www.securonix.com Open in urlscan Pro
2606:4700:3108::ac42:2b19 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-w...
Submission: On April 29 via api (April 29th 2024, 2:10:02 am UTC) from TR — Scanned from DE

Summary HTTP 103 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 30 IPs in 6 countries across 23 domains to perform 103 HTTP transactions. The main IP is 2606:4700:3108::ac42:2b19, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.securonix.com.
TLS certificate: Issued by E1 on April 16th 2024. Valid for: 3 months.

This is the only time www.securonix.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
41	2606:4700:310... 2606:4700:3108::ac42:2b19	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a02:26f0:350... 2a02:26f0:3500:16::215:148f	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
8	2606:4700:10:... 2606:4700:10::6816:47c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.73.206 104.17.73.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:148b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	104.96.137.199 104.96.137.199	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::ac43:2794	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:310... 2606:4700:3108::ac42:283b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2.16.16.164 2.16.16.164	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:149b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 6	2600:9000:264... 2600:9000:2644:1c00:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700::68... 2606:4700::6811:f6cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.245.86.77 18.245.86.77	16509 (AMAZON-02) (AMAZON-02)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
4 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a05:d018:cc3... 2a05:d018:cc3:fe05:9623:332a:63:3fd6	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:310... 2a02:26f0:3100::1725:e251	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	13.248.142.121 13.248.142.121	16509 (AMAZON-02) (AMAZON-02)
2	18.245.86.87 18.245.86.87	16509 (AMAZON-02) (AMAZON-02)
1	2602:816:5001... 2602:816:5001::39	54113 (FASTLY) (FASTLY)
1	162.247.241.14 162.247.241.14	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
103	30

41 2606:4700:3108::ac42:2b19 (United States)

ASN13335 (CLOUDFLARENET, US)

www.securonix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:3500:16::215:148f (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:10::6816:47c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.73.206 (None, )

ASN13335 (CLOUDFLARENET, US)

pages.securonix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:148b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.96.137.199 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a104-96-137-199.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:2794 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3108::ac42:283b (United States)

ASN13335 (CLOUDFLARENET, US)

embed.formhq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.16.16.164 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-16-164.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2644:1c00:6:9280:1080:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:f6cb (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.86.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-77.fra60.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

179-djp-142.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:cc3:fe05:9623:332a:63:3fd6 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3100::1725:e251 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.142.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.245.86.87 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-87.fra60.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2602:816:5001::39 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.241.14 (Portland, United States)

ASN23467 (NEWRELIC-AS-1, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
42	securonix.com www.securonix.com pages.securonix.com	1 MB
10	6sc.co j.6sc.co — Cisco Umbrella Rank: 5885 c.6sc.co — Cisco Umbrella Rank: 9001 ipv6.6sc.co — Cisco Umbrella Rank: 6019 b.6sc.co — Cisco Umbrella Rank: 3922	20 KB
9	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 3731	33 KB
7	adroll.com 1 redirects s.adroll.com — Cisco Umbrella Rank: 3422 d.adroll.com — Cisco Umbrella Rank: 1607	118 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 328 www.linkedin.com — Cisco Umbrella Rank: 613 px4.ads.linkedin.com — Cisco Umbrella Rank: 6223	4 KB
6	typekit.net use.typekit.net — Cisco Umbrella Rank: 463 p.typekit.net — Cisco Umbrella Rank: 574	92 KB
3	driftt.com js.driftt.com — Cisco Umbrella Rank: 5838	62 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 337	14 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	274 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9083	730 B
2	unpkg.com 1 redirects unpkg.com — Cisco Umbrella Rank: 744	3 KB
2	formhq.net embed.formhq.net — Cisco Umbrella Rank: 160377	4 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3820	6 KB
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 242	708 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 594	18 KB
1	google.de www.google.de — Cisco Umbrella Rank: 7278	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 84	247 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2941	256 B
1	mktoresp.com 179-djp-142.mktoresp.com	318 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 781	17 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 320	3 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 363	31 KB
0	lltrck.com Failed lltrck.com Failed
103	23

	Domain	Requested by
41	www.securonix.com	www.securonix.com
9	static.addtoany.com	www.securonix.com static.addtoany.com
7	b.6sc.co	www.securonix.com
6	s.adroll.com	1 redirects www.googletagmanager.com www.securonix.com s.adroll.com
5	use.typekit.net	www.securonix.com use.typekit.net
4	px.ads.linkedin.com	3 redirects snap.licdn.com
3	js.driftt.com	www.securonix.com js.driftt.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.securonix.com
3	www.googletagmanager.com	www.securonix.com www.googletagmanager.com
2	epsilon.6sense.com	j.6sc.co
2	unpkg.com	1 redirects www.securonix.com
2	embed.formhq.net	www.googletagmanager.com embed.formhq.net
2	munchkin.marketo.net	www.securonix.com munchkin.marketo.net
1	bam.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	www.securonix.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	d.adroll.com	s.adroll.com
1	px4.ads.linkedin.com	www.securonix.com
1	www.linkedin.com	1 redirects
1	www.google.de	www.securonix.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	179-djp-142.mktoresp.com	munchkin.marketo.net
1	snap.licdn.com	www.googletagmanager.com
1	cdn.jsdelivr.net	www.securonix.com
1	j.6sc.co	www.securonix.com
1	p.typekit.net	use.typekit.net
1	pages.securonix.com	www.securonix.com
1	ajax.googleapis.com	www.securonix.com
0	lltrck.com Failed	www.securonix.com
103	31

This site contains links to these domains. Also see Links.

Domain
securonix.com
securonix.force.com
www.addtoany.com
unit42.paloaltonetworks.com
twitter.com
in.linkedin.com
www.instagram.com
www.facebook.com
www.youtube.com

Subject Issuer	Validity	Valid
securonix.com E1	`2024-04-16` - `2024-07-15`	3 months	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-01` - `2025-03-03`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-04-08` - `2024-07-01`	3 months	crt.sh
static.addtoany.com E1	`2024-04-23` - `2024-07-22`	3 months	crt.sh
pages.securonix.com Cloudflare Inc ECC CA-3	`2024-03-03` - `2024-12-31`	10 months	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-12-11`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-04-08` - `2024-07-01`	3 months	crt.sh
formhq.net E1	`2024-03-01` - `2024-05-30`	3 months	crt.sh
6sc.co R3	`2024-04-09` - `2024-07-08`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2024-04-28` - `2024-06-27`	2 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
s.adroll.com Amazon RSA 2048 M01	`2023-06-03` - `2024-07-01`	a year	crt.sh
drift.com Amazon RSA 2048 M02	`2023-08-15` - `2024-09-11`	a year	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-07` - `2024-10-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-04-08` - `2024-07-01`	3 months	crt.sh
*.google.de GTS CA 1C3	`2024-04-08` - `2024-07-01`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
d.adroll.com Amazon RSA 2048 M01	`2023-10-09` - `2024-11-07`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-03-31` - `2025-04-29`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-03-21` - `2025-04-22`	a year	crt.sh
*.nr-data.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2024-10-01`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Frame ID: 7E6A444479AAC4DDFCBC0455EB7B38FC
Requests: 100 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.25.html
Frame ID: 54D4414D5953E52AA7138425FCDBF87F
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=r32rm8p2zmht&eId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=1b789688-a26c-446f-876f-60bee64bf68c&sessionStarted=1714356598.731&campaignRefreshToken=a20cd5b5-d79d-4825-a1eb-9c07c2e9c80b&hideController=false&pageLoadStartTime=1714356596998&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F
Frame ID: FBED64F118275674636DEED1A4CBA1A5
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1714356596998
Frame ID: B12D3C3574FF90E238F0C19A35B16581
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors - Securonix

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Select2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

select2(?:\.min|\.full)?\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

103
Requests

94 %
HTTPS

69 %
IPv6

23
Domains

31
Subdomains

30
IPs

6
Countries

2089 kB
Transfer

4614 kB
Size

23
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://securonix.com/resources/
Title: Resources by Topic

Search URL Search Domain Scan URL

URL: https://securonix.com/partners/
Title: Partners

Search URL Search Domain Scan URL

URL: https://securonix.com/partners/securonix-fusion/
Title: Technology Alliance

Search URL Search Domain Scan URL

URL: https://securonix.force.com//
Title: Partner Portal Login

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F&title=Analysis%20of%20DEV%23POPPER%3A%20New%20Attack%20Campaign%20Targeting%20Software%20Developers%20Likely%20Associated%20With%20North%20Korean%20Threat%20Actors
Title: Teilen

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/two-campaigns-by-north-korea-bad-actors-target-job-hunters/
Title: North Korean threat actors

Search URL Search Domain Scan URL

URL: https://twitter.com/dimitribest/status/1782609281897902426
Title: cybersecurity community

Search URL Search Domain Scan URL

URL: https://in.linkedin.com/company/securonix

Search URL Search Domain Scan URL

URL: https://www.instagram.com/securonix/

Search URL Search Domain Scan URL

URL: https://twitter.com/Securonix

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Securonix/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@securonix

Search URL Search Domain Scan URL

URL: https://securonix.com/contact-us/
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 61

https://unpkg.com/web-vitals/dist/web-vitals.iife.js HTTP 302
https://unpkg.com/web-vitals@3.5.2/dist/web-vitals.iife.js

Request Chain 73

https://s.adroll.com/j/pre/VJKZ2AZ6BRDQFPNHOW6CAP/4OKRMX7MDFHPZJ45XTA2IN/fpconsent.js HTTP 302
https://s.adroll.com/j/pre/index.js

Request Chain 78

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1714356597657&li_adsId=52530d87-d2c7-4d72-b331-de3e19226b1a&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1714356597657&li_adsId=52530d87-d2c7-4d72-b331-de3e19226b1a&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D61924%26time%3D1714356597657%26li_adsId%3D52530d87-d2c7-4d72-b331-de3e19226b1a%26url%3Dhttps%253A%252F%252Fwww.securonix.com%252Fblog%252Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1714356597657&li_adsId=52530d87-d2c7-4d72-b331-de3e19226b1a&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1714356597657&li_adsId=52530d87-d2c7-4d72-b331-de3e19226b1a&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQINiHmGsvJwwgAAAY8nnbZNe-G9AKTJr4TZQv2Z8hO8efyhagWZ0rbQehBk2T1aJ4ixkZ1_UyhEHX6rSTdT8NH1GQ3T8g

103 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ 158 KB
36 KB 106ms
46ms Document
text/html 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9ed26dc81f55af22e282dc60be605819fc96e3bbcd1c3d461d1c3057a66cb1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 265183
cache-control: public, max-age=31536000
cf-apo-via: tcache
cf-cache-status: HIT
cf-edge-cache: cache,platform=wordpress
cf-ray: 87bbc0baaccd9137-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 29 Apr 2024 02:09:56 GMT
last-modified: Thu, 25 Apr 2024 19:34:19 GMT
link: <https://www.securonix.com/wp-json/>; rel="https://api.w.org/", <https://www.securonix.com/wp-json/wp/v2/blog/25194>; rel="alternate"; type="application/json", <https://www.securonix.com/?p=25194>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pfdl3FSayW5Rp%2BbcuHecqthaZamqY2JNgsxzhJ4ZcSOrnIpappEB79jdWFYdhBaEXObyzH280jknRNXzWGXs0HvJp986zgL0F4dOtGOkrb4YRP76%2FB3olvvjyaKM9cr%2B4jXYVpy9W3vnt06kOZX%2B"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31622400
vary: Accept-Encoding, Cookie, Cookie
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-pantheon-styx-hostname: styx-fe2-a-7b6c595dc8-2wcgt
x-served-by: cache-chi-klot8100064-CHI, cache-ams21057-AMS
x-styx-req-id: caa83de6-0339-11ef-ae64-16986a111875
x-timer: S1714073660.762942,VS0,VE4
x-xss-protection: 1; mode=block

GET
H2 200 pjm0fus.css
use.typekit.net/ 28 KB
3 KB 168ms
37ms Stylesheet
text/css 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/pjm0fus.css

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

32526fdcae3037b6c2d64e0728c146d0c6ba44bb3b663af970f05feab4393b15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Mon, 29 Apr 2024 02:09:57 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2381

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 105ms
24ms Script
text/javascript 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 27 Apr 2024 16:16:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 122007
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 27 Apr 2025 16:16:30 GMT

GET
H2 200 styles.css
www.securonix.com/wp-content/plugins/sitepress-multilingual-cms/dist/css/blocks/ 57 KB
7 KB 39ms
36ms Stylesheet
text/css 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/sitepress-multilingual-cms/dist/css/blocks/styles.css?ver=4.6.6

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af770f5afec3e9f10196ea60476a44dde4d80010e680500685b578fee468c8c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Tue, 15 Apr 2025 14:44:41 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524401
cf-polished: origSize=59240
content-encoding: br
x-cache: HIT, HIT
x-cache-hits: 0, 4
x-served-by: cache-chi-kigq8000178-CHI, cache-ams21059-AMS
cf-bgj: minify
last-modified: Sat, 13 Apr 2024 22:49:35 GMT
server: cloudflare
x-timer: S1713821308.013081,VS0,VE2
etag: W/"661b0bff-e768"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mDSngWagTXQh1UUdzdOQK%2Bvoqleuf0FakEXGesUrX7bcy3q3dyMhl3dQJ2mEJdmJkcN%2B%2FwBhulLbIIZSao3usewe5HzSxAgMbcQ0rB68h5slzDNBUBwHYDUV3vWu0e70XB8U%2BEhm78ZAJ5dc0TQ%2F"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 86eec177-fa6d-11ee-8289-566fcc2daecf
cache-control: max-age=31622400
cf-ray: 87bbc0bb5d169137-FRA
x-pantheon-styx-hostname: styx-fe2-b-77f64f9968-d655f

GET
H2 200 wpcdt-public.css
www.securonix.com/wp-content/plugins/countdown-timer-ultimate/assets/css/ 680 B
856 B 38ms
35ms Stylesheet
text/css 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/countdown-timer-ultimate/assets/css/wpcdt-public.css?ver=2.5

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

175eab7bef961e3d69c7c97f5371d532f30be4547670ba55578ed1af53d3114d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Tue, 15 Apr 2025 14:44:41 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524401
cf-polished: origSize=822
content-encoding: br
x-cache: HIT, HIT
x-cache-hits: 0, 4
x-served-by: cache-chi-kigq8000137-CHI, cache-ams21066-AMS
cf-bgj: minify
last-modified: Sat, 13 Apr 2024 23:49:16 GMT
server: cloudflare
x-timer: S1713821308.021353,VS0,VE3
etag: W/"661b19fc-336"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yykn8hWZXnHU%2FR67HUfjBqsPBc4sJ0sNio8hx64KxT%2FraFMTL8vQQ%2F11Jtt4o83sYREFNHZoHrybbH1vBGjF47jS8c1G2X5H6HFzSJUdjFBtYtpFPQcaTeog%2FB9e8qAYmBdXry4a2NHviOIYeq8P"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 86ef542f-fa6d-11ee-a486-7aaebfcc1a9f
cache-control: max-age=31622400
cf-ray: 87bbc0bb5d179137-FRA
x-pantheon-styx-hostname: styx-fe2-a-57d8d64c7d-96n5x

GET
H2 200 jquery.powertip.min.css
www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/css/ 2 KB
900 B 40ms
37ms Stylesheet
text/css 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/css/jquery.powertip.min.css?ver=1.2.0

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

814189be4de21d42597f62ffcc0ee1d28b6326d795bbad2e922952cad4dabab1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Tue, 15 Apr 2025 14:44:41 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524401
content-encoding: br
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe2-a-57d8d64c7d-d4c5l
x-served-by: cache-chi-kigq8000120-CHI, cache-ams21024-AMS
last-modified: Sat, 13 Apr 2024 07:30:43 GMT
server: cloudflare
x-timer: S1713821308.015238,VS0,VE2
etag: W/"661a34a3-70d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vzACcS3q19NJBcVc%2FTxigW5oOZLSeMUD9EaRY1N%2Bk30XTzLmUR9hjWQxicBYCCTOvz%2Bt0caIBDzsXZuiXdZSop6hpoxrlV%2B1A%2BOfupE0Z43f4eu6WdtHj7Hsl6A6ZJaZklfReHbTKmKAPKFF2mlC"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 86eecdf9-fa6d-11ee-9baf-2ab61ac3db7f
cache-control: max-age=31622400
cf-ray: 87bbc0bb5d189137-FRA
x-cache-hits: 0, 4

GET
H2 200 maps_points.css
www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/css/ 5 KB
2 KB 39ms
37ms Stylesheet
text/css 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/css/maps_points.css?ver=1.2.2

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e2d296664123aed1106464a611ef20234a6eed68d82ed5b1afd66660b185c59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Tue, 15 Apr 2025 14:44:41 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524401
cf-polished: origSize=6896
content-encoding: br
x-cache: HIT, HIT
x-cache-hits: 0, 4
x-served-by: cache-chi-klot8100052-CHI, cache-ams21080-AMS
cf-bgj: minify
last-modified: Sat, 13 Apr 2024 21:41:40 GMT
server: cloudflare
x-timer: S1713821308.018971,VS0,VE2
etag: W/"661afc14-1af0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZbATS8Gz05wj8y3XdUpJXJsawF3mCbipJUN6pt2Dv4G%2FFCLzaGtvGpBMovxV1mkGmOcnfVSiLYVN2oSh%2FUvFdTxq2zVjuk1kS0aXPBndqZmIoNDeQYpFXhYlFa5rZkrJ1t%2BMD5MTmMqTcS2NjjYn"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 86f7ab94-fa6d-11ee-8fec-daca86ef21ae
cache-control: max-age=31622400
cf-ray: 87bbc0bb5d1a9137-FRA
x-pantheon-styx-hostname: styx-fe2-b-77f64f9968-b8pvd

GET
H2 200 style.min.css
www.securonix.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/ 258 B
548 B 38ms
36ms Stylesheet
text/css 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/style.min.css?ver=1

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b9257e3e9c959214ddfab833a69a021ae6557403efe76afcbee259621175274

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Tue, 15 Apr 2025 14:44:41 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524401
content-encoding: br
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe2-b-77f64f9968-7pk4l
x-served-by: cache-chi-klot8100055-CHI, cache-ams21043-AMS
last-modified: Sat, 13 Apr 2024 22:49:35 GMT
server: cloudflare
x-timer: S1713821308.022747,VS0,VE3
etag: W/"661b0bff-102"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5RywUAXpCRSK5SM9NMI9AbgoklSGw4R8FfACS1hKiPsPTuAlDUw%2BWTummXj%2FqLc4EySHi%2F62J7146vVANHaq8Qcx578XsisQ1oDKh1k0uGNaRxmayEIl78QwbgUCweLb%2F1uMO7iV13etmafLTC9P"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 86f79474-fa6d-11ee-810e-3e9b3257ad3f
cache-control: max-age=31622400
cf-ray: 87bbc0bb5d1c9137-FRA
x-cache-hits: 0, 4

GET
H2 200 style.css
www.securonix.com/wp-content/themes/securonix/assets/css/ 443 KB
70 KB 48ms
45ms Stylesheet
text/css 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix/assets/css/style.css?ver=1714022682

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6eb4cf02a13fd5ba1886458ccf1596b2fcf5c63a26c437b61e4ee58f5e3f7b4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Sat, 26 Apr 2025 05:34:45 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 190881
cf-polished: origSize=457588
content-encoding: br
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-served-by: cache-chi-klot8100053-CHI, cache-ams21032-AMS
cf-bgj: minify
last-modified: Wed, 24 Apr 2024 17:22:38 GMT
server: cloudflare
x-timer: S1714023285.030163,VS0,VE159
etag: W/"66293fde-6fb74"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kHD4trY7J8Ibf3CVxxbQVWk6bQJpscsa2DUMRmagMszxps24vS%2BW7ajZINwwspJhYSAKBJQZlBeWCwX2n9DJmNhXQRv5yVdBlVxq2J%2FDlV3J3vfFI%2BoKNBAkG9GSfmHY9%2B7R481qJ3Bf7RHwCxw%2F"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 85f3d425-02c5-11ef-b21c-0a726a190c7f
cache-control: max-age=31622400
cf-ray: 87bbc0bb5d1e9137-FRA
x-pantheon-styx-hostname: styx-fe2-a-7b6c595dc8-6s9d5

GET
H2 200 stylesheet.css
www.securonix.com/wp-content/themes/securonix/assets/css/fonts/ 2 KB
745 B 41ms
39ms Stylesheet
text/css 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix/assets/css/fonts/stylesheet.css?ver=1714022682

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbb6162a3febf0d96b3372dd4f325d2ecd9b9c4e2c6d23e2c2b4eeeb3d7ccdb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Sat, 26 Apr 2025 05:34:45 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 265184
cf-polished: origSize=2058
content-encoding: br
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-served-by: cache-chi-klot8100154-CHI, cache-ams21032-AMS
cf-bgj: minify
last-modified: Thu, 25 Apr 2024 05:24:42 GMT
server: cloudflare
x-timer: S1714023285.029045,VS0,VE123
etag: W/"6629e91a-80a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=43IghY5%2Bj2DJ9s4%2FEY3LbS7kUEG7qjGXxqEYwvCzYpvQAKRk%2FmmEvkWcw%2BEPbznhAdk8M2Alrw73D0sJ9WD7EaivMZZuyWQOXlphLONwY%2BXBKwdgMu%2BfY%2By%2B2we4hRPKwMUn52o235Pky5x01uOO"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 85f3691d-02c5-11ef-b8a4-5e82bd8738a0
cache-control: max-age=31622400
cf-ray: 87bbc0bb5d1f9137-FRA
x-pantheon-styx-hostname: styx-fe2-b-586f6cc498-dpgr8

GET
H2 200 default.css
www.securonix.com/wp-content/plugins/tablepress/css/build/ 6 KB
3 KB 40ms
38ms Stylesheet
text/css 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/tablepress/css/build/default.css?ver=2.1.7

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9bc19ce27e7fe54728be0d4489cf683005fd6f522bbf6391a681d7d2d8d3f190

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Tue, 15 Apr 2025 14:44:41 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524401
cf-polished: origSize=6091
content-encoding: br
x-cache: HIT, HIT
x-cache-hits: 0, 4
x-served-by: cache-chi-klot8100062-CHI, cache-ams21055-AMS
cf-bgj: minify
last-modified: Sat, 13 Apr 2024 21:41:41 GMT
server: cloudflare
x-timer: S1713821308.022871,VS0,VE2
etag: W/"661afc15-17cb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OcZzAd%2BW2H74cn2KDUTBWVU%2B%2BAKL2F8ryIQ4RMxlAfvt%2BRYf%2F5wnkzT0HNdxjXs5MAagHByN4VxpDLeNBELvgbETiZj0C1yjPdXmOhh5xRNPUR5LqYZJ8Fiu3oKuJZS05GqpW8fy2encJHZIzPbu"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 86f70640-fa6d-11ee-94a7-1a3b08b151cb
cache-control: max-age=31622400
cf-ray: 87bbc0bb5d209137-FRA
x-pantheon-styx-hostname: styx-fe2-b-77f64f9968-bzdln

GET
H2 200 tablepress-responsive.min.css
www.securonix.com/wp-content/plugins/tablepress-responsive-tables/css/ 9 KB
2 KB 42ms
40ms Stylesheet
text/css 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27e54854af25b175f482f4acc3c32a5dfd363ae62292e66b9212764d323af2db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Tue, 15 Apr 2025 14:44:41 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 237299
content-encoding: br
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe2-b-77f64f9968-rm6p6
x-served-by: cache-chi-klot8100134-CHI, cache-ams21079-AMS
last-modified: Sat, 13 Apr 2024 23:49:17 GMT
server: cloudflare
x-timer: S1713821308.022871,VS0,VE2
etag: W/"661b19fd-22aa"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bDDq2VycNdyTL1y39VvaZIouaTJoSMWR8PhODEMbcZowURV8mUfZUgqdlQG0PwLfAii4tVrklJMxNRyKwmXyCSjqCAwcOwQ6Tyn1GCM%2FRr8fGnslHEvTjEraPs6DLNej2Gf766s%2FJZhvT6bKsiEI"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 86f74c07-fa6d-11ee-93a3-66529c49ef00
cache-control: max-age=31622400
cf-ray: 87bbc0bb5d219137-FRA
x-cache-hits: 0, 4

GET
H2 200 addtoany.min.css
www.securonix.com/wp-content/plugins/add-to-any/ 2 KB
999 B 42ms
40ms Stylesheet
text/css 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.16

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c19e3e4151ea4933fa9ba9703c51fe20ad469237771214b1c5001d1b107ddef5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Tue, 15 Apr 2025 14:44:41 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524401
content-encoding: br
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe2-a-57d8d64c7d-vwdbt
x-served-by: cache-chi-klot8100052-CHI, cache-ams21054-AMS
last-modified: Sat, 13 Apr 2024 07:30:41 GMT
server: cloudflare
x-timer: S1713821308.024454,VS0,VE3
etag: W/"661a34a1-644"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TZGoy86MiM56VdVGb0HjpXNSVm5J6tiurNA49QCb97Bn2snNT1PO0aR4%2BKeiSkDbSdBqyVtI%2FjYkTYDNlxeKiqC4twnmqqXoEL0mzBhwS7R%2BBEP44QUzUdSDKArVywaXOfRwBVih79AIzq5RRd%2Bp"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 86f5e7ea-fa6d-11ee-b983-a608f412765a
cache-control: max-age=31622400
cf-ray: 87bbc0bb5d229137-FRA
x-cache-hits: 0, 4

GET
H2 200 ubermenu.min.css
www.securonix.com/wp-content/plugins/ubermenu/pro/assets/css/ 66 KB
10 KB 75ms
73ms Stylesheet
text/css 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/ubermenu/pro/assets/css/ubermenu.min.css?ver=3.7.4

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7ba7e664816f88dde2f3f9b789e427087a5deb8986f708dd02bcfe1c0d8ff55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Sun, 13 Apr 2025 22:15:33 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524401
content-encoding: br
x-cache: MISS, HIT
x-pantheon-styx-hostname: styx-fe2-a-57d8d64c7d-vwdbt
x-served-by: cache-chi-kigq8000138-CHI, cache-ams21044-AMS
last-modified: Fri, 12 Apr 2024 07:16:06 GMT
server: cloudflare
x-timer: S1713821308.023119,VS0,VE3
etag: W/"6618dfb6-1062c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LjH%2FuTg%2F971UeCy9jHM4P5jH2Du2d%2FY4FGW9pBnTuc7J7fAqNaZkYv8E8zNpaQfFESG%2Bv9cRVAnkhR9gVolIeQfkK6OkFiEBwJlXUVpZWK3jZKl%2FxlHjGNj4zX9J1JKLn8hJAuaMiy2iPK38n82d"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 2df85796-f91a-11ee-b983-a608f412765a
cache-control: max-age=31622400
cf-ray: 87bbc0bb7d309137-FRA
x-cache-hits: 0, 4

GET
H2 200 all.min.css
www.securonix.com/wp-content/plugins/ubermenu/assets/fontawesome/css/ 57 KB
13 KB 75ms
73ms Stylesheet
text/css 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/ubermenu/assets/fontawesome/css/all.min.css?ver=6.4.3

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

876d023d9d10c97941b80c3b03e2a5b94631ff7a4af9cee5604a6a2d39718d84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Tue, 15 Apr 2025 14:44:41 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524401
content-encoding: br
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe2-b-77f64f9968-nrk6l
x-served-by: cache-chi-klot8100168-CHI, cache-ams21066-AMS
last-modified: Sat, 13 Apr 2024 21:41:41 GMT
server: cloudflare
x-timer: S1713821308.023619,VS0,VE2
etag: W/"661afc15-e4d2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=os7qj1L3RiZcbiXcYLw4ngklQW%2BpmlDHZ03tV%2BE2GclK7kHHj9V9f87ctwQeTi%2BlePRTAnsgDFlVcywdaVgQUdmga3YIpgF7dlMK0U6peKcdpXC8NaCdvGPqzrP0O%2FMi68FtN%2FoNAB8iDHScv09s"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 86f62558-fa6d-11ee-91c8-7af237c31095
cache-control: max-age=31622400
cf-ray: 87bbc0bb7d319137-FRA
x-cache-hits: 0, 4

GET
H2 200 language-cookie.js Show response
www.securonix.com/wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/ 241 B
651 B 74ms
72ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/language-cookie.js?ver=4.6.6

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d01e29303e11404333dd1293ed958ee09b41203f03b4083a48cc33a66700ffd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Tue, 15 Apr 2025 14:44:41 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524401
cf-polished: origSize=271
content-encoding: br
x-cache: MISS, HIT
x-cache-hits: 0, 4
x-served-by: cache-chi-klot8100114-CHI, cache-ams21029-AMS
cf-bgj: minify
last-modified: Sat, 13 Apr 2024 22:49:35 GMT
server: cloudflare
x-timer: S1713821311.635644,VS0,VE2
etag: W/"661b0bff-10f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BGoVjbaxpXzBYrD0hujsQJFo4H1KzfuR5jb%2BxLAbuTrsaqKmC9kW47fxN8SyRPff%2BYypUL2E7wKyc%2FHqJwU%2BI5IsUAIm3pDh2Mhtbdkfa8ssy2FvzbgYjm4sf7%2B%2BfVe5f5EfO3r4Y20o4rFGQazF"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 86f86693-fa6d-11ee-810e-3e9b3257ad3f
cache-control: max-age=31622400
cf-ray: 87bbc0bb7d339137-FRA
x-pantheon-styx-hostname: styx-fe2-b-77f64f9968-7pk4l

GET
H3 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 78ms
37ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e0cc78c402cbc02fdfd41cd77c5fd6ffbd8066cc07935ea8eb5f3fcc59744a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10534
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"e346c2841e4abbb66ee259e9540abb61"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=szFf3hR0BiH%2BeetjovzKYEvynzEVRQMarkRFXs7onWUOHdATnxM%2B4pmi5s18lvLifi5MrIO1dxNupsDYWbgsB%2FQxTZpqgX0ZzX231qFmrLcxSYjboB7M9naLmpz%2BLn2R4PH9rsAN"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, stale-while-revalidate=30, public
cf-ray: 87bbc0bd8d076958-FRA

GET
H2 200 jquery.min.js Show response
www.securonix.com/wp-includes/js/jquery/ 86 KB
31 KB 75ms
73ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Tue, 15 Apr 2025 14:44:41 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524401
content-encoding: br
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe2-a-57d8d64c7d-9ngfg
x-served-by: cache-chi-klot8100155-CHI, cache-ams21060-AMS
last-modified: Sat, 13 Apr 2024 22:49:37 GMT
server: cloudflare
x-timer: S1713821311.632141,VS0,VE2
etag: W/"661b0c01-15601"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kCG1wPJ6GnNAcmZomg0j4X0fYf2qv5deUHH5cQeU8ZNw890qXPGCiSVzjHCO82w0xx6q%2BLSXNDEL68nKLctD%2FTqpv8d5ANRgXAM%2FNBxvnq1wHrAIWwCo%2FP0Gx1K4bv8cVGWJyg1GlgiDu%2B%2BZKTx9"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 86f71d13-fa6d-11ee-93e3-aafe187c636f
cache-control: max-age=31622400
cf-ray: 87bbc0bb7d349137-FRA
x-cache-hits: 0, 4

GET
H2 200 jquery-migrate.min.js Show response
www.securonix.com/wp-includes/js/jquery/ 13 KB
5 KB 73ms
72ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Tue, 15 Apr 2025 14:44:41 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524401
content-encoding: br
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe2-b-77f64f9968-bzdln
x-served-by: cache-chi-kigq8000086-CHI, cache-ams21072-AMS
last-modified: Sat, 13 Apr 2024 21:41:42 GMT
server: cloudflare
x-timer: S1713821311.629154,VS0,VE3
etag: W/"661afc16-3509"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gMB6H1Z7QdFurDiqt0fu6AKsKRQ6JAf4cKqPCwQv2zevc6iEKDOd8JML2A6ifWQmCKiLfIvfvptlNzyTLFj8UKNIISrCMQRDiotkOum%2Fi6XXGmNbBINbyc8Co26hCFgZBjVD%2FcMvPD1GHajjQdb9"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 86f8888c-fa6d-11ee-94a7-1a3b08b151cb
cache-control: max-age=31622400
cf-ray: 87bbc0bb7d359137-FRA
x-cache-hits: 0, 7

GET
H2 200 addtoany.min.js Show response
www.securonix.com/wp-content/plugins/add-to-any/ 129 B
586 B 37ms
35ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Tue, 15 Apr 2025 14:44:42 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524397
content-encoding: br
x-cache: MISS, HIT
x-pantheon-styx-hostname: styx-fe2-b-77f64f9968-hbk2r
x-served-by: cache-chi-klot8100064-CHI, cache-ams21052-AMS
last-modified: Sat, 13 Apr 2024 23:49:15 GMT
server: cloudflare
x-timer: S1713821308.276956,VS0,VE2
etag: W/"661b19fb-81"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xop64Lfx6Ny7fs4gM2kyW5UMwzsOp7FKCBVIh1vDVz7GMCeEJ5p0v7zHcLbfnKh5Vr%2FOiJk2G%2FuVYDQwgNsRZfdR89gudNeFlJh0u0iP9hToCKvsmiqdExvas5FyGGal0D9Ll%2FHQUFnqiLRpcHbm"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 873ef1aa-fa6d-11ee-b096-6ee28b929e97
cache-control: max-age=31622400
cf-ray: 87bbc0bd4e2a9137-FRA
x-cache-hits: 0, 4

GET
H2 200 DEVPOPPER_FCA.png
www.securonix.com/wp-content/uploads/2024/04/ 200 KB
201 KB 74ms
73ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/04/DEVPOPPER_FCA.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4e18ebd700bf91a4906f32a3f053111b107114f92bc1166acdc3c8ee8db6b62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Sat, 26 Apr 2025 13:26:58 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 265184
cf-polished: origFmt=png, origSize=291737
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-disposition: inline; filename="DEVPOPPER_FCA.webp"
content-length: 204596
x-served-by: cache-chi-kigq8000088-CHI, cache-ams21039-AMS
cf-bgj: imgq:85,h2pri
last-modified: Thu, 25 Apr 2024 13:07:27 GMT
server: cloudflare
x-timer: S1714051618.274433,VS0,VE353
etag: "662a558f-47399"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EHZkrP%2B%2FiLyiGXj1gbrSy6DK9HY71%2B9YwXix3kcc9tUmo0Kg8JeAR1VP6YdkiUB5EUYRUMAhuT8GzDJMI891DqA0lQPwcY079IshrSBR97eStN10C%2BoS5%2Bla8AME8gKmhPMFmzTh9NP5rJojqsv5"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 7de103f3-0307-11ef-ad0c-ce5d6210d742
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 87bbc0bb7d379137-FRA
x-pantheon-styx-hostname: styx-fe2-a-7b6c595dc8-k8v46

GET
H2 200 Const-Mongoose.png
www.securonix.com/wp-content/uploads/2024/04/ 54 KB
55 KB 72ms
71ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/04/Const-Mongoose.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa965a1365c0a87fe8347c87f3fd32df7d0de719a9a86b5e783832302fa073e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Sat, 26 Apr 2025 13:28:58 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 190881
cf-polished: origFmt=png, origSize=75960
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-disposition: inline; filename="Const-Mongoose.webp"
content-length: 55474
x-served-by: cache-chi-kigq8000153-CHI, cache-ams21059-AMS
cf-bgj: imgq:85,h2pri
last-modified: Thu, 25 Apr 2024 13:08:51 GMT
server: cloudflare
x-timer: S1714051739.835463,VS0,VE277
etag: "662a55e3-128b8"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v0HtjauJhmHj1uii07koLFF0N%2Fr5WqaWRZxht75rrbAJpOO8sOPyP0A6ngznyYmbzJkgwgkBQNNk8FybYh%2FpL9CiXDKIrv5MH1cp%2F%2B8%2FVJvku7xc4yftUQoc53W8P1Th1%2BWMp7tZDFjgca6ZTU6F"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: c5bdf39e-0307-11ef-b5a1-062313db7976
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 87bbc0bb7d399137-FRA
x-pantheon-styx-hostname: styx-fe2-a-7b6c595dc8-wz9gn

GET
H2 200 Extracted-obfuscated-JavaScript-code-from-imageDetails.js-768x452.png
www.securonix.com/wp-content/uploads/2024/04/ 279 KB
280 KB 73ms
72ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/04/Extracted-obfuscated-JavaScript-code-from-imageDetails.js-768x452.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72ed8858f75066f1e66222adbe46c7b457c546b6f2014fd4b5048389a175d94b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Sat, 26 Apr 2025 13:29:34 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 265184
cf-polished: origFmt=png, origSize=355527
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-disposition: inline; filename="Extracted-obfuscated-JavaScript-code-from-imageDetails.webp"
content-length: 285710
x-served-by: cache-chi-kigq8000094-CHI, cache-ams21051-AMS
cf-bgj: imgq:85,h2pri
last-modified: Thu, 25 Apr 2024 13:15:56 GMT
server: cloudflare
x-timer: S1714051774.232954,VS0,VE255
etag: "662a578c-56cc7"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Andbs3UYwX3L%2BZGcf5UalLhSkWGomuJFWLmDXkDOietP2ZPBj9HARPU0jjapTuFdjRI78KX7FJIHWb6aV4dWsq%2Bne6wBXHPhtVEYN33lAXcYBnmZKYBhBfXRshh%2B0CwYTV4Gh0XQC%2BIzcMWCrv6c"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: dadde36b-0307-11ef-bcab-7a522387f1d4
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 87bbc0bb7d3a9137-FRA
x-pantheon-styx-hostname: styx-fe2-a-7b6c595dc8-gmqxw

GET
H2 200 Python-execution-.npl-file-contents-768x452.png
www.securonix.com/wp-content/uploads/2024/04/ 187 KB
188 KB 34ms
34ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/04/Python-execution-.npl-file-contents-768x452.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

244f0008e2c8960965d60a19737ab1327ef0803524d68f12980d2371bba60595

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Sat, 26 Apr 2025 13:30:20 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 190879
cf-polished: origFmt=png, origSize=226641
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-disposition: inline; filename="Python-execution-.webp"
content-length: 191262
x-served-by: cache-chi-klot8100056-CHI, cache-ams21043-AMS
cf-bgj: imgq:85,h2pri
last-modified: Thu, 25 Apr 2024 13:17:49 GMT
server: cloudflare
x-timer: S1714051820.239696,VS0,VE280
etag: "662a57fd-37551"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BMCKO5AH2I6VvBXWI78Ki24MDNTG0%2FIWNrDcAF5P75VLrWYmGuOP8KeB%2Fy8afMcxkWymgGwA5z2W9FiuY8yYDh63iJ1SW1GV%2Bkn7OFMfXgATQCJ%2FDGAe8z5DqaTP3R6oRLgX%2F7LFTlH9sjm772%2F%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: f64315e4-0307-11ef-bb4c-ae963a2550db
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 87bbc0bbed739137-FRA
x-pantheon-styx-hostname: styx-fe2-a-7b6c595dc8-hnjrt

GET
H2 200 res-Python-file-contents-768x452.png
www.securonix.com/wp-content/uploads/2024/04/ 185 KB
186 KB 37ms
37ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/04/res-Python-file-contents-768x452.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cb827f73923b92fab84588427d2f366af8778e1cda4ce128e87f20415d3b319

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Sat, 26 Apr 2025 13:30:20 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 190875
cf-polished: origFmt=png, origSize=226017
x-cache: MISS, HIT
x-cache-hits: 0, 0
content-disposition: inline; filename="res-Python-file-contents-768x452.webp"
content-length: 189308
x-served-by: cache-chi-kigq8000029-CHI, cache-ams21048-AMS
cf-bgj: imgq:85,h2pri
last-modified: Thu, 25 Apr 2024 13:19:17 GMT
server: cloudflare
x-timer: S1714104914.567757,VS0,VE4
etag: "662a5855-372e1"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zIdZnd7UgjwCd45qn0Z0LT4LEnErwjZEGMl9rUftchBWPu6nri3V2qox5qZ8KaxuJ0hxPjjOqPHgLDJ7MhBXFQmWcYcLucN9srppfRDFKc3IlzUq7zR4KTV3L1GcW4N5ZPeXtyjucGUYSqKYAiYC"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: f64236a3-0307-11ef-b5a1-062313db7976
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 87bbc0bc0d829137-FRA
x-pantheon-styx-hostname: styx-fe2-a-7b6c595dc8-wz9gn

GET
H2 200 forms2.min.js Show response
pages.securonix.com/js/forms2/js/ 199 KB
67 KB 180ms
44ms Script
application/x-javascript 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pages.securonix.com/js/forms2/js/forms2.min.js

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9649e0e9e5790f8d6b5e69aa4ff9969e8f7d72a84f8501ff9379078005124d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 23 Apr 2024 04:13:58 GMT
server: cloudflare
age: 6148
etag: "2605bb-31af8-616bbc873ed80"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 87bbc0bd0eef1c17-FRA
expires: Mon, 29 Apr 2024 06:09:57 GMT

GET
H2 200 jquery.powertip.min.js Show response
www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/js/ 11 KB
4 KB 32ms
31ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/js/jquery.powertip.min.js?ver=1.2.0

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80b41604ed76eb37787a40ba315a3af3a5c83b3bce68e39037deb9202582abc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Tue, 15 Apr 2025 14:44:42 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524399
content-encoding: br
x-cache: MISS, HIT
x-pantheon-styx-hostname: styx-fe2-b-77f64f9968-hbk2r
x-served-by: cache-chi-klot8100113-CHI, cache-ams21033-AMS
last-modified: Sat, 13 Apr 2024 23:49:16 GMT
server: cloudflare
x-timer: S1713821308.266109,VS0,VE3
etag: W/"661b19fc-2ae5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Q5qfM1oHYXoRp6BafcZb%2FFbqI1UKhAS%2FQQSPBEIiXMoupnkjsJjdQhhv1gdpk9jw5qZMecwpW4O8fPBYQIvtJpAj5nlVF0sG34PQ1ehYKjLOTA2AI1VgLR0pK14Qe%2FTystORe5MBZSkmyeqQoh7"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 87369e46-fa6d-11ee-b096-6ee28b929e97
cache-control: max-age=31622400
cf-ray: 87bbc0bc4d9f9137-FRA
x-cache-hits: 0, 4

GET
H2 200 maps_points.js Show response
www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/js/ 504 B
737 B 31ms
31ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/js/maps_points.js?ver=1.2.2

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb698b4af30a506bea5e24025b0f742db88461e40a7f9f2f24293ad810bdf842

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Tue, 15 Apr 2025 14:44:42 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524397
cf-polished: origSize=606
content-encoding: br
x-cache: MISS, HIT
x-cache-hits: 0, 4
x-served-by: cache-chi-klot8100147-CHI, cache-ams21046-AMS
cf-bgj: minify
last-modified: Sat, 13 Apr 2024 07:30:43 GMT
server: cloudflare
x-timer: S1713821308.274312,VS0,VE3
etag: W/"661a34a3-25e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pfTtjCO3gvlLuefR0qaqerOHhpLm3APJ4QIHEZFRG08PqgeAcZS2GXNecBfJVuyexxjobCn1uwXbm2CCHZmV9y6tdsMiJGi1CKh5tFeIA%2FTSS8agigFmNkb4XOiSBrhpCSGfTPUqe4we%2FTUDFIyP"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 873e611d-fa6d-11ee-93e3-aafe187c636f
cache-control: max-age=31622400
cf-ray: 87bbc0bc8db39137-FRA
x-pantheon-styx-hostname: styx-fe2-a-57d8d64c7d-9ngfg

GET
H2 200 modernizr.js Show response
www.securonix.com/wp-content/themes/securonix/assets/js/vendor/ 16 KB
6 KB 32ms
32ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix/assets/js/vendor/modernizr.js?ver=1714022682

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f060e210fa92b0bce82108a417cbf3f4f0ded2dc69a8b293db44da9f4b24c23

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Sat, 26 Apr 2025 05:33:11 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5504
cf-polished: origSize=50144
content-encoding: br
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-served-by: cache-chi-kigq8000171-CHI, cache-ams21050-AMS
cf-bgj: minify
last-modified: Wed, 24 Apr 2024 15:42:52 GMT
server: cloudflare
x-timer: S1714023191.162976,VS0,VE126
etag: W/"6629287c-c3e0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NPCwXvyKJXCyeMXOTQvncG6fEcEuWCbaSl40XrKrXcjOEY1XvDkvFDj29%2Fm7GdM79n1JnwjZhYLASPT8%2B1nNhSNWbILd5VqW2quKVlwRBChabJsk%2FBHQLdKnUrd8O%2FCquihUkeu9bs6f%2BvTRXjKu"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 4e005323-02c5-11ef-bb4c-ae963a2550db
cache-control: max-age=31622400
cf-ray: 87bbc0bcbdc49137-FRA
x-pantheon-styx-hostname: styx-fe2-a-7b6c595dc8-hnjrt

GET
H2 200 wow.min.js Show response
www.securonix.com/wp-content/themes/securonix/assets/js/vendor/ 8 KB
3 KB 32ms
32ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix/assets/js/vendor/wow.min.js?ver=1714022682

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7852a22b72ead62cfc4a1b1ca32874b3e222f232a991a6d1432313572f534135

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Sat, 26 Apr 2025 05:33:11 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 265183
content-encoding: br
x-cache: MISS, MISS
x-pantheon-styx-hostname: styx-fe2-a-7b6c595dc8-hnjrt
x-served-by: cache-chi-klot8100062-CHI, cache-ams21045-AMS
last-modified: Wed, 24 Apr 2024 17:22:39 GMT
server: cloudflare
x-timer: S1714023191.155357,VS0,VE123
etag: W/"66293fdf-1fdb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dg%2FQA3spOiG3%2B%2BBs6N%2BrDVISB4%2FOKcLUdWDT3zk2xcHt0YPqJWX%2BxrvfsHNI%2FNFjcqp7TK23VTUOsR0kH9zBvA%2FWJx7rtfcW7T4xy8L%2FQT7w7BDYe3kSq2QhG6ynn%2Fe2YSZ31f9N%2FirjB067Rc5E"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 4dff0d6d-02c5-11ef-bb4c-ae963a2550db
cache-control: max-age=31622400
cf-ray: 87bbc0bcede79137-FRA
x-cache-hits: 0, 0

GET
H2 200 select2.js Show response
www.securonix.com/wp-content/themes/securonix/assets/js/vendor/ 100 KB
24 KB 37ms
34ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix/assets/js/vendor/select2.js?ver=1714022682

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba711f4ae1f09fd05735a7b8ec5e0d70d271cf09212431fa192deaed9a324360

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Sat, 26 Apr 2025 05:33:11 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5504
cf-polished: origSize=155132
content-encoding: br
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-served-by: cache-chi-klot8100106-CHI, cache-ams21050-AMS
cf-bgj: minify
last-modified: Wed, 24 Apr 2024 15:42:52 GMT
server: cloudflare
x-timer: S1714023191.161369,VS0,VE146
etag: W/"6629287c-25dfc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I2l2qNns1WMIGmysrhPthFku8uW3SCE2pIt%2BCtlFNSjQgmDxn7GAws5IMc739HnwGeughNmgvt76lE%2BesDeZ5LlHLwyCn5Yix8RudMk4OPtE6TVHQiBA%2FRFSYlz4D7NB6nUhqZSrZI9XGWcbxp8I"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 4dffdd9f-02c5-11ef-ae64-16986a111875
cache-control: max-age=31622400
cf-ray: 87bbc0bd4e229137-FRA
x-pantheon-styx-hostname: styx-fe2-a-7b6c595dc8-2wcgt

GET
H2 200 slick.min.js Show response
www.securonix.com/wp-content/themes/securonix/assets/js/vendor/ 36 KB
10 KB 36ms
33ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix/assets/js/vendor/slick.min.js?ver=1714022682

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22529609ad54b33ee1695008d3daa6e35f133849c49ee00d7e9bc02eb0dd9a56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Sat, 26 Apr 2025 05:33:11 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 265183
content-encoding: br
x-cache: MISS, MISS
x-pantheon-styx-hostname: styx-fe2-a-7b6c595dc8-6s9d5
x-served-by: cache-chi-kigq8000025-CHI, cache-ams21082-AMS
last-modified: Thu, 25 Apr 2024 05:24:42 GMT
server: cloudflare
x-timer: S1714023191.165377,VS0,VE120
etag: W/"6629e91a-9040"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SxWqaGSqP6yRJ3%2Ba5GH%2Fm%2BfA2D4yjBCCjCIAq9%2F4vDAVaw0XtafyQfHy%2FwROD%2F%2BPL5mfXUC%2BiCN5fPgILSgD1R%2FgbVL%2BxC%2BSD9ew4I8S6HbrEShx1yZ5%2FoxZpeDK%2BPwWu5le4wcMRQUGT0raKgkv"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 4e002b82-02c5-11ef-b21c-0a726a190c7f
cache-control: max-age=31622400
cf-ray: 87bbc0bd4e239137-FRA
x-cache-hits: 0, 0

GET
H2 200 scripts.min.js Show response
www.securonix.com/wp-content/themes/securonix/assets/js/ 171 KB
45 KB 40ms
37ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix/assets/js/scripts.min.js?ver=1714022682

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5dc25b44f66a4a97302932d4e42507562ecd23f893b1669a791662a8ec00542

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Sat, 26 Apr 2025 05:33:11 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 194195
content-encoding: br
x-cache: MISS, MISS
x-pantheon-styx-hostname: styx-fe2-a-7b6c595dc8-6s9d5
x-served-by: cache-chi-klot8100048-CHI, cache-ams21046-AMS
last-modified: Wed, 24 Apr 2024 15:47:25 GMT
server: cloudflare
x-timer: S1714023191.163599,VS0,VE165
etag: W/"6629298d-2ace1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b3oaibFcHv4YiufnXrzPRGImOzul7XbAVVGT7Jofq057cp084A2uE8%2Fbg6rQRQtyBEZ5SML21bSMMdun4qQu1DuvZ6mcpxHBxUAjN4DMsK4yeuHU1FvWkom2rlHNYYuDF1p6CzVeqU5xWQm3DGFB"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 4e002589-02c5-11ef-b21c-0a726a190c7f
cache-control: max-age=31622400
cf-ray: 87bbc0bd4e249137-FRA
x-cache-hits: 0, 0

GET
H2 200 new-tab.js Show response
www.securonix.com/wp-content/plugins/page-links-to/dist/ 24 KB
9 KB 38ms
35ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.6

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Tue, 15 Apr 2025 14:44:42 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524397
content-encoding: br
x-cache: HIT, HIT
x-cache-hits: 0, 4
x-served-by: cache-chi-kigq8000041-CHI, cache-ams21037-AMS
cf-bgj: minify
last-modified: Sat, 13 Apr 2024 23:49:16 GMT
server: cloudflare
x-timer: S1713821308.274952,VS0,VE2
etag: W/"661b19fc-609e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DSUArOufTdpQEAnFCv8y2MwKR4b85V8grLRZtk2jxq%2B%2FVk9AoZcNaMWUrboN6wihE4kTVNRk4ompuzg%2Bgv4ZzB5bW2JUWvJP%2BJ0WNOW%2FLwMrrSaTeA6AvSGLGGosJ7%2FTYrbhaYi6yCihWkBKfwyw"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 873f8c37-fa6d-11ee-93a3-66529c49ef00
cache-control: max-age=31622400
cf-ray: 87bbc0bd4e259137-FRA
x-pantheon-styx-hostname: styx-fe2-b-77f64f9968-rm6p6

GET
H2 200 ubermenu.min.js Show response
www.securonix.com/wp-content/plugins/ubermenu/assets/js/ 38 KB
10 KB 39ms
36ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/ubermenu/assets/js/ubermenu.min.js?ver=3.7.4

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

58415d97eb0b5745ccfa6e5e2f996581ec39f6c4af80627d3dd3c06bc5977ca6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Tue, 15 Apr 2025 14:44:42 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524397
content-encoding: br
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe2-b-77f64f9968-nrk6l
x-served-by: cache-chi-kigq8000049-CHI, cache-ams21072-AMS
last-modified: Sat, 13 Apr 2024 22:49:36 GMT
server: cloudflare
x-timer: S1713821308.275254,VS0,VE2
etag: W/"661b0c00-9750"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B9uS4laX9sO0Ed4Hxh%2B2r17YbRg5sphVO5l4Cv%2FJF7VZrETbIEr0pXLWmQ2sTOkhujUIP%2B%2B4GotIeOSpuLi3B2M%2F%2BeU5%2F46n1eTseL9ep85bEuK5fm8ZxHoea7OlHUTKKVMDQMIaugqeXW761q3U"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 87400aba-fa6d-11ee-91c8-7af237c31095
cache-control: max-age=31622400
cf-ray: 87bbc0bd4e269137-FRA
x-cache-hits: 0, 4

GET
H2 200 smush-lazy-load.min.js Show response
www.securonix.com/wp-content/plugins/wp-smushit/app/assets/js/ 8 KB
4 KB 41ms
38ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.14.2

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f65784e5e7332dc1e4bbeacbec70fdeef4a1bea84f16ce2ee144999719d195ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Tue, 15 Apr 2025 14:44:42 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524397
content-encoding: br
x-cache: MISS, HIT
x-pantheon-styx-hostname: styx-fe2-b-77f64f9968-bzdln
x-served-by: cache-chi-klot8100173-CHI, cache-ams21047-AMS
last-modified: Sat, 13 Apr 2024 22:49:36 GMT
server: cloudflare
x-timer: S1713821308.281265,VS0,VE3
etag: W/"661b0c00-1ef2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NGya3PPJQW77MqaOyZ%2FRxYQCRi2Uyz%2B7DgBaYGMGc4ALm1cEDYXCQKmkOBxO6wU%2FipXbUWWH9mN5Kg8t%2Bk7Ze8SqUDOvNUJmekloTa9ZAHA0Jqvpc4TOH8OtVdvnzZH1UqWvswWc%2FsM3Ol0hQ0JZ"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 873f9309-fa6d-11ee-94a7-1a3b08b151cb
cache-control: max-age=31622400
cf-ray: 87bbc0bd4e299137-FRA
x-cache-hits: 0, 4

GET
H2 200 p.css
p.typekit.net/ 5 B
172 B 163ms
37ms Stylesheet
text/css 2a02:26f0:3500:16::215:148b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=pjm0fus&ht=tk&f=26034.26052.26053.26054.26055.26056.26057.26058.26059.26060.26061.26062.26063.26064.26065.26067.26068.26069.25998.25999.26000.26001.26016.26017.26018.26019.26036.26037.26046.26047.26070.26071.26072.26073.26074.26075.26076.26077.26078.26079.26080.26081.26082.26083.26086.26087&a=92827302&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/pjm0fus.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://use.typekit.net/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
last-modified: Fri, 23 Jun 2023 17:09:47 GMT
server: nginx
etag: "6495d1db-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 136ms
40ms Script
application/x-javascript 104.96.137.199
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.96.137.199 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-96-137-199.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 29 Apr 2024 02:09:57 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET lt-v3.js
lltrck.com/scripts/ 0
0

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 298 KB
100 KB 106ms
46ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

eba26fbcf2f2ea428e18335be4eaa8cece634376ad0db9ab26c45c6f0b1712d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 102385
x-xss-protection: 0
last-modified: Mon, 29 Apr 2024 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 29 Apr 2024 02:09:57 GMT

GET
BLOB 200
OK 599a7b69-7f94-4c55-995d-6e3000771ea6
https://www.securonix.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.securonix.com/599a7b69-7f94-4c55-995d-6e3000771ea6
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 hero-coverage.png
www.securonix.com/wp-content/uploads/2022/04/ 3 KB
4 KB 32ms
31ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2022/04/hero-coverage.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bfb9e92353e3d4999e02a6f01a3551a87686ebf0180baf65b4c961f7061bcf52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-pantheon-styx-hostname: styx-fe2-a-756dd76fc7-j7qzn
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 414888
cf-polished: origFmt=png, origSize=10885
x-cache: HIT, HIT
expires: Fri, 28 Mar 2025 11:19:19 GMT
content-disposition: inline; filename="hero-coverage.webp"
backend-name: 34.123.8.55,9093
content-length: 3564
x-served-by: cache-chi-klot8100063-CHI, cache-ams21053-AMS
backend-ip-port: 6wd67qj6gjWStoHWt9QqLM--F_styx_fe2_a_sharedvpc_dmz_01
cf-bgj: imgq:85,h2pri
last-modified: Wed, 20 Apr 2022 17:31:36 GMT
server: cloudflare
x-timer: S1713826754.792869,VS0,VE2
etag: "62604378-2a85"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yrqpxsq98AhmdnPm70wHwu5t9MMDbBvddaxiMBdlSpBz4FdIwmi9cjJGxeahTW6V0avliQ8vOYWx2HW%2FBCdfyHYqBWNIgJRnaKAnKv9m2X8iJNFlwILfWKu5sfPCiC713wopOocFIg1mQ7pOaVIJ"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: dab83f0f-ec2b-11ee-92ab-86c79b107cd4
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 87bbc0bd6e2c9137-FRA
x-cache-hits: 0, 0

GET
H2 200 l
use.typekit.net/af/46da36/00000000000000003b9acaf6/27/ 26 KB
26 KB 141ms
37ms Font
application/font-woff2 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/46da36/00000000000000003b9acaf6/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/pjm0fus.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 464b561ee00c86db1cddb80f2c9d6febbc2c1aa95f422fa73a4fb8ef7d5d5028

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://use.typekit.net/pjm0fus.css
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
server: nginx
etag: "de29fb2e3e401b15877c6b3a0953702fe7fa1105"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 26812

GET
H2 200 icomoon.ttf
www.securonix.com/wp-content/themes/securonix/assets/fonts/icons/ 5 KB
5 KB 31ms
30ms Font
application/x-font-ttf 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix/assets/fonts/icons/icomoon.ttf?folamw

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/wp-content/themes/securonix/assets/css/style.css?ver=1714022682

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4d1cf1412729a6ebf14ef0c798f0b9c9dc0ecee9e06e912859e4c53380fb33b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/wp-content/themes/securonix/assets/css/style.css?ver=1714022682
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Mon, 14 Apr 2025 02:48:09 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524397
x-cache: MISS, HIT
x-pantheon-styx-hostname: styx-fe2-a-57d8d64c7d-x4qsl
x-served-by: cache-chi-kigq8000049-CHI, cache-ams21045-AMS
last-modified: Fri, 12 Apr 2024 08:58:32 GMT
server: cloudflare
x-timer: S1713821308.417513,VS0,VE3
etag: W/"6618f7b8-1358"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pml4kxePQ7ZoR1iiypEMT9AB91qs6DNwqXLrJrkT5N0JhFp1E36MIKNfxKN8Gh6Ga%2Bpmm3F0x9x3mEZVsTkREtsEs0aC4gvsk%2FDIkuLYgRv07rWHHa7BtQ%2FZ%2FsKKHXSCr3H%2Fdp%2FhUFb7O7b3oEJM"}],"group":"cf-nel","max_age":604800}
content-type: application/x-font-ttf
access-control-allow-origin: *
x-styx-req-id: 4302e881-f940-11ee-a59a-defe53ce599e
cache-control: max-age=31622400
cf-ray: 87bbc0bd9e469137-FRA
x-cache-hits: 0, 3

GET
H2 200 QGYsz_wNahGAdqQ43Rh_fKDp.woff2
www.securonix.com/fonts.gstatic.com/s/worksans/v19/ 49 KB
50 KB 41ms
40ms Font
font/woff2 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securonix.com/fonts.gstatic.com/s/worksans/v19/QGYsz_wNahGAdqQ43Rh_fKDp.woff2
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6912f7388531e949bd5406b5668cd6b55fea4cc7e2d123dbaed489054dd98438

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
cf-cache-status: HIT
last-modified: Thu, 14 Sep 2023 01:13:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 524397
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JFihl0GEcwNqQB0qBuJExU%2BqYk9PLRJryEc0%2B5Xvj8VeHiqA10PFWsqE2dplAFTZRtz8jCW9qDPWhwIPJ%2FJr9xCj6ix1i9E7DBhFSk0WMOOUs%2BdcnMJ729cjUJL9JNQSdrJFB3xYLuB2z4ChpNa%2F"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: public, max-age=31536000
cf-apo-via: proxy
accept-ranges: bytes
cf-ray: 87bbc0bd9e489137-FRA
content-length: 50668

GET
H2 200 l
use.typekit.net/af/027dd4/00000000000000003b9acafa/27/ 18 KB
19 KB 145ms
41ms Font
application/font-woff2 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/027dd4/00000000000000003b9acafa/27/l?subset_id=2&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/pjm0fus.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: deb1aa1c2af7a0f084b58e34c78545593305a87b23f9f6e099849c1ace0c9dd6

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://use.typekit.net/pjm0fus.css
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
server: nginx
etag: "de3ec5612df14c88441e596fbc2c46580ea46ed7"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 18912

GET
H2 200 l
use.typekit.net/af/829fc1/00000000000000003b9acaf8/27/ 19 KB
19 KB 148ms
44ms Font
application/font-woff2 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/829fc1/00000000000000003b9acaf8/27/l?subset_id=2&fvd=n5&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/pjm0fus.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 841ec96a41283cf23db2d69fe67d9beee3e9b222bccfe81ecf6edefc78e92151

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://use.typekit.net/pjm0fus.css
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
server: nginx
etag: "7fe86a8b0e0aad464390eb5e39aa627a47e9886d"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 18988

GET
H2 200 l
use.typekit.net/af/6d4bb2/00000000000000003b9acafc/27/ 26 KB
26 KB 177ms
73ms Font
application/font-woff2 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/6d4bb2/00000000000000003b9acafc/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/pjm0fus.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: da03f140d305f2abdf496bdd3fad9cfed87a237cf09f6a2edcec58bc5a1f044d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://use.typekit.net/pjm0fus.css
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
server: nginx
etag: "7d4a321fb4284bed9856c33aee6c065aba0855a7"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 26392

GET
H2 200 securonix-blue.svg
www.securonix.com/wp-content/uploads/2021/07/ 4 KB
2 KB 31ms
31ms Image
image/svg+xml 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2021/07/securonix-blue.svg

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a484da0ec050bccd6034a00ee39c4919c49ca749d0510f934a9ff5a07251a6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Fri, 04 Apr 2025 08:48:30 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 521947
content-encoding: br
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe2-a-69d889f459-45grk
backend-name: 34.123.8.55,9093
x-served-by: cache-chi-klot8100025-CHI, cache-ams21054-AMS
backend-ip-port: 6wd67qj6gjWStoHWt9QqLM--F_styx_fe2_a_sharedvpc_dmz_01
last-modified: Fri, 03 Dec 2021 17:18:42 GMT
server: cloudflare
x-timer: S1713821308.032972,VS0,VE4
etag: W/"61aa5172-f3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BYKwtcpENqYyJxWT1PqbjdZgGucpe6%2BgutEE9DmA7l9%2B0l6sJh%2FPPeYeWgGQg4Jtr5d%2Fg1kn6ExtyLEpZV9PkhoH5spdVffFRyHuyEETK0fMuWzxf3uj6EsuxRP8GETlgFKDSAn2UyiFrwmzvXkb"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: f1e99d13-f196-11ee-bb35-7eb206d4b2da
cache-control: max-age=31622400
cf-ray: 87bbc0be0e7d9137-FRA
x-cache-hits: 0, 0

GET
H3 200 sm.25.html
static.addtoany.com/menu/ Frame 54D4 0
0 62ms
38ms Document
text/html 2606:4700:10::ac43:2794
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.25.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.securonix.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
age: 27227
alt-svc: h3=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 87bbc0be384d9b63-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 29 Apr 2024 02:09:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wyqmb8g5Lmb9vZXzlOoJo3MLj5J47JxlLxX2FJrEICsTUF61wEh8nRfkUrq9eYqpUI1XXlPVQFPZQjXa7KOSJT6kY4HjgA%2F4hD4GvZeEJBGqC2RK1Bu33V5HKHQHZGPgMYYO04aY"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H3 200 core.BRQnzO8v.js Show response
static.addtoany.com/menu/modules/ 70 KB
26 KB 67ms
42ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91b9b24f0aa59668e4d0a770ee7a294b9baa361a76a20ade8128cd0482a5d805

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7566
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"25da5432b1057724b8210f17e9b9db05"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kR%2FG3xG%2BSv4y%2FGwVcKnvWtYBQYKY41dcvD2YBL1DA4f47eUWCEAV0s%2Fzjt6%2BLs5eNavwz0sBVqLPmhIPc1FLEYFalSRgHqkZKBFJbCmsg28Nkjixp11QmK08d8R6qCXrDkL%2FdbmB"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
cf-ray: 87bbc0be3bed3631-FRA

GET
H2 200 wp-emoji-release.min.js Show response
www.securonix.com/wp-includes/js/ 18 KB
5 KB 34ms
34ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-includes/js/wp-emoji-release.min.js?ver=6.4.3

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Thu, 17 Apr 2025 04:24:08 GMT
date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 521946
content-encoding: br
x-cache: MISS, HIT
x-pantheon-styx-hostname: styx-fe2-b-77f64f9968-rdqmx
x-served-by: cache-chi-kigq8000062-CHI, cache-ams21049-AMS
last-modified: Mon, 15 Apr 2024 13:09:29 GMT
server: cloudflare
x-timer: S1713821311.229853,VS0,VE3
etag: W/"661d2709-4904"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uvFgsLHRoLXSiV1QY8mSTGiBJou%2BKYoGN9srf8GRAN0Okn%2FXO%2Fw%2BOiuE4XuZY5MyljkRtryG%2FIU%2B3sra1OIuqih5Ont9%2BNW78qA6lNYd1jFJI%2Beqq5np5FGjKSTydcmo1OzR%2F0hYZPniudrmmrTv"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 2ac309aa-fba9-11ee-a628-ee5a0d4b28d2
cache-control: max-age=31622400
cf-ray: 87bbc0be1e829137-FRA
x-cache-hits: 0, 3

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 43ms
42ms Script
application/x-javascript 104.96.137.199
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.96.137.199 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-96-137-199.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 29 Apr 2024 02:09:57 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Wed, 07 Aug 2024 02:09:57 GMT

GET
H2 200 base.js Show response
embed.formhq.net/v1/ 6 KB
3 KB 190ms
123ms Script
application/javascript 2606:4700:3108::ac42:283b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.formhq.net/v1/base.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:283b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7495655518a178afcfca8f950660f990e6169eb01960dd2bc8c9a19fd533557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=6385
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Tue, 01 Nov 2022 14:37:50 GMT
server: cloudflare
etag: W/"63612f3e-18f1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nG09MuN57NH4JRnIAUacJjcoiSvCX1blPDGBBSjGHdbr%2Fv7fmCGO1C%2FLR%2FUCAzmvLY2x9qhkkEluh5RsdCVJNTOTdF49ew1MKN5L4dqDb8Yr9K6EL8vtjkNZGyHLPkfDnbhF1wyzYnF4CcoXt%2FX5"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=1800
cf-ray: 87bbc0bed8011c2c-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 271 KB
94 KB 42ms
41ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-JPYDLXGD3Q&l=improvedGA4dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fbdf5dd3b00773a85377890b2c213d877d06fe5b24ecb9e1773477bd57eae46a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96116
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 29 Apr 2024 02:09:57 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 65 KB
18 KB 184ms
39ms Script
application/javascript 2.16.16.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.16.164 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-16-164.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

95ef911fcf12dfe0a1fb5b17a3b24fa81c6b07b102b435949b06e7e124de51cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 02:09:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Apr 2024 23:17:01 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "662ae46d-10585"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 17942
expires: Mon, 29 Apr 2024 02:09:57 GMT

GET
H3 200 attributor.min.js Show response
cdn.jsdelivr.net/gh/derekcavaliero/attributor@latest/dist/ 7 KB
3 KB 77ms
35ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/derekcavaliero/attributor@latest/dist/attributor.min.js

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

435c1051149272e940e0bfbda1b4e09662f4408e658aa0ee899177819c9b8008

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 12829
x-jsd-version: master
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-etou8220072-FRA, cache-lga21958-LGA
x-jsd-version-type: branch
server: cloudflare
etag: W/"1da1-KfePJ46ikK9jPpNwOZncE3ivfdg"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x%2BB9NuBR2cCrq6foJLG5XkC4dCqZr2y933536xkmXM9GTabrrrS%2FNsX1Md6%2FyoH3N3nPg%2BSllVT4zpzU%2FAaqgenmqMiQMWA2lu20AqMXcl2jCOTWJ4K%2BD%2FxZSwGkoAkTiRScFhF5WPNN5iEAOFs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 87bbc0bebcf42bde-FRA

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 221 KB
79 KB 45ms
45ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-1004449086&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1283ef99439552cfbb1ac174c7f5e7f9498aee97ccf2ce08741a796fca9aef6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80933
x-xss-protection: 0
last-modified: Mon, 29 Apr 2024 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 29 Apr 2024 02:09:57 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 124ms
48ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 29 Apr 2024 02:09:56 GMT
last-modified: Thu, 29 Feb 2024 19:58:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B25F80743B5A4211A3FB03F2E5A7FAAE Ref B: DUS30EDGE0706 Ref C: 2024-04-29T02:09:57Z
etag: "01b4e9c496bda1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13261

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 48 KB
17 KB 127ms
38ms Script
application/javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6cc4c722a50b4152194b13e7e3c8a1a5a5f23b17988f8fa85404394efc5c0984

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 09 Apr 2024 07:42:51 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=20549
accept-ranges: bytes
content-length: 17238

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 85 KB
27 KB 100ms
23ms Script
text/javascript 2600:9000:2644:1c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:1c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4196ef94fe2c7befda378bfaad82f3e662be2b5eb1ba9aeffce466ba6bfd0bd4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-Amz-Version-Id: zwiFd6r3GuB2cGe7uW1NAFDjPwo1YxA2
Content-Encoding: gzip
Via: 1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront)
Date: Mon, 29 Apr 2024 01:34:35 GMT
Age: 2123
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Tue, 23 Apr 2024 14:35:04 GMT
Server: AmazonS3
Etag: W/"df5969d54f039097b5fc81144fa45a1f"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: jSQhO1ZuneKxcjED98DI_hxoi_kApQEj33UYd1E8xbayUPWSCVQCrQ==

GET
H2

200

web-vitals.iife.js Show response
unpkg.com/web-vitals@3.5.2/dist/
Redirect Chain

https://unpkg.com/web-vitals/dist/web-vitals.iife.js
https://unpkg.com/web-vitals@3.5.2/dist/web-vitals.iife.js

7 KB
3 KB

31ms
31ms

Script
application/javascript

2606:4700::6811:f6cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/web-vitals@3.5.2/dist/web-vitals.iife.js

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Server

2606:4700::6811:f6cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c0e1f95aa09754b10449fd8cd7f2e76d8f232d1038b6cf7454db558ac79962e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 4003797
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HRWFH5XK9ND0J2MZ4B7JGPSN-fra
server: cloudflare
etag: W/"1bff-XBuNuslfZI/SL2xuiJqqum43R9A"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 87bbc0bf2b1471a9-FRA

Redirect headers

date: Mon, 29 Apr 2024 02:09:57 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
fly-request-id: 01HWKSHRMQ26E0W154VKGMSH8F-fra
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 315
server: cloudflare
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /web-vitals@3.5.2/dist/web-vitals.iife.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 87bbc0bedaf671a9-FRA

GET
H2 200 r32rm8p2zmht.js Show response
js.driftt.com/include/1714356600000/ 221 KB
62 KB 528ms
436ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1714356600000/r32rm8p2zmht.js

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

28e132ea525a5b852dc1a77fcadc939ba1b70d68f321dd2ddeedc4b8a8cb93ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
x-amz-version-id: ECpAIUHXvnHr64vvrQweEad8ZWUjBUSY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 146c0f4d7da9f5b3108ac41c3becbb82.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 40
last-modified: Thu, 04 Apr 2024 20:13:54 GMT
server: istio-envoy
etag: W/"d320e83a1b98d0793815b4e22b96825b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: guIIBnqRUdiap-9S1bUgBD7g-P5Jvo_Uu6PG00MaFHB05wdI3CNhqQ==

POST
H/1.1 200
OK visitWebPage
179-djp-142.mktoresp.com/webevents/ 2 B
318 B 573ms
133ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://179-djp-142.mktoresp.com/webevents/visitWebPage?_mchNc=1714356597535&_mchCn=&_mchId=179-DJP-142&_mchTk=_mch-securonix.com-1714356597534-21433&_mchHo=www.securonix.com&_mchPo=&_mchRu=%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 29 Apr 2024 02:09:58 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 6579c611-08c8-4146-8291-0f3a94fcc551

GET
H3 200 de.js Show response
static.addtoany.com/menu/locale/ 750 B
1022 B 38ms
37ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/locale/de.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e26044e4f60fab991ddde9378091a990f77cad49dadf8d6b4bd96c632428546c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 22486
cf-polished: origSize=902
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"86610d84a116a5704d658324728b063f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gG%2FUAKpyxd8jjgNgr%2BYTO6tNBDSCO4cyNiM1MpR%2B2O4Si%2F88jcd%2BwZhqw81ly1oTgv0XBaalxgzqshsBrQpW8uiWmFOlt1B9ksDJf9WrGU9NN7FwqdDTLeDTXJIuwJvwKBAzU5NsuINd1Q3i155M%2BNLf"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, stale-while-revalidate=30, public
cf-ray: 87bbc0bead636958-FRA

GET
H3 200 linkedin.js Show response
static.addtoany.com/menu/svg/icons/ 435 B
821 B 38ms
38ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/linkedin.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce5dbb2cdb85126fdc9d774971a56f8848dbee977a382bd512a5f8b49ea8c727

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 19247
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"00b1b78053ab07c79bfea2e5a1db9d70"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=veYaCKFEFy55aZ1FtKNrHXogiV41ofzYfRgWHuGY1hgb9JulwDHKdnu72f69OCNVJMVevPQK5twdbARyldCe7w0Hrc8YdDPhp7oBaVEETcf74Ai%2BzDp0%2BgCc3iHSrT%2FVAFIWQbmr"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 87bbc0bebc353631-FRA

GET
H3 200 twitter.js Show response
static.addtoany.com/menu/svg/icons/ 645 B
921 B 35ms
34ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/twitter.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3003867b66a32c12fdafeefc27cf06d906e5a99ba275550ab757f4bb04834636

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7566
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"af2b829f9b79fabec7c0148a8b7e444b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SLASyrz9c6pTk3ZL6oApUx6n1jHgWK6CjR3cumgWDIncYWAlJr%2FiTjQzVoYsqqmqy2QkgJWNZrcxB%2FAC%2FBPhNftohn6DeWcFot1Pt6%2FDGwWryQh8PWkUlR%2FSKXzDJO2VOAFyjMVH"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 87bbc0bebc383631-FRA

GET
H3 200 facebook.js Show response
static.addtoany.com/menu/svg/icons/ 429 B
822 B 36ms
34ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/facebook.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b475960843a5619b907af1f0a89e3136bd5e6a4a700ec78cb417f302647cf49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7566
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"68925fa8e347041c6006837e73c518bc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1OfPYPRovNJrcYxH7ecLvgQkdpqAP37tyI7KofXQBbJKMtr%2Bu2TzI%2F1vmGAxsonSTbKGQk3xOjhievNDWBJSv5imA1ieglKHBH8fCPiKYmRg6gbVPnawt5TgE9QdZuHzT1OVjKTU"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 87bbc0bebc3b3631-FRA

GET
H3 200 a2a.js Show response
static.addtoany.com/menu/svg/icons/ 182 B
678 B 35ms
33ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/a2a.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7566
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"0aca4ea1e5f8f250126a8e0c597dd969"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=caYQ%2BLWHOZa6c5Vwnv%2B6qQ4bd8Zy8%2B0Amnpzavb8UAvt0XFs45fnwXHECHI%2BYstEI6NjWGVbjFTZd0sb254i1PD1GMMMCMWdL7flPWqwrf%2Bjxiw7Lv23IHIO6qoL92oWDbRaJ3nR"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 87bbc0bebc3d3631-FRA

GET
H3 200 email.js Show response
static.addtoany.com/menu/svg/icons/ 415 B
816 B 36ms
35ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/email.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d432ad1988efa5b258294f52dae3d1b4c10660aec15e49017e21a1ee74bfd453

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 18243
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"eb2119ad4221a9d01abc336e06962867"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3pmHnG%2BUlLVo4FU7MyhJud6MNBguA5cUf3b3ixzKZkuUaERg8c%2BU3Rm%2F1Lt8ltk3bTbeliPtd6BpF8loIzkzsTBjHF%2BsAbwjrVN70sD6KX4PPq4mYpu46CSoybGgqJjOIi6mZYGh"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 87bbc0bebc3e3631-FRA

POST
H2 204 collect
region1.analytics.google.com/g/ 0
256 B 110ms
29ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-JPYDLXGD3Q&gtm=45je44o0v891181397za200&_p=1714356597.592&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=247387199.1714356598&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.78%7CGoogle%2520Chrome%3B124.0.6367.78%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&cu=USD&dl=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F&sid=1714356597&sct=1&seg=0&dt=Analysis%20of%20DEV%23POPPER%3A%20New%20Attack%20Campaign%20Targeting%20Software%20Developers%20Likely%20Associated%20With%20North%20Korean%20Threat%20Actors%20-%20Securonix&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=768
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JPYDLXGD3Q&l=improvedGA4dataLayer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 02:09:57 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.securonix.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
247 B 104ms
29ms Ping
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-JPYDLXGD3Q&cid=247387199.1714356598&gtm=45je44o0v891181397za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JPYDLXGD3Q&l=improvedGA4dataLayer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 02:09:57 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.securonix.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 65ms
32ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-JPYDLXGD3Q&cid=247387199.1714356598&gtm=45je44o0v891181397za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1596933734

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 02:09:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/pre/
Redirect Chain

https://s.adroll.com/j/pre/VJKZ2AZ6BRDQFPNHOW6CAP/4OKRMX7MDFHPZJ45XTA2IN/fpconsent.js
https://s.adroll.com/j/pre/index.js

0
756 B

47ms
22ms

Script
application/javascript

2600:9000:2644:1c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/index.js
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Protocol: HTTP/1.1
Server: 2600:9000:2644:1c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

X-Amz-Version-Id: nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Date: Sun, 28 Apr 2024 17:28:18 GMT
Via: 1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront)
Age: 31300
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Wed, 15 Jan 2020 23:54:18 GMT
Server: AmazonS3
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: DlbiZu_Ma9djX1H3Zeb16GCHrbLgI6YsKZ8cR-BG4Kr2GVTrycj8sQ==

Redirect headers

Date: Sun, 28 Apr 2024 19:50:43 GMT
Via: 1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront)
Age: 22753
X-Amz-Cf-Pop: FRA60-P6
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Location: https://s.adroll.com/j/pre/index.js
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: waXrY5f-fuDlmAqwqpAYf_pk0_q0T7s33t67FIaOH9IMbFg8Y39ofw==

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/VJKZ2AZ6BRDQFPNHOW6CAP/4OKRMX7MDFHPZJ45XTA2IN/ 9 KB
4 KB 38ms
23ms Script
text/javascript 2600:9000:2644:1c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/VJKZ2AZ6BRDQFPNHOW6CAP/4OKRMX7MDFHPZJ45XTA2IN/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:1c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a7616157191cea33870e61c8f37b9842c4a63088c5821eeee34e570679e904f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-Amz-Version-Id: 977LKJX26T3J._j0A0hX6pBYzFSBsFh7
Content-Encoding: gzip
Via: 1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront)
Date: Mon, 29 Apr 2024 02:05:14 GMT
Age: 376
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Thu, 25 Apr 2024 12:34:44 GMT
Server: AmazonS3
Etag: W/"706be4fd28aeb971d2ff83a528c2073a"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 5gOOAgW6D3U0fh-oMpQZoAJP1rxjPpwRYtHBf5899mznNwRs5J8FSg==

GET
H2 204 27010718.js Show response
bat.bing.com/p/action/ 0
119 B 123ms
122ms Script
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/27010718.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Mon, 29 Apr 2024 02:09:56 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 742231CE0F9E453BAAEA51F67AD5D83E Ref B: DUS30EDGE0706 Ref C: 2024-04-29T02:09:57Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
287 B 47ms
47ms Image
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=27010718&tm=gtm002&Ver=2&mid=deddd0bb-0c34-48a7-af98-f49d34f2bc1f&sid=93b68a2005cd11efa4cba52edbd7272d&vid=93b6bd6005cd11ef91e419692b626317&vids=1&msclkid=N&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Analysis%20of%20DEV%23POPPER%3A%20New%20Attack%20Campaign%20Targeting%20Software%20Developers%20Likely%20Associated%20With%20North%20Korean%20Threat%20Actors%20-%20Securonix&p=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F&r=&lt=609&evt=pageLoad&sv=1&rn=228640

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 29 Apr 2024 02:09:56 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 06F58B51447E4B48BCCF95CB0093B4D0 Ref B: DUS30EDGE0706 Ref C: 2024-04-29T02:09:57Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
683 B 803ms
715ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://www.securonix.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:58 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: E8AB3B2D7F1A415EB21991ABEE49372E Ref B: FRAEDGE1105 Ref C: 2024-04-29T02:09:57Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://www.securonix.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYXMsAPtHV8Q2jBLQoOyg==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1714356597657&li_adsId=52530d87-d2c7-4d72-b331-de3e19226b1a&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-atta...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1714356597657&li_adsId=52530d87-d2c7-4d72-b331-de3e19226b1a&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-atta...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D61924%26time%3D1714356597657%26li_adsId%3D52530d87-d2c7-4d72-b331-de3e19226b1a%26...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1714356597657&li_adsId=52530d87-d2c7-4d72-b331-de3e19226b1a&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-atta...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1714356597657&li_adsId=52530d87-d2c7-4d72-b331-de3e19226b1a&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-att...

0
266 B

295ms
184ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1714356597657&li_adsId=52530d87-d2c7-4d72-b331-de3e19226b1a&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQINiHmGsvJwwgAAAY8nnbZNe-G9AKTJr4TZQv2Z8hO8efyhagWZ0rbQehBk2T1aJ4ixkZ1_UyhEHX6rSTdT8NH1GQ3T8g
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Apr 2024 02:09:58 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: B63CBFF5A4D9432585FBA29D0E4AA2BC Ref B: FRAEDGE1421 Ref C: 2024-04-29T02:09:58Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYXMsAUglLuQMJN6JSX/A==

Redirect headers

date: Mon, 29 Apr 2024 02:09:58 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: EFC56A0FEB2B452EB893409EC5F15D10 Ref B: FRAEDGE1105 Ref C: 2024-04-29T02:09:58Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1714356597657&li_adsId=52530d87-d2c7-4d72-b331-de3e19226b1a&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQINiHmGsvJwwgAAAY8nnbZNe-G9AKTJr4TZQv2Z8hO8efyhagWZ0rbQehBk2T1aJ4ixkZ1_UyhEHX6rSTdT8NH1GQ3T8g
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYXMsAP/DNJti3VBSYVsg==

GET
H2 200 bWFya2V0bw.js Show response
embed.formhq.net/v1/platforms/ 422 B
573 B 37ms
37ms Script
application/javascript 2606:4700:3108::ac42:283b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.formhq.net/v1/platforms/bWFya2V0bw.js

Requested by

Host: embed.formhq.net
URL: https://embed.formhq.net/v1/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:283b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8737f50e2aa546ff4baeb4492fdd334a75dfc93e292aba2ab7a45a8c3a73e4c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5289
cf-polished: origSize=423
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Tue, 02 Aug 2022 14:00:38 GMT
server: cloudflare
etag: W/"62e92e06-1a7"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pxosJYzMV4T44Mjg2%2B3jFXigVFjPNb0ItYaeu1KyfNJ9e5yaIOPWWSIgiMWBhIuDeVMSHGxfb9euyBRaWYBbe6GhO%2BONl2CGnCYtU6GfYaYt3QI04SyvA3mhs1JheBjH90EpdiHX84%2BZaqGc6Wdw"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=1800
cf-ray: 87bbc0bfa8621c2c-FRA

GET
H2 200 VJKZ2AZ6BRDQFPNHOW6CAP Show response
d.adroll.com/consent/check/ 532 B
625 B 165ms
47ms Script
application/javascript 2a05:d018:cc3:fe05:9623:332a:63:3fd6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/VJKZ2AZ6BRDQFPNHOW6CAP?pv=98192490623.89938&arrfrr=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F&_s=e746281115a14d45c1398d50cc29d1d6&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:cc3:fe05:9623:332a:63:3fd6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 949a10582dea1073092dd7ee85f845045c8187177d8ef43f4598a5ba4068127b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
server: nginx/1.22.1
content-length: 532
content-type: application/javascript

GET
H2 200 / Show response
c.6sc.co/ 7 B
195 B 61ms
52ms XHR
text/html 2.16.16.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.16.164 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-16-164.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:57 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.securonix.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 36 B
341 B 241ms
55ms XHR
text/html 2a02:26f0:3100::1725:e251
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100::1725:e251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 78817600d7400dcb6444ada44abcec8c850e8dbc4a5770f77e2b9c89924438fa

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 02:09:57 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.securonix.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:1b60:1010:3:1011:6d07:d144:1d60
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1714356597868_388358733_880416588_32_1197_52_108_219";dur=1
content-length: 36
expires: Mon, 29 Apr 2024 02:09:57 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 164ms
155ms Image
image/gif 2.16.16.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=4ab8dc9d-2a59-470b-87f5-420eaf0a24dc&session=be1c9520-0b38-4ccd-8db8-54f1ff8a922e&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2029%20Apr%202024%2002%3A09%3A57%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20Team%20has%20been%20monitoring%20an%20ongoing%20social%20engineering%20attack%20campaign%20from%20North%20Korean%20threat%20actors%20who%20are%20targeting%20developers%20using%20fake%20interviews%20to%20deliver%20a%20Python-based%20RAT.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20DEV%23POPPER%3A%20New%20Attack%20Campaign%20Targeting%20Software%20Developers%20Likely%20Associated%20With%20North%20Korean%20Threat%20Actors%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F&pageViewId=d60334ca-c96b-4ab3-84c3-3b38f6fb5479&v=1.1.18

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.16.164 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-16-164.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 02:09:57 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 29 Apr 2024 02:09:57 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 164ms
155ms Image
image/gif 2.16.16.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=4ab8dc9d-2a59-470b-87f5-420eaf0a24dc&session=be1c9520-0b38-4ccd-8db8-54f1ff8a922e&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2029%20Apr%202024%2002%3A09%3A57%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%2205b12115ad17914938bf7667643ca0d3%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2029%20Apr%202024%2002%3A09%3A57%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2029%20Apr%202024%2002%3A09%3A57%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2029%20Apr%202024%2002%3A09%3A57%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%2245bc92abc111f3fccbf9c8779059ecfc1d69c9e6%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2029%20Apr%202024%2002%3A09%3A57%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20Team%20has%20been%20monitoring%20an%20ongoing%20social%20engineering%20attack%20campaign%20from%20North%20Korean%20threat%20actors%20who%20are%20targeting%20developers%20using%20fake%20interviews%20to%20deliver%20a%20Python-based%20RAT.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20DEV%23POPPER%3A%20New%20Attack%20Campaign%20Targeting%20Software%20Developers%20Likely%20Associated%20With%20North%20Korean%20Threat%20Actors%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F&pageViewId=d60334ca-c96b-4ab3-84c3-3b38f6fb5479&v=1.1.18

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.16.164 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-16-164.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 02:09:57 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 29 Apr 2024 02:09:57 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 769 B
730 B 100ms
40ms XHR
application/json 13.248.142.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: db531af59ab3e380792241d2f1ab1ebb1e2b3ecf49d3ae27689dcd043b93fba1

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Token 45bc92abc111f3fccbf9c8779059ecfc1d69c9e6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
X-6s-CustomID: WebTag1.0 05b12115ad17914938bf7667643ca0d3
Referer: https://www.securonix.com/
sec-ch-ua-platform: "Win32"

Response headers

x-trace-id: 1767738308715419677
date: Mon, 29 Apr 2024 02:09:58 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: eu-central-1a
access-control-allow-origin: https://www.securonix.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 408

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 94ms
32ms Preflight 13.248.142.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.securonix.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.securonix.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Mon, 29 Apr 2024 02:09:57 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a
x-trace-id: 4682917481877188422

GET
H/1.1 200
OK consent_tcfv2.js Show response
s.adroll.com/j/ 413 KB
83 KB 24ms
23ms Script
text/javascript 2600:9000:2644:1c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/consent_tcfv2.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:1c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3ec093226dbb4c5f2767562378e80a955db377003a72f5ff70cd65040983090f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-Amz-Version-Id: E8Xqd_XzP1xGQPgJ2rRArNdUFnSvN3pa
Content-Encoding: gzip
Via: 1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront)
Date: Mon, 29 Apr 2024 02:09:22 GMT
Age: 44
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Thu, 08 Feb 2024 21:46:10 GMT
Server: AmazonS3
Etag: W/"e1dc09168683fa834f599c01bb66de29"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: PnvsiCOwZU9a6iRR48fOw-ZouRGNY1J5eiD-6PHz1Z5DhYtnAFp2zg==

GET
H/1.1 200
OK nextroll-32x32.png
s.adroll.com/i/favicon/ 2 KB
2 KB 24ms
24ms Image
image/png 2600:9000:2644:1c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.adroll.com/i/favicon/nextroll-32x32.png
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:1c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-Amz-Version-Id: eTpwxbAIDHDUN.4tfrROIgU_pzKN9Xh0
Date: Mon, 29 Apr 2024 00:36:05 GMT
Via: 1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront)
Age: 22385
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1615
Last-Modified: Mon, 28 Jun 2021 18:19:21 GMT
Server: AmazonS3
Etag: "403a0a7dcf2d617e7ea852bfb9d11945"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 8WFMd_zUpJ4218ydEvj9_KrOHty480lu62vukntRbVXnJueMqbuNCQ==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 161ms
161ms Image
image/gif 2.16.16.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=4ab8dc9d-2a59-470b-87f5-420eaf0a24dc&session=be1c9520-0b38-4ccd-8db8-54f1ff8a922e&event=ipv6&q=%7B%22address%22%3A%222001%3A1b60%3A1010%3A3%3A1011%3A6d07%3Ad144%3A1d60%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20Team%20has%20been%20monitoring%20an%20ongoing%20social%20engineering%20attack%20campaign%20from%20North%20Korean%20threat%20actors%20who%20are%20targeting%20developers%20using%20fake%20interviews%20to%20deliver%20a%20Python-based%20RAT.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20DEV%23POPPER%3A%20New%20Attack%20Campaign%20Targeting%20Software%20Developers%20Likely%20Associated%20With%20North%20Korean%20Threat%20Actors%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F&pageViewId=d60334ca-c96b-4ab3-84c3-3b38f6fb5479&v=1.1.18

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.16.164 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-16-164.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 02:09:58 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 29 Apr 2024 02:09:58 GMT

GET
H2 200 core
js.driftt.com/ Frame FBED 0
0 365ms
312ms Document
text/html 18.245.86.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=r32rm8p2zmht&eId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=1b789688-a26c-446f-876f-60bee64bf68c&sessionStarted=1714356598.731&campaignRefreshToken=a20cd5b5-d79d-4825-a1eb-9c07c2e9c80b&hideController=false&pageLoadStartTime=1714356596998&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1714356600000/r32rm8p2zmht.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.87 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-87.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.securonix.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 29 Apr 2024 02:09:59 GMT
etag: W/"f4497bfb5a87b7c4365be2cac47f8d1a"
last-modified: Thu, 04 Apr 2024 19:46:21 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 9ed190c9d6b2f812d19cbb317856ed88.cloudfront.net (CloudFront)
x-amz-cf-id: BAzh36KM2Vvws-JsE6C9AP5_Ml2FqLG7frOWt36XQ70AiTClXE0i4Q==
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: ZBEiLR5jfh3iii3cnfTNRQsxvVBIMKla
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 22

GET
H2 200 chat
js.driftt.com/core/ Frame B12D 0
0 183ms
132ms Document
text/html 18.245.86.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1714356596998

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1714356600000/r32rm8p2zmht.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.87 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-87.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.securonix.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 29 Apr 2024 02:09:58 GMT
etag: W/"f4497bfb5a87b7c4365be2cac47f8d1a"
last-modified: Thu, 04 Apr 2024 19:46:21 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 9ed190c9d6b2f812d19cbb317856ed88.cloudfront.net (CloudFront)
x-amz-cf-id: qxNR3tYGOOb2vuEFs7-zk0j4liMT8oSpFcDp3dZZB3ujsFZxtogaBA==
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: ZBEiLR5jfh3iii3cnfTNRQsxvVBIMKla
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 17

GET
H2 200 nr-rum-1.257.0.min.js Show response
js-agent.newrelic.com/ 50 KB
18 KB 79ms
23ms Script
application/javascript 2602:816:5001::39
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-rum-1.257.0.min.js

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2602:816:5001::39 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

ac2185eaf27db9d83c2688a55c428a5f18bbe41d8f769c58f41f081b8b17834b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: hDZawLvU_7lPCCc8KE3sqLucpiUuFFEu
content-encoding: br
via: 1.1 varnish
date: Mon, 29 Apr 2024 02:09:58 GMT
strict-transport-security: max-age=300
x-amz-request-id: ZBKPBC4EYJ9CVCQ2
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 17464
x-amz-id-2: cOsGKYq7LsN5P2l6NjtrRga5Bc2t0B4D06cuL0NDRMxsUhL0o+K1w4qSyR+yq8rwkTTwf1BbdHykudExNwA8i6TtK+ZA4AYL
x-served-by: cache-fra-eddf8230025-FRA
last-modified: Fri, 19 Apr 2024 00:43:41 GMT
server: AmazonS3
etag: "04045b88714f08119a0e2fcb74624f22"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges: bytes
x-cache-hits: 245599

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 155ms
155ms Image
image/gif 2.16.16.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=4ab8dc9d-2a59-470b-87f5-420eaf0a24dc&session=be1c9520-0b38-4ccd-8db8-54f1ff8a922e&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2029%20Apr%202024%2002%3A09%3A58%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2029%20Apr%202024%2002%3A09%3A57%20GMT%22%2C%22timeSpent%22%3A%221005%22%2C%22totalTimeSpent%22%3A%221005%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20Team%20has%20been%20monitoring%20an%20ongoing%20social%20engineering%20attack%20campaign%20from%20North%20Korean%20threat%20actors%20who%20are%20targeting%20developers%20using%20fake%20interviews%20to%20deliver%20a%20Python-based%20RAT.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20DEV%23POPPER%3A%20New%20Attack%20Campaign%20Targeting%20Software%20Developers%20Likely%20Associated%20With%20North%20Korean%20Threat%20Actors%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F&pageViewId=d60334ca-c96b-4ab3-84c3-3b38f6fb5479&v=1.1.18

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.16.164 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-16-164.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 02:09:58 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 29 Apr 2024 02:09:58 GMT

GET
H2 403 Featured_Thumbnail_477X364.jpg
www.securonix.com/wp-content/uploads/2023/04/ 17 KB
17 KB 31ms
30ms Image
text/html 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2023/04/Featured_Thumbnail_477X364.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e569d3cad3bb368d1ad786eb43147cbf6d74ffd7ba4da8d83d0dd2915f7dda1c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:58 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-origin
cf-chl-out: IUerD8gjMtmfiFEWa1Zsc3NJHZiBTPXXvgCZGzfZ84ULTJkB0oVI5GRV+uiTYPn/IVdDtxraboHYH0RPN5t5Ya+vJcjhGRt9znsdd9LPBxBhHe/5gpWg6y3aooKdQmOVPCOUbglxF7CRxl/upOQ+hg==$zDAZFBxKtWOWHf1ipgSKGA==
referrer-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
cf-mitigated: challenge
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GzBmeDolftIT7KC4d2QHpUM5jNDe4DiXHJOcDnmJr7Fp43Cjxe9eiqh2CqohPwbhKozdaIRW6Q9AJVVIFbLVHu6QlzOIa97QVrNs834LkNloaYwU8MOo00PUP4gBB6daRILBzQKZTSBz4H6XG9LM"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-ray: 87bbc0c64ac59137-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 403 gartner_innovationInsightReport_21_menuImg.jpg
www.securonix.com/wp-content/uploads/2021/12/ 17 KB
17 KB 31ms
31ms Image
text/html 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2021/12/gartner_innovationInsightReport_21_menuImg.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1115205a7e5357bab9b16fea98fcc84f029abf5805ebfd995b900617c963cded

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:58 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-origin
cf-chl-out: 8spbzU5/kq4atc4sVxErj6t/2S4DGvl4YJzNGgelyl+P3EAuhIyUxieeGoSTQ1uvJH1AKGUcRIheR4081TlQWakXRYwSXittObnfZ6QNhOMfUZbH1cDDMDwVZsRy2TLIf1chFmPMddVc/2ZldKIP6g==$LFJEgEtJgyl4AQBnXYbexQ==
referrer-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
cf-mitigated: challenge
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oU4PVrF5m%2BR9CPNaoA52JaP3xIdLszj0MSFBeDvWFMYSMu01U%2Bv%2FC9BIfmltexDcOzxlb7xHBaTtbPba1N5JA6o1mHpv6EbE2n6QM7JSP4FyOH1HjmX10XSTtAQENk0AKfx8CVJ%2FsUN0O%2BalFDWw"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-ray: 87bbc0c64ac69137-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

POST
H/1.1 200
OK NRJS-e6ece394b0ed1b033c0 Show response
bam.nr-data.net/1/ 151 B
708 B 675ms
597ms XHR
text/plain 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/NRJS-e6ece394b0ed1b033c0?a=989077289&v=1.257.0&to=ZwNaNkBSWkAHVUZRCV5JeQFGWltdSUVbVgFcAxUAXlxT&rst=2006&ck=0&s=d624edaa76ebd520&ref=https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/&ap=1597&be=106&fe=1810&dc=503&at=S0RZQAhISU4%3D&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1714356596835,%22n%22:0,%22f%22:0,%22dn%22:9,%22dne%22:9,%22c%22:9,%22s%22:31,%22ce%22:60,%22rq%22:61,%22rp%22:106,%22rpe%22:163,%22di%22:607,%22ds%22:607,%22de%22:609,%22dc%22:1895,%22l%22:1912,%22le%22:1916%7D,%22navigation%22:%7B%7D%7D&fp=546&fcp=546
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-rum-1.257.0.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af64f318f5d1e691c1437d3caa39d375cab4d8d8aca0f127ccb9cd9939226a3c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type: text/plain

Response headers

Date: Mon, 29 Apr 2024 02:09:59 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Transfer-Encoding: chunked
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.securonix.com
access-control-expose-headers: Date
Vary: Accept-Encoding
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
CF-Ray: 87bbc0c75c9e2bf2-FRA
timing-allow-origin: https://www.securonix.com

GET
H2 403 cropped-cropped-cropped-cropped-Securonix-Logo_ForWeb-RGB_Icon-3-32x32.png
www.securonix.com/wp-content/uploads/2021/12/ 17 KB
8 KB 33ms
33ms Other
text/html 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/uploads/2021/12/cropped-cropped-cropped-cropped-Securonix-Logo_ForWeb-RGB_Icon-3-32x32.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

864390aadfdd5183f5475d16b7a869199c07906b0d92e4446ddb7e668c4f72ec

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:59 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-origin
cf-chl-out: Hg5P2V+cFD9SEFXezxoHZWn6HDToLHGZnYY/gb1pyfOq5QTpeHRAw4P8WTeR11UnbUJAVLLFhObnNz3Q+7W4DSsz0HrgqYII11XSNl8l0kJWRJd0tBUIKhIJ1MX+mi4RpqlAAVhmBz93MCcVJSMNiw==$4duwC83efAK9jZnZCqdhfw==
referrer-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
cf-mitigated: challenge
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nQ3uPU5tEqYA8AUG51aYmyhtNpRovKVobCEbz2R9M2PpJZExzhHZvf5tLhh2tNl%2FHX%2Fs0pkXvlB9GRUaKOnGTM9u3rLMSjn5KKBBuu6JZQkvbb%2FyLWpyb0wS5V4C11qT22irblOMblTsSXzHCB70"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-ray: 87bbc0c94c919137-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 403 cropped-cropped-cropped-cropped-Securonix-Logo_ForWeb-RGB_Icon-3-192x192.png
www.securonix.com/wp-content/uploads/2021/12/ 17 KB
8 KB 32ms
32ms Other
text/html 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/uploads/2021/12/cropped-cropped-cropped-cropped-Securonix-Logo_ForWeb-RGB_Icon-3-192x192.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb2750bb452781f41b072df8541d8431d23b5c4e06f07e0ac8f0cd1c906f85fb

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 02:09:59 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-origin
cf-chl-out: 6rxGidWapPd3vUxpki2JGdYdR7OLveUIH9yqpmkyinXpwKInrtgGYrDMsO3NeGWWI764pfs7k9vYANbnJiVQK+OrV28bXpxCZlNGj/KNmW5xH4bOTamp4JzgtPRkejwunROmMVioo4Rh2jF4SW93ug==$8mluIeRzBmhmtIg3VxIUrw==
referrer-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
cf-mitigated: challenge
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GoHpHwTdhEA1tRn17OBpcBr4OYMu%2F6%2By8Tq4rJFfBopV4RAlIvFns4Gm1ozCb0p8GzFP82%2F8cZ55SbTx3JL1V2PzidIeekIHrDiAk1iwoHdZNQ24JoWt%2F%2FexLEiuJylh6gmChpjo%2F8Kevdr9cwrn"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-ray: 87bbc0c97caf9137-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 175ms
175ms Image
image/gif 2.16.16.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=4ab8dc9d-2a59-470b-87f5-420eaf0a24dc&session=be1c9520-0b38-4ccd-8db8-54f1ff8a922e&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2029%20Apr%202024%2002%3A09%3A59%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2029%20Apr%202024%2002%3A09%3A58%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%222005%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20Team%20has%20been%20monitoring%20an%20ongoing%20social%20engineering%20attack%20campaign%20from%20North%20Korean%20threat%20actors%20who%20are%20targeting%20developers%20using%20fake%20interviews%20to%20deliver%20a%20Python-based%20RAT.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20DEV%23POPPER%3A%20New%20Attack%20Campaign%20Targeting%20Software%20Developers%20Likely%20Associated%20With%20North%20Korean%20Threat%20Actors%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F&pageViewId=d60334ca-c96b-4ab3-84c3-3b38f6fb5479&v=1.1.18

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.16.164 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-16-164.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 02:09:59 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 29 Apr 2024 02:09:59 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 160ms
160ms Image
image/gif 2.16.16.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=4ab8dc9d-2a59-470b-87f5-420eaf0a24dc&session=be1c9520-0b38-4ccd-8db8-54f1ff8a922e&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2029%20Apr%202024%2002%3A10%3A00%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2029%20Apr%202024%2002%3A09%3A59%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223006%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20Team%20has%20been%20monitoring%20an%20ongoing%20social%20engineering%20attack%20campaign%20from%20North%20Korean%20threat%20actors%20who%20are%20targeting%20developers%20using%20fake%20interviews%20to%20deliver%20a%20Python-based%20RAT.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20DEV%23POPPER%3A%20New%20Attack%20Campaign%20Targeting%20Software%20Developers%20Likely%20Associated%20With%20North%20Korean%20Threat%20Actors%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F&pageViewId=d60334ca-c96b-4ab3-84c3-3b38f6fb5479&v=1.1.18

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.16.164 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-16-164.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 02:10:00 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 29 Apr 2024 02:10:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 155ms
154ms Image
image/gif 2.16.16.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=4ab8dc9d-2a59-470b-87f5-420eaf0a24dc&session=be1c9520-0b38-4ccd-8db8-54f1ff8a922e&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2029%20Apr%202024%2002%3A10%3A01%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2029%20Apr%202024%2002%3A10%3A00%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224007%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20Team%20has%20been%20monitoring%20an%20ongoing%20social%20engineering%20attack%20campaign%20from%20North%20Korean%20threat%20actors%20who%20are%20targeting%20developers%20using%20fake%20interviews%20to%20deliver%20a%20Python-based%20RAT.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20DEV%23POPPER%3A%20New%20Attack%20Campaign%20Targeting%20Software%20Developers%20Likely%20Associated%20With%20North%20Korean%20Threat%20Actors%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F&pageViewId=d60334ca-c96b-4ab3-84c3-3b38f6fb5479&v=1.1.18

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.16.164 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-16-164.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 29 Apr 2024 02:10:01 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 29 Apr 2024 02:10:01 GMT

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: lltrck.com
URL: https://lltrck.com/scripts/lt-v3.js?llid=23883

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=4ab8dc9d-2a59-470b-87f5-420eaf0a24dc&session=be1c9520-0b38-4ccd-8db8-54f1ff8a922e&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2029%20Apr%202024%2002%3A10%3A02%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2029%20Apr%202024%2002%3A10%3A01%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225008%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20Team%20has%20been%20monitoring%20an%20ongoing%20social%20engineering%20attack%20campaign%20from%20North%20Korean%20threat%20actors%20who%20are%20targeting%20developers%20using%20fake%20interviews%20to%20deliver%20a%20Python-based%20RAT.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20of%20DEV%23POPPER%3A%20New%20Attack%20Campaign%20Targeting%20Software%20Developers%20Likely%20Associated%20With%20North%20Korean%20Threat%20Actors%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors%2F&pageViewId=d60334ca-c96b-4ab3-84c3-3b38f6fb5479&v=1.1.18

Verdicts & Comments Add Verdict or Comment

121 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.pages.securonix.com/	1970-01-20 20:12:38	Name: __cf_bm Value: FnxJY6Y.0NSxF8Gd5u2G2ZEK_wfBYFNI97VY82IKEf4-1714356597-1.0.1.1-3uC8RK04_GDmltH9rKQFfolJWPMNwcEE9EWONJV2OHSVYfu0sALMHqlGaQ9BoMbvE_6cuat6wQxgF_5M36PY2g
www.securonix.com/	1969-12-31 23:59:59	Name: wp-wpml_current_language Value: en
.securonix.com/	1970-01-20 22:22:12	Name: _gcl_au Value: 1.1.1897994857.1714356598
.securonix.com/	1970-01-21 05:48:36	Name: _mkto_trk Value: id:179-DJP-142&token:_mch-securonix.com-1714356597534-21433
.securonix.com/	1970-01-21 05:48:36	Name: _ga Value: GA1.1.247387199.1714356598
.securonix.com/	1970-01-21 05:48:36	Name: attr_first Value: %7B%22source%22%3A%22(direct)%22%2C%22medium%22%3A%22(none)%22%2C%22campaign%22%3A%22(not%20set)%22%2C%22term%22%3A%22(not%20set)%22%2C%22content%22%3A%22(not%20set)%22%2C%22source_platform%22%3A%22(not%20set)%22%2C%22marketing_tactic%22%3A%22(not%20set)%22%2C%22creative_format%22%3A%22(not%20set)%22%2C%22adgroup%22%3A%22(not%20set)%22%2C%22id%22%3A%22(not%20set)%22%7D
.securonix.com/	1970-01-20 20:12:38	Name: attr_last Value: %7B%22source%22%3A%22(direct)%22%2C%22medium%22%3A%22(none)%22%2C%22campaign%22%3A%22(not%20set)%22%2C%22term%22%3A%22(not%20set)%22%2C%22content%22%3A%22(not%20set)%22%2C%22source_platform%22%3A%22(not%20set)%22%2C%22marketing_tactic%22%3A%22(not%20set)%22%2C%22creative_format%22%3A%22(not%20set)%22%2C%22adgroup%22%3A%22(not%20set)%22%2C%22id%22%3A%22(not%20set)%22%7D
.securonix.com/	1970-01-20 20:14:02	Name: _uetsid Value: 93b68a2005cd11efa4cba52edbd7272d
.securonix.com/	1970-01-21 05:34:12	Name: _uetvid Value: 93b6bd6005cd11ef91e419692b626317
.bing.com/	1970-01-21 05:34:12	Name: MUID Value: 0A3E002383D664F903781453827C6559
www.securonix.com/	1970-01-21 05:48:36	Name: _gd_visitor Value: 4ab8dc9d-2a59-470b-87f5-420eaf0a24dc
www.securonix.com/	1970-01-20 20:12:50	Name: _gd_session Value: be1c9520-0b38-4ccd-8db8-54f1ff8a922e
.linkedin.com/	1970-01-20 22:22:12	Name: li_sugr Value: 43a5e743-e1ae-49b3-bad5-f139c5833325
.linkedin.com/	1970-01-20 20:55:48	Name: UserMatchHistory Value: AQJ7Eic-dG0PBAAAAY8nnbTrT2V1qtO6crbG7XCH-0gvZdPgoD7yQkdgo-5onmWGKPfIYxVOOlaKhA
.linkedin.com/	1970-01-20 20:55:48	Name: AnalyticsSyncHistory Value: AQLlD_UlPpkVPwAAAY8nnbTrn9v1qyPOoEYGSkjMNZIl65ZFkjscWCr2CXLxo-M-_pgZ9ZqR5okoI-gu3WsQNw
.www.linkedin.com/	1970-01-21 04:58:12	Name: bscookie Value: "v=1&202404290209586ae9580e-b253-48a9-83b2-a30797212addAQEgcdKX8EtZi0z2dzYc3iECCh05y7q8"
.linkedin.com/	1970-01-21 04:58:12	Name: bcookie Value: "v=2&54c11c42-60a7-4a74-8628-1c3958a013d4"
.linkedin.com/	1970-01-21 00:31:48	Name: li_gc Value: MTswOzE3MTQzNTY1OTg7MjswMjGICglDWb435Pr1lusMdNlEwTzIOvdw+ReMAKC2OcJQhQ==
.linkedin.com/	1970-01-20 20:14:02	Name: lidc Value: "b=OGST09:s=O:r=O:a=O:p=O:g=2792:u=1:x=1:i=1714356598:t=1714442998:v=2:sig=AQGQ27XPJ5MaljtcLu1UlLqCzJWYWUuE"
www.securonix.com/	1970-01-20 20:12:38	Name: drift_campaign_refresh Value: a20cd5b5-d79d-4825-a1eb-9c07c2e9c80b
www.securonix.com/	1970-01-21 05:48:36	Name: drift_aid Value: e55c8929-c944-4f6b-8b06-06a43f18632a
www.securonix.com/	1970-01-21 05:48:36	Name: driftt_aid Value: e55c8929-c944-4f6b-8b06-06a43f18632a
.securonix.com/	1970-01-21 05:48:36	Name: _ga_JPYDLXGD3Q Value: GS1.1.1714356597.1.0.1714356600.57.0.0

38 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://js.driftt.com/include/1714356600000/r32rm8p2zmht.js Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://www.securonix.com/wp-content/uploads/2023/04/Featured_Thumbnail_477X364.jpg Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.securonix.com/wp-content/uploads/2021/12/gartner_innovationInsightReport_21_menuImg.jpg Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.securonix.com/wp-content/uploads/2021/12/cropped-cropped-cropped-cropped-Securonix-Logo_ForWeb-RGB_Icon-3-32x32.png Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.securonix.com/wp-content/uploads/2021/12/cropped-cropped-cropped-cropped-Securonix-Logo_ForWeb-RGB_Icon-3-192x192.png Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31622400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

179-djp-142.mktoresp.com
ajax.googleapis.com
b.6sc.co
bam.nr-data.net
bat.bing.com
c.6sc.co
cdn.jsdelivr.net
d.adroll.com
embed.formhq.net
epsilon.6sense.com
ipv6.6sc.co
j.6sc.co
js-agent.newrelic.com
js.driftt.com
lltrck.com
munchkin.marketo.net
p.typekit.net
pages.securonix.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
s.adroll.com
snap.licdn.com
static.addtoany.com
stats.g.doubleclick.net
unpkg.com
use.typekit.net
www.google.de
www.googletagmanager.com
www.linkedin.com
www.securonix.com
b.6sc.co
lltrck.com
104.17.73.206
104.96.137.199
13.107.42.14
13.248.142.121
162.247.241.14
18.245.86.77
18.245.86.87
192.28.144.124
2.16.16.164
2001:4860:4802:34::36
2600:9000:2644:1c00:6:9280:1080:93a1
2602:816:5001::39
2606:4700:10::6816:47c5
2606:4700:10::ac43:2794
2606:4700:3108::ac42:283b
2606:4700:3108::ac42:2b19
2606:4700::6810:5914
2606:4700::6811:f6cb
2620:1ec:21::14
2620:1ec:c11::237
2a00:1450:4001:831::2003
2a00:1450:4001:831::2008
2a00:1450:4001:831::200a
2a00:1450:400c:c00::9b
2a02:26f0:3100::1725:e251
2a02:26f0:3500:16::215:148b
2a02:26f0:3500:16::215:148f
2a02:26f0:3500:16::215:149b
2a05:d018:cc3:fe05:9623:332a:63:3fd6
1115205a7e5357bab9b16fea98fcc84f029abf5805ebfd995b900617c963cded
1283ef99439552cfbb1ac174c7f5e7f9498aee97ccf2ce08741a796fca9aef6b
175eab7bef961e3d69c7c97f5371d532f30be4547670ba55578ed1af53d3114d
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
22529609ad54b33ee1695008d3daa6e35f133849c49ee00d7e9bc02eb0dd9a56
244f0008e2c8960965d60a19737ab1327ef0803524d68f12980d2371bba60595
27e54854af25b175f482f4acc3c32a5dfd363ae62292e66b9212764d323af2db
28e132ea525a5b852dc1a77fcadc939ba1b70d68f321dd2ddeedc4b8a8cb93ec
3003867b66a32c12fdafeefc27cf06d906e5a99ba275550ab757f4bb04834636
32526fdcae3037b6c2d64e0728c146d0c6ba44bb3b663af970f05feab4393b15
3a484da0ec050bccd6034a00ee39c4919c49ca749d0510f934a9ff5a07251a6c
3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43
3ec093226dbb4c5f2767562378e80a955db377003a72f5ff70cd65040983090f
4196ef94fe2c7befda378bfaad82f3e662be2b5eb1ba9aeffce466ba6bfd0bd4
435c1051149272e940e0bfbda1b4e09662f4408e658aa0ee899177819c9b8008
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
464b561ee00c86db1cddb80f2c9d6febbc2c1aa95f422fa73a4fb8ef7d5d5028
4b475960843a5619b907af1f0a89e3136bd5e6a4a700ec78cb417f302647cf49
4b9257e3e9c959214ddfab833a69a021ae6557403efe76afcbee259621175274
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
58415d97eb0b5745ccfa6e5e2f996581ec39f6c4af80627d3dd3c06bc5977ca6
5cb827f73923b92fab84588427d2f366af8778e1cda4ce128e87f20415d3b319
5e2d296664123aed1106464a611ef20234a6eed68d82ed5b1afd66660b185c59
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6912f7388531e949bd5406b5668cd6b55fea4cc7e2d123dbaed489054dd98438
6cc4c722a50b4152194b13e7e3c8a1a5a5f23b17988f8fa85404394efc5c0984
6e0cc78c402cbc02fdfd41cd77c5fd6ffbd8066cc07935ea8eb5f3fcc59744a3
6eb4cf02a13fd5ba1886458ccf1596b2fcf5c63a26c437b61e4ee58f5e3f7b4f
72ed8858f75066f1e66222adbe46c7b457c546b6f2014fd4b5048389a175d94b
7852a22b72ead62cfc4a1b1ca32874b3e222f232a991a6d1432313572f534135
78817600d7400dcb6444ada44abcec8c850e8dbc4a5770f77e2b9c89924438fa
80b41604ed76eb37787a40ba315a3af3a5c83b3bce68e39037deb9202582abc8
814189be4de21d42597f62ffcc0ee1d28b6326d795bbad2e922952cad4dabab1
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
841ec96a41283cf23db2d69fe67d9beee3e9b222bccfe81ecf6edefc78e92151
864390aadfdd5183f5475d16b7a869199c07906b0d92e4446ddb7e668c4f72ec
8737f50e2aa546ff4baeb4492fdd334a75dfc93e292aba2ab7a45a8c3a73e4c4
876d023d9d10c97941b80c3b03e2a5b94631ff7a4af9cee5604a6a2d39718d84
8c0e1f95aa09754b10449fd8cd7f2e76d8f232d1038b6cf7454db558ac79962e
8f060e210fa92b0bce82108a417cbf3f4f0ded2dc69a8b293db44da9f4b24c23
91b9b24f0aa59668e4d0a770ee7a294b9baa361a76a20ade8128cd0482a5d805
949a10582dea1073092dd7ee85f845045c8187177d8ef43f4598a5ba4068127b
95ef911fcf12dfe0a1fb5b17a3b24fa81c6b07b102b435949b06e7e124de51cb
9a7616157191cea33870e61c8f37b9842c4a63088c5821eeee34e570679e904f
9bc19ce27e7fe54728be0d4489cf683005fd6f522bbf6391a681d7d2d8d3f190
a4d1cf1412729a6ebf14ef0c798f0b9c9dc0ecee9e06e912859e4c53380fb33b
a4e18ebd700bf91a4906f32a3f053111b107114f92bc1166acdc3c8ee8db6b62
a5dc25b44f66a4a97302932d4e42507562ecd23f893b1669a791662a8ec00542
ac2185eaf27db9d83c2688a55c428a5f18bbe41d8f769c58f41f081b8b17834b
af64f318f5d1e691c1437d3caa39d375cab4d8d8aca0f127ccb9cd9939226a3c
af770f5afec3e9f10196ea60476a44dde4d80010e680500685b578fee468c8c7
b9649e0e9e5790f8d6b5e69aa4ff9969e8f7d72a84f8501ff9379078005124d8
ba711f4ae1f09fd05735a7b8ec5e0d70d271cf09212431fa192deaed9a324360
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb698b4af30a506bea5e24025b0f742db88461e40a7f9f2f24293ad810bdf842
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
bfb9e92353e3d4999e02a6f01a3551a87686ebf0180baf65b4c961f7061bcf52
c19e3e4151ea4933fa9ba9703c51fe20ad469237771214b1c5001d1b107ddef5
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
ce5dbb2cdb85126fdc9d774971a56f8848dbee977a382bd512a5f8b49ea8c727
d01e29303e11404333dd1293ed958ee09b41203f03b4083a48cc33a66700ffd0
d432ad1988efa5b258294f52dae3d1b4c10660aec15e49017e21a1ee74bfd453
d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969
d7495655518a178afcfca8f950660f990e6169eb01960dd2bc8c9a19fd533557
d9ed26dc81f55af22e282dc60be605819fc96e3bbcd1c3d461d1c3057a66cb1b
da03f140d305f2abdf496bdd3fad9cfed87a237cf09f6a2edcec58bc5a1f044d
db531af59ab3e380792241d2f1ab1ebb1e2b3ecf49d3ae27689dcd043b93fba1
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
deb1aa1c2af7a0f084b58e34c78545593305a87b23f9f6e099849c1ace0c9dd6
e26044e4f60fab991ddde9378091a990f77cad49dadf8d6b4bd96c632428546c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e569d3cad3bb368d1ad786eb43147cbf6d74ffd7ba4da8d83d0dd2915f7dda1c
eba26fbcf2f2ea428e18335be4eaa8cece634376ad0db9ab26c45c6f0b1712d9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f65784e5e7332dc1e4bbeacbec70fdeef4a1bea84f16ce2ee144999719d195ce
f7ba7e664816f88dde2f3f9b789e427087a5deb8986f708dd02bcfe1c0d8ff55
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fa965a1365c0a87fe8347c87f3fd32df7d0de719a9a86b5e783832302fa073e7
fb2750bb452781f41b072df8541d8431d23b5c4e06f07e0ac8f0cd1c906f85fb
fbb6162a3febf0d96b3372dd4f325d2ecd9b9c4e2c6d23e2c2b4eeeb3d7ccdb0
fbdf5dd3b00773a85377890b2c213d877d06fe5b24ecb9e1773477bd57eae46a
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.securonix.com Open in urlscan Pro 2606:4700:3108::ac42:2b19 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

103 Requests

94 %HTTPS

69 %IPv6

23 Domains

31 Subdomains

30 IPs

6 Countries

2089 kBTransfer

4614 kBSize

23 Cookies

14 Outgoing links

Redirected requests

103 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.securonix.com Open in urlscan Pro
2606:4700:3108::ac42:2b19 Public Scan

Screenshot
Live screenshot

Full Image

103
Requests

94 %
HTTPS

69 %
IPv6

23
Domains

31
Subdomains

30
IPs

6
Countries

2089 kB
Transfer

4614 kB
Size

23
Cookies

103 HTTP transactions
1 data transactions