/css/styles.css?ver=3.0
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
ac588a22069fd96f7979ef0eb66728f0c45d9594c49bea515afe79d229591cdd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:01 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:28:36 GMT
age
73130
etag
W/"6194f574-809"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
GTYOU1qW3XAXVjxJ9JgwHPEfQwl5cjTPl4tjiIgKr-8wh8nyrkF5tA==
expires
Thu, 31 Dec 2037 23:55:55 GMT
default.min.css
jfrog.com/wp-content/plugins/tablepress/css/ Frame E58E 		5 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/plugins/tablepress/css/default.min.css?ver=1.12
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:33:02 GMT
age
73130
etag
W/"6194f67e-13e4"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
TOhzsnHFqGt_EL8Ia55o2-xJSpf8D9xjAZzJ3KQ9_iJC8f0pnZJDMg==
expires
Thu, 31 Dec 2037 23:55:55 GMT
vendor~main~pages.chunk.2b929294162109572d74.css
jfrog.com/wp-content/themes/jfrog.com/dist/ Frame E58E 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~main~pages.chunk.2b929294162109572d74.css?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
3b1841149421a8ed1d6a26126f7779aa0d709d92d75e9a1d74493727889b3a2a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Sun, 14 Nov 2021 09:29:40 GMT
age
73130
etag
W/"6190d704-d29"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
0cv27MXgLlqHC8yDVnssHyZn9b8xCGwxTtbIKOvMpCMR4JZLAF4udA==
expires
Thu, 31 Dec 2037 23:55:55 GMT
pages.bundle.90f02a46994e2f414f57.css
jfrog.com/wp-content/themes/jfrog.com/dist/ Frame E58E 		1 MB
160 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.90f02a46994e2f414f57.css?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
66442d3f2286711fafe6324fcc0ee84821381b09820f8174c23f57e13041b7d6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:34:58 GMT
age
73130
etag
W/"6194f6f2-12fe02"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
F1PrBtUI34GNXS5uFzaHXUwhklyLZnVrTyi16JdUq_gmYVeSmisMzQ==
expires
Thu, 31 Dec 2037 23:55:55 GMT
vendor~pages.chunk.71b15ed2ddead51d65ba.css
jfrog.com/wp-content/themes/jfrog.com/dist/ Frame E58E 		28 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~pages.chunk.71b15ed2ddead51d65ba.css?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
18f60ee36fca3f25c02cbc3d6db022d5c2af96e9b01bea3a3c4486753916ed20

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Thu, 21 Oct 2021 07:39:26 GMT
age
73130
etag
W/"6171192e-7139"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
gJMmGEh7vSv5h8O6y06A7YNMWZ1CXp256hTq54mHzL6OwgNtV15BqQ==
expires
Thu, 31 Dec 2037 23:55:55 GMT
flag-icon.css
jfrog.com/wp-content/themes/jfrog.com/node_modules/flag-icon-css/css/ Frame E58E 		37 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/node_modules/flag-icon-css/css/flag-icon.css?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
f4c6d858f9444d1603c69ae3416514024894e89b50698d44bacb71416750c219

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Thu, 16 Nov 2017 15:45:52 GMT
age
73130
etag
W/"5a0db2b0-93d8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
BVvyUnI_zi-n9XjhL1Uee2clQhdCF_Byux6CEFHMl6IN_WFAmrPCIg==
expires
Thu, 31 Dec 2037 23:55:55 GMT
bebasneue-webfont.woff2
jfrog.com/wp-content/themes/jfrog.com/assets/fonts/bebasneue/ Frame E58E 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/bebasneue/bebasneue-webfont.woff2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
f25af0023f3898c94965f07dd066692f6541970ca482b9fc8631225676531bc0

Request headers

Referer
https://jfrog.com/invalidppc/
Origin
https://jfrog.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
last-modified
Wed, 17 Nov 2021 12:33:02 GMT
age
73130
etag
"6194f67e-3d48"
x-cache
Hit from cloudfront
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
15688
x-amz-cf-id
rVromRb0lBPxwLssW8qmhpQIirzkNW_jDc6IWioLcVeuNwoXFODHTw==
expires
Thu, 31 Dec 2037 23:55:55 GMT
FontAwesome.woff2
jfrog.com/wp-content/themes/jfrog.com/assets/fonts/jfrogfontawesome/ Frame E58E 		4 KB
5 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/jfrogfontawesome/FontAwesome.woff2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
df740a8ffe6449fe8b5404a650078723908ea9b95403dd0327983ce26b6fd7ba

Request headers

Referer
https://jfrog.com/invalidppc/
Origin
https://jfrog.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
last-modified
Wed, 17 Nov 2021 12:28:36 GMT
age
73130
etag
"6194f574-115c"
x-cache
Hit from cloudfront
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
4444
x-amz-cf-id
Kc2cGiQEPu2xfh8F6Z1sPxmZQv_r1sgB-TMOE_aZI11HIHTyAfAojg==
expires
Thu, 31 Dec 2037 23:55:55 GMT
OpenSans-Bold.woff2
jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/ Frame E58E 		45 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/OpenSans-Bold.woff2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
46b518780343f2262e168bea5146d1ff30a6253191cc61b486657c76a58fb2bb

Request headers

Referer
https://jfrog.com/invalidppc/
Origin
https://jfrog.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
last-modified
Wed, 17 Nov 2021 12:33:02 GMT
age
73130
etag
"6194f67e-b57c"
x-cache
Hit from cloudfront
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
46460
x-amz-cf-id
bh6cvSrH1HWnvU9nce_Eq1tqDW3lwFltgbqFWWq4DYiyQe7GyR49Iw==
expires
Thu, 31 Dec 2037 23:55:55 GMT
OpenSans-Regular.woff2
jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/ Frame E58E 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/OpenSans-Regular.woff2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
408fe165dff48eb2f8cb3a2fcbc1dd92b94d56b4ab11813be55c776871c691cf

Request headers

Referer
https://jfrog.com/invalidppc/
Origin
https://jfrog.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
last-modified
Wed, 17 Nov 2021 12:28:36 GMT
age
73130
etag
"6194f574-ae68"
x-cache
Hit from cloudfront
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
44648
x-amz-cf-id
1MFZTcW07PTNHC_nNDKJEno38Vy_NZkepDjVn1PjC1-xOsoaDL3CJA==
expires
Thu, 31 Dec 2037 23:55:55 GMT
Jfrog-Logo.svg
media.jfrog.com/wp-content/uploads/2017/12/20133032/ Frame E58E 		0
0
lang-world-icon.svg
media.jfrog.com/wp-content/uploads/2020/12/14151329/ Frame E58E 		0
0
lang-down-arrow.svg
media.jfrog.com/wp-content/uploads/2020/12/14151328/ Frame E58E 		0
0
lang-checkmark.svg
media.jfrog.com/wp-content/uploads/2020/12/14151326/ Frame E58E 		0
0
optimize.js
www.googleoptimize.com/ Frame E58E 		87 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleoptimize.com/optimize.js?id=GTM-MDG4GXG
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b6952942ef78709c920598a68813d80b4b9d9cba80d772e0d16ff3789f53ed7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:19:52 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34859
x-xss-protection
0
last-modified
Fri, 19 Nov 2021 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 19 Nov 2021 16:19:52 GMT
icon-artifactory-1.png
media.jfrog.com/wp-content/uploads/2017/08/20132433/ Frame E58E 		0
0
icon_jfrog-pipeline.png
media.jfrog.com/wp-content/uploads/2017/08/20130739/ Frame E58E 		0
0
jcr40PX-1.png
media.jfrog.com/wp-content/uploads/2017/08/20130019/ Frame E58E 		0
0
icon-xray.png
media.jfrog.com/wp-content/uploads/2017/08/20132432/ Frame E58E 		0
0
icon-bintray_40x40.png
media.jfrog.com/wp-content/uploads/2017/08/20132433/ Frame E58E 		0
0
close.png
media.jfrog.com/wp-content/uploads/2019/12/20130026/ Frame E58E 		0
0
frog-hand-green.png
media.jfrog.com/wp-content/uploads/2019/10/20130240/ Frame E58E 		0
0
flag_us.png
media.jfrog.com/wp-content/uploads/2020/01/20125954/ Frame E58E 		0
0
jfrog-logo.svg
media.jfrog.com/wp-content/uploads/2019/12/20130011/ Frame E58E 		0
0
flag_chinese.png
media.jfrog.com/wp-content/uploads/2020/01/20125954/ Frame E58E 		0
0
vdoo-popup_jfrog-logo.png
media.jfrog.com/wp-content/uploads/2021/09/13130230/ Frame E58E 		0
0
vdoo-popup_graphic.png
media.jfrog.com/wp-content/uploads/2021/09/13130228/ Frame E58E 		0
0
jquery-3.5.1.min.js
jfrog.com/wp-content/themes/jfrog.com/assets/scripts/ Frame E58E 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/assets/scripts/jquery-3.5.1.min.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:33:02 GMT
age
73130
etag
W/"6194f67e-15d84"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
FSnUmWe8el6V0skAVk9_o4tK0n55N1bsFxVjk8cDGV-q3UWdwRzZJw==
expires
Thu, 31 Dec 2037 23:55:55 GMT
underscore.min.js
jfrog.com/wp-includes/js/ Frame E58E 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-includes/js/underscore.min.js?ver=1.8.3
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
6cd0d6897b3d4779f7d88ce72531f22fbf75851b195fb14e6f3f23d051b3d1e9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:33:03 GMT
age
73130
etag
W/"6194f67f-3ead"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
rjlgbFDy_kxecAZmTO1xrhOuaM9e8f4LcHa9pRwls9jhusjC95tCTg==
expires
Thu, 31 Dec 2037 23:55:55 GMT
backbone.min.js
jfrog.com/wp-includes/js/ Frame E58E 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-includes/js/backbone.min.js?ver=1.4.0
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
bfa9441fac08fbebcfc65e202a788744aab8e4b1f634eaaf800256dce5012813

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:33:02 GMT
age
73130
etag
W/"6194f67e-5d0a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
B3MYfPBAIDb7NB14tFcSK-Zk858TdvNpgTwo6URd4pS-imjm6atBCg==
expires
Thu, 31 Dec 2037 23:55:55 GMT
api-request.min.js
jfrog.com/wp-includes/js/ Frame E58E 		1 KB
974 B 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-includes/js/api-request.min.js?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
243d0318292081b26db69dad7403b07a4f8c302076bad5ff2f51ce135e19390e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:28:37 GMT
age
73130
etag
W/"6194f575-401"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
lMRiRDpVmKmvDG5Dc6IZTxACK_1G4IA4K6QvWHAJjPQa3Cigm46w9g==
expires
Thu, 31 Dec 2037 23:55:55 GMT
wp-api.min.js
jfrog.com/wp-includes/js/ Frame E58E 		14 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-includes/js/wp-api.min.js?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
bdd9517fdb9df0b1631029d96536adb3a35cbdef273de0e877411c47af444f90

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:33:03 GMT
age
73130
etag
W/"6194f67f-395f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
AqvgqoW__h4Jj-eonu2QH2PCBr0uFdTeYPiOF6DGAG3nFVoWRop_lA==
expires
Thu, 31 Dec 2037 23:55:55 GMT
616379538459573
connect.facebook.net/signals/config/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/616379538459573?v=2.9.48&r=stable
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5e0e55e2091ba9f36e7ddc78e56dcfcda6ab0e915f40b4eb6db7a7b3c7cf5470
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
89016
x-xss-protection
0
pragma
public
x-fb-debug
0/geFB5l/MKGKvQBRGO55wd3nqFOPAeaA4PFgN3QFFi2bBEh7xkg4YQP8SQKyfY2SKpNzDnKLU6ZZsY4Nb9wqA==
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 19 Nov 2021 16:19:52 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
vendor~main~pages.chunk.3b00837ff00b32580555.js
jfrog.com/wp-content/themes/jfrog.com/dist/ Frame E58E 		340 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~main~pages.chunk.3b00837ff00b32580555.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
230c90309b04f1769f06162f165b7b6e995c3dc963184d12d7651e95ea034dce

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Thu, 21 Oct 2021 07:43:50 GMT
age
73130
etag
W/"61711a36-550e3"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
h3stilJ0Ax7gFYX5mqTBoz6Ahl1sNQJMUU3wL2nyknsJcB4epMobuw==
expires
Thu, 31 Dec 2037 23:55:55 GMT
pages.bundle.ebe077a12670ebd124c0.js
jfrog.com/wp-content/themes/jfrog.com/dist/ Frame E58E 		372 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.ebe077a12670ebd124c0.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
d7af2e30f08a166fe6cbd0696bef8d59cd2c7b707199cb19d758421aba9aeab3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:34:58 GMT
age
73130
etag
W/"6194f6f2-5d139"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
CtDy1QUBnxzcrn4LSBKTAXzsGjlKYMYj7M_YXh7zpvrIkwEnHfs56g==
expires
Thu, 31 Dec 2037 23:55:55 GMT
vendor~pages.chunk.60ce83c02bae3a380a6e.js
jfrog.com/wp-content/themes/jfrog.com/dist/ Frame E58E 		122 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~pages.chunk.60ce83c02bae3a380a6e.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
0660f199cc3d8d5a4126a252f3ea5de5a7083c1b03b699a580c7067514f22c34

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Mon, 01 Nov 2021 13:12:32 GMT
age
73130
etag
W/"617fe7c0-1e915"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
jeWV0CSNKAFbVK7RpsAOMf00J3lWzVoLgA1W77xNQxgqdnJhBXXZ4g==
expires
Thu, 31 Dec 2037 23:55:55 GMT
wp-embed.min.js
jfrog.com/wp-includes/js/ Frame E58E 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-includes/js/wp-embed.min.js?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:33:03 GMT
age
73130
etag
W/"6194f67f-592"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
VgeHDQFuREaEs_emsw2tfJ4NygNWX7w3qkSce3tv96Ht9IxHvtDhKg==
expires
Thu, 31 Dec 2037 23:55:55 GMT
reload
www.google.com/recaptcha/api2/ Frame E894 		37 KB
22 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/reload?k=6LcL7jYUAAAAAHrAxlQ-iqYhcgQ_kWY5fgfKZs-u
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
7cbfa4b3b22a15f00c70171538ca1d48fa1cd791b6a26a1d3270640821480364
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.google.com/recaptcha/api2/bframe?hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&k=6LcL7jYUAAAAAHrAxlQ-iqYhcgQ_kWY5fgfKZs-u
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-protobuffer

Response headers

date
Fri, 19 Nov 2021 16:19:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
cache-control
private, max-age=0
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22306
x-xss-protection
1; mode=block
expires
Fri, 19 Nov 2021 16:19:52 GMT
71e55630-59ca-4842-880c-5237dcb13724
https://jfrog.com/ Frame E58E 		1 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://jfrog.com/71e55630-59ca-4842-880c-5237dcb13724
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ac579e6cad7128feaa094d35b01467ed849615ae2cf675ef24fae055a19f5621

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Length
1108
/
www.facebook.com/tr/ 		44 B
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=616379538459573&ev=CHEQ&dl=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&rl=&if=false&ts=1637338792789&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1637338792788.1920835673&it=1637338792727&coo=false&exp=p1&rqm=GET
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:19:52 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
44
expires
Fri, 19 Nov 2021 16:19:52 GMT
conversion_async.js
www.googleadservices.com/pagead/ Frame 5B58 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-982905749
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:19:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14378
x-xss-protection
0
server
cafe
etag
684346926396516684
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 19 Nov 2021 16:19:52 GMT
refresh_2x.png
www.gstatic.com/recaptcha/api2/ Frame E894 		600 B
624 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/refresh_2x.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 09:45:36 GMT
x-content-type-options
nosniff
age
196456
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
600
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Wed, 24 Nov 2021 09:45:36 GMT
audio_2x.png
www.gstatic.com/recaptcha/api2/ Frame E894 		530 B
554 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/audio_2x.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 15 Nov 2021 21:24:06 GMT
x-content-type-options
nosniff
age
327346
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
530
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Mon, 22 Nov 2021 21:24:06 GMT
info_2x.png
www.gstatic.com/recaptcha/api2/ Frame E894 		665 B
689 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/info_2x.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 18:17:53 GMT
x-content-type-options
nosniff
age
165719
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
665
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Wed, 24 Nov 2021 18:17:53 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E894 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 17:06:41 GMT
x-content-type-options
nosniff
age
256391
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 16 Nov 2022 17:06:41 GMT
KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E894 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 15 Nov 2021 21:19:14 GMT
x-content-type-options
nosniff
age
327638
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15340
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:16 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Tue, 15 Nov 2022 21:19:14 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E894 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 16 Nov 2021 14:17:54 GMT
x-content-type-options
nosniff
age
266518
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 16 Nov 2022 14:17:54 GMT
payload
www.google.com/recaptcha/api2/ Frame E894 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/recaptcha/api2/payload?p=06AGdBq246s2LmhuwfB0rO04OYs2GEx8ymNQmbcfInyhFmVb-VW8HTy7FxRF_tdnGnZd6cWU8grd4IAR02dyJTYbjwMHiBcVdc-FBEMwnCalwSLcnGN0WPSlCnHhm5sdWdy2STMMwi1amY4wzZBCNE8KWljz9TcpaGWFnfv55Vn7W8q0sDN4SD2z-YR7Q8i5g_02VqpcAUXy7EwsGOzBenbvSpqj-cjmpPQw&k=6LcL7jYUAAAAAHrAxlQ-iqYhcgQ_kWY5fgfKZs-u
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
d528babee67cbc93a3d429bc66ad6a53007041a2d02b9ee6e6de490f327e4365
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/recaptcha/api2/bframe?hl=de&v=_7Co1fh8iT2hcjvquYJ_3zSP&k=6LcL7jYUAAAAAHrAxlQ-iqYhcgQ_kWY5fgfKZs-u
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:19:52 GMT
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
private, max-age=30
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36882
x-xss-protection
1; mode=block
expires
Fri, 19 Nov 2021 16:19:52 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ Frame E58E 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba11 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 19 Nov 2021 16:19:52 GMT
Content-Encoding
gzip
Last-Modified
Wed, 29 Sep 2021 19:17:49 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=38705
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2036
ct
en.rageagainstthesoap.com/ Frame E58E 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://en.rageagainstthesoap.com/ct?id=11825&url=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1637338792930&hl=2&op=0&ag=3581699936&rand=13800216016802725108888546060629031757860110022500653016127054620151&fs=0x0&fst=0x0&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDQ1MzhdLFsiY2IiLCIwLDAsMCwwLDEsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTEsIi0iXSxbLTIsIi0iXSxbLTMsIltcImludGVybmFsLXBkZi12aWV3ZXJcIixcIm1oamZibWRnY2ZqYmJwYWVvam9mb2hvZWZnaWVoamFpXCIsXCJpbnRlcm5hbC1uYWNsLXBsdWdpblwiXSJdLFstNCwiLSJdLFstNSwiLSJdLFstNiwie1wid1wiOltcIjBcIixcImNocm9tZVwiLFwiaW5pdEdUTU9uRXZlbnRcIixcImluaXRHVE1cIixcIl9fY3RjZ19jdF8xMTgyNV9leGVjXCJdLFwiblwiOltdLFwiZFwiOltdfSJdLFstNywiLSJdLFstOCwiLSJdLFstOSwiKyJdLFstMTAsIi0iXSxbLTExLCJ7XCJ0XCI6XCJcIixcIm1cIjpbXCJkZXNjcmlwdGlvblwiLFwib2c6dGl0bGVcIixcIm9nOmRlc2NyaXB0aW9uXCJdfSJdLFstMTIsIm51bGwiXSxbLTEzLCItIl0sWy0xNCwiLSJdLFstMTUsIi0iXSxbLTE2LCIwIl0sWy0xNywiNCJdLFstMTgsIlswLDAsMCwxXSJdLFstMTksIlswLDAsMCwwLDAsMCwxLDI0LDI0LFwiLVwiLDE2MDAsMTIwMCwxNjAwLDEyMDAsMTYwMCwxMjAwLDAsMCwwLDAsMCwwLFwiLVwiLFwiLVwiXSJdLFstMjAsIi0iXSxbLTIxLCItIl0sWy0yMiwiW1wiblwiLFwiblwiXSJdLFstMjMsIisiXSxbLTI0LCJbXSJdLFstMjUsIi0iXSxbLTI2LCJ7XCJ0amhzXCI6MTAwMDAwMDAsXCJ1amhzXCI6MTAwMDAwMDAsXCJqaHNsXCI6Mzc2MDAwMDAwMH0iXSxbLTI3LCJbMCw5LjQsMCxcIjRnXCIsbnVsbF0iXSxbLTI4LCJlbi1VUyJdLFstMjksIi0iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTMxLCJmYWxzZSJdLFstMzIsIi0iXSxbLTMzLCItIl0sWy0zNCwiLSJdLFstMzUsIlsxNjM3MzM4NzkyNzcyLDBdIl0sWy0zNiwiW1wiNC8zXCIsXCI0LzNcIl0iXSxbLTM3LCItMTQ0LTY2LTE4MC0iXSxbLTM4LCJsLC0xLC0xLDAsMCwwLDAsMCwwLDIwLC0xLDAsLCwxMDMsMTAzIl0sWy0zOSwiW1wiMjAwMzAxMDdcIiwwLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsbnVsbCxudWxsLHRydWUsOCxmYWxzZSxudWxsLDBdIl0sWy00MCwiMzMiXSxbLTQxLCItIl0sWy00MiwiMTcyNDI5NzY1MyJdLFstNDMsIjAwMDAwMDAxMDEwMDAwMDEwMDExMTAxMTAwIl0sWy00NCwiMCwwLDAsNSJdLFstNDUsIi0iXSxbLTQ2LCIwIl0sWy00NywiRXRjL1Vua25vd24sZW4tVVMsbGF0bixncmVnb3J5Il0sWy00OCwiMCwwIl0sWy00OSwiLSJdLFstNTAsImh0dHBzOi8vamZyb2cuY29tL2ludmFsaWRwcGMvIl0sWy01MSwiLSJdLFsiZGRiIiwiMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMSwwLDAiXSxbImJuY2giLDEwXSxbImF3Z2wiLCJ7XCJjdHhcIjpcIndlYmdsXCIsXCJ2XCI6XCJnb29nbGUgaW5jLiAoZ29vZ2xlKVwiLFwiclwiOlwiYW5nbGUgKGdvb2dsZSwgdnVsa2FuIDEuMi4wIChzd2lmdHNoYWRlciBkZXZpY2UgKHN1Ynplcm8pICgweDAwMDBjMGRlKSksIHN3aWZ0c2hhZGVyIGRyaXZlci01LjAuMClcIixcInNsdlwiOlwid2ViZ2wgZ2xzbCBlcyAxLjAgKG9wZW5nbCBlcyBnbHNsIGVzIDEuMCBjaHJvbWl1bSlcIixcImd2ZXJcIjpcIndlYmdsIDEuMCAob3BlbmdsIGVzIDIuMCBjaHJvbWl1bSlcIixcImd2ZW5cIjpcIndlYmtpdFwiLFwiYmVuXCI6NzYsXCJ3Z2xcIjowLFwiZ3JlblwiOlwid2Via2l0IHdlYmdsXCIsXCJhYmVuXCI6MTU0fSJdLFsiYWJuY2giLDE2NF1d&dep=2&pre=0&sdd=%7B%7D&cri=ga5d8tZacb&pto=262&ver=42&gac=-&mei=&ap=&duid=1.1637338792.3ju8FqeC43weCH1J&suid=1.1637338792.dKMKq9tjhgcCazv0&tuid=1.1637338792.eg0Sjs9SP2csLYBG&fbc=1.1637338792788.1920835673&gtm=-&it=31%2C32%2C10&fbcl=-&gacl=-&gacsd=-&ao=https%3A%2F%2Fjfrog.com&aol=2&aot=https%3A%2F%2Fjfrog.com,https%3A%2F%2Fjfrog.com
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
d147331d9cd6d8fa4535e67398eeedc5322ca7fd795075eaa1a54bdb51921d65

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
content-encoding
gzip
content-type
text/javascript
cache-control
no-cache, no-store, must-revalidate
cheq_headers_order
Content-Type Cache-Control Pragma Expires Content-Length Content-Encoding Date Connection
content-length
1357
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/ Frame 5B58 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/?random=1637338792935&cv=9&fst=1637338792935&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4f892c5fe7fa428385ac5c124b1e0a6048a70d4c92e640c30176cf6286c5219d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1063
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/conversion/982905749/ Frame 5B58 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/982905749/?random=1637338792936&cv=9&fst=1637338792936&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
9cedbdc05b8bef53bea4e86b1b314053b916f725e072ef4d387b2f032f0e3094
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1188
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
982905749.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/982905749/ Frame 5B58 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://982905749.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/982905749/?random=1637338792936&cv=9&fst=1637338792936&num=1&fmt=3&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
/
jfrog.com/wp-json/wp/v2/ Frame E58E 		146 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-json/wp/v2/
Requested by
Host: jfrog.com
URL: https://jfrog.com/wp-content/themes/jfrog.com/assets/scripts/jquery-3.5.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://jfrog.com/invalidppc/
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:19:52 GMT
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
vary
Accept-Encoding
x-cache
Error from cloudfront
content-type
text/html
content-encoding
gzip
x-amz-cf-id
xaEUJaA6ojBjQciyBfvxbwX6lxPl6q-7ZUeIE1w5RvnfpHxJRFALWg==
wzbody.js
sec.webeyez.com/js/wDv55PKmTtpCTH14WWzDXw2yJ3Gz/ Frame E58E 		114 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sec.webeyez.com/js/wDv55PKmTtpCTH14WWzDXw2yJ3Gz/wzbody.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:2200:1:a64e:d7c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
d718b77204326f8de5c33a9639060fad03ea63c9fc4eb8c3b0917e24f208585c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 17:29:42 GMT
via
1.1 d6b9c7bad28b271f1e800a50d49ab8a4.cloudfront.net (CloudFront)
age
82210
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public, max-age=900
x-amz-cf-pop
FRA2-C2
content-encoding
gzip
content-length
26887
x-amz-cf-id
MhQCqwtaQEjaOWksdYI7vcqf5UgjMv82GB-e_GZAs8cgtoomEUuKng==
expires
Thu, 18 Nov 2021 17:29:43 GMT
collect
px4.ads.linkedin.com/ Frame E58E
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1637338793000&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D20396%26time%3D1637338793000%26url%3Dhttps%253A%252F%252Fjfrog.com%252Fblog%252Fp...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1637338793000&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&liSyn...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1637338793000&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&liSy...
0
156 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1637338793000&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&liSync=true&e_ipv6=AQKW3j3Aji27EgAAAX04_0dn6kyD5Za7vm2OYUr0YYFVg_fF2Oo9kWEhKhc49V78ToPFsaik
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Server
108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
108-174-10-14.fwd.linkedin.com
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:19:54 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
x-li-proto
http/2
x-li-pop
prod-lva1
content-type
application/javascript
content-length
0
x-li-uuid
uJzrUvX+uBYwlo003ioAAA==

Redirect headers

date
Fri, 19 Nov 2021 16:19:53 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1637338793000&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&liSync=true&e_ipv6=AQKW3j3Aji27EgAAAX04_0dn6kyD5Za7vm2OYUr0YYFVg_fF2Oo9kWEhKhc49V78ToPFsaik
x-li-proto
http/2
x-li-pop
prod-lor1
content-length
0
x-li-uuid
ThPGPvX+uBZAB8wnICsAAA==
/
www.google.de/pagead/1p-conversion/982905749/ Frame 5B58
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/?random=126831013&cv=9&fst=1637338792936&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200...
  • https://www.google.com/pagead/1p-conversion/982905749/?random=126831013&cv=9&fst=1637338792936&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u...
  • https://www.google.de/pagead/1p-conversion/982905749/?random=126831013&cv=9&fst=1637338792936&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/982905749/?random=126831013&cv=9&fst=1637338792936&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=qM6XYazrOquqx_AP_--JqAY&cid=CAQSKQCNIrLMOxU85fKZMqvjbfHkJo74x88pg3HJBodUds9F0E6kOHRZjJQ9&random=915331144&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H3
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/gif
location
https://www.google.de/pagead/1p-conversion/982905749/?random=126831013&cv=9&fst=1637338792936&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=qM6XYazrOquqx_AP_--JqAY&cid=CAQSKQCNIrLMOxU85fKZMqvjbfHkJo74x88pg3HJBodUds9F0E6kOHRZjJQ9&random=915331144&resp=GooglemKTybQhCsO&ipr=y&prhg=0
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/982905749/ Frame 5B58 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/982905749/?random=1637338792935&cv=9&fst=1637337600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&async=1&fmt=3&is_vtc=1&random=785947015&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/982905749/ Frame 5B58 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/982905749/?random=1637338792935&cv=9&fst=1637337600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&async=1&fmt=3&is_vtc=1&random=785947015&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
fbevents.js
connect.facebook.net/en_US/ Frame E58E 		98 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
25965
x-xss-protection
0
pragma
public
x-fb-debug
1byzwqIcuC4s2AKNWlyri4pUqlRoq1bmeAh2Ot4qpYJOK4v3/j+pSEnLvpzQ49chtcguCYwANaPKxXKIR5KJKw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 19 Nov 2021 16:19:53 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
js
www.googletagmanager.com/gtag/ Frame 7F3B 		97 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-982905749
Requested by
Host: d.rageagainstthesoap.com
URL: https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0c617611770a691164e2f328cea4cf36164b81d7fabd8b4f90f0998072c215ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:19:53 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39542
x-xss-protection
0
last-modified
Fri, 19 Nov 2021 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 19 Nov 2021 16:19:53 GMT
/
jfrog.com/invalidppc/ Frame 5C2C 		146 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/invalidppc/
Requested by
Host: d.rageagainstthesoap.com
URL: https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
75e2d4234d40886f1ff31d0b9361dd41c6d8b05255b40ac2bf5f88e5dd2011b4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/

Response headers

content-type
text/html; charset=UTF-8
date
Thu, 18 Nov 2021 20:17:14 GMT
access-control-allow-origin
https://jfrog.com
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/;
etag
W/"263f2857bd6fce90e63fbb969708c4e960e81bbc"
last-modified
Wed, 27 Oct 2021 07:13:53 GMT
expires
Thu, 25 Nov 2021 20:17:14 GMT
cache-control
public, max-age=604800
pragma
public
link
<https://jfrog.com/wp-json/>; rel="https://api.w.org/" <https://jfrog.com/wp-json/wp/v2/pages/82184>; rel="alternate"; type="application/json" <https://jfrog.com/?p=82184>; rel=shortlink
content-encoding
gzip
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
gqcdxjRt8OH5o5HYxNxE8wRRfLu3cx34IUTsk91B8k7oSYZcQsZKzQ==
age
72159
tc_imp.gif
en.rageagainstthesoap.com/tracker/ Frame E58E 		43 B
69 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://en.rageagainstthesoap.com/tracker/tc_imp.gif?e=37dfbd8ee84e001369e9c436e240839f9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5f10856f2217071a10acf9f29f671b848388552d6b4df779730d8433d762c30d640c71c707065a30520acebd381a77be26bb25cb43e2913bf05365ac5c7e721bda53ef40f497d7df3bbb2805ff2fcaa8556d8e0e3143714493d60264f460b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c4b92177af998ffe4198b6dec06c213f85e162ae7d133722b325f817c99ec59b058609fc6e359143e3dd385293e88864c06513c157a77bb9e70392652b48d1c2ad7f4ec3ee3b8192d4079b4afa38a9869badbd85ef55299485d339bb9d8ece93193dbfc68912112c3bb9c6d0a1ce5606bae921366bcdda87d860fae41ba851c904b9a9c76973834979121d965c4d0faef9db1b60b20f127b3a7e86c1368aed971c8f006f3064c1ec8070cc78f8684c0f18a7dc326c49dbb837efc6e7a79c4366b9293d116749ea863ac02f69e41d62ffe2d160514cd76e74dfae0ee31f887789f4fa9cfcbd827d60f0a2ded5910546e5979d7ec3bf4059a8c862ee5c625fc9a2bc9d4fbec7ccffea753656a83ec5d52d0ba051a5ab4e0a27ab66dcb9900b6b570f605f4239f41c906cbba6a95697bbdfbcc22466b7209380a4216ace28b6fd10ab04c4c4421f0aa4ed69a1804fdbdd9bdbf7edeffa6a094f2c4f0574c3cf25b85b45f7280466d07d4625e6d71f07bae6a04c1edc17f9766d727e6b73e99fd54cd690533211c7d159fc7e7d8347c5c980646cf96d1cdf19f20019df7e80eeece0969c4c0517930ad83d34420a926835c9819e0379c1bd9d64783c749a392cc88c010319cb171258264ba9ff4ee4fc87e3e04048a694553b6a05c87eb1dc887ce9f54aeddc43a6d5745ed7ed76cd822a09d7bd47215334b511063f303cdf87327e53093fcac6b8edd47da252fec4431&cri=ga5d8tZacb&ts=136&cb=1637338793066
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
cache-control
no-cache, no-store, must-revalidate
cheq_headers_order
Cache-Control Pragma Expires Content-Type Date Connection Content-Length
content-type
image/gif
content-length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT
616379538459573
connect.facebook.net/signals/config/ Frame E58E 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/616379538459573?v=2.9.48&r=stable
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5e0e55e2091ba9f36e7ddc78e56dcfcda6ab0e915f40b4eb6db7a7b3c7cf5470
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
89016
x-xss-protection
0
pragma
public
x-fb-debug
0/geFB5l/MKGKvQBRGO55wd3nqFOPAeaA4PFgN3QFFi2bBEh7xkg4YQP8SQKyfY2SKpNzDnKLU6ZZsY4Nb9wqA==
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 19 Nov 2021 16:19:53 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
clicktrue_invocation.js
d.rageagainstthesoap.com/ Frame 5C2C 		71 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:1600:7:4902:e200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
b6d3032c62e0b6be92ce37e7b95e04320c012fdbc139d164f8cec5bed220fe76

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 07:13:58 GMT
content-encoding
gzip
cheq_headers_order
Content-Type Cache-Control Expires Etag Content-Length Content-Encoding Date Connection
age
32853
etag
"11d79-BXMjne5KrqT2B/Ft+3jbob6HVLo"
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
via
1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
cache-control
max-age=43200
x-amz-cf-pop
FRA2-C2
content-length
26470
x-amz-cf-id
-nQryQWba84M2coAL_Emv0qMx40R6-AMHhgIQFjrVeWpF05CfEyaww==
expires
Fri, 19 Nov 2021 19:12:20 GMT
styles.css
jfrog.com/wp-content/plugins/better-click-to-tweet/assets/css/ Frame 5C2C 		2 KB
981 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/plugins/better-click-to-tweet/assets/css/styles.css?ver=3.0
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
ac588a22069fd96f7979ef0eb66728f0c45d9594c49bea515afe79d229591cdd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:01 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:28:36 GMT
age
73131
etag
W/"6194f574-809"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
Ng6E0YASp5-sFEhY2_zARUB71ac3tfn3ekwxqiUdG0_84HFhI8Iiog==
expires
Thu, 31 Dec 2037 23:55:55 GMT
default.min.css
jfrog.com/wp-content/plugins/tablepress/css/ Frame 5C2C 		5 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/plugins/tablepress/css/default.min.css?ver=1.12
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:33:02 GMT
age
73131
etag
W/"6194f67e-13e4"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
v6-b1nwJUlm-RVBw1UGxEkTbh-PP39eHiNVY-ue5equjq_VzH2zAEw==
expires
Thu, 31 Dec 2037 23:55:55 GMT
vendor~main~pages.chunk.2b929294162109572d74.css
jfrog.com/wp-content/themes/jfrog.com/dist/ Frame 5C2C 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~main~pages.chunk.2b929294162109572d74.css?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
3b1841149421a8ed1d6a26126f7779aa0d709d92d75e9a1d74493727889b3a2a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Sun, 14 Nov 2021 09:29:40 GMT
age
73131
etag
W/"6190d704-d29"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
-iTG-BdB58iEbxoLXEP8sHK3iSLZ_j-T9ZrxfiyDGuOTSF3jXm6-Bg==
expires
Thu, 31 Dec 2037 23:55:55 GMT
pages.bundle.90f02a46994e2f414f57.css
jfrog.com/wp-content/themes/jfrog.com/dist/ Frame 5C2C 		1 MB
160 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.90f02a46994e2f414f57.css?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
66442d3f2286711fafe6324fcc0ee84821381b09820f8174c23f57e13041b7d6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:34:58 GMT
age
73131
etag
W/"6194f6f2-12fe02"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
O-3oul9ivDVY4k9NNTd5tJ9UZxq_0NGN-De8zuKPiQlAM06Pf9WyUQ==
expires
Thu, 31 Dec 2037 23:55:55 GMT
vendor~pages.chunk.71b15ed2ddead51d65ba.css
jfrog.com/wp-content/themes/jfrog.com/dist/ Frame 5C2C 		28 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~pages.chunk.71b15ed2ddead51d65ba.css?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
18f60ee36fca3f25c02cbc3d6db022d5c2af96e9b01bea3a3c4486753916ed20

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Thu, 21 Oct 2021 07:39:26 GMT
age
73131
etag
W/"6171192e-7139"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
B8VbnHUa7dMYGSV5fc0yPjDD91jOHAIDNwD_vx9BtKIAQ_OsoR-S-A==
expires
Thu, 31 Dec 2037 23:55:55 GMT
flag-icon.css
jfrog.com/wp-content/themes/jfrog.com/node_modules/flag-icon-css/css/ Frame 5C2C 		37 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/node_modules/flag-icon-css/css/flag-icon.css?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
f4c6d858f9444d1603c69ae3416514024894e89b50698d44bacb71416750c219

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Thu, 16 Nov 2017 15:45:52 GMT
age
73131
etag
W/"5a0db2b0-93d8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
0728ETlDPY0IQFSDzWIzd6lb4Ao-tnSYby80LiCZVtMWeasd2moLTQ==
expires
Thu, 31 Dec 2037 23:55:55 GMT
bebasneue-webfont.woff2
jfrog.com/wp-content/themes/jfrog.com/assets/fonts/bebasneue/ Frame 5C2C 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/bebasneue/bebasneue-webfont.woff2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
f25af0023f3898c94965f07dd066692f6541970ca482b9fc8631225676531bc0

Request headers

Referer
https://jfrog.com/invalidppc/
Origin
https://jfrog.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
last-modified
Wed, 17 Nov 2021 12:33:02 GMT
age
73131
etag
"6194f67e-3d48"
x-cache
Hit from cloudfront
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
15688
x-amz-cf-id
nK7kQQ6Ty7j308UgsJ64WzMoKbbAKTRjVBG3vw3_P-Zm81fFUIIApA==
expires
Thu, 31 Dec 2037 23:55:55 GMT
FontAwesome.woff2
jfrog.com/wp-content/themes/jfrog.com/assets/fonts/jfrogfontawesome/ Frame 5C2C 		4 KB
5 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/jfrogfontawesome/FontAwesome.woff2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
df740a8ffe6449fe8b5404a650078723908ea9b95403dd0327983ce26b6fd7ba

Request headers

Referer
https://jfrog.com/invalidppc/
Origin
https://jfrog.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
last-modified
Wed, 17 Nov 2021 12:28:36 GMT
age
73131
etag
"6194f574-115c"
x-cache
Hit from cloudfront
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
4444
x-amz-cf-id
kwWYbtKvO-lMWEQmRdU-Jw495Fe-YXHK8yAAYSCtTQB9tH3Ty1Fn0g==
expires
Thu, 31 Dec 2037 23:55:55 GMT
OpenSans-Bold.woff2
jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/ Frame 5C2C 		45 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/OpenSans-Bold.woff2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
46b518780343f2262e168bea5146d1ff30a6253191cc61b486657c76a58fb2bb

Request headers

Referer
https://jfrog.com/invalidppc/
Origin
https://jfrog.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
last-modified
Wed, 17 Nov 2021 12:33:02 GMT
age
73131
etag
"6194f67e-b57c"
x-cache
Hit from cloudfront
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
46460
x-amz-cf-id
f0ZPg_23CinwdXXDrtB-TLLWMDwaIzFiOJ7gpimTH6ddbTRRUTXFbQ==
expires
Thu, 31 Dec 2037 23:55:55 GMT
OpenSans-Regular.woff2
jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/ Frame 5C2C 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/OpenSans-Regular.woff2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
408fe165dff48eb2f8cb3a2fcbc1dd92b94d56b4ab11813be55c776871c691cf

Request headers

Referer
https://jfrog.com/invalidppc/
Origin
https://jfrog.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
last-modified
Wed, 17 Nov 2021 12:28:36 GMT
age
73131
etag
"6194f574-ae68"
x-cache
Hit from cloudfront
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
44648
x-amz-cf-id
2SjimXzQ3_3cIc6H8OP5uWnEmbTnA7wA6q1VxcUNaKgfPjsGGjunOg==
expires
Thu, 31 Dec 2037 23:55:55 GMT
Jfrog-Logo.svg
media.jfrog.com/wp-content/uploads/2017/12/20133032/ Frame 5C2C 		0
0
lang-world-icon.svg
media.jfrog.com/wp-content/uploads/2020/12/14151329/ Frame 5C2C 		0
0
lang-down-arrow.svg
media.jfrog.com/wp-content/uploads/2020/12/14151328/ Frame 5C2C 		0
0
lang-checkmark.svg
media.jfrog.com/wp-content/uploads/2020/12/14151326/ Frame 5C2C 		0
0
optimize.js
www.googleoptimize.com/ Frame 5C2C 		87 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleoptimize.com/optimize.js?id=GTM-MDG4GXG
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b6952942ef78709c920598a68813d80b4b9d9cba80d772e0d16ff3789f53ed7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:19:53 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34859
x-xss-protection
0
last-modified
Fri, 19 Nov 2021 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 19 Nov 2021 16:19:53 GMT
icon-artifactory-1.png
media.jfrog.com/wp-content/uploads/2017/08/20132433/ Frame 5C2C 		0
0
icon_jfrog-pipeline.png
media.jfrog.com/wp-content/uploads/2017/08/20130739/ Frame 5C2C 		0
0
jcr40PX-1.png
media.jfrog.com/wp-content/uploads/2017/08/20130019/ Frame 5C2C 		0
0
icon-xray.png
media.jfrog.com/wp-content/uploads/2017/08/20132432/ Frame 5C2C 		0
0
icon-bintray_40x40.png
media.jfrog.com/wp-content/uploads/2017/08/20132433/ Frame 5C2C 		0
0
close.png
media.jfrog.com/wp-content/uploads/2019/12/20130026/ Frame 5C2C 		0
0
frog-hand-green.png
media.jfrog.com/wp-content/uploads/2019/10/20130240/ Frame 5C2C 		0
0
flag_us.png
media.jfrog.com/wp-content/uploads/2020/01/20125954/ Frame 5C2C 		0
0
jfrog-logo.svg
media.jfrog.com/wp-content/uploads/2019/12/20130011/ Frame 5C2C 		0
0
flag_chinese.png
media.jfrog.com/wp-content/uploads/2020/01/20125954/ Frame 5C2C 		0
0
vdoo-popup_jfrog-logo.png
media.jfrog.com/wp-content/uploads/2021/09/13130230/ Frame 5C2C 		0
0
vdoo-popup_graphic.png
media.jfrog.com/wp-content/uploads/2021/09/13130228/ Frame 5C2C 		0
0
jquery-3.5.1.min.js
jfrog.com/wp-content/themes/jfrog.com/assets/scripts/ Frame 5C2C 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/assets/scripts/jquery-3.5.1.min.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:33:02 GMT
age
73131
etag
W/"6194f67e-15d84"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
EEBJZMuq6yRxDewCvDt10WlNjXlUZSRJ8AOG-dACfZbdgNWjh7hDQA==
expires
Thu, 31 Dec 2037 23:55:55 GMT
underscore.min.js
jfrog.com/wp-includes/js/ Frame 5C2C 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-includes/js/underscore.min.js?ver=1.8.3
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
6cd0d6897b3d4779f7d88ce72531f22fbf75851b195fb14e6f3f23d051b3d1e9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:33:03 GMT
age
73131
etag
W/"6194f67f-3ead"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
BfRpn46uuUwapJth58d_dqMhB8VhXprhyU3JIO96VgTDuTSk5E5M8w==
expires
Thu, 31 Dec 2037 23:55:55 GMT
backbone.min.js
jfrog.com/wp-includes/js/ Frame 5C2C 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-includes/js/backbone.min.js?ver=1.4.0
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
bfa9441fac08fbebcfc65e202a788744aab8e4b1f634eaaf800256dce5012813

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:33:02 GMT
age
73131
etag
W/"6194f67e-5d0a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
Zv-Wy6CyreIMv9s79zq6h00jcP96llDWx597QQDt4-ZLFaflm--gbQ==
expires
Thu, 31 Dec 2037 23:55:55 GMT
api-request.min.js
jfrog.com/wp-includes/js/ Frame 5C2C 		1 KB
973 B 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-includes/js/api-request.min.js?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
243d0318292081b26db69dad7403b07a4f8c302076bad5ff2f51ce135e19390e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:28:37 GMT
age
73131
etag
W/"6194f575-401"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
xyH17XZQH9uiLE585ooOlTV6-qgXeutL4xV2-L43pLW6pT1jKyHfCw==
expires
Thu, 31 Dec 2037 23:55:55 GMT
wp-api.min.js
jfrog.com/wp-includes/js/ Frame 5C2C 		14 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-includes/js/wp-api.min.js?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
bdd9517fdb9df0b1631029d96536adb3a35cbdef273de0e877411c47af444f90

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:33:03 GMT
age
73131
etag
W/"6194f67f-395f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
9qa5pH5_1AOxHvXZf5-SF3IEHfoakO2ZmwuRJOiJMYejIz6opXQnFQ==
expires
Thu, 31 Dec 2037 23:55:55 GMT
vendor~main~pages.chunk.3b00837ff00b32580555.js
jfrog.com/wp-content/themes/jfrog.com/dist/ Frame 5C2C 		340 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~main~pages.chunk.3b00837ff00b32580555.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
230c90309b04f1769f06162f165b7b6e995c3dc963184d12d7651e95ea034dce

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Thu, 21 Oct 2021 07:43:50 GMT
age
73131
etag
W/"61711a36-550e3"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
ud0ykU_oqX51D60-4Z0aKdjQceeOC4HYxFfrsCtd2y_1AldUrzNdJg==
expires
Thu, 31 Dec 2037 23:55:55 GMT
pages.bundle.ebe077a12670ebd124c0.js
jfrog.com/wp-content/themes/jfrog.com/dist/ Frame 5C2C 		372 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.ebe077a12670ebd124c0.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
d7af2e30f08a166fe6cbd0696bef8d59cd2c7b707199cb19d758421aba9aeab3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:34:58 GMT
age
73131
etag
W/"6194f6f2-5d139"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
UwSv3t5ScdVxn3gsuzmH1KYcrXHP_5_9qq_xz_28QRyzFtq3DpiI0A==
expires
Thu, 31 Dec 2037 23:55:55 GMT
vendor~pages.chunk.60ce83c02bae3a380a6e.js
jfrog.com/wp-content/themes/jfrog.com/dist/ Frame 5C2C 		122 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~pages.chunk.60ce83c02bae3a380a6e.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
0660f199cc3d8d5a4126a252f3ea5de5a7083c1b03b699a580c7067514f22c34

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Mon, 01 Nov 2021 13:12:32 GMT
age
73131
etag
W/"617fe7c0-1e915"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
ylvEC0nJ9QKo4HXmMk60ENBtP9ALHI6NdblIFpyUA4tiMHz2QIa2Qg==
expires
Thu, 31 Dec 2037 23:55:55 GMT
wp-embed.min.js
jfrog.com/wp-includes/js/ Frame 5C2C 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-includes/js/wp-embed.min.js?ver=5.7.2
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 20:01:02 GMT
content-encoding
gzip
last-modified
Wed, 17 Nov 2021 12:33:03 GMT
age
73131
etag
W/"6194f67f-592"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control
max-age=315360000, public
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
HbDVGOzIAA8LuBw3K85GYoTHR5idwbN1c_FYKMyM4bD-o3azvvdQeg==
expires
Thu, 31 Dec 2037 23:55:55 GMT
/
www.facebook.com/tr/ Frame E58E 		44 B
91 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=616379538459573&ev=CHEQ&dl=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F&rl=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&if=true&ts=1637338793111&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1637338792788.1920835673&it=1637338793074&coo=false&exp=p1&rqm=GET
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:19:53 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Fri, 19 Nov 2021 16:19:53 GMT
conversion_async.js
www.googleadservices.com/pagead/ Frame 7F3B 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-982905749
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:19:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14378
x-xss-protection
0
server
cafe
etag
684346926396516684
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 19 Nov 2021 16:19:53 GMT
382b5f7d-0d49-4d2c-ad20-604ba6987050
https://jfrog.com/ Frame 5C2C 		1 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://jfrog.com/382b5f7d-0d49-4d2c-ad20-604ba6987050
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ac579e6cad7128feaa094d35b01467ed849615ae2cf675ef24fae055a19f5621

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Length
1108
insight.min.js
snap.licdn.com/li.lms-analytics/ Frame 5C2C 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba11 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 19 Nov 2021 16:19:53 GMT
Content-Encoding
gzip
Last-Modified
Wed, 29 Sep 2021 19:17:49 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=38704
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2036
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/ Frame 7F3B 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/?random=1637338793180&cv=9&fst=1637338793180&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8fa4dcb3b8855e0c3b81552de8a21ad8b48a59d1fdf9aab89d3b9bbeb9ae5abd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1062
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/conversion/982905749/ Frame 7F3B 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/982905749/?random=1637338793181&cv=9&fst=1637338793181&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
e4d43d437f8d5f7f2d020642f11ae6b07766af1fabec886a82652775fcf503c7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1189
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
982905749.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/982905749/ Frame 7F3B 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://982905749.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/982905749/?random=1637338793181&cv=9&fst=1637338793181&num=1&fmt=3&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
ct
en.rageagainstthesoap.com/ Frame 5C2C 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://en.rageagainstthesoap.com/ct?id=11825&url=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1637338793219&hl=2&op=0&ag=3581699936&rand=53020150876712671279688830905706037117288552626191623920511213276980&fs=0x0&fst=0x0&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDY0MzZdLFsiY2IiLCIwLDAsMCwwLDIsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTEsIi0iXSxbLTIsIi0iXSxbLTMsIltcImludGVybmFsLXBkZi12aWV3ZXJcIixcIm1oamZibWRnY2ZqYmJwYWVvam9mb2hvZWZnaWVoamFpXCIsXCJpbnRlcm5hbC1uYWNsLXBsdWdpblwiXSJdLFstNCwiLSJdLFstNSwiLSJdLFstNiwie1wid1wiOltcIjBcIixcImNocm9tZVwiLFwiaW5pdEdUTU9uRXZlbnRcIixcImluaXRHVE1cIixcIl9fY3RjZ19jdF8xMTgyNV9leGVjXCJdLFwiblwiOltdLFwiZFwiOltdfSJdLFstNywiLSJdLFstOCwiLSJdLFstOSwiKyJdLFstMTAsIi0iXSxbLTExLCJ7XCJ0XCI6XCJcIixcIm1cIjpbXCJkZXNjcmlwdGlvblwiLFwib2c6dGl0bGVcIixcIm9nOmRlc2NyaXB0aW9uXCJdfSJdLFstMTIsIm51bGwiXSxbLTEzLCItIl0sWy0xNCwiLSJdLFstMTUsIi0iXSxbLTE2LCIwIl0sWy0xNywiNCJdLFstMTgsIlswLDAsMCwxXSJdLFstMTksIlswLDAsMCwwLDAsMCwxLDI0LDI0LFwiLVwiLDE2MDAsMTIwMCwxNjAwLDEyMDAsMTYwMCwxMjAwLDAsMCwwLDAsMCwwLFwiLVwiLFwiLVwiXSJdLFstMjAsIi0iXSxbLTIxLCItIl0sWy0yMiwiW1wiblwiLFwiblwiXSJdLFstMjMsIisiXSxbLTI0LCJbXSJdLFstMjUsIi0iXSxbLTI2LCJ7XCJ0amhzXCI6MTAwMDAwMDAsXCJ1amhzXCI6MTAwMDAwMDAsXCJqaHNsXCI6Mzc2MDAwMDAwMH0iXSxbLTI3LCJbMCw5LjQsMCxcIjRnXCIsbnVsbF0iXSxbLTI4LCJlbi1VUyJdLFstMjksIi0iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTMxLCJmYWxzZSJdLFstMzIsIi0iXSxbLTMzLCItIl0sWy0zNCwiLSJdLFstMzUsIlsxNjM3MzM4NzkzMTQzLDBdIl0sWy0zNiwiW1wiNC8zXCIsXCI0LzNcIl0iXSxbLTM3LCItMTQ0LTY2LTE4MC0iXSxbLTM4LCJsLC0xLC0xLDAsMCwwLDAsMCwwLDE1LC0xLDAsLCw3Nyw3OCJdLFstMzksIltcIjIwMDMwMTA3XCIsMCxcIkdlY2tvXCIsXCJOZXRzY2FwZVwiLFwiTW96aWxsYVwiLG51bGwsbnVsbCx0cnVlLDgsZmFsc2UsbnVsbCwwXSJdLFstNDAsIjMzIl0sWy00MSwiLSJdLFstNDIsIjE3MjQyOTc2NTMiXSxbLTQzLCIwMDAwMDAwMTAxMDAwMDAxMDAxMTEwMTEwMCJdLFstNDQsIjAsMCwwLDUiXSxbLTQ1LCItIl0sWy00NiwiMCJdLFstNDcsIkV0Yy9Vbmtub3duLGVuLVVTLGxhdG4sZ3JlZ29yeSJdLFstNDgsIjAsMCJdLFstNDksIi0iXSxbLTUwLCJodHRwczovL2pmcm9nLmNvbS9pbnZhbGlkcHBjLyJdLFstNTEsIi0iXSxbImRkYiIsIjAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwyLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDEsMCwwIl0sWyJibmNoIiwxMV0sWyJhd2dsIiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwiZ29vZ2xlIGluYy4gKGdvb2dsZSlcIixcInJcIjpcImFuZ2xlIChnb29nbGUsIHZ1bGthbiAxLjIuMCAoc3dpZnRzaGFkZXIgZGV2aWNlIChzdWJ6ZXJvKSAoMHgwMDAwYzBkZSkpLCBzd2lmdHNoYWRlciBkcml2ZXItNS4wLjApXCIsXCJzbHZcIjpcIndlYmdsIGdsc2wgZXMgMS4wIChvcGVuZ2wgZXMgZ2xzbCBlcyAxLjAgY2hyb21pdW0pXCIsXCJndmVyXCI6XCJ3ZWJnbCAxLjAgKG9wZW5nbCBlcyAyLjAgY2hyb21pdW0pXCIsXCJndmVuXCI6XCJ3ZWJraXRcIixcImJlblwiOjI1LFwid2dsXCI6MCxcImdyZW5cIjpcIndlYmtpdCB3ZWJnbFwiLFwiYWJlblwiOjczfSJdLFsiYWJuY2giLDg0XV0%3D&dep=4&pre=0&sdd=%7B%7D&cri=z0KUT37QPG&pto=154&ver=42&gac=-&mei=&ap=&duid=1.1637338792.3ju8FqeC43weCH1J&suid=1.1637338792.dKMKq9tjhgcCazv0&tuid=1.1637338792.eg0Sjs9SP2csLYBG&fbc=1.1637338792788.1920835673&gtm=-&it=30%2C28%2C25&fbcl=-&gacl=-&gacsd=-&ao=https%3A%2F%2Fjfrog.com&aol=4&aot=https%3A%2F%2Fjfrog.com,https%3A%2F%2Fjfrog.com,https%3A%2F%2Fjfrog.com,https%3A%2F%2Fjfrog.com
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e5c05770ad824551e77c215fe58895ebbe3a97852045e8bd5e4ed1f1f5016157

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
content-encoding
gzip
content-type
text/javascript
cache-control
no-cache, no-store, must-revalidate
cheq_headers_order
Content-Type Cache-Control Pragma Expires Content-Length Content-Encoding Date Connection
content-length
1359
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
jfrog.com/wp-json/wp/v2/ Frame 5C2C 		146 B
361 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jfrog.com/wp-json/wp/v2/
Requested by
Host: jfrog.com
URL: https://jfrog.com/wp-content/themes/jfrog.com/assets/scripts/jquery-3.5.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-83.fra2.r.cloudfront.net
Software
/
Resource Hash
32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://jfrog.com/invalidppc/
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:19:53 GMT
via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
vary
Accept-Encoding
x-cache
Error from cloudfront
content-type
text/html
content-encoding
gzip
x-amz-cf-id
P9Eu6M7IQWs3pwseSdxtAVBqV1hcA9IhlAG1NgahiPAJmCHeEMmW_A==
wzbody.js
sec.webeyez.com/js/wDv55PKmTtpCTH14WWzDXw2yJ3Gz/ Frame 5C2C 		114 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sec.webeyez.com/js/wDv55PKmTtpCTH14WWzDXw2yJ3Gz/wzbody.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:2200:1:a64e:d7c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
d718b77204326f8de5c33a9639060fad03ea63c9fc4eb8c3b0917e24f208585c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 17:29:42 GMT
via
1.1 d6b9c7bad28b271f1e800a50d49ab8a4.cloudfront.net (CloudFront)
age
82211
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public, max-age=900
x-amz-cf-pop
FRA2-C2
content-encoding
gzip
content-length
26887
x-amz-cf-id
brXCvBPl2R62ZvqElz2_zQAhuSBy_AM7nAKwDgcfEPHZyityBT12wQ==
expires
Thu, 18 Nov 2021 17:29:43 GMT
collect
px4.ads.linkedin.com/ Frame 5C2C
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1637338793271&url=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D20396%26time%3D1637338793271%26url%3Dhttps%253A%252F%252Fjfrog.com%252Finvalidppc...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1637338793271&url=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1637338793271&url=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F&liSync=true&e_ipv6=AQIBCDcgpNK-uwAAAX04_0djXhNBIpxl2PhyOFYOZWQyZ6fDiY6LXUZ5k...
0
40 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1637338793271&url=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F&liSync=true&e_ipv6=AQIBCDcgpNK-uwAAAX04_0djXhNBIpxl2PhyOFYOZWQyZ6fDiY6LXUZ5kdjngbwXPq40wg7p
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Server
108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
108-174-10-14.fwd.linkedin.com
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:19:54 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
x-li-proto
http/2
x-li-pop
prod-lva1
content-type
application/javascript
content-length
0
x-li-uuid
JUTLUvX+uBZwMIs33ioAAA==

Redirect headers

date
Fri, 19 Nov 2021 16:19:53 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1637338793271&url=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F&liSync=true&e_ipv6=AQIBCDcgpNK-uwAAAX04_0djXhNBIpxl2PhyOFYOZWQyZ6fDiY6LXUZ5kdjngbwXPq40wg7p
x-li-proto
http/2
x-li-pop
prod-lor1
content-length
0
x-li-uuid
UwihPvX+uBbQl4cnICsAAA==
/
www.google.de/pagead/1p-conversion/982905749/ Frame 7F3B
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/?random=1860576248&cv=9&fst=1637338793181&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=120...
  • https://www.google.com/pagead/1p-conversion/982905749/?random=1860576248&cv=9&fst=1637338793181&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&...
  • https://www.google.de/pagead/1p-conversion/982905749/?random=1860576248&cv=9&fst=1637338793181&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/982905749/?random=1860576248&cv=9&fst=1637338793181&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=qc6XYZbfC-bKx_APtcqV6AU&cid=CAQSKQCNIrLMWu9DDZ3FbmQiLgJlS2lUBhCPo22mDXYPdXrKMkZvGwkdMBjv&random=3863590884&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H3
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/gif
location
https://www.google.de/pagead/1p-conversion/982905749/?random=1860576248&cv=9&fst=1637338793181&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=qc6XYZbfC-bKx_APtcqV6AU&cid=CAQSKQCNIrLMWu9DDZ3FbmQiLgJlS2lUBhCPo22mDXYPdXrKMkZvGwkdMBjv&random=3863590884&resp=GooglemKTybQhCsO&ipr=y&prhg=0
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ Frame 72BD 		0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: jfrog.com
URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
Origin
https://jfrog.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/

Response headers

content-type
text/plain
access-control-allow-origin
https://jfrog.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
date
Fri, 19 Nov 2021 16:19:53 GMT
/
www.google.com/pagead/1p-user-list/982905749/ Frame 7F3B 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/982905749/?random=1637338793180&cv=9&fst=1637337600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&async=1&fmt=3&is_vtc=1&random=1560760674&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/982905749/ Frame 7F3B 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/982905749/?random=1637338793180&cv=9&fst=1637337600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&async=1&fmt=3&is_vtc=1&random=1560760674&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
fbevents.js
connect.facebook.net/en_US/ Frame 5C2C 		98 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
25965
x-xss-protection
0
pragma
public
x-fb-debug
1byzwqIcuC4s2AKNWlyri4pUqlRoq1bmeAh2Ot4qpYJOK4v3/j+pSEnLvpzQ49chtcguCYwANaPKxXKIR5KJKw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 19 Nov 2021 16:19:53 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
js
www.googletagmanager.com/gtag/ Frame 42CD 		97 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-982905749
Requested by
Host: d.rageagainstthesoap.com
URL: https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0c617611770a691164e2f328cea4cf36164b81d7fabd8b4f90f0998072c215ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:19:53 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39542
x-xss-protection
0
last-modified
Fri, 19 Nov 2021 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 19 Nov 2021 16:19:53 GMT
tc_imp.gif
en.rageagainstthesoap.com/tracker/ Frame 5C2C 		43 B
69 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://en.rageagainstthesoap.com/tracker/tc_imp.gif?e=37dfbd8ee84e001369e9c436e240839e9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5f10856f2217071a10acf9f29f671b848388552d6b4df779730d8433d762c30d640c71c707065a30520acebd381a77be26bb25cb43e2913bf05365ac5c7e721bda53ef40f497d7df3bbb2805ff2fcaa8556d8e0e3143714493d60264f460b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c4b92177af998ffe4198b6dec06c213f85e162ae7d133722b325f817c99ec59b058609fc6e359143e3dd385293e88864c06513c157a77bb9e70392652b48d1c2ad7f4ec3ee3b8192d4079b4afa38a9869badbd85ef55299485d339bb9d8ece93193dbfc68912112c3bb9c6d0a1ce5343cfa981231bfd8fd71db06f642e0844c9348ccc87ac46d3091cd74da379781faef9db1b60b20f127b3a7e86c1368aed971c8f006f3064c1ec8070cc78f8684c0f18a7dc326c49dbb837efc6e7a79c4366b9293d116749ea863ac02f69e41d62ffe2d160514cd76e74dfae0ee31f887789f4fa9cfcbd827d60f0a2ded5910546e5979d7ec3bf4059a8c862ee5c625fc9a2bc9d4fbec7ccffea753656a83ec5d52d0ba051a5ab4e0a27ab66dcb9900b6b570f605f4239f41c906cbba6a95697bbdfbcc22466b7209380a4216ace28b6fd10ab04c4c4421f0aa4ed69a1804fdbdd9bdbf7edeffa6a094f2c4f0574c3cf25b85b45f7280466d07d4625e6d71f07bae6a04c1edc17f9766d727e6b73e99fd54cd690533211c7d159fc7e7d8347c5c980646cf96d1cdf19f20019df7e80eeece0969c4c0517930ad83d34420a926835c9819e0379c1bd9d64783c749a392cc88c010319cb171258264ba9ff4ee4fc87e3e04048a694553b6a05c87eb1dc887ce9f54aeddc43a6d5745ed7ed76cd822a09d7bd47215334b511063f303cdf87327e53093fcac6b8edd47da252fec4431&cri=z0KUT37QPG&ts=129&cb=1637338793348
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
cache-control
no-cache, no-store, must-revalidate
cheq_headers_order
Cache-Control Pragma Expires Content-Type Date Connection Content-Length
content-type
image/gif
content-length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT
616379538459573
connect.facebook.net/signals/config/ Frame 5C2C 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/616379538459573?v=2.9.48&r=stable
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5e0e55e2091ba9f36e7ddc78e56dcfcda6ab0e915f40b4eb6db7a7b3c7cf5470
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
89016
x-xss-protection
0
pragma
public
x-fb-debug
0/geFB5l/MKGKvQBRGO55wd3nqFOPAeaA4PFgN3QFFi2bBEh7xkg4YQP8SQKyfY2SKpNzDnKLU6ZZsY4Nb9wqA==
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 19 Nov 2021 16:19:53 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
conversion_async.js
www.googleadservices.com/pagead/ Frame 42CD 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-982905749
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:19:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14378
x-xss-protection
0
server
cafe
etag
684346926396516684
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 19 Nov 2021 16:19:53 GMT
/
www.facebook.com/tr/ Frame 5C2C 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=616379538459573&ev=CHEQ&dl=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F&rl=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F&if=true&ts=1637338793385&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1637338792788.1920835673&it=1637338793362&coo=false&exp=p1&rqm=GET
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 16:19:53 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Fri, 19 Nov 2021 16:19:53 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/ Frame 42CD 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/?random=1637338793414&cv=9&fst=1637338793414&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
111386a016b39b8e800b2226701ab12a19a588a039847485f0662dfca28ded19
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1062
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/conversion/982905749/ Frame 42CD 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/982905749/?random=1637338793415&cv=9&fst=1637338793415&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
9311101b017ef87f199967e70f7afab212c8158fdbe337654fbf8b80750a53e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1189
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
982905749.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/982905749/ Frame 42CD 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://982905749.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/982905749/?random=1637338793415&cv=9&fst=1637338793415&num=1&fmt=3&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
/
www.google.de/pagead/1p-conversion/982905749/ Frame 42CD
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/?random=690712238&cv=9&fst=1637338793415&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200...
  • https://www.google.com/pagead/1p-conversion/982905749/?random=690712238&cv=9&fst=1637338793415&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u...
  • https://www.google.de/pagead/1p-conversion/982905749/?random=690712238&cv=9&fst=1637338793415&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/982905749/?random=690712238&cv=9&fst=1637338793415&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=qc6XYYOGGr2ex_APrbOFUA&cid=CAQSKQCNIrLMUPjJ0juhozKFQFZyJemM_CXEA9OSQlKDoO03JrYHINPXa9t0&random=991310846&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H3
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/gif
location
https://www.google.de/pagead/1p-conversion/982905749/?random=690712238&cv=9&fst=1637338793415&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=934926403.1637338793&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=qc6XYYOGGr2ex_APrbOFUA&cid=CAQSKQCNIrLMUPjJ0juhozKFQFZyJemM_CXEA9OSQlKDoO03JrYHINPXa9t0&random=991310846&resp=GooglemKTybQhCsO&ipr=y&prhg=0
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/982905749/ Frame 42CD 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/982905749/?random=1637338793414&cv=9&fst=1637337600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&async=1&fmt=3&is_vtc=1&random=1836598301&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/982905749/ Frame 42CD 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/982905749/?random=1637338793414&cv=9&fst=1637337600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&async=1&fmt=3&is_vtc=1&random=1836598301&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 Nov 2021 16:19:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ Frame 50E0 		0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
Origin
https://jfrog.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/

Response headers

content-type
text/plain
access-control-allow-origin
https://jfrog.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
date
Fri, 19 Nov 2021 16:19:53 GMT
mon
en.rageagainstthesoap.com/ 		0
219 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://en.rageagainstthesoap.com/mon
Requested by
Host: sec.webeyez.com
URL: https://sec.webeyez.com/js/wDv55PKmTtpCTH14WWzDXw2yJ3Gz/wzbody.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://jfrog.com
date
Fri, 19 Nov 2021 16:19:53 GMT
access-control-allow-credentials
true
cheq_headers_order
Content-Type Access-Control-Allow-Methods Access-Control-Allow-Origin Access-Control-Allow-Credentials Date Connection Content-Length
content-length
0
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json
/
www.facebook.com/tr/ Frame 3EB6 		0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: jfrog.com
URL: https://jfrog.com/invalidppc/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
Origin
https://jfrog.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://jfrog.com/invalidppc/

Response headers

content-type
text/plain
access-control-allow-origin
https://jfrog.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
date
Fri, 19 Nov 2021 16:19:53 GMT
mon
en.rageagainstthesoap.com/ Frame E58E 		0
40 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://en.rageagainstthesoap.com/mon
Requested by
Host: d.rageagainstthesoap.com
URL: https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://jfrog.com/invalidppc/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://jfrog.com
date
Fri, 19 Nov 2021 16:19:54 GMT
access-control-allow-credentials
true
cheq_headers_order
Content-Type Access-Control-Allow-Methods Access-Control-Allow-Origin Access-Control-Allow-Credentials Date Connection Content-Length
content-length
0
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json
mon
en.rageagainstthesoap.com/ Frame 5C2C 		0
17 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://en.rageagainstthesoap.com/mon
Requested by
Host: d.rageagainstthesoap.com
URL: https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://jfrog.com/invalidppc/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://jfrog.com
date
Fri, 19 Nov 2021 16:19:54 GMT
access-control-allow-credentials
true
cheq_headers_order
Content-Type Access-Control-Allow-Methods Access-Control-Allow-Origin Access-Control-Allow-Credentials Date Connection Content-Length
content-length
0
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json
1
send.webeyez.com/ 		8 B
328 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://send.webeyez.com/1
Requested by
Host: sec.webeyez.com
URL: https://sec.webeyez.com/js/wDv55PKmTtpCTH14WWzDXw2yJ3Gz/wzbody.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.236.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-236-11.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
b6a465e8874e1f988d012b740d0f6b27ab1c73d28397d842d6aafe8c4ebdb444

Request headers

Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Fri, 19 Nov 2021 16:19:54 GMT
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
access-control-allow-origin
https://jfrog.com
cache-control
no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
expires
Fri, 31 Dec 1998 12:00:00 GMT
mon
en.rageagainstthesoap.com/ 		0
40 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://en.rageagainstthesoap.com/mon
Requested by
Host: sec.webeyez.com
URL: https://sec.webeyez.com/js/wDv55PKmTtpCTH14WWzDXw2yJ3Gz/wzbody.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://jfrog.com
date
Fri, 19 Nov 2021 16:19:55 GMT
access-control-allow-credentials
true
cheq_headers_order
Content-Type Access-Control-Allow-Methods Access-Control-Allow-Origin Access-Control-Allow-Credentials Date Connection Content-Length
content-length
0
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json
mon
en.rageagainstthesoap.com/ Frame E58E 		0
40 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://en.rageagainstthesoap.com/mon
Requested by
Host: d.rageagainstthesoap.com
URL: https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://jfrog.com/invalidppc/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://jfrog.com
date
Fri, 19 Nov 2021 16:19:56 GMT
access-control-allow-credentials
true
cheq_headers_order
Content-Type Access-Control-Allow-Methods Access-Control-Allow-Origin Access-Control-Allow-Credentials Date Connection Content-Length
content-length
0
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json
mon
en.rageagainstthesoap.com/ Frame 5C2C 		0
17 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://en.rageagainstthesoap.com/mon
Requested by
Host: d.rageagainstthesoap.com
URL: https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd04:9b88:a313:d24d:af44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://jfrog.com/invalidppc/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://jfrog.com
date
Fri, 19 Nov 2021 16:19:56 GMT
access-control-allow-credentials
true
cheq_headers_order
Content-Type Access-Control-Allow-Methods Access-Control-Allow-Origin Access-Control-Allow-Credentials Date Connection Content-Length
content-length
0
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2017/12/20133032/Jfrog-Logo.svg
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-artifactory-1.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2017/08/20130739/icon_jfrog-pipeline.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2017/08/20130019/jcr40PX-1.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2017/08/20132432/icon-xray.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-bintray_40x40.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2019/12/20130026/close.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2019/10/20130240/frog-hand-green.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2020/01/20125954/flag_us.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2019/12/20130011/jfrog-logo.svg
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2020/01/20125954/flag_chinese.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2021/09/13130230/vdoo-popup_jfrog-logo.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2021/09/13130228/vdoo-popup_graphic.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2017/12/20133032/Jfrog-Logo.svg
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2020/12/14151329/lang-world-icon.svg
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2020/12/14151328/lang-down-arrow.svg
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2020/12/14151326/lang-checkmark.svg
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-artifactory-1.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2017/08/20130739/icon_jfrog-pipeline.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2017/08/20130019/jcr40PX-1.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2017/08/20132432/icon-xray.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-bintray_40x40.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2019/12/20130026/close.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2019/10/20130240/frog-hand-green.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2020/01/20125954/flag_us.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2019/12/20130011/jfrog-logo.svg
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2020/01/20125954/flag_chinese.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2021/09/13130230/vdoo-popup_jfrog-logo.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2021/09/13130228/vdoo-popup_graphic.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2017/12/20133032/Jfrog-Logo.svg
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2020/12/14151329/lang-world-icon.svg
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2020/12/14151328/lang-down-arrow.svg
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2020/12/14151326/lang-checkmark.svg
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-artifactory-1.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2017/08/20130739/icon_jfrog-pipeline.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2017/08/20130019/jcr40PX-1.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2017/08/20132432/icon-xray.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-bintray_40x40.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2019/12/20130026/close.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2019/10/20130240/frog-hand-green.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2020/01/20125954/flag_us.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2019/12/20130011/jfrog-logo.svg
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2020/01/20125954/flag_chinese.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2021/09/13130230/vdoo-popup_jfrog-logo.png
Domain
media.jfrog.com
URL
https://media.jfrog.com/wp-content/uploads/2021/09/13130228/vdoo-popup_graphic.png

Verdicts & Comments Add Verdict or Comment

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| initGTMOnEvent function| initGTM function| LoadDriftWidget function| initDriftOnEvent function| initDrift object| algolia function| isMobile function| $ function| jQuery function| _ object| Backbone object| wpApiSettings object| wp object| jfrog_general object| webpackJsonp function| __ctcg_ct_11825_exec object| google_tag_manager object| dataLayer object| google_optimize object| Prism function| CaptchaCallback object| sc object| interdeal function| initNagichOnEvent function| initNagich object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| wzrum object| $jscomp string| wzrum__key object| wzstate boolean| enable_console object| customDataDefinitions object| wz_user_events_collection object| ttiPolyfill boolean| wz_body_loaded number| webeyezstartAll object| wz_api object| ___WEBEYEZ_CACHE string| webeyez_wzPageEntryKey string| wz_sid object| __tti boolean| ___WEBEYEZ_REGISTER_PerformanceLongTaskTiming boolean| ___WEBEYEZ_REGISTER_ERROR object| recaptcha object| closure_lm_133577 function| fbq function| On boolean| wzPrevPageUncompletedEventExecuted number| __wz_mpa_setTimeout_timer

19 Cookies

Domain/Path Name / Value
www.google.com/recaptcha Name: _GRECAPTCHA
Value: 09ABBMTcPIjoaVCjdOhlsmVRm1955vXCx14LK1dOMTWNsjku01SqEBg2WXgnWc2tYMsyvySKwewTFJU6mvufaEI_Y
.jfrog.com/ Name: _cq_duid
Value: 1.1637338792.3ju8FqeC43weCH1J
.jfrog.com/ Name: _cq_suid
Value: 1.1637338792.dKMKq9tjhgcCazv0
.jfrog.com/ Name: wz.nv
Value: 1
.jfrog.com/ Name: wz.uid
Value: C3U719Slu3yI368007eg7t2d3
.jfrog.com/ Name: wz.sid_wDv55PKmTtpCTH14WWzDXw2yJ3Gz
Value: 63dj308b7397g3jZ7xt71u2V2
en.rageagainstthesoap.com/ Name: cg_uuid
Value: b601b1df9149388049d9bde655fe83ce
.jfrog.com/ Name: _fbp
Value: fb.1.1637338792788.1920835673
.jfrog.com/ Name: _gcl_au
Value: 1.1.934926403.1637338793
.doubleclick.net/ Name: IDE
Value: AHWqTUltG2I5dWiJxG0RCfMmAqnyh1N7FdhQWX8J_XLFtJxuliuf6hwXT6zxqNe-
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: lidc
Value: "b=OGST05:s=O:r=O:a=O:p=O:g=2372:u=1:x=1:i=1637338793:t=1637425193:v=2:sig=AQFi7Ezz9W5v4IGR3Fm0SgOr3B1stZut"
.linkedin.com/ Name: UserMatchHistory
Value: AQJk7E-4IVJXpwAAAX04_0XgYJlHTKJz0yYSJTUJyVGXE_H-I-M0f1e1Xs8sf_yUSjn9E_yhWcvazQ
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQJbj7OOuw4bcQAAAX04_0XgaxEzhBc6rQs3QE-PRIQ1s3jvzwFYxWCpK_WYIykKJeJlg7DAYhNPHELWJqyaww
.linkedin.com/ Name: bcookie
Value: "v=2&958a4208-40a0-412e-8bab-f86d53fc27d2"
.linkedin.com/ Name: lang
Value: v=2&lang=de-de
.www.linkedin.com/ Name: bscookie
Value: "v=1&202111191619534a5e86eb-dab8-4683-8628-7946d36843a0AQEVZ055eEf-9e7-9matO4lufoHpSeoO"
.linkedin.com/ Name: li_gc
Value: MTswOzE2MzczMzg3OTM7MjswMjEuwfMf9HZ4CGz/B8I67Rxp8rQkoTeehO7cfkZHGMEP6A==
.jfrog.com/ Name: wz.data
Value: %7B%22lastPrtTS%22%3A1637338794795%2C%22sessions%22%3A%7B%2263dj308b7397g3jZ7xt71u2V2%22%3A1%7D%7D

6 Console Messages

Source Level URL
Text
network error URL: https://jfrog.com/wp-json/wp/v2/
Message:
Failed to load resource: the server responded with a status of 403 ()
other warning URL: https://www.googleadservices.com/pagead/conversion_async.js(Line 22)
Message:
Unrecognized feature: 'conversion-measurement'.
network error URL: https://jfrog.com/wp-json/wp/v2/
Message:
Failed to load resource: the server responded with a status of 403 ()
other warning URL: https://www.googleadservices.com/pagead/conversion_async.js(Line 22)
Message:
Unrecognized feature: 'conversion-measurement'.
network error URL: https://jfrog.com/wp-json/wp/v2/
Message:
Failed to load resource: the server responded with a status of 403 ()
other warning URL: https://www.googleadservices.com/pagead/conversion_async.js(Line 22)
Message:
Unrecognized feature: 'conversion-measurement'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

982905749.privacysandbox.googleadservices.com
connect.facebook.net
d.rageagainstthesoap.com
en.rageagainstthesoap.com
fonts.gstatic.com
googleads.g.doubleclick.net
jfrog.com
media.jfrog.com
px.ads.linkedin.com
px4.ads.linkedin.com
sec.webeyez.com
send.webeyez.com
snap.licdn.com
speedmedia.jfrog.com
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googleoptimize.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
media.jfrog.com
108.174.10.14
13.224.195.83
13.225.78.122
142.250.185.226
142.250.186.34
2600:1f18:e8a:cd04:9b88:a313:d24d:af44
2600:9000:21f3:1600:7:4902:e200:93a1
2600:9000:21f3:2200:1:a64e:d7c0:93a1
2620:119:50e7:101::9002:e05
2620:1ec:21::14
2a00:1450:4001:829::2004
2a00:1450:4001:829::2008
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2003
2a00:1450:4001:830::2003
2a00:1450:4001:831::2003
2a02:26f0:6c00::210:ba11
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
52.18.236.11
0660f199cc3d8d5a4126a252f3ea5de5a7083c1b03b699a580c7067514f22c34
07812baa0e9b7a86675ea47f0a918a948dbfac2fc20b963478c928755cc0145f
0a56234241a7dd6d1f2a13b3d521d260c999c9bf50e97f255859649775eec6ee
0c617611770a691164e2f328cea4cf36164b81d7fabd8b4f90f0998072c215ed
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
111386a016b39b8e800b2226701ab12a19a588a039847485f0662dfca28ded19
173b53f6edccd7f81bd3b482574866f4a5b813c8ec6b7279a5442e0d7f48053f
18f60ee36fca3f25c02cbc3d6db022d5c2af96e9b01bea3a3c4486753916ed20
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1c162f4bd025ac9bdc657566d7190108436ecd710149635a89484be564627924
230c90309b04f1769f06162f165b7b6e995c3dc963184d12d7651e95ea034dce
2352861533651f10316e3f79ba9832ff09a2a062dd5f7be1f3fd1258c3082cd9
23d4875896a0991fa45cd27b4935dc479b16e1a0774d10cf2d7ccc5406ef2764
243d0318292081b26db69dad7403b07a4f8c302076bad5ff2f51ce135e19390e
2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9
2feaece00c0e978ea55b04cd2f26c2763f7a8adb66702c880bb358ba8a5ef89c
32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
3b1841149421a8ed1d6a26126f7779aa0d709d92d75e9a1d74493727889b3a2a
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
408fe165dff48eb2f8cb3a2fcbc1dd92b94d56b4ab11813be55c776871c691cf
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
46b518780343f2262e168bea5146d1ff30a6253191cc61b486657c76a58fb2bb
4f892c5fe7fa428385ac5c124b1e0a6048a70d4c92e640c30176cf6286c5219d
509bf9e83d3ca5add614196c02c8e0ce59731d3d1a10552c944b74d86019d866
54fef01d833f38c14a69a3cb14792e03ad94812ef180ee5e10a83bcf2d62cde3
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5e0e55e2091ba9f36e7ddc78e56dcfcda6ab0e915f40b4eb6db7a7b3c7cf5470
60d46fc699749f87ba44a1bdbcc55d189ea8a5ce738aae3201d9675d80025cd9
66442d3f2286711fafe6324fcc0ee84821381b09820f8174c23f57e13041b7d6
6a4763315fcb0009747d48dd80b0f4d7bd0a9956e8ee4141f52adb4bf82a24a4
6a724739bf4b2902e98cde920bfcd3207556da6917252c76d142438fb119014c
6cd0d6897b3d4779f7d88ce72531f22fbf75851b195fb14e6f3f23d051b3d1e9
6d207fca17c761b8cd9e4c98126599ae3f6d6171a62858040e9bf6b03d1c18f1
75e2d4234d40886f1ff31d0b9361dd41c6d8b05255b40ac2bf5f88e5dd2011b4
7a32484e166e1337fbb0cf4f4262bb385ed9081f1ac20f9efe39e8e50490367a
7cbfa4b3b22a15f00c70171538ca1d48fa1cd791b6a26a1d3270640821480364
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
8fa4dcb3b8855e0c3b81552de8a21ad8b48a59d1fdf9aab89d3b9bbeb9ae5abd
9311101b017ef87f199967e70f7afab212c8158fdbe337654fbf8b80750a53e5
97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9cedbdc05b8bef53bea4e86b1b314053b916f725e072ef4d387b2f032f0e3094
a8d79113241a5676e8d398190c461151b7ba2b11ae30711225f960a0ceac13ca
ac579e6cad7128feaa094d35b01467ed849615ae2cf675ef24fae055a19f5621
ac588a22069fd96f7979ef0eb66728f0c45d9594c49bea515afe79d229591cdd
af893638a2d983d9d79b699ab8ae2f7f507a67c4bca1911b9a377a7c6f44a2e9
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b6952942ef78709c920598a68813d80b4b9d9cba80d772e0d16ff3789f53ed7f
b6a465e8874e1f988d012b740d0f6b27ab1c73d28397d842d6aafe8c4ebdb444
b6d3032c62e0b6be92ce37e7b95e04320c012fdbc139d164f8cec5bed220fe76
bdd9517fdb9df0b1631029d96536adb3a35cbdef273de0e877411c47af444f90
bfa9441fac08fbebcfc65e202a788744aab8e4b1f634eaaf800256dce5012813
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
d147331d9cd6d8fa4535e67398eeedc5322ca7fd795075eaa1a54bdb51921d65
d528babee67cbc93a3d429bc66ad6a53007041a2d02b9ee6e6de490f327e4365
d718b77204326f8de5c33a9639060fad03ea63c9fc4eb8c3b0917e24f208585c
d7af2e30f08a166fe6cbd0696bef8d59cd2c7b707199cb19d758421aba9aeab3
d862c29df6fdd9419d27afa23f4588cc3e47812865eb0bbcbc5a140ab15d3f71
df60c97d425292c5c0d019af88c1ddcefa8dc08424be1b9c7cd5b45d092a878a
df740a8ffe6449fe8b5404a650078723908ea9b95403dd0327983ce26b6fd7ba
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4d43d437f8d5f7f2d020642f11ae6b07766af1fabec886a82652775fcf503c7
e5c05770ad824551e77c215fe58895ebbe3a97852045e8bd5e4ed1f1f5016157
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f25af0023f3898c94965f07dd066692f6541970ca482b9fc8631225676531bc0
f4c6d858f9444d1603c69ae3416514024894e89b50698d44bacb71416750c219
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3