www.reversinglabs.com Open in urlscan Pro
2606:2c40::c73c:67e1 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Submission: On August 07 via api (August 7th 2023, 12:40:36 pm UTC) from DE — Scanned from DE

Summary HTTP 160 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 47 IPs in 3 countries across 38 domains to perform 160 HTTP transactions. The main IP is 2606:2c40::c73c:67e1, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.reversinglabs.com.
TLS certificate: Issued by GTS CA 1P5 on July 24th 2023. Valid for: 3 months.

This is the only time www.reversinglabs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
63	2606:2c40::c7... 2606:2c40::c73c:67e1	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	151.101.129.181 151.101.129.181	54113 (FASTLY) (FASTLY)
1	2a02:26f0:480... 2a02:26f0:480:f::213:7ecd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6812:cec9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	2606:4700::68... 2606:4700::6812:e0f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8e65	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	65.9.78.118 65.9.78.118	16509 (AMAZON-02) (AMAZON-02)
1	52.222.139.110 52.222.139.110	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
1	13.227.219.3 13.227.219.3	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:a852	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:2800:234... 2606:2800:234:46c:e8b:1e2f:2bd:694	15133 (EDGECAST) (EDGECAST)
3	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
5	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.66.112.19 18.66.112.19	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:77be	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:65ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:18c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:6bc7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:8cce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:816e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	23.38.98.66 23.38.98.66	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:480... 2a02:26f0:480:f::213:7ecb	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a04:4e42::396 2a04:4e42::396	54113 (FASTLY) (FASTLY)
1	2600:9000:223... 2600:9000:223c:2a00:9:d7d4:1380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	52.21.20.174 52.21.20.174	14618 (AMAZON-AES) (AMAZON-AES)
2	2606:4700::68... 2606:4700::6811:d2f3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:d3f3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:c9cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
6	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c06::9d	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
2	2600:9000:20e... 2600:9000:20eb:8800:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:26f0:480... 2a02:26f0:480:22::1726:62ee	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.193.140 151.101.193.140	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
160	47

63 2606:2c40::c73c:67e1 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.reversinglabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.181 (United States)

ASN54113 (FASTLY, US)

play.vidyard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:f::213:7ecd (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:cec9 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:4700::6812:e0f (United States)

ASN13335 (CLOUDFLARENET, US)

3375217.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8e65 (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

cookieinfoscript.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.78.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-78-118.ams1.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.139.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-139-110.ams50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.227.219.3 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-3.ams54.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a852 (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-19.fra56.r.cloudfront.net

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:77be (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:65ac (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:18c4 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:6bc7 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8cce (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:816e (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.38.98.66 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-38-98-66.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:f::213:7ecb (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:2a00:9:d7d4:1380:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.metadata.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.21.20.174 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-21-20-174.compute-1.amazonaws.com

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:d2f3 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d3f3 (United States)

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:c9cc (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.200 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:20eb:8800:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:22::1726:62ee (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
63	reversinglabs.com www.reversinglabs.com	2 MB
15	hubspotusercontent-na1.net 3375217.fs1.hubspotusercontent-na1.net	322 KB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 5439 c.6sc.co — Cisco Umbrella Rank: 8622 ipv6.6sc.co — Cisco Umbrella Rank: 5612 b.6sc.co — Cisco Umbrella Rank: 3549	18 KB
6	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2577 www.google.com — Cisco Umbrella Rank: 3	911 B
6	linkedin.com 4 redirects platform.linkedin.com — Cisco Umbrella Rank: 3010 px.ads.linkedin.com — Cisco Umbrella Rank: 391 www.linkedin.com — Cisco Umbrella Rank: 539 px4.ads.linkedin.com — Cisco Umbrella Rank: 6039	165 KB
5	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 5177 track.hubspot.com — Cisco Umbrella Rank: 2254 forms.hubspot.com — Cisco Umbrella Rank: 4396	4 KB
5	gstatic.com fonts.gstatic.com	80 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 170	221 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 73	361 KB
3	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4156 forms-na1.hsforms.com — Cisco Umbrella Rank: 6801	3 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 55 region1.google-analytics.com — Cisco Umbrella Rank: 1869	21 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	234 B
3	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1003 syndication.twitter.com — Cisco Umbrella Rank: 1212	132 KB
2	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 870	735 B
2	google.de www.google.de — Cisco Umbrella Rank: 5576	562 B
2	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 54 stats.g.doubleclick.net — Cisco Umbrella Rank: 115	2 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4645 forms.hscollectedforms.net — Cisco Umbrella Rank: 4755	26 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 77	2 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 745 script.hotjar.com — Cisco Umbrella Rank: 967	59 KB
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1375 insight.adsrvr.org — Cisco Umbrella Rank: 604	3 KB
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1468	637 B
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3473	1 KB
1	quora.com q.quora.com — Cisco Umbrella Rank: 3965	423 B
1	metadata.io cdn.metadata.io — Cisco Umbrella Rank: 33170	2 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1326	8 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 783	5 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 4274	86 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2187	21 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2192	16 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 4789	22 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3228	3 KB
1	hotjar.io vc.hotjar.io — Cisco Umbrella Rank: 2791	257 B
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4388	2 KB
1	cookieinfoscript.com cookieinfoscript.com — Cisco Umbrella Rank: 90872	4 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5423	5 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 257	27 KB
1	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 7970	2 KB
1	vidyard.com play.vidyard.com — Cisco Umbrella Rank: 12467	23 KB
160	38

	Domain	Requested by
63	www.reversinglabs.com	www.reversinglabs.com js.usemessages.com
15	3375217.fs1.hubspotusercontent-na1.net	www.reversinglabs.com
8	b.6sc.co	www.reversinglabs.com
5	region1.analytics.google.com	www.googletagmanager.com
5	fonts.gstatic.com	fonts.googleapis.com
4	connect.facebook.net	www.reversinglabs.com connect.facebook.net
4	www.googletagmanager.com	www.reversinglabs.com www.googletagmanager.com js.hsadspixel.net www.google-analytics.com
3	track.hubspot.com
3	px.ads.linkedin.com	3 redirects
3	www.facebook.com	www.reversinglabs.com
2	cdn.linkedin.oribi.io	snap.licdn.com
2	www.google.de	www.reversinglabs.com
2	forms.hsforms.com	www.reversinglabs.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	platform.twitter.com	www.reversinglabs.com platform.twitter.com
2	fonts.googleapis.com	www.reversinglabs.com
1	forms.hubspot.com	js.hsleadflows.net
1	insight.adsrvr.org	js.adsrvr.org
1	region1.google-analytics.com	www.googletagmanager.com
1	www.google.com	www.reversinglabs.com
1	alb.reddit.com	www.reversinglabs.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	px4.ads.linkedin.com	www.reversinglabs.com
1	www.linkedin.com	1 redirects
1	syndication.twitter.com	platform.twitter.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	stats.g.doubleclick.net	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	api.hubapi.com	js.hsadspixel.net
1	forms-na1.hsforms.com	www.reversinglabs.com
1	q.quora.com	www.reversinglabs.com
1	cdn.metadata.io	www.reversinglabs.com
1	www.redditstatic.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	j.6sc.co	www.reversinglabs.com
1	js.hsleadflows.net	www.reversinglabs.com
1	js.hs-analytics.net	www.reversinglabs.com
1	js.hscollectedforms.net	www.reversinglabs.com
1	js.hs-banner.com	www.reversinglabs.com
1	js.usemessages.com	www.reversinglabs.com
1	js.hsadspixel.net	www.reversinglabs.com
1	vc.hotjar.io	script.hotjar.com
1	app.hubspot.com	www.reversinglabs.com
1	ws.zoominfo.com	www.reversinglabs.com
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	www.reversinglabs.com
1	js.adsrvr.org	www.reversinglabs.com
1	cookieinfoscript.com	www.reversinglabs.com
1	static.hsappstatic.net	www.reversinglabs.com
1	cdnjs.cloudflare.com	www.reversinglabs.com
1	cdn2.hubspot.net	www.reversinglabs.com
1	platform.linkedin.com	www.reversinglabs.com
1	play.vidyard.com	www.reversinglabs.com
160	54

This site contains links to these domains. Also see Links.

Domain
register.reversinglabs.com
support.reversinglabs.com
rli.reversinglabs.com
www.secure.software
github.com
docs.python.org
blog.reversinglabs.com
pypi.org
twitter.com
www.linkedin.com
www.youtube.com
www.facebook.com
www.instagram.com
cookieinfoscript.com

Subject Issuer	Validity	Valid
www.reversinglabs.com GTS CA 1P5	`2023-07-24` - `2023-10-22`	3 months	crt.sh
*.vidyard.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-07-01` - `2024-08-01`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2023-05-17` - `2024-05-16`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-01-26` - `2024-01-25`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
cookieinfoscript.com E1	`2023-06-14` - `2023-09-12`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-05-16` - `2023-08-14`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.hotjar.io Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
6sc.co R3	`2023-05-25` - `2023-08-23`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-04-12` - `2023-10-08`	6 months	crt.sh
*.metadata.io DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-18` - `2024-01-07`	a year	crt.sh
*.quora.com R3	`2023-07-12` - `2023-10-10`	3 months	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2023-04-07` - `2024-04-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-19` - `2023-10-15`	6 months	crt.sh
www.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Frame ID: E47A2AC077A9CD3196518A7D295DDB56
Requests: 157 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.reversinglabs.com
Frame ID: DB2FB8CC89BD8A12612AA1B4A497D974
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 8831E8960E016F33FFCAC8BA35675831
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=7qhctws&ref=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&upid=8t4axvj&upv=1.1.0
Frame ID: FED3CCAE781B93A7A19980481362BD26
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

VMConnect: Malicious PyPI packages imitate popular open source modules

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Lightbox (JavaScript Libraries) Expand

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

160
Requests

99 %
HTTPS

77 %
IPv6

38
Domains

54
Subdomains

47
IPs

3
Countries

3620 kB
Transfer

7289 kB
Size

35
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://register.reversinglabs.com/demo
Title: Demo

Search URL Search Domain Scan URL

URL: https://support.reversinglabs.com/hc/en-us/restricted
Title: Support

Search URL Search Domain Scan URL

URL: https://rli.reversinglabs.com/accounts/login/
Title: Login

Search URL Search Domain Scan URL

URL: https://www.secure.software/
Title: Developer Portal

Search URL Search Domain Scan URL

URL: https://github.com/vmware/pyvmomi
Title: pyVmomi VMware vSphere bindings

Search URL Search Domain Scan URL

URL: https://docs.python.org/3/library/asyncio.html
Title: asyncro

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/hubfs/Blog/vmconnect-blog-figure1-behaviors.png

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/hubfs/Blog/vmconnect-blog-figure2-init.png

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/hubfs/Blog/vmconnect-blog-figure4-loop.png

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/hubfs/Blog/vmconnect-blog-figure5-PyPI_author.png

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/hubfs/Blog/vmconnect-blog-figure6-PyPI_project.png

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/hubfs/Blog/vmconnect-blog-figure7-husky_github.png

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/hubfs/Blog/vmconnect-blog-figure8-init_gihub.png

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/hubfs/Blog/vmconnect-blog-figure9-VMConnect.png

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/hubfs/Blog/vmconnect-blog-figure10-vconnector.png

Search URL Search Domain Scan URL

URL: https://github.com/MarianaCamelia
Title: repository

Search URL Search Domain Scan URL

URL: https://pypi.org/project/eth-tester/#description
Title: eth-tester

Search URL Search Domain Scan URL

URL: https://pypi.org/project/databases/
Title: databases

Search URL Search Domain Scan URL

URL: https://twitter.com/reversinglabs
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/reversinglabs
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/reversinglabs
Title: Youtube play

Search URL Search Domain Scan URL

URL: https://www.facebook.com/reversinglabs
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.instagram.com/reversinglabs
Title: Instagram

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/blog/rss.xml
Title: RSS

Search URL Search Domain Scan URL

URL: https://cookieinfoscript.com/
Title: cookie script

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 133

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691412029200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691412029200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D976924%26time%3D1691412029200%26url%3Dhttps%253A%252F%252Fwww.reversinglabs.com%252Fblog%252Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691412029200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691412029200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLU2peh0U3dQQAAAYnQA2NnVZu47UCm4muKxbCArwFx6bwZG8cb1IKYKF8FgogPUOc5vDP1

160 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules Show response
www.reversinglabs.com/blog/ 133 KB
28 KB 143ms
67ms Document
text/html 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d58fcc9b037c7817d2d7565a677f19616b2ca13d2575df0a2c82f4ad60b0ec87

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-ray: 7f2f9696f9cd9265-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Mon, 07 Aug 2023 12:40:28 GMT
edge-cache-tag: CT-128190968732,CG-3375217,CG-5901382633,P-3375217,L-11118979719,L-11735000539,CW-103636562700,CW-10782554896,CW-11119297579,CW-11395370497,CW-114796045952,CW-115016303498,CW-115021731904,CW-11538883136,CW-23776629869,CW-23799638916,CW-28186900061,CW-36845096476,CW-6520974104,CW-79001037452,CW-80857835930,CW-80864562095,CW-80864563080,CW-80868056874,CW-87757605656,E-10528761402,E-10777459487,E-11119463588,E-11190015046,E-11395370929,E-11395383304,E-11708570900,E-21052151416,E-23712622487,E-28203361861,E-38216899954,E-5951651806,E-6021532803,E-6021916068,E-6519964395,E-70521421874,PGS-ALL,SW-1,B-112999115134,B-5901382633,B-70179327783,B-94488163452,GC-103819429689,GC-115009898400,GC-115015365221,GC-115020232564,GC-25875947801,GC-25876057703,GC-26129507391,GC-28186555742,GC-80858624881,GC-80970810765,GC-80971492144,GC-81200326231,GC-87768577627
etag: W/"fc65ff0bb81ce00ae84caf0244109953"
last-modified: Sun, 06 Aug 2023 04:05:31 GMT
link: </hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y0DbXNx3450kTk9sxJWy%2FgSsSwxImGXjnA1qNFqzMkaL15e6P5f2HOn3rvvjL%2BBANuMPVDbGjpo740xljmsZ6qzEwHUlumasZc9cByuWGf89nOfNM%2B9CgV%2BuCFhM6YmcQZGA6cgBjuHt1r89bCk5Kvk2Ig%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-0s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: HIT
x-hs-content-id: 128190968732
x-hs-https-only: worker
x-hs-hub-id: 3375217
x-hs-prerendered: Sun, 06 Aug 2023 04:05:31 GMT

GET
H2 200 index.js Show response
www.reversinglabs.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 75ms
74ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 a355d8f903a0cf5525893c863fcdf216.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 9321317
x-amz-cf-pop: CDG52-P4
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2cexeWa0WWfku1f%2F2e2u9Qx1xurmY%2BzD1ognBi211Fc4ZsIC%2FjY9HUQJ9ZSGThx8EVBQyGjzMst4cRNkKPnoi%2BYxVcPQB9CY5ZV6bEftPIzkrrivHqohNyqoMYe5pyMLX9fX%2B5PihPNrYphtBzhGhBpryw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f2f96976a589265-FRA
x-amz-cf-id: TYHgsp09grVKpYA9dxiozj2UAW4tlG6PoALJeeeJ-H2x7PoACqsm6Q==
expires: Tue, 06 Aug 2024 12:40:28 GMT

GET
H2 200 project.js Show response
www.reversinglabs.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 83ms
83ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 8754744
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jO9QEXt06QnA8HxozWhfp2E4akmL6NruAmRWG343CNy9ADszRrlQ05329gGCPBX0FKOTp5OrWJRgG15WIH7j8%2Fm0ftFN7muSbjotPRr0EUEoRQWhIgWb5Xfvt5GqrmgxIHDPbPXZRfC0tV%2FY6ZCqLNtlTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f2f96976a599265-FRA
x-amz-cf-id: npDRtHLjVqh8zeihJtuF2gyuTq3Qaqk2QrNbNCcHimg8EpZG5wWqkA==
expires: Tue, 06 Aug 2024 12:40:28 GMT

GET
H2 200 v2.js Show response
www.reversinglabs.com/_hcms/forms/ 526 KB
171 KB 76ms
76ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dcf5ab0268e05f2e26960055d40e37a5ec0cb225dcc9da43f52967710cea56b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 477
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3512/bundles/project-v2.js&cfRay=7f2f8af561cdbb3d-FRA
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-evy-trace-listener: listener_https
etag: W/"c93e66dd60926c55c794dc765ffe6c1a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.3512/bundles/project-v2.js
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 16d910967d343c8da7828222a653755e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: ti0_iiw7PITtrft.AIEOPeRnP3ag2uRE
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: dec5384c-b5ca-4068-b1cc-15b54e882cfe
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: dec5384c-b5ca-4068-b1cc-15b54e882cfe
last-modified: Tue, 01 Aug 2023 10:17:49 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wxhon2FI52EniAFKKYid%2FLYcW888A5AjPQybvptcuCB0hkn9Y3WdET9K5qrAYzOMvfzdPTiU4tbvAIGa%2FMuJGYr5MJkOfduW9wXjO536imqSwEz3CwVpyAksiFL25TkWpqrkSwkfm4XchlgNdqm%2BJk2CUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-xjmf2
cf-ray: 7f2f96976a5a9265-FRA
x-amz-cf-id: aofsfeMJOUDLSPY9pCEun2b78Vb7LrDzMCSqsZU48hrDfWY7B2qv5g==

GET
H2 200 stickybar.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/38216899954/1683495050466/Modules/StickyBar/ 4 KB
2 KB 77ms
73ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/38216899954/1683495050466/Modules/StickyBar/stickybar.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9ff889aa2badd5dcf9989574fa2006fb183febc1685353d19bf1dd28ed7c1b2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 343
x-amz-request-id: A1EP1F3CR54NCV7Q
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"424627ea38e47986af8095e0d67d40e2"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1683495051068
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 814e6200dbb5865e94b7b0c1ba6129fe.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: jgLYEQ4EOqvxpqZTyxVIjrm84TepXoQY
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 114
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Lc6djJd1ckKCs+aBHkYMonVKhz1sxjFxH09hsCTMR2phNMdXw4mGMkPvk2JbdJkNU/5N8So/Jf8=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 2adbc651-67b9-4ddb-8b5e-19f4d1a74cbf
last-modified: Sun, 07 May 2023 21:30:52 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BdboG9EpJCvmDijKXsHo9rqAENEqxz2ZBSjXdkGhoDjGS1omJKaqACBUDEDx3S%2FKAvrKQj6394VL9krSKl%2BANaa2SMWbjSkfGykcnnpMwEbzKSX41Nh5uS5CuzKmoF42EWf%2Bktu1%2BqhU7eD1qZ%2B1S2px0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-hlzsf
access-control-allow-credentials: false
cf-ray: 7f2f96977a629265-FRA
x-amz-cf-id: Xe60HxEZc2yldg7dFlLAwerCj3PHyAGkt5L1BTEeWIilFZDlnvsUIw==

GET
H2 200 site-menu.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11119463588/1690214555806/Redesign_june_2019/Coded_Files/CSS/Components/ 6 KB
2 KB 113ms
108ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11119463588/1690214555806/Redesign_june_2019/Coded_Files/CSS/Components/site-menu.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb8d8c2427fab53f2c4d0c70d9661c7d33d995e486cdb923b0c6d65b6b4fef19

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 343
x-amz-request-id: ZNCGH859ZJ43QA1Y
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"eb32609c5026ffac513b3e81d68d3ded"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1690214556506
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 b4346add631a498bf6cdbf88cbc5ff12.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: GKLmHl3sCXmnSkwVBkhk10OG72nsj2BC
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 850b9dc4-e94f-44ab-8f9e-453a59548e6b
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 212
alt-svc: h3=":443"; ma=86400
x-amz-id-2: /RHDl8GKbOMBQsxfj8mZiFKJA25WzIa+5TvSVN7jHCsJ2bFGQJEVov6/9S/i2vvam53kcXHxbVo=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 850b9dc4-e94f-44ab-8f9e-453a59548e6b
last-modified: Mon, 24 Jul 2023 16:02:37 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DXeHfYKGFJxpebqoUW52DktMgmVQU5dMR5BgTtEfNM15wKqPcPSw51Xy8E4h5z2x2sjJzD8JTwXi6XCNIv%2B4%2FSrAXopqrIq9LblxAzgW4DOFFP%2FkwIrJ%2FLFrobFVns%2Fu7fs0Yaaake6zhLZ42AGszse3pQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-mxtb7
access-control-allow-credentials: false
cf-ray: 7f2f96977a6a9265-FRA
x-amz-cf-id: PDTq2iw3fKj-4YIkxpy39-MMuABvHOd6G1A8JrEeVYXLht5g0YONTA==

GET
H2 200 micromodal.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11395383304/1628866683496/Redesign_june_2019/Coded_Files/CSS/Components/ 4 KB
2 KB 113ms
108ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11395383304/1628866683496/Redesign_june_2019/Coded_Files/CSS/Components/micromodal.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e634b615e771259a6dc723ef2cda097c480ad26dc92faa6450c5e4e16e3288a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 aa6e16f47d6a0519f52b8dcfca2d841a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 343
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-amz-request-id: 2YS7J1XDFTRMGGVY
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-version-id: e3VxwMWpNWQvL0ZQahFb1P28o.8Kjgu5
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400
x-amz-id-2: nz1mOdCCQju0kYhIrRsgASldTGuIaEddI1UPSlHxkgDFTj0XP9C41a2DrMFo0TT5JHQ/55iE6hA=
last-modified: Fri, 13 Aug 2021 14:58:04 GMT
server: cloudflare
etag: W/"20c2f66e9f10bed15056fd6b975b8a75"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1628866683533
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wU1tzjDCuD0PykaTuqGhG7XpjCVJ4yz8nVENiKSG%2BfSWTMApLWcY9cjXPyDCv0vUPpsGuoGJ4tMkN%2FpG88dLUrP4Ww1kTD75hECVwrQUrbzR7jCDEnRmcg479IUdlnWAbCdqIx49lpwSIF4Ip2bFYY9Zug%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 7f2f96977a6b9265-FRA
x-amz-cf-id: 2-IU40prcFtbX0JqzoEuY1N3dTR8BB10tPvrumPAv3CT_d3C7hDKag==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_11395370497_Redesign_june_2019_Custom_Modules_Site_Search_Input_-_Header_Modal.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/1563505647497/ 610 B
1 KB 138ms
134ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/1563505647497/module_11395370497_Redesign_june_2019_Custom_Modules_Site_Search_Input_-_Header_Modal.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

249d08c8fde3e1912f9d6d25ff14eed26f4adea29df815b794933eb133f8ec37

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 aa6e16f47d6a0519f52b8dcfca2d841a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 343
x-amz-cf-pop: IAD89-P1
x-amz-request-id: VSEXTJJ8TXTDG8M8
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-version-id: n_rdB5Zjo6jQpLlilRmMi5fLWw35sgNj
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400
x-amz-id-2: zS7gpyK4ngg++6o2GlW32zj366QwJqv+/gzWYXmB24zV0gk2AuOWvTrlQDcBw6J6yiTezglW09I=
last-modified: Fri, 19 Jul 2019 03:07:28 GMT
server: cloudflare
etag: W/"6b50e831aa1329ecfc246611e5b73e07"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KGnHiN%2BVd3aIUIuvboJyA8TD2tU8gStTm8jrzve9pgL7ILkt907wiLFrR9cwmgiWP1cBhDPePXGKKtvnh5tMtuSdQmRDpm30PGCaY8L1%2FceSNysI95J7nDCmg5WX%2BmsZqzzhQUYtm1GiDVJXTEf%2F5c8HwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 7f2f96977a6c9265-FRA
x-amz-cf-id: j4lWry9rsENA-M56NhWXljQae9YwySDV6RjDp2O8FxZICdiu9_tX2A==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_103636562700_Footer_Categories_Text_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/103636562700/1677161481432/ 89 B
964 B 84ms
79ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/103636562700/1677161481432/module_103636562700_Footer_Categories_Text_-_global.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

350dfd290fcaf704accd61883b7d6dd6e2fcb8d6f10c747ba96707c20bddc000

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1681
x-amz-request-id: 7VDYX6YBDPYEPK88
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"0e24424bd7a91e1adc940105ffcd26d9"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1677161481432
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 c6bba20dc3ec8526b729f039a2fdf7ae.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: S9Og3Ezj9hRyblXN9qKf01bBpHlkGn4t
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 110
alt-svc: h3=":443"; ma=86400
x-amz-id-2: GCHdKb6pnWl1WMzThxaVjLEgaktKu4Dzwu/H97avc0A6/xZYrjMa3kbjx4cC4hY98fTdWtsEqO4=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 4c6bd3be-d196-4185-8d66-c34713fd8d55
last-modified: Thu, 23 Feb 2023 14:11:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xyHVqPhBtVG010e8yC61J10%2B2tkhs1hZc80lKbNN7JdpWD4VDQLIfZfa1Jo5R4OK6bDmtg7fdFbWKuBWJsI8KYseuGCEQTMfH%2Biat6WZ3oZjgdRdDu6QO837MFFCIYRWC%2BQPtZe%2FeJb%2FAlbPk6O0IeUQOA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-fwhk5
access-control-allow-credentials: false
cf-ray: 7f2f96977a6d9265-FRA
x-amz-cf-id: Yg4pipa3VRdo0zttA-R5LUyZYOkDAPmRp-4Uqx9xqr6mwD7US85mQQ==

GET
H2 200 module_87757605656_Footer_Categories_Blog_Listing_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/87757605656/1666371595958/ 135 B
1 KB 125ms
121ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/87757605656/1666371595958/module_87757605656_Footer_Categories_Blog_Listing_-_global.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

abe603cadd5d178715e8d259697dd4470bf63c6ad1115eb0af8715c778640133

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 343
x-amz-request-id: BSHEJJ0J7M0Z406A
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"13b7e92cbbf8ac04eec1f7b100347115"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1666371595958
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 14d757a67b913f1bc93427e69819362c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: kLOdiFo6YnWIpiP8BLnJdzSgnAZ9CfEh
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 144
alt-svc: h3=":443"; ma=86400
x-amz-id-2: evQ/5MYvkDYpn1vpTO6vk99GU3OCODvH8c3gILDmY4BxuA8xOL4mV8uqTZwUC3GMeEBC8it7H5I=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 19555df2-b004-43ab-b28e-f57dd55085df
last-modified: Fri, 21 Oct 2022 16:59:56 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HW%2Fg06K4AMJ9nRPq0LiBxlraXRZqZtAK%2BgdXufxsRBG4kA%2FZQrzZPhG%2BZsMXsFSq5BhRNrBsW%2BvVQH32zCpuJdYX1pKJcaU6AgXCp2xOKTpbnF3Xas7xGNYNCJp8LM5IrZ0HFat%2Bf1GQjYlN7%2BwiWf3dZg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-r4k2f
access-control-allow-credentials: false
cf-ray: 7f2f96977a709265-FRA
x-amz-cf-id: mP_hBHU0YmCXSC5F2Kax4PpVNlFgecwbWXeLqNDMvOQH0qvcDBxMbw==

GET
H2 200 module_36845096476_Blog_listing_card_grid.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/36845096476/1683635695217/ 304 B
1 KB 141ms
137ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/36845096476/1683635695217/module_36845096476_Blog_listing_card_grid.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e0e46665e34d5b09152a1ab9be9e89802f26f40b6e1a29780bf07ae94bc2376

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 343
x-amz-request-id: 493BPZ3TQ3W0EMJR
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"bfd6c45ad0a0ed80b73460eea867fdb6"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1683635695217
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 0cba74644cedf83bb6fb7dc90d8b0980.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: QEtrj8a5Jw.zNpvkZ3KAKAvL2xgpFoi3
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 112
alt-svc: h3=":443"; ma=86400
x-amz-id-2: MMxDYlGAKstu6xcv7FF1yOTH82QSEPxgsUHCfDREspFI3X/rVg/KSkoCdSqFHVVi7kUtUPPCOns=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 70a882f2-5814-44ee-a5ae-368b05624550
last-modified: Tue, 09 May 2023 12:34:56 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k7d0yWfpjEmIP6wLxn3vD5KWtKG4951Pdagj9o68JkT%2FgksF2kYcErypx18PuiXsJ%2BHP109XdKqJX%2BRh%2FfzNjhY6LVTyzri1picQBcAeWuqIwIr5aYnUejDDirfcaB%2FBLm%2FNEq%2BOVzhUa2sSgWkvXq%2FYnw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-fwhk5
access-control-allow-credentials: false
cf-ray: 7f2f96977a719265-FRA
x-amz-cf-id: nFSROtreYfVNhvwYYd0UDd-5eq1Mmw_0_LvzBmqdiBlPGjVMp0yAdw==

GET
H2 200 module_80864562095_Sidebar_Categories_Blog_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80864562095/1659712321004/ 419 B
1 KB 175ms
171ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80864562095/1659712321004/module_80864562095_Sidebar_Categories_Blog_-_global.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7d36be0a73651297b0f6b15b1aa2e63a204489bb9c552c11e0cf7db771081d4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 343
x-amz-request-id: NAYX3P3QBFXSJ0XW
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: W/"d7c0ecedc0f1ad068aa363dbf6f552be"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1659712321004
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 6f3546b6b501aaa8c1b4750231158188.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: kytFTmhcx66YfyEHUvgGyzju7VPEYvXs
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Z9kOjStGIvTfaj8fcvCKu5QQ+/9/yXsNCNlkDg7YeIRxGZxM2Zuxkim0/blpoD8/cnIl5JAsKsE=
last-modified: Fri, 05 Aug 2022 15:12:02 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B34oLoSxoFAWB84tsGBylqPU79s5oPdJWLsUysFlwRYBviqHYKrEkVfBDz7kMJnARgWm6mIfIb08ckhlhN%2Bt7BogRSd64FJoYdxWniSMwLdU%2F0lTmhWZl8dtAplFuaYl2TrN7GODkCUV4GHEwIIgUwILQw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 7f2f9697aa899265-FRA
x-amz-cf-id: O86xJHE49-iPfxDzp58DEiqXVNoF2204Ahc8nNeaZbdHAGFJcCVWrQ==

GET
H2 200 module_80868056874_Sidebar_Social_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80868056874/1659702739351/ 298 B
995 B 140ms
136ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80868056874/1659702739351/module_80868056874_Sidebar_Social_-_global.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f419ad33d162aefac608940b47d2a524fca46eee0c82f877710a6369e68be33c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 343
x-amz-request-id: 98NB269N0E5B3BGZ
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"ea0c94f5b1324d7913f6a18ec1f3fe14"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1659702739351
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 9b097dfab92228268a37145aac5629c0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: shmO1QlyhGMyDoImESYiUCU5phlmEXau
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 172
alt-svc: h3=":443"; ma=86400
x-amz-id-2: lSaiJ+khQb0Samuok6dlEzLOoqMgHk31Tz8Q4h5JJv1Syr0xvdW/m2ogOiQeZHajxkcO74hExM3rZxDVwerTYQ==
x-evy-trace-route-configuration: listener_https/all
x-request-id: df15e28b-cd7d-4883-84b9-a224f2b23284
last-modified: Fri, 05 Aug 2022 12:32:20 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=epK2x2zKwdTfDNuNCo1RFSKnnQQk1YfeVqbPGU0mex1EwuZIDK3vqPitPVlc1UGKZ1s766Njr4WANQW2dunaWQlhww5nu2%2BLRAjcqnERv1U%2FnOQLd3FEYyjnL5UBwJ5o8EmpMep%2FtASxprdqYtAv7BJSKw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-7hqzq
access-control-allow-credentials: false
cf-ray: 7f2f9697aa8b9265-FRA
x-amz-cf-id: uKuhaBOnVQBZIJ7QPGBv_7uN4OVvIUJO7CRAT28hiq66nN5XB3Cx6g==

GET
H2 200 module_80857835930_Sidebar_Blog_Subscribe_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80857835930/1659449374148/ 620 B
1 KB 139ms
135ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80857835930/1659449374148/module_80857835930_Sidebar_Blog_Subscribe_-_global.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2d14bf82ef15e64d7503eed437a43ad5f26d4f5bcac6745870c32f1ed77a8a6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 343
x-amz-request-id: 0CPD67HGP2T4VTGR
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"058524ab080d84460f7e7c6d2ecb4d89"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1659449374148
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 a251e31740a6e166e8fdccf296c41644.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: e1cZxYRKfUgD2rKmkLGGtFZUzq.7EtsO
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 113
alt-svc: h3=":443"; ma=86400
x-amz-id-2: bCDnldKnN76qEWzQaXcoZtvxtXp5x4LpXnT0mIjgzv39px+tYwFovBBTeI4wNMaTu1STGAKufvc=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 578d693d-5549-42d7-8647-3673bba6f8c6
last-modified: Tue, 02 Aug 2022 14:09:35 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9bgBr83p0Lj9%2F2s9weR67cnrQ1Tfi0BPM14WwNZKnyyNZAbofeVoSZhJlfl5FmYNnRhHSNSQYB6mYhWfT9uXKgM01oanoQbsMSWcF%2BVECrtJphT5h22g6OrqODhjgRVlxRcxdNNLUgJ1jPP8lVPMaYaiHg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-rwfnd
access-control-allow-credentials: false
cf-ray: 7f2f9697aa8c9265-FRA
x-amz-cf-id: tAy8LPGZD01OtX2us_cOxCSc8m88XLHg8AWtggdKSL5WxDifIdK6lQ==

GET
H2 200 module_80864563080_Sidebar_Blog_Favorite_Post_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80864563080/1670427753922/ 581 B
1 KB 143ms
140ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80864563080/1670427753922/module_80864563080_Sidebar_Blog_Favorite_Post_-_global.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cafcf576874435cca6e41394ae820ab1573b83f8b405d10d3ff8add93614c8fe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 343
x-amz-request-id: TN8JRPSHNZXRKZ1T
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: W/"c2bccdea5694cead22c9370560abd5e0"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1670427753922
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 979084a90b32fe3f5fdc377fb6e67b76.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: wr_YakpyxY_udxaEA70Z09_FgvspAnTj
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 9sfkui2lNOR9HKXf6QfZearJZoYc0emHrBP83j3aY7vY+2brJY7jYGZoDJWFmJrFJb6N0xmaw1+Ls7OvihVQ6w==
last-modified: Wed, 07 Dec 2022 15:42:34 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lvx2k5N430cOqQcE%2B49zVEbD6jzGWo07lE8v5RMZvrVNkXOlU%2BgZiRNSQEGlShg0Le6um%2BSEr5CEBj3YnqKp3vw1wVVCUUT5suNh0cw6AiCTFslm2%2BKdiyvRphPJSDvXVaCwRGG9otOhgCVcVTeUhNxCMA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 7f2f9697aa8e9265-FRA
x-amz-cf-id: o2TRwN4aGb9oEUiEbVp07433bxR0UkfScK3-5CyU0yLXB4cisUJZrw==

GET
H2 200 module_114796045952_Sidebar_ConversingLabs_Latest_Post_Block_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/114796045952/1683726402031/ 449 B
1 KB 135ms
131ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/114796045952/1683726402031/module_114796045952_Sidebar_ConversingLabs_Latest_Post_Block_-_global.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d6d019be5fdd6ed212ab83345278024e52cb55e59e5a577644a58f1c29ae316

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 343
x-amz-request-id: 1ZWPRY4T8RG5FBX9
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"8518a5951d9ad4d2295f309cf6fca5e1"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1683726402031
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 90ac509e6263ee9fa7bb3f1ed1f46118.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: AQN4k9CjDjzeOb4WGe179iRQS2cuvN7I
x-amz-cf-pop: IAD55-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 123
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 6K0VBtV/5SlAb1taN90asHPq5fzkTfPUeUwGYp3puajuy/55zsup7qAFUEik9P06pIXqOUgK3CU=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 776cbc17-31d8-444d-a4fa-8237b1225682
last-modified: Wed, 10 May 2023 13:46:43 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sXfwXX8437VCUqvjyJXYNH3P%2FGCHqSeaQ4JlW%2FmQBI%2F2LqY7n7rUEp7sP8%2BWFb6Y5ObgZEvxDKkKcmqKDH6Yzd7ZKo54mpSnmqEtHqeb6ttm3my3U8D2sv30b%2FIhTMoyjJ71NsOR%2FgQCUgv8tKByCtQvEA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-hlzsf
access-control-allow-credentials: false
cf-ray: 7f2f9697aa8f9265-FRA
x-amz-cf-id: aCcoQlUlrPmuTAJpQvqlVfR-qxCZTPQFToO94h0EwgY4qOIQY1r2zg==

GET
H2 200 module_115016303498_Sidebar_ReversingGlass_Latest_Post_Block_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/115016303498/1683726382481/ 449 B
1 KB 136ms
133ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/115016303498/1683726382481/module_115016303498_Sidebar_ReversingGlass_Latest_Post_Block_-_global.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d6d019be5fdd6ed212ab83345278024e52cb55e59e5a577644a58f1c29ae316

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 343
x-amz-request-id: 0WSX39427J1AS112
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"8518a5951d9ad4d2295f309cf6fca5e1"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1683726382481
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 b64454e3c1123ac098282f1036154740.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: kE2bMXeYWn_ktJqXj7KUhR8Fu5cHi1x4
x-amz-cf-pop: IAD55-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 135
alt-svc: h3=":443"; ma=86400
x-amz-id-2: PW5+eWD9+xuuphm0jZbqbs12I5xghMcILTCbUgQxi2xPmBxVBs2q5a6cC6+jJLZGKMXQe6Tng7s=
x-evy-trace-route-configuration: listener_https/all
x-request-id: bf630b5b-dfad-40fb-be66-6907bb0b9973
last-modified: Wed, 10 May 2023 13:46:23 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=34cBmg1O2uz%2FFa4BMCg3gFONsK36borDAwpdKb8UzjTV1R%2FKSv2WbYCRnY5DyLZdagBadaR2BfZe9VCnZu3fuUx66Nait696VaxVwZnwvb2hdBZhrE0UkZfJmyaK6y82617txHCIkNcVMmdmNPw9CaE7Uw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-fwhk5
access-control-allow-credentials: false
cf-ray: 7f2f9697aa909265-FRA
x-amz-cf-id: uuvQbsRPHfQRoKUdPc9CdrHq4khVP5eIig2tHSi4wmDEv8XOJo5d4w==

GET
H2 200 module_115021731904_Sidebar_SPD_Latest_Post_Block_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/115021731904/1683728917797/ 449 B
1 KB 142ms
139ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/115021731904/1683728917797/module_115021731904_Sidebar_SPD_Latest_Post_Block_-_global.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d6d019be5fdd6ed212ab83345278024e52cb55e59e5a577644a58f1c29ae316

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 343
x-amz-request-id: FZ7AC83PSS98SKD7
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"8518a5951d9ad4d2295f309cf6fca5e1"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1683728917797
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 d4564d6809e10e731bfdfae814a717f8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: _NB7Ho2f9mjVTOSpgbcz46QGtgjcNPEf
x-amz-cf-pop: IAD55-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 134
alt-svc: h3=":443"; ma=86400
x-amz-id-2: VFqhNEo69Eom5zdF27L0BoBqLcEsNE+6NT4gvpsJwKDcqBUCspDQOL27i0/xPUFMy1z6BIDvln4JjkfAEwvByH5rewwErVDf7pCBZOvWyt4=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 48b01650-ff18-4237-a242-538decc54d8d
last-modified: Wed, 10 May 2023 14:28:38 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7YaydaatttED9p6v%2B8rECTLaLOvDDHarI%2BXX5mXnMCGyDgMvr%2FfczT%2BLkdi%2BSlL47ussRol6VhhSyXI4ueEBq5KXaUBq5dKSVMprHdCnuVkK5dgJRqgTJDyTg1K%2BqtkBsksolKYN8w89u4jqkqfC8f6miw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-7hqzq
access-control-allow-credentials: false
cf-ray: 7f2f9697aa919265-FRA
x-amz-cf-id: ML-o27nR3DM5iAcRNOXPn07RaCZMoZxnkpdGul3CDRqf1SxiLLfAxg==

GET
H2 200 footer-redesign-2019.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/10777459487/1628866681200/Redesign_june_2019/Coded_Files/CSS/Components/ 1 KB
2 KB 166ms
163ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/10777459487/1628866681200/Redesign_june_2019/Coded_Files/CSS/Components/footer-redesign-2019.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

27215dede1579d37bcf4ab9ef8fc7d968bd02081c4e61d77837a9bb8f6ca9511

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 343
x-amz-request-id: WSFB17NDP7WVXHDC
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"74345f5a0d3875bb7f758b06d4778849"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1628866681235
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 d1cde188ada6755fe03b8541b71fce4a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: KkIg9v6XZx4VO697E4AlyOGL9YPPr5d0
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 168
alt-svc: h3=":443"; ma=86400
x-amz-id-2: NTSW39LESqcpEzbdKO4Sp9EssZbi2rZke+7eplwYSYjEAGP5fu0TBEJHLi0+m1yM0YbvViu3aAMKM2hhTwxdrQ==
x-evy-trace-route-configuration: listener_https/all
x-request-id: d47d7ef7-1f8a-4a92-bbb5-81d1ff5e909c
last-modified: Fri, 13 Aug 2021 14:58:02 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FgVFhFre5xvVtkN7t0s%2FkYXk1WdfgL5Awripns0%2Bd5TAGQ7%2FpM03H8bGGaSHWJgdEFlWqodVEV9oMSgt1TyuFLAOlj1wmOXLCZxC3y0qgKZUzqdSOLLeyvec14UpvDA67j8SYVeeWE2k%2FJiJ1HPHgqsoqw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-r4k2f
access-control-allow-credentials: false
cf-ray: 7f2f9697aa929265-FRA
x-amz-cf-id: Py1daG-4qDMY_6piUCte2gArFkk6RFnYsjFmo-O7skAEor7gpWQa2A==

GET
H2 200 module_10782554896_Footer_-_Redesign_-_2019_-_Global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/10782554896/1684325396009/ 126 B
1 KB 180ms
177ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/10782554896/1684325396009/module_10782554896_Footer_-_Redesign_-_2019_-_Global.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

04245f85425b7978fbfd092971444a755772b93d9fb41f4c58f388e520403afd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 2734
x-amz-request-id: 7X42C64NHK6DKKZ6
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"d5024537c90d258c2752af5a17a95367"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1684325396009
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 16df6ade68382d048f8aad1f7e39da28.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ojCcsa3Hbm8KsKBjYnw5U.TUyefQWjmM
x-amz-cf-pop: IAD12-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 121
alt-svc: h3=":443"; ma=86400
x-amz-id-2: jViwf9FZMI3kLz81OlMSSEAWGIfG1h+N5HMjut2XqQyD4f6sd57vNh+/LOTvlzEnwFAGwQi7P7Q=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 99334791-2074-4d1b-b287-4a3c755b37a1
last-modified: Wed, 17 May 2023 12:09:57 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7tqHPIc0DIY5N1IHXH6Z0JXdsaF%2Fo%2FiT1DIPnB1ctXizC4DfZC%2FGqt9kcp68e3svfFjPIc%2BeIPrVgy9z70OxYWB56XTjHfiPiEx3Rz6Jr6XJqUOaQpHZH2oVD6NGDIw2W6GueddFlQCaZTbCCcoVsH%2BXBw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-mxtb7
access-control-allow-credentials: false
cf-ray: 7f2f9697aa939265-FRA
x-amz-cf-id: McaJ-7R67LJK9XZmYCQNRIwGIRwHpUu9pqoObAk1pDUcS76W5xy71w==

GET
H2 200 Reversing_Labs_November2018-style.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/ 143 KB
24 KB 185ms
182ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

61ce08dbad99d88826d7e7d374b628662137c7893a943d6a541cf4b0455c5067

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 343
x-amz-request-id: 9BY06TDA00GEHJTS
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"3d0f457bdc611022c3f48f57eb877977"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1685359417818
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 6400936fc4525d1c60e3e8fee9d4806e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: AcrfIRW95QY88SeuDIXAFoVt.4x1ZQWb
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 139
alt-svc: h3=":443"; ma=86400
x-amz-id-2: GkxM6CyUTGG0PBFgMJaDRztxsWFbJcPlZ0/7OioWm4zjLouo3IjGbhgJ83dkKDN715dWTz+6LH0HE9fsUUy+aoo105Uo0mmZotlTj0R0A+k=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 87030c20-b4df-4c9a-a844-9982d6c02ddf
last-modified: Mon, 29 May 2023 11:23:38 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z%2BAJh0F8Zk7EO2a2SGrOT03pbM7qXtoJhHq7UI%2FcXNx6YkqnxTYoUd%2FV%2BS%2BnslpUn3GdYCL974tNj8iu%2FeNJ4z4GkWxOr%2FlrYkbivicLgUZP%2FXjIqtjsi8C%2FaGYsJYG8tGyJu9z1Ztu6%2BmGzmZ6bMaSrRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-9xkdz
access-control-allow-credentials: false
cf-ray: 7f2f9697aa959265-FRA
x-amz-cf-id: EfnvyHcxkM0r5MgmZNSmpahxHbS44buGtkHilNHaDyIqxvzzMKUqGQ==

GET
H2 200 v4.js Show response
play.vidyard.com/embed/ 70 KB
23 KB 99ms
28ms Script
application/javascript 151.101.129.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/embed/v4.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

86bc7c25a3bf03fad86ce1733e1a562b1395d60635b29960b7b3f68aefa8bc7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-cache-hits: 24
date: Mon, 07 Aug 2023 12:40:28 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 8489
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 23020
x-served-by: cache-fra-eddf8230090-FRA
x-china: 0
last-modified: Mon, 19 Jun 2023 19:37:16 GMT
etag: "4e2f211a0d5f0f0e82bcf94c1f18d11d"
vary: X-China, accept-language, Accept-Encoding
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 186ms
28ms Script
text/javascript 2a02:26f0:480:f::213:7ecd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ecd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

6ff2cb75e9629684295d538513cddd941b0bfa7072cd3c6536e6905f6fe921ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
server: Play
x-li-pop: prod-lor1-x
x-cdn: AKAM
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-lor1
cache-control: public, max-age=3600
x-li-proto: http/1.1
content-length: 163643
x-li-uuid: AAYCU84N3oPvKyvJ1Jkb2Q==
expires: Mon, 7 Aug 2023 12:47:02 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1691156845456/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 126ms
53ms Stylesheet
text/css 2606:4700::6812:cec9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1691156845456/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:cec9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-encoding: br
age: 255101
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"94daf62e7e6df83595c6251fb0c7c055"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691156846066
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 07 Aug 2023 12:40:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 360d3742-4e44-4d59-b9be-9c67e2e8f82b
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 172
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 360d3742-4e44-4d59-b9be-9c67e2e8f82b
last-modified: Fri, 04 Aug 2023 13:47:27 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k65TrJ6DaKlmL%2BaDA7HM6GefcOhb0p1jp8mDrFSvu%2FTVcF8OJd5SWUEcvEB%2FTz8Ly2mB6mS%2Fnqm1qPbx0Bu%2BgBXp4FCIFcjlR8EiFMWI5FABfGNZ1GjYOLN2hdoIp4HbTraZwIefaD98XZxNjlo%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-hml5r
cf-ray: 7f2f9697e8bbbc01-FRA

GET
H2 200 RL-custom.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/5951651806/1659964887293/Reversinglabs_July2018_Theme/Coded_Files/ 12 KB
4 KB 166ms
163ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/5951651806/1659964887293/Reversinglabs_July2018_Theme/Coded_Files/RL-custom.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a5f6ffeb8930092b29aef8860e2c8ebbe25dd2dcdf70ab4b6b137c4b4592f70

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 343
x-amz-request-id: WSFDFSSBK9N81HVZ
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"87c5bc53e5805378faf6e71727ae7d28"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1659964888595
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 6b7e1e42d74fd61097787cc6c1a37c34.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: rddr3nP1mNXXwP_ajL22vN12Zg.dfVCT
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 159
alt-svc: h3=":443"; ma=86400
x-amz-id-2: UqeA8J80HdHOEez+UEItUcXFZiXPApxUbaH+hxOMVMVtReJig3r0S5AU15jOP+ae1v/qn/PqpOc=
x-evy-trace-route-configuration: listener_https/all
x-request-id: eae55deb-8363-4e52-acd7-5bf486a87765
last-modified: Mon, 08 Aug 2022 13:21:29 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xCzRuRYny9L%2FMAuDa9bKv6OA8NvKcJjcvE91MYUYWyr54Vg2aeQRtxLbT64zTixivLU5dy3xv36vG4gXG4pWwzD8g%2BeyqBNXd73o%2BQPkAXEDzPCDqSAMp3eVFL1bPpBaChY6CfFkna0SRHgoGScSH0qAbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-rwfnd
access-control-allow-credentials: false
cf-ray: 7f2f9697aa969265-FRA
x-amz-cf-id: B9Yhy7rO2pUM57KSsEaozlTaUkMoatfztys-Nm__3BWZ8LERlt3rOg==

GET
H2 200 site-redesign-june-2019.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/10528761402/1689162268961/Redesign_june_2019/Coded_Files/CSS/Modules/ 11 KB
4 KB 144ms
141ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/10528761402/1689162268961/Redesign_june_2019/Coded_Files/CSS/Modules/site-redesign-june-2019.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c889e86e6c42fc475d139233bc09a8fe599673cfeebe015bd3083cd1ea994e93

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 343
x-amz-request-id: C67VNPFCGTB66AF7
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"a6b54e2468e63ef91aa2333794289d8a"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1689162269645
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 99baebf4b5bb631267dcfa82456151cc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: cM9nJ1gR34B3YQ2cLQTyj7pejlMLYf.6
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 1474e339-698f-4678-ac49-46d176a69129
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 117
alt-svc: h3=":443"; ma=86400
x-amz-id-2: X7RU/r2YFdcytCOlgM3h5/PV30HyOohS2Xaa5t4y75gPm8QMm1r2rhFCkhlXSZA0DcGrag1V4Rt9F5pg0FstSq+Yz90fCNIJHulrHuua1/Q=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 1474e339-698f-4678-ac49-46d176a69129
last-modified: Wed, 12 Jul 2023 11:44:30 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=viEBsiDt6JCHXFc7AeATM8WEvp8BVq%2Bt9vTOIGXQQ%2FG5tsGh1ZPF5qFMtfYAE5oGufsnYF5zQw2Yxy%2FwCgT1pEbqh8bJLuXsJQKMEk7JPf805tvb9pIGVc9qmMI6XBPyTQOb%2BmKF3G2fvOZi%2BJKgj7viPg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-fhfns
access-control-allow-credentials: false
cf-ray: 7f2f9697aa979265-FRA
x-amz-cf-id: V1blr6uorwDl5n385W2TrhgZrQ1kZSwtT96BG6jm5T3ARQRqDRqRzw==

GET
H2 200 blog.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/23712622487/1628866682579/Coded_files/Modules/ 3 KB
2 KB 151ms
149ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/23712622487/1628866682579/Coded_files/Modules/blog.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a612c9ad7bdfdfeb71ed257ea676a5bca9db5694ee8a0f0c1f8a96330429ea3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 0920aeb1eced22df07c9ece1cab0a554.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 343
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-amz-request-id: DNP27C5RWRB8DGE8
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-version-id: Mz.2Pn4CEDs4ZaIeZ_NrZ0_ijfcT5uxW
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400
x-amz-id-2: aF9DnAibKuggE3nwF/8DGE4otx8SyJ/0gV504ougeH9vk3FdM5ORhQGCBd+jn2+jF5PJDYw2ODs=
last-modified: Fri, 13 Aug 2021 14:58:03 GMT
server: cloudflare
etag: W/"86cceae70fe2cace0184968b3abea7a2"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1628866682656
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LwnpRqZsHoYYUHMKrSUQpR6b8Mt%2BB2HTgGZ2G2ClniU4imaQzF%2BZM88w95rKmwTDqYkgJ%2BNpfGahNWhG9n0wK%2B2IzU7bxKqrmcOAmz7auC6zDw6Je%2BvISBavYmIxW9U0K4TmzyrieqK2zQloz9x8kovAQg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 7f2f9697aa999265-FRA
x-amz-cf-id: aG2xrv5xdEfuxj8b5AmMr5yoi7tmkED9dJ5TRo2fhQ4RNcrpAQyMMg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 conversing.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/70521421874/1671120024586/Redesign_june_2019/Coded_Files/CSS/Modules/ 2 KB
1 KB 143ms
140ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/70521421874/1671120024586/Redesign_june_2019/Coded_Files/CSS/Modules/conversing.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc2fab7ad17829305a9146a6a0db45bf46dba8b104548a2777c5583c0aff059d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 343
x-amz-request-id: J9KZTYZHNSHCZTGH
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: W/"03194bf820a8d747a9c4e33f60a3d8a6"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1671120025512
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 e418fd5667de46c635f0321ea814c2e0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ezK3yCXod3kovn6QNb0kvlsgyxcpZGDT
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: TfcqbW0xVQnwmf18TMo1AkAfYCJmkgstNGmg5X2qr95N+mK8F8254KafmMO/Jc4dNP0IzXF4zDk=
last-modified: Thu, 15 Dec 2022 16:00:26 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2FglWEGFlOfO5jveyxqaC%2FsuL0ovvqgpfDIuGrRqrdv0NCiqsPrDMaXK3AUxfh1HvCVynFtXp%2BdMmIF52wWcsMentrAig8TobCDMsURunQlVOePzOHjFIHnG%2FMg8XLLRzQ%2BM%2FZuyhlulwb92EHzt5whtPg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 7f2f9697aa9a9265-FRA
x-amz-cf-id: -yQe4VUatzkgzq19dzD6qBzt_6cJtKSfZ25qMzUppn8xeegJmw_-1A==

GET
H2 200 simplelightbox.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6021532803/1569840493756/Reversinglabs_July2018_Theme/Coded_Files/ 5 KB
2 KB 176ms
174ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6021532803/1569840493756/Reversinglabs_July2018_Theme/Coded_Files/simplelightbox.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c44bc92eb78d7b1596789095812e8c24f5c3f9b4835318cf329204d1efc37abb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 0501dadffc52b06a0cf6aadc57586acc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 343
x-amz-cf-pop: IAD89-P1
x-amz-request-id: J9KSC9CABFFESGP5
content-encoding: br
x-cache: Miss from cloudfront
x-amz-version-id: Y9o3twj1TmNPLtARM7I8GKUA.atzxWnP
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400
x-amz-id-2: oxraOPjJn53Br6tpYNTq5Te988jVxT29GqKa5BQPszxaSJH0rnsRC6Fcit7hN/U0NvIytO8gLRo=
last-modified: Mon, 30 Sep 2019 10:48:14 GMT
server: cloudflare
etag: W/"9c259f55b65931c5838c0f7cd5f58f93"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mcwc8fbYOB67FqSI9gBZT4gD8GcvuQLsWMrrWQrqqXyPnBTSyb0%2FJ6WR%2FtoR925mK2ZW56epypY8upKyQvCPjWFBkLsKXCyw6EEC3VdcQnjDnGHX3T7SoB6LBh%2FuNP%2BxYKSXwUceRw2wgD0Nva%2BejT9GCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 7f2f9697aa9b9265-FRA
x-amz-cf-id: Sg3oF4j5w_b49xgy_GBQc2gzJh4yQ9ybxhTeniZzX9xDLZyfQvcKCg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 tag-list.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11708570900/1657723424898/Modules/Tag_list_-_inline/ 834 B
1 KB 182ms
180ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11708570900/1657723424898/Modules/Tag_list_-_inline/tag-list.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f631dc190b0572010591fe489a4d434db77ce0ff6156e9e7e9aa745156c095c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 343
x-amz-request-id: 0BT4PNDSW2FRTFT2
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: W/"d0f8005c0d02f9ea2078b355ed1700b3"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1657723425746
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 979084a90b32fe3f5fdc377fb6e67b76.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: R3vEp_hu.nAXB21yRaHK818uFUl.x7KV
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 6BrV+bMAW2zZcmI9DfbxJEdZiguADzTgIgd29gBp1JrcwylJMwHT6ixtc4O11/9zsH1HN5auy5o=
last-modified: Wed, 13 Jul 2022 14:43:46 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uMJAoOH96Aj1w%2BSegcAMD0cSiqTr8EzSdeswvKJu0JtfQ6O7%2B3%2BA8SF989llQaJQyvGB7R0LHmPsfI00WBLRtb2AL%2Fh8EHMMzwYDpQb%2BAhsfwBg9dFs7IL7q3zDCOor6YGjZZe%2F9HQiCavlUeL1y6pJxFA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 7f2f9697aa9c9265-FRA
x-amz-cf-id: B2Ndioz5GayXkl4R1Beu6DulRkGVs9v4aFtUg-nl7BlU3EqgSN_87w==

GET
H3 200 rl-com-logo.svg
www.reversinglabs.com/hubfs/Reversing_Labs_November%202018/Images/ 3 KB
2 KB 189ms
183ms Image
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/Reversing_Labs_November%202018/Images/rl-com-logo.svg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ed697a94ae987ec690170223f411112068b61caf8678788cb4c37347249fd00

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 f1a22cc8d842b0950e4bd5bda60806f2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-6517800726,FD-6517800709,P-3375217,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 212992
x-amz-cf-pop: FRA56-P7
x-amz-request-id: Y6Z201APYHMBA3GA
content-encoding: br
edge-cache-tag: F-6517800726,FD-6517800709,P-3375217,FLS-ALL
cache-tag: F-6517800726,FD-6517800709,P-3375217,FLS-ALL
x-amz-version-id: BUsncvg3SahbgModZfK7dQUIXXLSPFen
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
alt-svc: h3=":443"; ma=86400
x-amz-id-2: p0oZJA2psZII0vVkNybjTB90mgmD1w98My7yJzLiT8xjn8nwBy8SRTbJrguIn8qJiLZCD/gnqw8=
last-modified: Wed, 14 Nov 2018 07:33:54 GMT
server: cloudflare
etag: W/"86ace497147ac2cd02198f3cde44219e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=25PYZI5pHLTUTojv9KywA3TW8N%2BjIH3yNetM2ewCppIpajtbl2CSF0XZC0y%2BsOyef8IUGQYcZnN7wS7LuPPqQKw2bikqIHv1cUaRy3VVLBeYWBCQZRVMFInbu71r2ZyNUBQQidXOU4nlc%2BnbjQOjU%2F98Zw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7f2f96994a931e0c-FRA
x-amz-cf-id: IEj5TzmNnFs1ep8Ep-PbNFawVXNGC5yDNbWkh5BxfkGFx75FwuNE6Q==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
H3 200 karlo_zanki.jpg
www.reversinglabs.com/hubfs/Imported_Blog_Media/authors/ 18 KB
19 KB 217ms
211ms Image
image/jpeg 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/Imported_Blog_Media/authors/karlo_zanki.jpg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

262c51d03e4bdb5c91511e2df131b608a522b7a96c6a89048ceb90084b3402dc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-24367560330,FD-8444884887,P-3375217,FLS-ALL
age: 8184
x-amz-request-id: WSG7FZZ2JEVRK8N0
edge-cache-tag: F-24367560330,FD-8444884887,P-3375217,FLS-ALL
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "c40419dee622f0738b5c1f8a5152db50"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: lfcykLsw0R1YXz10xZ03n4UPI8BPc.OS
x-amz-cf-pop: FRA56-P7
cf-polished: degrade=85, origSize=90381, status=webp_bigger
x-cache: Miss from cloudfront
cache-tag: F-24367560330,FD-8444884887,P-3375217,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 18276
x-amz-id-2: QPNfnTDW/siWySsEvDK8LpdLCArdASfuKI5mdU9WUPCgtlNIwaAFTcm55NHLg+YKu+YG5IVXi7g=
last-modified: Tue, 14 Jan 2020 16:45:17 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=npZINiHIKmLd5ridjoylREG6OJAQjU%2FIYzKpwcC7D8HAw40Fi38qimIAFpyqLaWaH3QgJs47lYkH8rKyLH58siE7aCfQcHr0cx6iV%2Bog213emmwNl7oHkIrVevG1VnQ0q%2FKmmoLmNUu0yssDREokvj6Gsg%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7f2f96994a951e0c-FRA
x-amz-cf-id: 5s5r65dIwevslvm19nxpcd7p8vVy5I_BMAX07bX2GHQxk4oB1ZqGyg==

GET
H3 200 vmconnect-blog-figure1-behaviors.png
www.reversinglabs.com/hs-fs/hubfs/Blog/ 52 KB
53 KB 189ms
183ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure1-behaviors.png?width=1455&name=vmconnect-blog-figure1-behaviors.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cebbc0e23f1d58a574eab9a677d14629b3aa59a6fbfb0133feb3e03f0e43f754

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 b59465a36dda3b4ec573f7a87861306c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-128372092758,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 53054
cf-resized: internal=ok/m q=0 n=696+0 c=1+25 v=2023.7.3 l=53054
last-modified: Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfufej3QaZimVEgmG-b-ZxJre5GKd00Nl93VqLII45DQ:a0a8e391d1e908289a78165d747c52a3"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nZ0DyBtJPx3HHb%2Fvlqhadm4JuKIBEMQztZmJ0xr5wfcdu0qQZhiG1dFkMcwhjcNn%2BKLcpdK%2FfU65snI4YMRvr3tQGTTDg14nkoMbCAFVm4JZDRwcc0V18nJYQL3GLySzFsBAuT%2BEke04J27%2FjDgAYqIPKg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f96994a961e0c-FRA

GET
H3 200 vmconnect-blog-figure2-init.png
www.reversinglabs.com/hs-fs/hubfs/Blog/ 22 KB
23 KB 245ms
239ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure2-init.png?width=1455&name=vmconnect-blog-figure2-init.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b452e67d0f273f9147920b2ec0783838b1ee33727eb9c6fae0a7cff22bf0ac85

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 ade5b31bd02630f0b5fc77309a9d7038.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-128372335896,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 22832
cf-resized: internal=ok/m q=0 n=704+139 c=0+0 v=2023.7.3 l=22832
last-modified: Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfFt2DVxVAwJfmRRxOIQy60dx2GKd00Nl93VqLII45DQ:7da2d727a22e07f170b074d37a6a926e"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cQlU8TrYw5HJ9tPDHGl%2FLus%2BAWwsQfh%2FzXj9fCqHcQhtE9XvNiLKzdt1Urn13A2HrWuw7ufvWpvBVLdZ2BxsP%2BB4W5bjd8mybrmYxDQgNB7FxudJsF8zmk1O852fbWPM83O9OcsuJyaFPfPfBGZCRR0nVw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f96994a981e0c-FRA

GET
H3 200 vmconnect-blog-figure4-loop.png
www.reversinglabs.com/hs-fs/hubfs/Blog/ 17 KB
18 KB 218ms
211ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure4-loop.png?width=1455&name=vmconnect-blog-figure4-loop.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddb82c84e1cb4f9ed0e23ada938029f0ac7a79f8a8215eee7bd5177726c02c32

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 76d5d69c7419d6e5ee08d1a87f9d8316.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-128374422914,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 17238
cf-resized: internal=ok/m q=0 n=760+77 c=0+0 v=2023.7.3 l=17238
last-modified: Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cf_SALb2FHaXCWedM222ZRwjYzGKd00Nl93VqLII45DQ:9d3990287e545845bf5381744ab07eff"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vev%2F2zZr%2BUtAeExgy4jE4WoIy0mwikPzgDfr0%2BjoSFuZAfd%2BR34gRwQzeH28wVD3uUAqmeZfxteUHC7BZaxRxIv6CQOFWOyh0QHYM106uPKwTG9lOPtFt%2F3sdEintwlxXHnMFf4tnahpEDzhEnEXa1INoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f96994a991e0c-FRA

GET
H3 200 vmconnect-blog-figure5-PyPI_author.png
www.reversinglabs.com/hs-fs/hubfs/Blog/ 41 KB
42 KB 191ms
185ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure5-PyPI_author.png?width=1455&name=vmconnect-blog-figure5-PyPI_author.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

68858bf90cb3efb40b74dc096a0c14d3d7d8df522e30067cbee82f0640af2bab

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 7c75723adf667c2274cb64e1ba92db6c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-128341467472,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 42454
cf-resized: internal=ok/m q=0 n=896+0 c=2+153 v=2023.7.3 l=42454
last-modified: Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cf4eAidWT4Kfyr0376G4LYBTEkGKd00Nl93VqLII45DQ:dfca138c459dd0bde26f427b54882fb0"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r7IGLTZ4X%2ByY%2BjIc8dX69GxTgedohnUM5PDlu%2F2Q63xzl723%2Bw2TtnPIJWEnWc9TBbtUkQq4m5q85qBTAq2%2Fcx3VVUGuY1MZT%2Bxxp6vYLh6aGRkRdnC1CnMtAz7sE8t7GqZSBxa%2FTuWPf5rwjZKtt9p56w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f96994a9a1e0c-FRA

GET
H3 200 vmconnect-blog-figure6-PyPI_project.png
www.reversinglabs.com/hs-fs/hubfs/Blog/ 186 KB
186 KB 220ms
214ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure6-PyPI_project.png?width=1455&name=vmconnect-blog-figure6-PyPI_project.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc3652de6720e88bb9378b09d34a2e807d1706b7a59a2d29903a68fa481759d5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 b09c8a20b29053a362f3c1085a0f8990.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-128374414403,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 189956
cf-resized: internal=ok/m q=0 n=960+201 c=0+0 v=2023.7.3 l=189956
last-modified: Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfFfRcqUYlcTr9pFJWgfYd3pdbGKd00Nl93VqLII45DQ:1cfbe751e2673baa5ce60b4c41060984"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R42zyE%2FwjbXbWRbIqwLyxTbHhFiexpewsQkpkhi0zicAEwwjJyOvPWAUsL8GjoMZirqzLsZzSdhEVbZEEWY1oq2%2Fby%2FpHXz27%2FfoCmYjcuGSentj1aXS0VasbiUN79Ll7YGHnw%2F5bHBQljhal4mpsDWihw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f96994a9b1e0c-FRA

GET
H3 200 vmconnect-blog-figure7-husky_github.png
www.reversinglabs.com/hs-fs/hubfs/Blog/ 40 KB
41 KB 249ms
243ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure7-husky_github.png?width=1455&name=vmconnect-blog-figure7-husky_github.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0f80d27eb235c529b6f87057ab7763ab82f8eb2396e8d40df573eb80e5364ec

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 62c57d3992f5571b9941423fe3037e08.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-128372092759,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 40814
cf-resized: internal=ok/m q=0 n=906+0 c=5+134 v=2023.7.3 l=40814
last-modified: Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cf6mRjUQKEMCNe1MHl4G6669OlGKd00Nl93VqLII45DQ:65453383a0255d7d93786baa4e8ea55e"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jxLkbgRwPTHb3fGuy1qms%2BvdvK8HFcYYibVXbnJZ2Y%2FEGQQDBLtue8qH03riTPRG26fpUbTnjg%2F1G8Q24BZnMABMlTKqSbxoijvoBX2zkqnMFlgQimIArGMpekxPxcsBgT488CUTAK5HtybFBbPwVwVmlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f96994a9d1e0c-FRA

GET
H3 200 vmconnect-blog-figure8-init_gihub.png
www.reversinglabs.com/hs-fs/hubfs/Blog/ 21 KB
21 KB 254ms
248ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure8-init_gihub.png?width=1455&name=vmconnect-blog-figure8-init_gihub.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fe6def01e693b4ff7f8a5baa5663c2b2eb7a228d7eb28ca379d255b640df211

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 a8f403e7a1e295eca645452cd239f186.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-128373652739,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 21010
cf-resized: internal=ok/m q=0 n=892+552 c=0+0 v=2023.7.3 l=21010
last-modified: Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfs-ifkdVbVAVeuQWW3EQdNzUMGKd00Nl93VqLII45DQ:cbfb25e399f643ee0577249514d1bb1a"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L0eaqJdSmp0W%2Flc28zKrxdDVK1mPi9Ap8pjfrx4h2MlxqggBt%2Bp9Eb8k10Bbi6NGZwElp9gZByMiqyDV63Ue22tEA7AozoD1%2BjI2DBxVOai2r9wF0NNG8oPCaomgBXW8cVTmP3CamHTXDaW0d6g%2FQt89YA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f96994a9e1e0c-FRA

GET
H3 200 vmconnect-blog-figure9-VMConnect.png
www.reversinglabs.com/hs-fs/hubfs/Blog/ 161 KB
162 KB 260ms
254ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure9-VMConnect.png?width=1455&name=vmconnect-blog-figure9-VMConnect.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d09af97ee06f58b7c0e071433e4f08dcfc244e3786639a601e31d3227418473a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 070b0d2884a220757828cffa8af8afd4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-128372335897,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 165108
cf-resized: internal=ok/m q=0 n=736+139 c=0+0 v=2023.7.3 l=165108
last-modified: Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfDtEuFLyHnqiI5u-mEeIjwAyrGKd00Nl93VqLII45DQ:b7c5d069ae16571551aedfc140d1cd44"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O1VuYzCvyl7L%2BtcE%2BPw2GMeYj6oJO1x3v1LoUEgAXLaXY8atkNe4NCrUnSzG%2Fo%2FC0U8amxGZ6M5kwEqn82Z8s05c9GQ4foyUCqIHMQs7zbtTDb8N3DW6mp%2BNMBYm4WlExlX059EABBTKmbFADqN%2BYVBrNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f96994a9f1e0c-FRA

GET
H3 200 vmconnect-blog-figure10-vconnector.png
www.reversinglabs.com/hs-fs/hubfs/Blog/ 169 KB
170 KB 276ms
270ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure10-vconnector.png?width=1455&name=vmconnect-blog-figure10-vconnector.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e600901c3822e2410c8113d763d1f8babb08aab7d06aa1c861be265408cdf649

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 3e0d912790c2cd730e222487cbb10f98.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-128371840411,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 173076
cf-resized: internal=ok/h q=0 n=14+156 c=0+0 v=2023.7.3 l=173076
last-modified: Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cftFp7EBIUJYCcv0x9uuWvalXcGKd00Nl93VqLII45DQ:a3fd118096a03f915ee02d3e659ce71b"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ig6M4woJWFIhZr%2FnVX%2Fw42eqT5hxfg5cKkGLoDYFPdOr7mPXJ3MRH77EjK9crdwwmILXMhoqwAgygJRXBCEGCGVB8L1SaBZdhgl5eHnpWJ0JIE6PQt%2BsJO3BHqreBRhsmP2UceDf4SM4gCIxQ1gNCNkuYg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f96994aa01e0c-FRA

GET
H2 200 must-see-sessions-black-hat-2023.jpg
3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/ 38 KB
38 KB 132ms
57ms Image
image/webp 2606:4700::6812:e0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/must-see-sessions-black-hat-2023.jpg?width=480&name=must-see-sessions-black-hat-2023.jpg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7426c1c0d2289ccde69718bb10ae44a1a6602702194410999afb700e1e580d94

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
via: 1.1 5c91d033409cd7607633594f94b09064.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-128445232020,P-3375217,FLS-ALL
content-length: 38412
cf-resized: internal=ok/m q=0 n=188+0 c=11+33 v=2023.7.3 l=38412
last-modified: Fri, 04 Aug 2023 17:26:35 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfYumcyN5h7tB9G9kNrISFMtgNzQG3Dz_JuxJXtzypDQ:c2dafc0f4f9381d2204a0799a5f235ec"
vary: Accept, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f9699ce8e9106-FRA

GET
H2 200 Join-us-at-Bsides%2c-Black-Hat%2c-Def-on.png
3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/ 21 KB
21 KB 127ms
52ms Image
image/webp 2606:4700::6812:e0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/Join-us-at-Bsides%2c-Black-Hat%2c-Def-on.png?width=480&name=Join-us-at-Bsides%2c-Black-Hat%2c-Def-on.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

867e2af897e43a15b5cb0cbf905ba563964426f8707d602891643fe039aa2566

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
via: 1.1 776fbf9a4fc4b393f157f9f75dd29a06.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-125626784020,P-3375217,FLS-ALL
content-length: 21380
cf-resized: internal=ok/m q=0 n=350+0 c=6+33 v=2023.7.3 l=21380
last-modified: Thu, 20 Jul 2023 15:32:15 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfKQAtJ6vhYxPAvRVg0GlPAx7QzQG3Dz_JuxJXtzypDQ:b0ec1614a8085e5cb245b7a0f678054a"
vary: Accept, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f9699ce909106-FRA

GET
H2 200 air-gap-remote-access-kaspersky.jpg
3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/ 44 KB
45 KB 158ms
84ms Image
image/webp 2606:4700::6812:e0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/air-gap-remote-access-kaspersky.jpg?width=480&name=air-gap-remote-access-kaspersky.jpg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29d170b4f372603eff8bafec8eedd2dc57712f5e38b276f31c4a5295eeeb9de3

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
via: 1.1 afd822e99baebd9321fa9aa8f9350e78.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-128135521287,P-3375217,FLS-ALL
content-length: 45536
cf-resized: internal=ok/m q=0 n=210+0 c=11+34 v=2023.7.3 l=45536
last-modified: Thu, 03 Aug 2023 12:49:14 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfKtefQyCYdAtrcIkKJuwm6qaCzQG3Dz_JuxJXtzypDQ:24f11135095e0a03c427cb44e068bda0"
vary: Accept, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f9699ce919106-FRA

GET
H3 200 tag.svg
www.reversinglabs.com/hubfs/ 946 B
2 KB 281ms
275ms Image
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/tag.svg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8dc97419c862f91c4279fb9e2d9a0b7b9b63982ae1d3700a351ea1950c46f564

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-79211394341,P-3375217,FLS-ALL
age: 208898
x-amz-request-id: E01Y81VPVHD41TD5
x-amz-server-side-encryption: AES256
edge-cache-tag: F-79211394341,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
etag: W/"27594f47645e4d58406fd3cf3d07e0a2"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1657811796583
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: aRYhGFr8YswkXmWbJnGhRE6TAiUwxgKw
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-79211394341,P-3375217,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: W9fWfkyXzVhcsgKPhrOLob4TsO7RFDVainp6spzW/jPNDFITJ0LGEA+GYiP6PyrifYZHYa2mfx8=
last-modified: Thu, 14 Jul 2022 15:16:37 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UQzeWXxh%2Bn%2BFKPxuUvGmpUUF1rHuIujdDsjhD4hv6fIeMQPuCLFVP8o1opKVrt8FtA%2BY7z7NLT%2FCgr%2BDoLCvlz872Zsb2SYTJNGpnY9UIJ6WUMd5SHsz8%2BrZO2oqOiYR9c15hdQHHzbA5r0jPr4wPcDwDw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7f2f96994aa31e0c-FRA
x-amz-cf-id: ARoyVi_iZh_qPK_iyRH4nsUAmGue5Vhk9LnsNw5jgBRVRcmWsLHh7A==

GET
H3 200 puzzle.png
www.reversinglabs.com/hs-fs/hubfs/images/ 190 B
1006 B 281ms
276ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/images/puzzle.png?width=24&name=puzzle.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ba44383bc980179d0772e2785fdb088c71034b7c54607e739bc56c0e1002250

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 1977dea801f0741d1661725223f1ca34.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-80971515058,FD-41794900664,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 190
cf-resized: internal=ok/m q=0 n=490+0 c=0+0 v=2023.7.3 l=190
last-modified: Wed, 03 Aug 2022 11:16:38 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfTEUp8Ew9ax83YU-aC7YLXg9u1csUNuQbJ8Ycnj_pDQ:e388a2e47cf27a736b1d0bbd369fa3d1"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jcIQl0qlyRQpxyRIcKPna8cCWH7Gz1d9yXkd%2FerL9VRpqXmIhbqdOGjNVuFPH28JmjBYD07VDntfPlPBe%2BZTMuuQ6jKjlBy1XOJloMiOOVR32VS%2Fn2Fz0y0CFTAOMe3JnsyYt9wUCUpGDrLlVhTlyBlJww%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f96994aa51e0c-FRA

GET
H3 200 tag-dev-devsec-ops.png
www.reversinglabs.com/hs-fs/hubfs/images/ 170 B
994 B 282ms
276ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/images/tag-dev-devsec-ops.png?width=24&name=tag-dev-devsec-ops.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

94e9a5e460eda83b3532d27cbb92a176ac95f1429ae89f9164d47a29d3370ee2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 5cf1e5a040860c85477a2471f3114b6a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-85478930439,FD-41794900664,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 170
cf-resized: internal=ok/m q=0 n=730+0 c=0+0 v=2023.7.3 l=170
last-modified: Tue, 20 Sep 2022 12:31:04 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfv7c03z3Ffq_nGeIA5yKSc4mh1csUNuQbJ8Ycnj_pDQ:9183b185622ef93c463aaa428f1f5ec1"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gTFTqthLlvRc43qic8RGpwSZB23LGpUEym%2BELytgmfambDNAuSHJv%2F2rI%2Bj%2Fe75r0tVNd%2B82HDq%2FqWuMNOCEEXtoxJqJlkmu1EyeM%2BOW3pIOV7pm33LXPTJSzQ64MfrNZNW9ejzyV%2F2SSv%2FSzoqLvoAxPw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f96994aa71e0c-FRA

GET
H3 200 ico-threat-research.png
www.reversinglabs.com/hs-fs/hubfs/images/ 292 B
1 KB 282ms
276ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/images/ico-threat-research.png?width=24&name=ico-threat-research.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b1ecc91aa14b48acb2f7655cc2f4285d7839ab8d239982d4473b02917cd55db

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 4b37353de520ea1ab6c2182115335218.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-80135253149,FD-41794900664,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 292
cf-resized: internal=ok/m q=0 n=922+0 c=0+0 v=2023.7.3 l=292
last-modified: Mon, 25 Jul 2022 15:07:22 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfUSLvJ4c4Cy57IRZiA1hwxqgf1csUNuQbJ8Ycnj_pDQ:e7151140ece53d72171148a7324d4b11"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hne5a7JfxJZbw5CTZzVlstXCrz8If09E7ixR65S700jxZtJk8kOt61m2i4Nsv3fSUURsJ91rb3%2Bh4pQ8WkF7fkCqo%2BEoA%2BcEfMdr1cE9%2FTuA7BePy8%2FMXW1JQOSH5nlna4MVRWl0QKW1H3BXrcsEALttCA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f96994aa81e0c-FRA

GET
H3 200 alarm.png
www.reversinglabs.com/hs-fs/hubfs/images/ 224 B
1 KB 282ms
276ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/images/alarm.png?width=24&name=alarm.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

be806513bf84af0e310b27e6d4c7eaa56119e06690c7b0bc50d728b7e82b3c9f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 099a327961f82798658bf21aa210d4a0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-80978517010,FD-41794900664,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 224
cf-resized: internal=ok/m q=0 n=615+0 c=0+0 v=2023.7.3 l=224
last-modified: Wed, 03 Aug 2022 11:17:23 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cf8LPChb5JPnuX8S6grriML_Pq1csUNuQbJ8Ycnj_pDQ:e129885aca10039ee2de1413175bc2d5"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IwiAexQiOT%2FuFj%2F84LgXFWlIp6EWIC2q10RXQtMA5XcAOLc%2FmNzwfP0q9ASuvgewi8W3eFBc6cWmSdw%2FO%2B0PgThFu%2F2PjQsc0mnRj2yQB10NmMs1zn0h7RiJhHCcQE02F5s%2Fsoyu028WzY74Xpl3l8BIdg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f96994aaa1e0c-FRA

GET
H3 200 terminal.png
www.reversinglabs.com/hs-fs/hubfs/images/ 198 B
1019 B 282ms
277ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/images/terminal.png?width=24&name=terminal.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4bc7148ba69c82eccc86c4a9b90d4cf456d9129c9503ad143c8005735f3fb8ba

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-80972444337,FD-41794900664,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 198
cf-resized: internal=ok/m q=0 n=564+0 c=0+0 v=2023.7.3 l=198
last-modified: Wed, 03 Aug 2022 11:18:30 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cf6bMIImIWOdGtWqvTkruXE1Mt1csUNuQbJ8Ycnj_pDQ:df29f53ad31749ce8ebed7c59dfda5a3"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oX9wPjqhYoFoIrN6WUOIE%2FwOsCZ9Dc%2BVW3DogPQ%2B3DVdZHNEQ7ZQD6ehvhcXfm973h9RFXJs2AxXEEG0kssARWOxuQJzppVmgJ3t%2F6FgAHMzhOa8nBGLZanIcFIBMEQLBeCo7hvcfGX8U8v8tCaPI%2Bt3kA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f96994aab1e0c-FRA

GET
H3 200 calendar-three.png
www.reversinglabs.com/hs-fs/hubfs/images/ 222 B
1 KB 283ms
277ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/images/calendar-three.png?width=24&name=calendar-three.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

09d01a00c23781420e6623249a514a995ea7dd8417159f308ca5391078243928

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 ebc2f999559db1a05f6ebf1e799bb574.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-80978517087,FD-41794900664,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 222
cf-resized: internal=ok/m q=0 n=719+0 c=0+0 v=2023.7.3 l=222
last-modified: Wed, 03 Aug 2022 11:19:08 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfSCUVVewrbUrCezSPDCvLRaq61csUNuQbJ8Ycnj_pDQ:18503effdeb9c9bf3130e4d9c19e5f39"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sWY%2FDeUO1E7PlRPMUm9ZguqEohhJMFo1SPR5SII6qX0W34k2qK3v2D4fyTeaTqr7%2FTHxf8cT%2FZI25iYod9JeCbq%2BkF%2BTEcAdHRGm4OuPfMtArHAfT8VGCZuOtqzv7M1fe3VvA6auM9pwWfdPyelqavzEYg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f96994aac1e0c-FRA

GET
H3 200 ConversingLabs-S4E10-Creating-the-Standard-for-Supply-Chain-Risk.jpg
www.reversinglabs.com/hubfs/ConversingLabs/ 126 KB
128 KB 105ms
99ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/ConversingLabs/ConversingLabs-S4E10-Creating-the-Standard-for-Supply-Chain-Risk.jpg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d57a29c035e1164e865f08b030edaa603ee2a60d806138df4c2975eac83cb08f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-119368537456,FD-69168798251,P-3375217,FLS-ALL
age: 252198
x-amz-request-id: J0XZ9TCJD3A45S0R
x-amz-server-side-encryption: AES256
edge-cache-tag: F-119368537456,FD-69168798251,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="ConversingLabs-S4E10-Creating-the-Standard-for-Supply-Chain-Risk.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "8edb1e262542561f086a7d70308044f2"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1686228293352
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 80566e72ab185c08a79ba1ca1348350a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: dPT6TZvb.kLAJ9gmDvqn5Ei_fgYVy3Sm
x-amz-cf-pop: CDG53-C1
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=252204
x-cache: RefreshHit from cloudfront
cache-tag: F-119368537456,FD-69168798251,P-3375217,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 129440
x-amz-id-2: x0RKq7/c1kF9NmFMk6T9HMnccC3g8W7vGO3O1x1hcaKnQXNbSpMf+hJCHVTiQ7Sm+MlZhsp72wc=
last-modified: Thu, 08 Jun 2023 12:44:54 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ueJDfS%2Bdr0d4OA%2BMxhsYq3exV03u07xUWtGEHiW%2Bh65wf1MyYtY3idRvVqSa2z1GcqxzyOVg63sJUhp%2FIVI9ehQNGnk4pQzzpgkw%2FHZmMGGgzAhpfBTbqe3NqQ0u2ICpKaXjGtU%2B%2FiIX9ewsKBxz5yYc2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7f2f96994aad1e0c-FRA
x-amz-cf-id: P5Lv9JBx7td4GL13ayTUVSljMRkzyVjw7523OWTNEqLP0o_qQZDHPA==

GET
H3 200 SSCS%20Vulns%20vs%20Malware%20v2%20%281%29.png
www.reversinglabs.com/hubfs/ 458 KB
459 KB 299ms
294ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/SSCS%20Vulns%20vs%20Malware%20v2%20%281%29.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec283af1b220ae388d616832c82a2612f2630ac572784dd39b6d2c5b8e81e7aa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-128054183304,P-3375217,FLS-ALL
age: 18258
x-amz-request-id: CYC9KF0CVAQ1P9T5
x-amz-server-side-encryption: AES256
edge-cache-tag: F-128054183304,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="SSCS%20Vulns%20vs%20Malware%20v2%20%281%29.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "6fd3531028492e6451288b395ff0aba1"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691007621369
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 837a869ba82f4a85a2e5810b11746698.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 1gITI7UH1lp9vpl7Goz4qSuO9Ek5JrFZ
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=531429
x-cache: RefreshHit from cloudfront
cache-tag: F-128054183304,P-3375217,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 468664
x-amz-id-2: TXhwwDBzjJP4JIJC7xkFR9K8rMrxYHa7prMpEWq+Q6V0+IL4d7zjD6uKmHzioiJWlqRtU3QwUWgT2Fy2N2r9rKOZYS4jpl7rZmcjbqqXH7Y=
last-modified: Wed, 02 Aug 2023 20:20:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EzvU6ZSbOgVd6TR38cTgjmi1%2BoxvKBDeW%2F%2BBIr4y6D31ZIBVXD3QxI0kEzwfggqUI8gQYILJE4uPYh7QuTY1zCSyAOCeW7VP16AM93kwT3FUQV7mu77%2B6nRVVPnMF6v1KjITNktR33zXA%2BCZsCk07ontRg%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7f2f96994aaf1e0c-FRA
x-amz-cf-id: S8P50aGiWMOKpsXvOXAEbf37DRWdVy74YKxRL9UDpQ8jOsGWoyfZ7w==

GET
H3 200 Webpage-Banner-Software-Package-Deconstruction-EP07-1400x732.jpg
www.reversinglabs.com/hubfs/ 98 KB
99 KB 305ms
300ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/Webpage-Banner-Software-Package-Deconstruction-EP07-1400x732.jpg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

199a07091795dc18d5f648c8ae6ea323b953a6232f814e35c0217925de105a94

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-127116244143,P-3375217,FLS-ALL
age: 64452
x-amz-request-id: DWBEMC3RPDQCKZRR
x-amz-server-side-encryption: AES256
edge-cache-tag: F-127116244143,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Webpage-Banner-Software-Package-Deconstruction-EP07-1400x732.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "d863474a07d18297d34a6ab8da71a3c8"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1690395688500
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 837a869ba82f4a85a2e5810b11746698.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: p9dFM0KI5I.1lHtGTE3Sw.K9.1pZvEwT
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=254194
x-cache: RefreshHit from cloudfront
cache-tag: F-127116244143,P-3375217,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 100108
x-amz-id-2: P5zw/fxtP8pRYoKAfmmT0n12Dob6PEB/oHRFCsIkeoDUFcZFB5ICQH/yZOeDlrdhzE1ayEOhbhw=
last-modified: Wed, 26 Jul 2023 18:21:29 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vWo55DP1R2UvyYPDIBZCQPYCwMprulDSQAUp3ZppZNVXugpW0TXot%2B6yjAD%2FBtmWubKoZ59lT2u8A5Qr8bFIhkQxxaFrCNm44N2aMF51VAXA8PTei1pyj%2FyuVIeEWrVovUgxRYU2vhMjiLU5oLt0hUWvHw%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7f2f96994ab01e0c-FRA
x-amz-cf-id: j9MJqxusj4-FemnqMYyppKseF9SXzlETuWMHdh7PcTfote9MCCdCyw==

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.7.0/ 85 KB
27 KB 95ms
35ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.0/jquery.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 330953
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27437
last-modified: Tue, 01 Aug 2023 17:19:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/r2
etag: "64c93eb8-6b2d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iVwXdpYrw%2F4LBXkGmPP4Lhj%2Fgo0zS3dXjvaD3Kk8FOmGiOU2N7AlwhIX4t%2FmbaY3My5ee0enZrh6t5TAYNTO%2FT67SVrYpWRSNx3NRacqvEuRKhbbcNOXoBuiwNHxtlCsDcI0VRdTNnSo0xb3o7wTl01E"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7f2f9699292830e8-FRA
expires: Sat, 27 Jul 2024 12:40:28 GMT

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.372/ 12 KB
5 KB 110ms
37ms Script
application/javascript 2606:4700::6812:8e65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.372/embed.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8e65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48caefba7197eca695349c196a4fb51a5998c8f3bd365988462d71e3c65a4b1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
x-amz-version-id: y7ND9ey1AdjRUW5XrlhHQ1urKE3DE81O
via: 1.1 9737f42d74643b8e3ceb7ecfa2015ed2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: CDG52-P4
age: 429697
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 01 Aug 2023 20:39:52 GMT
server: cloudflare
etag: W/"fa27a9379786a382617de08f3ae57836"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MNRi0J32HcLQuMVapPJnnSGEliPgCLzqGgTrp5SjNR2r%2F%2F863s%2Br3CUGJ0eEbQEXj7%2BlPSnIw16GCZPEfut3mSM3q64F92kL99kEKQw7n0m%2FcO9yMaUGE%2BM3yWiODondoYgZTYQ1mGXV1UjWNorwHPkLMd4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7f2f9699cc44367f-FRA
x-amz-cf-id: QqHEWFWyX8nUDZDz4rirpOD43UsZXgiAe3lWVH6FZY6polkP-0evCA==
expires: Tue, 06 Aug 2024 12:40:28 GMT

GET
H3 200 simple-lightbox-min.js Show response
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6021916068/1569840500063/Reversinglabs_July2018_Theme/Coded_Files/ 7 KB
3 KB 163ms
162ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6021916068/1569840500063/Reversinglabs_July2018_Theme/Coded_Files/simple-lightbox-min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6dc97993d7e4803aeb35d0e9a24f0393eceb43de5f7ff0f0e437f1b05aea4e2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 7e2fab32e11703f7384de4d8fef36848.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 364
x-amz-cf-pop: IAD12-P2
x-amz-request-id: AQAQF9S90GJ83BMY
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-version-id: FsEJuIr7CYCWLWb_isdf3JLdbLwDP7p.
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400
x-amz-id-2: YlCwQKr+X9pCFHEWbAV0iekZXT4WKK/izBb/6ppG9POxUg738S1tKUMFr2Rt4tQ+7Mkq9btPAAY=
last-modified: Mon, 30 Sep 2019 10:48:21 GMT
server: cloudflare
etag: W/"d02c339064b8d2b370bc4e18fa6ae421"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QqxFE%2FsSR95ayft%2BnqQUG0I7uGebm%2FHkrx9C5CLfox08CCi3SHNoAa%2BunTxfZezKIFwX90B%2FPe4JtssJ1Qlo2Z8UUO9xbqq%2BHgzidBkilhO6l%2FfbuC2komDeA%2Fc2n6Mlwji7u06FYnJJHgwEXa%2Bb9EYU9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 7f2f96994a7a1e0c-FRA
x-amz-cf-id: g4tNSmBW3lner5TaK1eC8GREBEudjsxnXYwjZUQaa901Z94lTczAfA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 rd-2019-main.min.js Show response
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11190015046/1639664698263/Redesign_june_2019/Coded_Files/JS/ 2 KB
2 KB 165ms
157ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11190015046/1639664698263/Redesign_june_2019/Coded_Files/JS/rd-2019-main.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

589ec6096d83ed322d2e1cf7b85f978ecfe80dc19aab6ac106ef5e2352e32269

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3586
x-amz-request-id: 7PC4PYJ5NCMP0BXQ
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"b2a254916a67659b4df42aa3c333359a"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1639664698586
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 1448f69604d5be1f9c9f0c64cfa90594.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: I5.cidQ.vGRls6iGZkmuPTBztEr2IVdj
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 111
alt-svc: h3=":443"; ma=86400
x-amz-id-2: B2KU0h5rvBAMcIqh4EoMEOV2FkxLRjLWg3clMpNNkNqENk4+Z+I9T82wjk4JM1zNk6Q+Omg9oFI=
x-evy-trace-route-configuration: listener_https/all
x-request-id: a2a0ccc1-013b-487a-9b5a-8ad3ec80e5c1
last-modified: Thu, 16 Dec 2021 14:24:59 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5vNYewVA53xiUmMHE%2BRLnzAkbQfOeI5hL2uoEq5x%2Bl93txOIqPXepkmW8hUCzYicp7zzGSKuiQqICqz60CibKxu4hd3CpExNv8qVOjcspaKZE3I8TZCs5P1Wf5LQatXDsF8r0G3GWze2qnVOqgJQ0i%2FS1w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-rwfnd
access-control-allow-credentials: false
cf-ray: 7f2f96994a8a1e0c-FRA
x-amz-cf-id: DJdEOCNWIA85NfiUC_o5YtuXNksxcvFM10pmNbj3caj2wzs9asVviA==

GET
H3 200 jscookie.min.js Show response
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/28203361861/1586494134457/Redesign_june_2019/Coded_Files/JS/ 1 KB
2 KB 165ms
158ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/28203361861/1586494134457/Redesign_june_2019/Coded_Files/JS/jscookie.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc595999f7c46e3f7a293c86fcc256c35467e9947bf0051464628416f1db14f0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 a7a1b4c19abc42d237405ce4c4069f10.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 3586
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-amz-request-id: GFG2A1W560AQ04JH
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-version-id: _PdfjdMgm8.M2DiCSVpcYFrpWe519SIO
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 8KlMWTScvk4OwJ4QjcujrvadbvNToD57XqJIiwk4JBvR+vFUsbtjXhK9CT5LfAOXnhfXNsEt5/s=
last-modified: Fri, 10 Apr 2020 04:48:55 GMT
server: cloudflare
etag: W/"93c12b195cd05418a85b4eafc15c92fb"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q3oofqnW3IWiBfN%2B0pMYX%2BXnOaUhUVrtN7wvMg6%2F7iePU1kaManvEn%2F6gcMC8RmWwdUcNwEKeARsUnou9enWSjcq%2BKFZ2tzmsnw%2BkQDn2uDQaHrNIYEv2whIQNhLSO0sc1Bv8Ob1glmKj8dcg5IZyvE76A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 7f2f96994a8b1e0c-FRA
x-amz-cf-id: 2_OawHElfFfEGT9fV_TXG_Yn8y0OvXJN-c3qKFLIeOXIx1cXTKeYJw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 tiny-slider.min.js Show response
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/21052151416/1577281626952/Redesign_june_2019/Custom_Modules/Sliders/JS/ 31 KB
14 KB 106ms
99ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/21052151416/1577281626952/Redesign_june_2019/Custom_Modules/Sliders/JS/tiny-slider.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

37eae8190baecf55f16575bf754238976116ad37b55f81e27db05743461cd507

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3586
x-amz-request-id: 2JVMWBXVTKZK3WGV
x-evy-trace-route-service-name: envoyset-translator
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"6603e5d1b1eded8b550dc3ef7fbe687d"
vary: origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 7dc4818c830423900ae855831181d2b8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: a_gzCem69enGGi103.H.X02BRl8OY0mV
x-amz-cf-pop: IAD89-C1
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 125
alt-svc: h3=":443"; ma=86400
x-amz-id-2: y1266HGii0quwd7y77CLcjvqDAm2ES7vUOIq2Q6bi8H/3oI8OJ/Pan8WJ4IxOyHLbBGj2007Zu0=
x-request-id: 96cddc43-f649-4f90-844b-cb94b1e6e414
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 25 Dec 2019 13:47:07 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8%2Fs6csGd3ZNfgdR%2FprkIdgYZ96Fe2s9oGqwKcgwpDlIt1krVjLL0wt0hIn%2FgDfUG%2FJz05vZCGV%2BiHcQTik%2FYX7QqDOlE3k3b7Eib%2BGmMwEJuYs8wiUJKP5uDrCIT5AEeXV4XM6%2Fx%2BE4rHSC%2FxX89157h%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-fwhk5
access-control-allow-credentials: false
cf-ray: 7f2f96994a8c1e0c-FRA
x-amz-cf-id: 1_dr0HWXidzEz8owWOEg_eUHUbTC8O9JX1CtF_g4g0ztVz-qP6uqIw==

GET
H3 200 module_28186900061_StickyBar.min.js Show response
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/28186900061/1683494323317/ 1 KB
2 KB 165ms
159ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/28186900061/1683494323317/module_28186900061_StickyBar.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f35c317df74c5ceaca83bc620ab17f68e882a21e5378933002f20aae3af0517f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3586
x-amz-request-id: 80GNJQM6FRHN4BA8
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"05f529f2d7b3ca476f37bdcf0b96ef7e"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1683494323317
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 5eb5e19c1a78889d10ff38f1551ed2aa.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Dj1AN92dBhP0GYrdJYdEZgTGEMSZDLdS
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 196
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 1hy2ztk0sACwGhSaHXYGJTePyK2ElHBN6n6KqLJWX/hSVZLtLds/IPQ+WQYqlA9cxxggdjz4BtA=
x-evy-trace-route-configuration: listener_https/all
x-request-id: b368b8c3-e5e7-4849-8a41-bb29c037d778
last-modified: Sun, 07 May 2023 21:18:44 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7sSRe82XMMpFqwv2lVDU45uzFUGFOumVy%2FtFy0t1du424xCrmETAxKOH0vsnPO1fO4X0R5TzjgGrr5pQb6CdgpI0PkOpLadEzDFzoYCnFwBLf0EhZpOg%2BYlf1KZAfOLw%2FknqP699oRgXX%2FdZ%2B2LYPpPjwg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-r4k2f
access-control-allow-credentials: false
cf-ray: 7f2f96994a8d1e0c-FRA
x-amz-cf-id: s5bawe8PFV0r6QzqfGPSdPNFBuqbUhWUXCb9bq8Tyn2Qi5dZRIvdGw==

GET
H3 200 micromodal.js Show response
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11395370929/1569840498778/Redesign_june_2019/Coded_Files/JS/ 5 KB
3 KB 166ms
159ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11395370929/1569840498778/Redesign_june_2019/Coded_Files/JS/micromodal.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9b277f813652ab4fc3476fe4b9771d2d29e10204caef39416ad8d30e45fc5a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 29e51fc5bac0897053e2f02edda4aecc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 3586
x-amz-cf-pop: IAD55-P5
x-amz-request-id: B6BYS206BHCKAJK2
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-version-id: 3FilIB6THj7cvPLh93UnKYXf5w_lQZsq
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 4qQLCJNrxyHRS1iNy9w7ShIc5PJ/A/WsQaRTklKl5ZvpB7qLekVOVO67Ziv4jhXZfZuIo3kkq30=
last-modified: Mon, 30 Sep 2019 10:48:19 GMT
server: cloudflare
etag: W/"84194eded494d011e2828f00329b15c6"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oi3BNukGbNDEsUBAXxamb6NH0sDih48Eoq3%2FJAMssRTC2%2F26Vwhvi7MRAIE2OcZmEgrzHDDlW6p6i9wuEE9HS8HdwSUwBeKBI4HcWvnuJoGERts9dh%2BPJCRJMse9kfq%2FHWwI1IrQnTvYqp5iLjEn42zINA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 7f2f96994a8e1e0c-FRA
x-amz-cf-id: Swl-o2KXKE3TDpjW3QaLB4fkZTV0BdWJGMZraofa83E8HzLJSpBNcw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 module_11395370497_Redesign_june_2019_Custom_Modules_Site_Search_Input_-_Header_Modal.min.js Show response
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/1563505647431/ 3 KB
2 KB 107ms
100ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/1563505647431/module_11395370497_Redesign_june_2019_Custom_Modules_Site_Search_Input_-_Header_Modal.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

130eb7bbe1dca232b6636767637e6bdc2a35fc2d412db3a601593d79c1d743a5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3586
x-amz-request-id: FSPEGSAZMSG0R5N1
x-evy-trace-route-service-name: envoyset-translator
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"c27b7b6ea1f66fa47d64742279aee97a"
vary: origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 041a4887d523cabe8177e269cc358162.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: uYaggxrRRLpm1_Oqgp40jmGQ7KENtM4f
x-amz-cf-pop: IAD89-C1
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 135
alt-svc: h3=":443"; ma=86400
x-amz-id-2: fU+wUJ6dJf9Clyj1eocYKkbwHligi1kklJiCDTHXOK665C6CrGDHhVLcZvxykqtvY15JUlid+XJTa4hELfqSNg==
x-request-id: e8a0bedd-3c6b-403c-9dc9-0a4294dedb74
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 19 Jul 2019 03:07:28 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ghaokB6ZVgF%2BwEN51jrRxG95qQtPkOmkddcUkwmW4eAFTFItKRdiR1H2O1pzianD1s7TM1uu6Ro9DeVq%2F0PPJR2GaN7cc88CLoecv9I%2F%2FJpGu0YY5eFVgK9vujLsyuoPT20lBUYJXD9F8P2r%2BdnQnJ2EtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-r4k2f
access-control-allow-credentials: false
cf-ray: 7f2f96994a8f1e0c-FRA
x-amz-cf-id: wCeM2NeE6zF6Sm8li1OIdUp4VaTgoB9qMWJs2B1aOi_UMLZH67NsDQ==

GET
H3 200 module_36845096476_Blog_listing_card_grid.min.js Show response
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/36845096476/1683635694467/ 723 B
2 KB 189ms
182ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/36845096476/1683635694467/module_36845096476_Blog_listing_card_grid.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

96012ea1e665f4555d84592c02ed5ee2ae06ae12e7869c7878a9fb15cf2bd729

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 364
x-amz-request-id: 49376P20C5N2Z5NJ
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"a26b824a33500d5b24e748588dd1c35a"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1683635694467
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 c3af1bb2028605770032345c7c19b7aa.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: vX4VGHX7oLkggy1lxnxWYDLA5rVHVqKM
x-amz-cf-pop: IAD89-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 136
alt-svc: h3=":443"; ma=86400
x-amz-id-2: lIjufGA3ZDty/JYLu572sxuNz17BFUtLeN1DL+Fk3VccVQXeBz49aN972HyHJBYd+XhB3bkzLZg=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 1399d90d-1c8f-4031-8354-294e636578f2
last-modified: Tue, 09 May 2023 12:34:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2BFMLdwgzRmfJwKQvyELxVxqKiR4ei0pW9TTQc%2BDPRf2liW2kgvh8tNJpJpmMoho7yaGDb%2B5OW3WuGSyeMI1TrUIoKWv6J6jsbdTVXSxPJK8Dj7D%2FYv3zBuSL6O9gPHhZaKIgJtVX21sj5%2B%2FI6xPCP8YQg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-7hqzq
access-control-allow-credentials: false
cf-ray: 7f2f96994a921e0c-FRA
x-amz-cf-id: dG5ZMeH3PBHOC_OcGGrhr0wQXW4oXFDNtYkiI9ZlQ9qTZZTkprqYiw==

GET
H3 200 3375217.js Show response
www.reversinglabs.com/hs/scriptloader/ 3 KB
1 KB 308ms
302ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs/scriptloader/3375217.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d61384f0d5d8a3141df497b1b21ef098497db33d3de3a1b546fffaa36e89c78

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 6
x-evy-trace-route-service-name: envoyset-translator
x-hs-https-only: worker
x-evy-trace-listener: listener_https
cf-bgj: minify
vary: origin, Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-virtual-host: all
cache-control: public, max-age=60
expires: Mon, 07 Aug 2023 12:41:28 GMT
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 84ca2f54-fbef-4b50-8999-8db0ecbe9dda
cf-polished: origSize=2975
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 84ca2f54-fbef-4b50-8999-8db0ecbe9dda
last-modified: Mon, 07 Aug 2023 12:40:22 GMT
server: cloudflare
x-trace: 2BD732702396B0E4E8DCC7FAB8969CF0412E96653F000000000000000000
access-control-max-age: 3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TYQJRUdVUgDVnNm3cSedYNa1iOEJm%2FjfUD6H6E6dwWQRaVep2p7bMfzirl6awoIT4RZHiZ7u%2F2MT4evGOMxomrFeRiHQaJJ4IUsZtWTim2zyVrAqsa%2F%2BJ5%2FfHWIqmDgqWN0Ag1FmoK2jCcgKISyOQ7i1jw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-598c95b5b7-4lp8p
access-control-allow-credentials: true
cf-ray: 7f2f96994ab11e0c-FRA

GET
H2 200 cookieinfo.min.js Show response
cookieinfoscript.com/js/ 7 KB
4 KB 111ms
38ms Script
application/x-javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookieinfoscript.com/js/cookieinfo.min.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ab31a97c236988bb6e415187b2197cdbf689664173015dffd6da8eb96b1626f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 8S42Y53VJEPAVGY3
age: 6078
x-amz-meta-cb-modifiedtime: Mon, 03 Jul 2023 14:52:01 GMT
alt-svc: h3=":443"; ma=86400
x-amz-id-2: KakN4OE875XBYBPgaacthSeFIq0ifqtAruKzAsP7RUy/b9syiUoY6jNF1t134dojNt1Q6/rZVZg=
last-modified: Wed, 05 Jul 2023 10:39:27 GMT
server: cloudflare
etag: W/"d15d93068c1121f63008407d339bd819"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R1N%2BwGiJlDuFUw6KfZPp1%2BwdVQbnz3LXYtW3m%2F8U7RhTWjVCWYKSudsEEX78N50EDvWEJYfaQZCvFrNRDcagQ7EvnfA9AwYg4zAPb32ZcFBjXcafMbdqrGUBIJKcoG9sK49QiubQG4eqhciuxW%2BzMuu%2BNw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=2678400
cf-ray: 7f2f9699bfc29b98-FRA

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 5 KB
3 KB 107ms
31ms Script
application/x-javascript 65.9.78.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.78.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-78-118.ams1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sun, 06 Aug 2023 20:10:51 GMT
Content-Encoding: gzip
Via: 1.1 e029c86e892e2d8a35492f6625a1d26e.cloudfront.net (CloudFront)
Last-Modified: Tue, 01 Aug 2023 20:10:44 GMT
Server: AmazonS3
X-Amz-Cf-Pop: AMS1-C1
Age: 59378
x-amz-server-side-encryption: AES256
ETag: W/"b7474eac210849250426a8f6a39d00f3"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: mwAk1YDAShaaRvOZrqQ_ePw6erun0C_X0tN2GuwdPNKJoSyAiJy9ww==

GET
H2 200 hotjar-3176008.js Show response
static.hotjar.com/c/ 10 KB
4 KB 106ms
32ms Script
application/javascript 52.222.139.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-3176008.js?sv=6

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.110 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-110.ams50.r.cloudfront.net

Software

Resource Hash

2e5436b217fb1a7d9d2365cccfcc95e7483fcba03205c3a216d512302e982d4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Mon, 07 Aug 2023 12:40:22 GMT
via: 1.1 ef2cb74895744344a0ea2100fbbb760a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS50-C1
age: 6
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/ea37d1e0bcd47d6c2f7b79a987e66f2b
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: eLx_tWZgc7KSZGsB10QLWEIuU-Fg8Ilbl28HotpLECM_DlVi8j0cqQ==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 269 KB
92 KB 198ms
77ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

753fec74228ab233e1072c50b50862ab6bc4d0cc917b48ba7eed7a3647e55304

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 93836
x-xss-protection: 0
last-modified: Mon, 07 Aug 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 07 Aug 2023 12:40:28 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 172 KB
47 KB 87ms
28ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9b78354357bc04de9fa52562968bad64ef1311b665cc6ea927d2ec08bcc82cd8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 07 Aug 2023 12:40:28 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 47151
x-xss-protection: 0
pragma: public
x-fb-debug: cDKRJ2jjxjwOUwt1xITJKy3FYN8oWoaJC5fRcLv8/rr65gPFvZiP98QN4hkx91ubhrqGB1PssXm/n0kEjBbTjA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 16 KB
1 KB 188ms
64ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e40c8f9d7a3c7c71ee109b2ae4df7dd9b6e3b0cd287d77f9a98312c53392ae25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 07 Aug 2023 12:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 07 Aug 2023 12:40:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 07 Aug 2023 12:40:28 GMT

GET
H3 200 Reversing_Labs_November2018-style.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/ 143 KB
25 KB 110ms
110ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

61ce08dbad99d88826d7e7d374b628662137c7893a943d6a541cf4b0455c5067

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 384
x-amz-request-id: 9BY06TDA00GEHJTS
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"3d0f457bdc611022c3f48f57eb877977"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1685359417818
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 6400936fc4525d1c60e3e8fee9d4806e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: AcrfIRW95QY88SeuDIXAFoVt.4x1ZQWb
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 139
alt-svc: h3=":443"; ma=86400
x-amz-id-2: GkxM6CyUTGG0PBFgMJaDRztxsWFbJcPlZ0/7OioWm4zjLouo3IjGbhgJ83dkKDN715dWTz+6LH0HE9fsUUy+aoo105Uo0mmZotlTj0R0A+k=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 87030c20-b4df-4c9a-a844-9982d6c02ddf
last-modified: Mon, 29 May 2023 11:23:38 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mv8h8IRZimlofod0lbN0ik0JR0sc9IpPi5CHlq28%2B5%2F4QDjp3VvffW8kl8PMFmpARfT8R9jnGaQAbRTO9hiHaexckyzp5%2BeSeJ%2F97OtyizE7QjfE5rJQxX40uQAm1zvqdo3dEkhOML4asHz3MMc0FVUB0A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-9xkdz
access-control-allow-credentials: false
cf-ray: 7f2f96994a761e0c-FRA
x-amz-cf-id: EfnvyHcxkM0r5MgmZNSmpahxHbS44buGtkHilNHaDyIqxvzzMKUqGQ==

GET
H2 200 modules.92ff9978854791af68a7.js Show response
script.hotjar.com/ 223 KB
55 KB 122ms
35ms Script
application/javascript 13.227.219.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.92ff9978854791af68a7.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3176008.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.3 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-3.ams54.r.cloudfront.net

Software

Resource Hash

f827ec383239317deb9387ea204a9a0089594aaa0a763922e3d85222010531e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 03 Aug 2023 15:14:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 b61409af370dbf025ffc910b1252c65e.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 336381
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55640
last-modified: Thu, 03 Aug 2023 15:13:59 GMT
etag: "9e14d47807cbae60a1fa1410419e20a1"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: BO29XdQIN5-xb0QPIbIlPcuni69uO7GINNNoU0KsjAp9SknGYxYnyg==

GET
H2 200 css
fonts.googleapis.com/ 16 KB
1017 B 67ms
62ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e40c8f9d7a3c7c71ee109b2ae4df7dd9b6e3b0cd287d77f9a98312c53392ae25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 07 Aug 2023 12:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 07 Aug 2023 12:40:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 07 Aug 2023 12:40:28 GMT

GET
H2 200 1076912843267184 Show response
connect.facebook.net/signals/config/ 306 KB
87 KB 29ms
29ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1076912843267184?v=2.9.121&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

77b1e37a44606f04534b026795250cfb8f06416adbe129533a6d855e9b573f67

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 07 Aug 2023 12:40:28 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 89044
x-xss-protection: 0
pragma: public
x-fb-debug: 7NY/uCoCccrXdMiXo52etnGHs5ZYcNoqeQzrtOxSc3obnotvWhzH2vEUyY/olO9yXGKujVKEwmkv7D0v7kCJ3Q==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 hero_bg_small_2019.jpg
www.reversinglabs.com/hubfs/images_redesign_2019/ 21 KB
22 KB 62ms
60ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/images_redesign_2019/hero_bg_small_2019.jpg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

716dcc9643502eb35aa1f08b4805ec1f377daad3e67c11f9d00d65c6fc6336cf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-11448703956,FD-11023975807,P-3375217,FLS-ALL
age: 78630
x-amz-request-id: QA8X8QDKH7P9XNQQ
edge-cache-tag: F-11448703956,FD-11023975807,P-3375217,FLS-ALL
x-hs-https-only: worker
content-disposition: inline; filename="hero_bg_small_2019.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "1f3df8332048ad0295bff3a1c64cc9a4"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 9672a97668a5842cedcfaee3e743019e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: a5PUnngJgc3ZEsbtfbAJjo5eXZD8MNrM
x-amz-cf-pop: FRA56-P7
cf-polished: qual=85, origFmt=jpeg, origSize=95096
x-cache: RefreshHit from cloudfront
cache-tag: F-11448703956,FD-11023975807,P-3375217,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 21652
x-amz-id-2: bR90yqiBJ7Dh9dAqPm1PCyYRStpPFpC6pAebiUQJjEUv7DMavDut9DMDqJdX/XoowM/Spr2H4uY=
last-modified: Sat, 20 Jul 2019 18:01:05 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ioHKjYDTjOJ4RCE8AyfyeN4g69ly5S4poajwn2KClQesfBCKGXNZ2VfrorH7tLWMQaQdc%2FcZRPadmsDNLS6nXCbmvie4M0RGhqX7VovVOyWUk7D9lnTsnYaLpE7lc4DdUsstUFVxEJInZvgbLBO0iYC8rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7f2f969add471e0c-FRA
x-amz-cf-id: 9QahqkLMvEtd_FkZ8LYa1FR_USyTXZvlXY5WNql-D1665D9EsLPY4w==

GET
H2 200 Tungsten-Semibold.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/ 20 KB
20 KB 179ms
112ms Font
application/font-woff 2606:4700::6812:e0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/Tungsten-Semibold.woff
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ae4a0865523070959595a6df44d592fd924f6a8503d913a2cbfb81b5df45e62

Request headers

Referer: https://www.reversinglabs.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
via: 1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-28202642064,FD-5926386258,P-3375217,FLS-ALL
x-amz-version-id: zHy7ciep2n8U9dRoPSeIZ0ms5UoFs.HW
age: 1530035
x-amz-cf-pop: FRA56-P7
x-amz-server-side-encryption: AES256
x-amz-request-id: DKQKMC64TMN31TX7
edge-cache-tag: F-28202642064,FD-5926386258,P-3375217,FLS-ALL
cache-tag: F-28202642064,FD-5926386258,P-3375217,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-amz-id-2: 14bQIIfqwcVNDch3iUtYCZWwaDx98HU5XV7APzrWfgFgWL5g4/g74BTx4yQ8xoGEreBaSknA3997CKzXJ4zOIw==
last-modified: Fri, 10 Apr 2020 04:06:19 GMT
server: cloudflare
etag: W/"c4cba999623da66f241554c075076b87"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7f2f969b4dc037ec-FRA
x-amz-cf-id: 7xK0hL7YeM5WYlG3y0NqSk0PAmvjma1DM8gUWxUbcPo16eLX5tkfKA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 Tungsten-Book.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/ 21 KB
22 KB 173ms
106ms Font
application/font-woff 2606:4700::6812:e0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/Tungsten-Book.woff
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a5131ba88c40e02e211f48163838569b854a383f19817b94db2f4e83f5d044d

Request headers

Referer: https://www.reversinglabs.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
via: 1.1 d57321c5a82b3dd77cac9f75126ad63e.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-11651164052,FD-5926386258,P-3375217,FLS-ALL
x-amz-version-id: DhZpSF_okm4kqA3d5rsX6px.W1gW4AHr
age: 1508981
x-amz-cf-pop: DUS51-P3
x-amz-request-id: RG8HX3X62PZHM8CN
edge-cache-tag: F-11651164052,FD-5926386258,P-3375217,FLS-ALL
cache-tag: F-11651164052,FD-5926386258,P-3375217,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-amz-id-2: TyFIgpyp10KkcTyXsymZ1oFAFu8DVWHvxhaQxzR/okrpzKqvjIaSzJCw0J47reCmDXNilueQOds=
last-modified: Sun, 28 Jul 2019 19:57:28 GMT
server: cloudflare
etag: W/"ab8a234e214dd3506e9fada6b6eafdca"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7f2f969b5dc537ec-FRA
x-amz-cf-id: P-bMucSex69ntYfqxpRMXQfBsSw9udnpA0wZuEUSGKFIPeMTF_s8TQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 rl-icons.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversing_Labs_November%202018/Font/ 4 KB
5 KB 142ms
75ms Font
application/font-woff 2606:4700::6812:e0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversing_Labs_November%202018/Font/rl-icons.woff
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9103cd19fa0db417520474c8682d15529708804e7d5dcee981c8a19a7c083875

Request headers

Referer: https://www.reversinglabs.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
via: 1.1 a5010656f4f762c0fdffac3448496b86.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-6528836102,FD-6528836052,P-3375217,FLS-ALL
x-amz-version-id: 7Fg3.Df2IKZXcjymNQNOrpeZRI7DlXZ.
age: 1508981
x-amz-cf-pop: FRA56-P7
x-amz-server-side-encryption: AES256
x-amz-request-id: R5MVE6SWSY8DKNF4
edge-cache-tag: F-6528836102,FD-6528836052,P-3375217,FLS-ALL
cache-tag: F-6528836102,FD-6528836052,P-3375217,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-amz-id-2: dHGAg4ic3wq+7e6JX/8hK1mpiJfsSs7mI5Ec6A5imUcBv4NgHwgxetBx9YhI1/Gw+NA2Nspa0x0=
last-modified: Fri, 24 Apr 2020 14:40:36 GMT
server: cloudflare
etag: W/"97ca286c0b94878b6b2adf44559b6265"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7f2f969b5dc237ec-FRA
x-amz-cf-id: tK-QLciQRvJbE_WalyS7JKmDlMXI7psP5oRr0C4tirXGiwHGW0H_jg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 171ms
54ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 05 Aug 2023 02:35:09 GMT
x-content-type-options: nosniff
age: 209119
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 04 Aug 2024 02:35:09 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 184ms
67ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 04:06:52 GMT
x-content-type-options: nosniff
age: 290016
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Aug 2024 04:06:52 GMT

GET
H2 200 TungstenNarrow-Medium.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/ 21 KB
21 KB 137ms
70ms Font
application/font-woff 2606:4700::6812:e0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/TungstenNarrow-Medium.woff
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70d1119d232eb54079a766d9e1564320f2c20e6e71683e31edf766c26e9c678e

Request headers

Referer: https://www.reversinglabs.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
via: 1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-10570558853,FD-5926386258,P-3375217,FLS-ALL
x-amz-version-id: HmXdIK8Bc_0fkfivtLAcWmXE077h5rsG
age: 1641259
x-amz-cf-pop: FRA56-C1
x-amz-request-id: DMSNG1T10D43AHM6
edge-cache-tag: F-10570558853,FD-5926386258,P-3375217,FLS-ALL
cache-tag: F-10570558853,FD-5926386258,P-3375217,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-id-2: E8flbJekUa8b/h9rjl/RJ8jLL/VAHbSHMBoyD0BVAJG8CjhWSrmtAIHpmJljCsIqQjtk4qjy8U8=
last-modified: Tue, 18 Jun 2019 15:58:22 GMT
server: cloudflare
etag: W/"650100235aa1598769f1744ec1674c39"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7f2f969b5dc337ec-FRA
x-amz-cf-id: GEyqU_SnSNfocitRa8CkbGR9JnIyQnEHnijJ4zi0Y8RVxKvwvywViQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 275ms
158ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 15:22:55 GMT
x-content-type-options: nosniff
age: 249453
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Aug 2024 15:22:55 GMT

GET
H2 200 Tungsten-Medium.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/ 19 KB
19 KB 151ms
85ms Font
application/font-woff 2606:4700::6812:e0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/Tungsten-Medium.woff
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84240275eed2746f9d66bb0a5f46915d74ba6a7c6e210ba4634a16e03ca54270

Request headers

Referer: https://www.reversinglabs.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
via: 1.1 f2fa38e6635ded6d22a69d089217bc90.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-10570055973,FD-5926386258,P-3375217,FLS-ALL
x-amz-version-id: 8RS6BKpEUu5kELkbXI3oOka23XcEIvrY
age: 1641259
x-amz-cf-pop: FRA56-C1
x-amz-request-id: CFG5FJ4AS27FFX2Z
edge-cache-tag: F-10570055973,FD-5926386258,P-3375217,FLS-ALL
cache-tag: F-10570055973,FD-5926386258,P-3375217,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-id-2: cWAv1Nh7c3b7JoOcA4dbQjP2r8Sig5PUEfpyeTD3Yw4qgZqNYe3CF2r3neJJpyLZQ4vdkaQhGJc=
last-modified: Tue, 18 Jun 2019 15:58:23 GMT
server: cloudflare
etag: W/"e62b1278f1fdeb9765b266aa18905620"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7f2f969b5dc437ec-FRA
x-amz-cf-id: xQlXHyfEfIR-cwsZfWcg_vyoXnFt3_kV17TsiRQJcxyzBv09ow1poQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2
fonts.gstatic.com/s/roboto/v30/ 17 KB
17 KB 251ms
134ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb8007225d94a099cddbade7ea904667c0dd0b68d5e30778e5c6257589ab94d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 03:37:34 GMT
x-content-type-options: nosniff
age: 291774
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17508
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Aug 2024 03:37:34 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 231ms
114ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 05 Aug 2023 13:37:19 GMT
x-content-type-options: nosniff
age: 169389
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 04 Aug 2024 13:37:19 GMT

GET
H2 200 Tungsten-Light.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/ 21 KB
22 KB 91ms
87ms Font
application/font-woff 2606:4700::6812:e0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/Tungsten-Light.woff
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ac9f879f23b53c0856f5a719a5d2913f2890b5e06b60a8879945c245080fc52

Request headers

Referer: https://www.reversinglabs.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
via: 1.1 d57321c5a82b3dd77cac9f75126ad63e.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-11651159874,FD-5926386258,P-3375217,FLS-ALL
x-amz-version-id: oZWO71JPrAMaAkHUdMvYTNjF0GR2Ck4O
age: 1508981
x-amz-cf-pop: DUS51-P3
x-amz-request-id: 4712TDQGTQ9MMKW6
edge-cache-tag: F-11651159874,FD-5926386258,P-3375217,FLS-ALL
cache-tag: F-11651159874,FD-5926386258,P-3375217,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-amz-id-2: NbXygyXdta6gXX7xBoMzZYrKM7H0v6h4JCVDVgx+4DiZuSJnxSdiLCyY4/o7n6FB959p0bKzqyw=
last-modified: Sun, 28 Jul 2019 19:57:28 GMT
server: cloudflare
etag: W/"100aa5d32672286f544f73831e764ee1"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7f2f969b5dc637ec-FRA
x-amz-cf-id: mtZkq1cFA7NXX-imu0-u8Kv-H41n3sTlfsZoD4H6JYZr1tsHq2L-7w==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 VMConnect-Blog.jpg
www.reversinglabs.com/hs-fs/hubfs/Blog/ 152 KB
152 KB 67ms
66ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/VMConnect-Blog.jpg?width=1400&height=732&name=VMConnect-Blog.jpg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b99e57a180459ef9973b9bb3f41ce4a28c015ac31ec686c087bf21f42d366608

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 4066580ab3ec717b57597f204d9bb30e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-127998140035,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 155290
cf-resized: internal=ok/m q=0 n=902+0 c=21+117 v=2023.7.3 l=155290
last-modified: Wed, 02 Aug 2023 12:32:32 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfNOMcKaoDQTmxnUSgND4a2FbXsvDsvdffkG1yWKzcDQ:7a382c8e2e8d51d238303bd14e4a96b4"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z5ge22N%2B%2FjHXjUFyweZ9tQZGHBZtboeVEZ8zZOujyq0XyEFde655yw%2BRpbzuDVE0W5ECsoFO0p9J9YeQobJKpUCxFwer3xjU7oHaCQKe5IRmgRrRxUcFoDDGAPKxYaXk9OggGUCiHXPEfbup0Ja4rP4dCA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f969b5e101e0c-FRA

GET
H3 200 vmconnect-blog-figure3-config.png
www.reversinglabs.com/hs-fs/hubfs/Blog/ 39 KB
40 KB 75ms
74ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure3-config.png?width=570&height=226&name=vmconnect-blog-figure3-config.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e4d408ece6803ecb0c2356f7c16a9e1acdbf01228830ac38274ec1ada687e36

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 fa87f2173bfe5d35fd73cec71ab12a32.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-128372297775,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 40172
cf-resized: internal=ok/m q=0 n=840+0 c=0+26 v=2023.7.3 l=40172
last-modified: Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfKEFYek-osWhpe5X8gXArZyh18sSmAPwuejBK1TPFDQ:a4db244b42098e0fbad80bc9b9c81d06"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HlvYUs0I4vcamJDp903LEhB%2BtFHHJrATWtyf9IpWs5MwHDmc9m1bkGEqfgeb04xgns70eg8CFafAScrMjPmh5o8rPwIlbzPE6ZnlXIxmXWb6z%2BwIyWdtEF3ieZOBDPMbEzKeB8lDEOnmIC%2BClQQy3Jj1RA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f2f969b5e131e0c-FRA

GET
H3 200 json Show response
www.reversinglabs.com/_hcms/forms/embed/v3/form/3375217/24abef2a-a2f4-4889-8899-dd4026584fa9/ 16 KB
4 KB 195ms
195ms XHR
application/json 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/_hcms/forms/embed/v3/form/3375217/24abef2a-a2f4-4889-8899-dd4026584fa9/json?hs_static_app=forms-embed&hs_static_app_version=1.3512&X-HubSpot-Static-App-Info=forms-embed-1.3512

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

23a2e2d1bf6093626ba9c1698f07134b1ce1b3fe0aeb94c937ebdcb7fe7dad8f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-origin-hublet: na1
date: Mon, 07 Aug 2023 12:40:28 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9fc294db-70b4-4724-8fbf-de5e5112495d
content-encoding: br
x-envoy-upstream-service-time: 37
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9fc294db-70b4-4724-8fbf-de5e5112495d
server: cloudflare
x-trace: 2BA3C597D3916E9EF029D8122F1343463FDE7D9D9B000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-759c64d45c-zlsgj
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2B2WZOpAQd4e7cWPL8d6udnLYbOUk3XB%2FODOnghiHxVDSlEIWS8tkb59tzxamWRcWelE%2B1BJMftqOlyBqjdvekIOpw0YJOfduRsrD52kuYIFlY8%2FRE0%2FD%2By%2FRu9pAtAXZbiDwJzR6i%2FF1CuVQ5YSdX37JQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7f2f969bbeb31e0c-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H2 200 JrRu3vUM8j33QSR7Bwxw Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 245ms
176ms Script
text/javascript 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/JrRu3vUM8j33QSR7Bwxw

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

8344291d1321d09d668eaf963e67257d8a44ae16f9dd1cb7a2c34a9fd2f92e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7f2f969c28728ffb-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok
alt-svc: h3=":443"; ma=86400

GET
H3 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 29ms
29ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

415f1b24f09d34ace4333cdd8a1a2ed4c0f74db2f4f6c76967f1a5555e87d0cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 07 Aug 2023 12:40:28 GMT
content-md5: DLCVo6WkK1ZtNv/uaQ4nsQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1687
x-fb-debug: oFLu+b+GFRaykMOoC+HuMT7vhouHDN4Cy+VvIan8YA/fn1IQh/XqguYsTk57ddDJ7lYbqBgCdLC6kZkcl27eEw==
x-fb-content-md5: b9ecef98197cb0ee143ebb1d276d6a97
cross-origin-opener-policy: same-origin-allow-popups
etag: "549b037e1884b8c7f4948f0b57aab044"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Mon, 07 Aug 2023 12:42:40 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 194ms
48ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6F88) /
Resource Hash: 392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Mon, 07 Aug 2023 12:40:28 GMT
Content-Encoding: gzip
Age: 441
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27630
Last-Modified: Tue, 24 Jan 2023 21:41:51 GMT
Server: ECS (pab/6F88)
Etag: "9e99725b7a4cd730a934afba2a438bb5+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 89ms
29ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1076912843267184&ev=Lead&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&rl=&if=false&ts=1691412028748&sw=1600&sh=1200&v=2.9.121&r=stable&ec=0&o=30&fbp=fb.1.1691412028747.188521053&it=1691412028537&coo=false&exp=a1&rqm=GET

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 07 Aug 2023 12:40:28 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
1003 B 259ms
191ms Script
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=3375217&callback=jsonpHandler

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 6cbc301d-d9ca-4693-8618-645369090e32
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=7f2f969c684d03d0&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 6cbc301d-d9ca-4693-8618-645369090e32
server: cloudflare
x-trace: 2BF5EDAB24ADE69862CF02A80F7CA83743F870E5DF000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-xhv87
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 7f2f969c684d03d0-FRA

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 204 3176008 Show response
vc.hotjar.io/sessions/ 0
257 B 128ms
55ms XHR
text/plain 18.66.112.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/3176008?s=0.25&r=0.06365633485354616
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.92ff9978854791af68a7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-19.fra56.r.cloudfront.net
Software: Python/3.8 aiohttp/3.8.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
via: 1.1 0341da327f4c4c49034aa07ebeeab1f0.cloudfront.net (CloudFront)
server: Python/3.8 aiohttp/3.8.4
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-id: jrhLa2cJoREAoI15XZ_dAfaikaKkJxLCMEujlHw7jNme2SkZVU958Q==

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 96ms
35ms Script
application/javascript 2606:4700::6810:77be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:77be , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e10ce26ead0eca58cd5346843538415611b745bfd29825322efad56424a4c911

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
x-amz-version-id: aAzOiTTzU7.XykyGrcpmeR7PTeB2LyLv
via: 1.1 dfc1931cc62ecd4133c2b9bdae1bb476.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 64
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.387/bundles/pixels-release.js&cfRay=7f2f95072b6a92a1-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 6d901185-5d61-4545-bfef-d3590c4bb619
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 6d901185-5d61-4545-bfef-d3590c4bb619
last-modified: Tue, 18 Jul 2023 03:27:27 UTC
server: cloudflare
etag: W/"784f994871e489c9943a65326d43e875"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-qrxbq
cf-ray: 7f2f969cbee9bb41-FRA
x-amz-cf-id: EwQqSqbZ4JBrZOGNbcVGFXL2HilzvKgp5XcWXTLgDt6OegJ7xDX8rw==
x-hs-target-asset: adsscriptloaderstatic/static-1.387/bundles/pixels-release.js

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 76 KB
22 KB 100ms
35ms Script
application/javascript 2606:4700::6811:65ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:65ac , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a949852daa2fe2be0d5e7dfbf2d0edf71121b49a82b1d82992aa8aa9b7c2d9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
x-amz-version-id: ODJS4by7FZvkpoRvjuP9B12j3hHA63aR
via: 1.1 3042bd56e0ca0a7910df89f6b5e95e9e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 429
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.13717/bundles/project.js&cfRay=7f2f8c1eca4c9be6-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 608704e7-f5cb-431d-b92b-e86950dc4e81
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 608704e7-f5cb-431d-b92b-e86950dc4e81
last-modified: Tue, 01 Aug 2023 04:58:19 UTC
server: cloudflare
etag: W/"99645c9c8dd31a70b2127da46f42c10f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-qrxbq
cf-ray: 7f2f969ccf699b8c-FRA
x-amz-cf-id: O0yaN9pPN2KzNZZS-gu1S0ujI8PupcpaU0GFKxQOtsqGNtkHKuOV9w==
x-hs-target-asset: conversations-embed/static-1.13717/bundles/project.js

GET
H2 200 3375217.js Show response
js.hs-banner.com/ 60 KB
16 KB 106ms
42ms Script
text/javascript 2606:4700::6812:18c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/3375217.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c50dd5c1727efe22037460b8eaa121b22932d39ab13865d1ecf5b8372d2da4d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
x-amz-version-id: bw3Z1oFRilBSp2nJoqwzp68d0FJwmW7g
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: ZE9ZA2XMZ9R2P0FC
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
age: 44
x-envoy-upstream-service-time: 33
x-amz-id-2: 2rYy2Ei18G6l1vPHNaIQ4X63DSiITXtDHotBrTZpYZ5oRUbQiKeuWKopmWcSfHfbqjhSF6g/j28=
x-evy-trace-listener: listener_https
x-request-id: b28c873d-670f-437c-9ff5-2f1ebdadfd29
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 31 May 2023 09:21:10 GMT
server: cloudflare
etag: W/"4f3650703a78045f1ac9ea0084ff242e"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-2sbs7
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7f2f969ccd263837-FRA
expires: Mon, 07 Aug 2023 12:44:44 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 98ms
34ms Script
application/javascript 2606:4700::6811:6bc7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:6bc7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f54b61a120e0240c98428d76beab031099f4f0379cbc623de071277255088fdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-encoding: br
age: 542
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.380/bundles/project.js&cfRay=7f2f895d39cf3a4f-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"85b7f9af32b27bd6cc93e80bfb2911df"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: collected-forms-embed-js/static-1.380/bundles/project.js
date: Mon, 07 Aug 2023 12:40:28 GMT
x-amz-version-id: 3rNMTio6eswfsQ6sgXOFNNmyULDAVi34
via: 1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: e8b3df4c-3060-41aa-8bb5-b5a09275e5a6
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-evy-trace-route-configuration: listener_https/all
x-request-id: e8b3df4c-3060-41aa-8bb5-b5a09275e5a6
last-modified: Mon, 10 Jul 2023 09:43:19 UTC
server: cloudflare
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-htvsg
cf-ray: 7f2f969ccd5f3a92-FRA
x-amz-cf-id: FJA-sDkXF2qUUcKMmRQuiR55Q0F326J_8dSf-_QfD-yvFAu423w0OQ==

GET
H2 200 3375217.js Show response
js.hs-analytics.net/analytics/1691412000000/ 66 KB
21 KB 104ms
40ms Script
text/javascript 2606:4700::6810:8cce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1691412000000/3375217.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8cce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff5b2a04410456da0a8e7d8a4db3eacf62ab980e163a500b81781ea6c5b0a73b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: G1QWTWGV3MMQMSJ0
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 8bb67acb-2464-408a-bcc6-4e5cd0004f45
age: 6
x-envoy-upstream-service-time: 17
x-amz-id-2: FZOm0yMCVFLKRCALK2xUgjK8QidA0umXmZVxl8F1iRURVFZe2JcQMvWZIZblRy0Pe0zAX9E03x4=
x-evy-trace-listener: listener_https
x-request-id: 8bb67acb-2464-408a-bcc6-4e5cd0004f45
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 20 Jul 2023 15:57:16 GMT
server: cloudflare
etag: W/"a3ab9dab97e068beca49a0d2808f012f"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-9vnjb
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 7f2f969cccc51909-FRA
expires: Mon, 07 Aug 2023 12:45:22 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 540 KB
86 KB 100ms
36ms Script
application/javascript 2606:4700::6811:816e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:816e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96ea6b1e986879257e104371bf5f0cb0bf2bb9957a1aa73fa9df8be99aeeb157

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-encoding: br
age: 19998
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1232/bundle/main/lead-flows-release.js&cfRay=7f2dae5e2fec4d67-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"039461df2d1d43031520c7d3a853f79e"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1232/bundle/main/lead-flows-release.js
date: Mon, 07 Aug 2023 12:40:28 GMT
x-amz-version-id: RIqU3aMZg9szNHjfbC8NSxVkuKgO4.TB
via: 1.1 3d4bfc42e9575ee1f9559241c9e3f464.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: fcf07ae0-52f3-41dd-bf4c-727060a17347
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 6
x-evy-trace-route-configuration: listener_https/all
x-request-id: fcf07ae0-52f3-41dd-bf4c-727060a17347
last-modified: Thu, 03 Aug 2023 01:17:49 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-ksc82
cf-ray: 7f2f969cc8124dc3-FRA
x-amz-cf-id: Q5dNdzO_oFcq3EsSoP-v7sW0JoHapfgOmGgptAXlM-NF87dwYlkPLg==

GET
H2 200 6si.min.js Show response
j.6sc.co/ 48 KB
14 KB 147ms
32ms Script
application/javascript 23.38.98.66
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.38.98.66 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-38-98-66.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

ae3536ecd79c98f87387cee9060be3053e0eb8fe0871e7336554812ef8138772

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 12:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 20 Jul 2023 16:27:10 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "64b9605e-bf6f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 14190
expires: Mon, 07 Aug 2023 12:40:28 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 177ms
54ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 07 Aug 2023 11:49:45 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 3044
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 07 Aug 2023 13:49:45 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 90ms
30ms Script
application/x-javascript 2a02:26f0:480:f::213:7ecb
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ecb Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 Jul 2023 09:07:54 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=64381
accept-ranges: bytes
content-length: 4862

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 23 KB
8 KB 92ms
28ms Script
application/javascript 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:29 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 15 Jun 2023 20:49:59 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "4a205643a240cb95fa82289d62b5af7e"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 7409

GET
H2 200 site-script.js Show response
cdn.metadata.io/ 6 KB
2 KB 116ms
29ms Script
application/javascript 2600:9000:223c:2a00:9:d7d4:1380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.metadata.io/site-script.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:2a00:9:d7d4:1380:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

1d4548c03b28521204ab490e46b39179b8fa196998d45215a24602306b662ab5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-amz-version-id: FA0kpUmjH6379n6SM2OzYViu4FNXSGFq
content-encoding: gzip
via: 1.1 7ed0982309781d390a105a3ead66dbfa.cloudfront.net (CloudFront)
date: Mon, 07 Aug 2023 00:08:40 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: FRA56-P2
age: 45110
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 04 Aug 2023 00:07:57 GMT
server: AmazonS3
etag: W/"2963b0a1258588f130235cbdfe809b88"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-amz-cf-id: pjVOmoeU347vlJQYAejxzV1zTWDY1xSnfMOFE1wqX9EZL63EVlwKJQ==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 279 KB
94 KB 76ms
76ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8d3225dafa22e21c74e720deeb3fde4de1235b6f0355955263d874582e9d1c24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 95846
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 07 Aug 2023 12:40:28 GMT

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/91aab57be1f94ec2a2ef647592767813/ 43 B
423 B 523ms
127ms Image
image/gif 52.21.20.174
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/91aab57be1f94ec2a2ef647592767813/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.21.20.174 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-21-20-174.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Mon, 07 Aug 2023 12:40:29 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Server: nginx
Connection: keep-alive
Content-Length: 43
X-Q-Stat: ,8866f54c852438e046dc56979ac25b68,10.0.0.113,57610,193.32.248.245,,143383428109,1,1691412029.415,0.001,,.,0,0,0.000,0.004,-,0,0,197,131,65,10,34729,,,,,,-,
Content-Type: image/gif

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 29ms
28ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1076912843267184&ev=PageView&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&rl=&if=false&ts=1691412028872&sw=1600&sh=1200&v=2.9.121&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1691412028747.188521053&it=1691412028537&coo=false&exp=a1&rqm=GET

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 07 Aug 2023 12:40:28 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 rl-icons.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversing_Labs_November%202018/Font/ 4 KB
5 KB 55ms
54ms Other
application/font-woff 2606:4700::6812:e0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversing_Labs_November%202018/Font/rl-icons.woff
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9103cd19fa0db417520474c8682d15529708804e7d5dcee981c8a19a7c083875

Request headers

Referer: https://www.reversinglabs.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
via: 1.1 a5010656f4f762c0fdffac3448496b86.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-6528836102,FD-6528836052,P-3375217,FLS-ALL
x-amz-version-id: 7Fg3.Df2IKZXcjymNQNOrpeZRI7DlXZ.
age: 1508981
x-amz-cf-pop: FRA56-P7
x-amz-server-side-encryption: AES256
x-amz-request-id: R5MVE6SWSY8DKNF4
edge-cache-tag: F-6528836102,FD-6528836052,P-3375217,FLS-ALL
cache-tag: F-6528836102,FD-6528836052,P-3375217,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-amz-id-2: dHGAg4ic3wq+7e6JX/8hK1mpiJfsSs7mI5Ec6A5imUcBv4NgHwgxetBx9YhI1/Gw+NA2Nspa0x0=
last-modified: Fri, 24 Apr 2020 14:40:36 GMT
server: cloudflare
etag: W/"97ca286c0b94878b6b2adf44559b6265"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7f2f969cd83937ec-FRA
x-amz-cf-id: tK-QLciQRvJbE_WalyS7JKmDlMXI7psP5oRr0C4tirXGiwHGW0H_jg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 Tungsten-Light.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/ 21 KB
21 KB 62ms
62ms Other
application/font-woff 2606:4700::6812:e0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/Tungsten-Light.woff
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ac9f879f23b53c0856f5a719a5d2913f2890b5e06b60a8879945c245080fc52

Request headers

Referer: https://www.reversinglabs.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
via: 1.1 d57321c5a82b3dd77cac9f75126ad63e.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-11651159874,FD-5926386258,P-3375217,FLS-ALL
x-amz-version-id: oZWO71JPrAMaAkHUdMvYTNjF0GR2Ck4O
age: 1508981
x-amz-cf-pop: DUS51-P3
x-amz-request-id: 4712TDQGTQ9MMKW6
edge-cache-tag: F-11651159874,FD-5926386258,P-3375217,FLS-ALL
cache-tag: F-11651159874,FD-5926386258,P-3375217,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-amz-id-2: NbXygyXdta6gXX7xBoMzZYrKM7H0v6h4JCVDVgx+4DiZuSJnxSdiLCyY4/o7n6FB959p0bKzqyw=
last-modified: Sun, 28 Jul 2019 19:57:28 GMT
server: cloudflare
etag: W/"100aa5d32672286f544f73831e764ee1"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7f2f969ce83c37ec-FRA
x-amz-cf-id: mtZkq1cFA7NXX-imu0-u8Kv-H41n3sTlfsZoD4H6JYZr1tsHq2L-7w==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 Tungsten-Book.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/ 21 KB
22 KB 56ms
55ms Other
application/font-woff 2606:4700::6812:e0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/Tungsten-Book.woff
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a5131ba88c40e02e211f48163838569b854a383f19817b94db2f4e83f5d044d

Request headers

Referer: https://www.reversinglabs.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
via: 1.1 d57321c5a82b3dd77cac9f75126ad63e.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-11651164052,FD-5926386258,P-3375217,FLS-ALL
x-amz-version-id: DhZpSF_okm4kqA3d5rsX6px.W1gW4AHr
age: 1508981
x-amz-cf-pop: DUS51-P3
x-amz-request-id: RG8HX3X62PZHM8CN
edge-cache-tag: F-11651164052,FD-5926386258,P-3375217,FLS-ALL
cache-tag: F-11651164052,FD-5926386258,P-3375217,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-amz-id-2: TyFIgpyp10KkcTyXsymZ1oFAFu8DVWHvxhaQxzR/okrpzKqvjIaSzJCw0J47reCmDXNilueQOds=
last-modified: Sun, 28 Jul 2019 19:57:28 GMT
server: cloudflare
etag: W/"ab8a234e214dd3506e9fada6b6eafdca"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7f2f969ce83d37ec-FRA
x-amz-cf-id: P-bMucSex69ntYfqxpRMXQfBsSw9udnpA0wZuEUSGKFIPeMTF_s8TQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 Tungsten-Medium.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/ 19 KB
19 KB 56ms
55ms Other
application/font-woff 2606:4700::6812:e0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/Tungsten-Medium.woff
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84240275eed2746f9d66bb0a5f46915d74ba6a7c6e210ba4634a16e03ca54270

Request headers

Referer: https://www.reversinglabs.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
via: 1.1 f2fa38e6635ded6d22a69d089217bc90.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-10570055973,FD-5926386258,P-3375217,FLS-ALL
x-amz-version-id: 8RS6BKpEUu5kELkbXI3oOka23XcEIvrY
age: 1641259
x-amz-cf-pop: FRA56-C1
x-amz-request-id: CFG5FJ4AS27FFX2Z
edge-cache-tag: F-10570055973,FD-5926386258,P-3375217,FLS-ALL
cache-tag: F-10570055973,FD-5926386258,P-3375217,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-id-2: cWAv1Nh7c3b7JoOcA4dbQjP2r8Sig5PUEfpyeTD3Yw4qgZqNYe3CF2r3neJJpyLZQ4vdkaQhGJc=
last-modified: Tue, 18 Jun 2019 15:58:23 GMT
server: cloudflare
etag: W/"e62b1278f1fdeb9765b266aa18905620"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7f2f969ce84037ec-FRA
x-amz-cf-id: xQlXHyfEfIR-cwsZfWcg_vyoXnFt3_kV17TsiRQJcxyzBv09ow1poQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 TungstenNarrow-Medium.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/ 21 KB
21 KB 51ms
51ms Other
application/font-woff 2606:4700::6812:e0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/TungstenNarrow-Medium.woff
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70d1119d232eb54079a766d9e1564320f2c20e6e71683e31edf766c26e9c678e

Request headers

Referer: https://www.reversinglabs.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:28 GMT
via: 1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-10570558853,FD-5926386258,P-3375217,FLS-ALL
x-amz-version-id: HmXdIK8Bc_0fkfivtLAcWmXE077h5rsG
age: 1641259
x-amz-cf-pop: FRA56-C1
x-amz-request-id: DMSNG1T10D43AHM6
edge-cache-tag: F-10570558853,FD-5926386258,P-3375217,FLS-ALL
cache-tag: F-10570558853,FD-5926386258,P-3375217,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-id-2: E8flbJekUa8b/h9rjl/RJ8jLL/VAHbSHMBoyD0BVAJG8CjhWSrmtAIHpmJljCsIqQjtk4qjy8U8=
last-modified: Tue, 18 Jun 2019 15:58:22 GMT
server: cloudflare
etag: W/"650100235aa1598769f1744ec1674c39"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7f2f969ce84237ec-FRA
x-amz-cf-id: GEyqU_SnSNfocitRa8CkbGR9JnIyQnEHnijJ4zi0Y8RVxKvwvywViQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
1016 B 218ms
157ms Image
image/gif 2606:4700::6811:d2f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d2f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Mon, 07 Aug 2023 12:40:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: b9bf7fea-625b-4f32-a4bc-fce4a48e3e79
x-envoy-upstream-service-time: 2
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b9bf7fea-625b-4f32-a4bc-fce4a48e3e79
Server: cloudflare
X-Trace: 2B506EC5C509E6A236B43E94F41A52A0746D1AAB64000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-759c64d45c-2ls4d
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7f2f969d8fca9c0c-FRA

GET
H3 200 all.js Show response
connect.facebook.net/en_GB/ 303 KB
85 KB 61ms
31ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=cd35d2383f802bc59f9d809c0e58770c

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

12c8e4eb0826656e26b370c3d2b26d918a04cb80a6c7a44f610127babdc9ca77

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 07 Aug 2023 12:40:29 GMT
content-md5: 3DqoxuqBhtIBN5hgT7uMPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87049
x-fb-debug: 8o9Gmd+6abdpo1ho90L/VQ9qqinTNbdClI2S/O2y396whs5Giv/Qdxh+xtpPkbLJKUrm3J1Vu++18kPGa6rSZw==
x-fb-content-md5: 26ad65b6f3ade4c043c190083a02b108
cross-origin-opener-policy: same-origin-allow-popups
etag: "0234788dce3479ba38689b20b799d686"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Tue, 06 Aug 2024 11:16:40 GMT

GET
H2 200 Tungsten-Semibold.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/ 20 KB
20 KB 52ms
51ms Other
application/font-woff 2606:4700::6812:e0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/Tungsten-Semibold.woff
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ae4a0865523070959595a6df44d592fd924f6a8503d913a2cbfb81b5df45e62

Request headers

Referer: https://www.reversinglabs.com/
Origin: https://www.reversinglabs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:29 GMT
via: 1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-28202642064,FD-5926386258,P-3375217,FLS-ALL
x-amz-version-id: zHy7ciep2n8U9dRoPSeIZ0ms5UoFs.HW
age: 1530036
x-amz-cf-pop: FRA56-P7
x-amz-server-side-encryption: AES256
x-amz-request-id: DKQKMC64TMN31TX7
edge-cache-tag: F-28202642064,FD-5926386258,P-3375217,FLS-ALL
cache-tag: F-28202642064,FD-5926386258,P-3375217,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-amz-id-2: 14bQIIfqwcVNDch3iUtYCZWwaDx98HU5XV7APzrWfgFgWL5g4/g74BTx4yQ8xoGEreBaSknA3997CKzXJ4zOIw==
last-modified: Fri, 10 Apr 2020 04:06:19 GMT
server: cloudflare
etag: W/"c4cba999623da66f241554c075076b87"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7f2f969d58e337ec-FRA
x-amz-cf-id: 7xK0hL7YeM5WYlG3y0NqSk0PAmvjma1DM8gUWxUbcPo16eLX5tkfKA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1017 B 220ms
151ms Image
image/gif 2606:4700::6811:d3f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d3f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Mon, 07 Aug 2023 12:40:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 8b3babe6-53d3-425d-885f-60882be8c70e
x-envoy-upstream-service-time: 11
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8b3babe6-53d3-425d-885f-60882be8c70e
Server: cloudflare
X-Trace: 2BA730A4D2436B3D697E8C8A798E3BC3BD171CBADC000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-759c64d45c-llkhw
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7f2f969dc83f9bc5-FRA

GET
H/1.1 200
OK widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html Show response
platform.twitter.com/widgets/ Frame DB2F 320 KB
104 KB 48ms
47ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.reversinglabs.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6FA4) /
Resource Hash: 4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 375326
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105435
Content-Type: text/html; charset=utf-8
Date: Mon, 07 Aug 2023 12:40:29 GMT
Etag: "95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (pab/6FA4)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H3 200 widget Show response
www.reversinglabs.com/_hcms/livechat/ 338 B
2 KB 181ms
181ms XHR
application/json 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/_hcms/livechat/widget?portalId=3375217&conversations-embed=static-1.13717&mobile=false&messagesUtk=5f19cd8f10e94beda72e89536ad6867f&traceId=5f19cd8f10e94beda72e89536ad6867f

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d8e30adfec247d61be8172549cc16e36bd1eb63859b8e818aa0f9965b4dcaef

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
accept-language: de-DE,de;q=0.9
X-HubSpot-Messages-Uri: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:29 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7bd13c9b-d6af-4849-8d97-eadc8d26082b
x-envoy-upstream-service-time: 8
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7bd13c9b-d6af-4849-8d97-eadc8d26082b
server: cloudflare
x-trace: 2B316E6F2B4C74F0C6CDC9FC3B1BA561BBB20DD668000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-598c95b5b7-gtcbx
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HNQdE0EU40hBIVlu4H7UaYpEK4850CQGp5%2Fj3ODQyhizR7bf10hxlYRUW2n5aHyZjGYOu1G1pJ1hXA78UA3U3PrHVnDd2YcWV3N4qZLkEyyOf9WE47vlqgpk31cDd5lh5qRrQ5F5fydhOuRu6Ke2qPRxXw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7f2f969d8a111e0c-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 115 B
1 KB 225ms
156ms XHR
application/json 2606:4700::6811:c9cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=3375217

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c9cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

95fbf2ab9776737534e11c42ed7370e97aa96be93bdda3783a252eab6d9a0e70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ed897c25-8c33-4b1e-819b-adbb543b7854
content-encoding: br
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ed897c25-8c33-4b1e-819b-adbb543b7854
server: cloudflare
x-trace: 2BA29698E6A248546C2DCFF6E3E5F594668A1403C6000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-598c95b5b7-4lp8p
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HrWbu06q6J%2F7Y5vhSf1rmfDw5N9Nkhpub6d%2B%2FXvFMwmpW7q5Y%2BpXB%2B3oiX%2BxI0xgd0azeT%2Fk7Dsrok0nNrShhm3nZPDw59T9UGvBMfzFnWQkzGr7%2FGzQItVzm%2Bd1k1LWjwZRnwbdejvTZxCh"}],"group":"cf-nel","max_age":604800}
cf-ray: 7f2f969df9939b8c-FRA
access-control-allow-headers: *

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/970567826/ 3 KB
2 KB 224ms
98ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/970567826/?random=1691412029094&cv=11&fst=1691412029094&bg=ffffff&guid=ON&async=1&gtm=45je3820&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&hn=www.googleadservices.com&frm=0&tiba=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&auid=1323319382.1691412029&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b500d003603f83f20b5eb963aa9e3eae02a7075d943a8188bb85ceb2797f34f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 12:40:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1389
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 100ms
36ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-JVM9Z1XQPL&gtm=45je3820&_p=1690305211&_gaz=1&cid=1178360728.1691412029&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1691412029&sct=1&seg=0&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&dt=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 12:40:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.reversinglabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
258 B 104ms
35ms Ping
text/plain 2a00:1450:400c:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-JVM9Z1XQPL&cid=1178360728.1691412029&gtm=45je3820&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 12:40:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.reversinglabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
258 B 95ms
34ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-JVM9Z1XQPL&gtm=45je3820&_p=1690305211&cid=1178360728.1691412029&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1691412029&sct=1&seg=0&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&dt=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&en=Hubspot%20Form%20-%20Listener&_c=1&_et=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 12:40:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.reversinglabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 94ms
35ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-JVM9Z1XQPL&gtm=45je3820&_p=1690305211&cid=1178360728.1691412029&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=3&sid=1691412029&sct=1&seg=0&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&dt=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&en=LinkedIn%20Insight&_c=1&_et=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 12:40:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.reversinglabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 91ms
35ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-JVM9Z1XQPL&gtm=45je3820&_p=1690305211&cid=1178360728.1691412029&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=4&sid=1691412029&sct=1&seg=0&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&dt=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&en=MetaData%20Script%20Landing%20page%20Conv&_c=1&_et=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 12:40:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.reversinglabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 35ms
35ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-JVM9Z1XQPL&gtm=45je3820&_p=1690305211&cid=1178360728.1691412029&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=5&sid=1691412029&sct=1&seg=0&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&dt=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&en=Reddit%20Conversion%20Tracking&_c=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 12:40:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.reversinglabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 204ms
82ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-JVM9Z1XQPL&cid=1178360728.1691412029&gtm=45je3820&aip=1&z=399530602

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 12:40:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 115 B
462 B 145ms
144ms XHR
application/json 2606:4700::6811:6bc7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=3375217&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:6bc7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb71e0d749623b7c583b86934740d866e5f6fc000204c6b3cb7dfe25a888cc60

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8b90246b-579b-4df6-9563-7ef942fd4c44
x-envoy-upstream-service-time: 2
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8b90246b-579b-4df6-9563-7ef942fd4c44
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-cxzff
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 7f2f969e5f833a92-FRA

GET
H2 200 settings Show response
syndication.twitter.com/ Frame DB2F 869 B
657 B 202ms
132ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=3d0d142b216e0e09a6cb979e8a539f0bddcfc5d7

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.reversinglabs.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-response-time: 103
date: Mon, 07 Aug 2023 12:40:28 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Mon, 07 Aug 2023 12:40:29 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 452b1412fa121f2c
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: 8552b1b4ff576d67c37c51968ea8d8e98b5b7bc019e3c2ad71d5300cccd19a81
content-length: 337

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/976924/domain/reversinglabs.com/ 36 B
368 B 99ms
29ms XHR
application/json 2600:9000:20eb:8800:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/976924/domain/reversinglabs.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:8800:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:01:18 GMT
content-encoding: gzip
via: 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 2351
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=39449
x-amz-cf-id: 4TOCRvmtK_qzYJvruoylW6zyOgS2N6y_uSklCX-LGctXAbED4L7hOg==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691412029200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&t...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691412029200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&t...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D976924%26time%3D1691412029200%26url%3Dhttps%253A%252F%252Fwww.reversinglabs.com%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691412029200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&t...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691412029200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&...

0
263 B

249ms
176ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691412029200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLU2peh0U3dQQAAAYnQA2NnVZu47UCm4muKxbCArwFx6bwZG8cb1IKYKF8FgogPUOc5vDP1
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:29 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 1F7DBF421CA247C2810B0114725309E0 Ref B: FRAEDGE2015 Ref C: 2023-08-07T12:40:30Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYCVI0/7ue0OOC97wwgJQ==

Redirect headers

date: Mon, 07 Aug 2023 12:40:29 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 1AD90A002C2142CFB35A8A55E060C2BE Ref B: FRAEDGE1718 Ref C: 2023-08-07T12:40:30Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691412029200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLU2peh0U3dQQAAAYnQA2NnVZu47UCm4muKxbCArwFx6bwZG8cb1IKYKF8FgogPUOc5vDP1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYCVI08LQjc2pM4FXiP0Q==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/976924/domain/reversinglabs.com/ 36 B
367 B 99ms
30ms XHR
application/json 2600:9000:20eb:8800:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/976924/domain/reversinglabs.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:8800:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:01:18 GMT
content-encoding: gzip
via: 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 2351
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=39449
x-amz-cf-id: XWP3GgbeuTXMD-iMq-ZsPLE7d2FsqytUvl4L6xZstqxr3NmqzSibXw==

GET
H2 200 / Show response
c.6sc.co/ 7 B
197 B 57ms
32ms XHR
text/html 23.38.98.66
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.98.66 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-38-98-66.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:29 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.reversinglabs.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 20 B
313 B 156ms
29ms XHR
text/html 2a02:26f0:480:22::1726:62ee
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:22::1726:62ee Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 46bf25777096ef50be3de3b3793ee7cf44f9912016c5553cb448844ad5d4003c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 12:40:29 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.reversinglabs.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a03:1b20:b:f011::4e
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1691412029285_389993774_155975014_21_837_28_0_219";dur=1
content-length: 20
expires: Mon, 07 Aug 2023 12:40:29 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 252ms
227ms Image
image/gif 23.38.98.66
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=416db922-ce9d-4ddf-844e-b6cb8b2cf3d8&session=98f2a5ff-990e-490c-8374-0f4747f0df15&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2007%20Aug%202023%2012%3A40%3A29%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Aug%202023%2012%3A40%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22125cf4892bae30e8b53458235ef53f8d%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Aug%202023%2012%3A40%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Aug%202023%2012%3A40%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReversingLabs%20threat%20researchers%20have%20identified%20a%20new%20malicious%20PyPI%20campaign%20that%20includes%20a%20suspicious%20VMConnect%20package%20published%20to%20the%20PyPI%20repo.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&pageViewId=42e0ba40-a9ff-420a-8a0d-3ecc8a682666&v=1.1.5

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.38.98.66 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-38-98-66.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:29 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 206ms
130ms Image
image/gif 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1691412029221&id=t2_neftrm6a&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=3603cd6d-ef02-4127-9dce-f9a3cd485bdc&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_f5bd31b2
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:29 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
225 B 62ms
61ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1690305211&t=pageview&_s=1&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&ul=en-us&de=UTF-8&dt=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1906895812&gjid=1696515786&cid=1178360728.1691412029&tid=UA-32828290-1&_gid=1900007417.1691412029&_r=1&_slc=1&gtm=45He3820n81MKL9P8B&z=810669944

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e5808455786f658eccda5e658ffcc1073d757dd9b70ea3c931fa7a36d583abbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 12:40:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.reversinglabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 8831 0
18 B 29ms
29ms Document
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.reversinglabs.com
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.reversinglabs.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 07 Aug 2023 12:40:29 GMT
priority: u=0,i
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 279 KB
94 KB 79ms
78ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-970567826

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4bb147385d4cf6208d0fea887b4afd6bce2645650a16e197d57d971ead6ac875

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:29 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 95901
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 07 Aug 2023 12:40:29 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 242 KB
81 KB 85ms
85ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6H8MZ60CSB&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d450143a0d23455278245568565d48ac7709efeb84504f9bd89873918ee6ebb6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:29 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83008
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 07 Aug 2023 12:40:29 GMT

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
626 B 216ms
181ms Image
image/gif 2606:4700::6811:d2f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:d2f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: efd3b2a8-6bad-4978-bb20-aa2274cdaa24
x-envoy-upstream-service-time: 31
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: efd3b2a8-6bad-4978-bb20-aa2274cdaa24
server: cloudflare
x-trace: 2BF595B9729C83D3D40524B2D8E9C17ECDA58D0FE5000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-759c64d45c-nt996
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 7f2f969f7dfb1c28-FRA

GET
H2 200 /
www.google.com/pagead/1p-user-list/970567826/ 42 B
455 B 201ms
78ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/970567826/?random=1691412029094&cv=11&fst=1691409600000&bg=ffffff&guid=ON&async=1&gtm=45je3820&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&frm=0&tiba=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4096938884&rmt_tld=0&ipr=y

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 12:40:29 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/970567826/ 42 B
154 B 71ms
70ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/970567826/?random=1691412029094&cv=11&fst=1691409600000&bg=ffffff&guid=ON&async=1&gtm=45je3820&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&frm=0&tiba=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4096938884&rmt_tld=1&ipr=y

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 12:40:29 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 226ms
225ms Image
image/gif 23.38.98.66
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=416db922-ce9d-4ddf-844e-b6cb8b2cf3d8&session=98f2a5ff-990e-490c-8374-0f4747f0df15&event=ipv6&q=%7B%22address%22%3A%222a03%3A1b20%3Ab%3Af011%3A%3A4e%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReversingLabs%20threat%20researchers%20have%20identified%20a%20new%20malicious%20PyPI%20campaign%20that%20includes%20a%20suspicious%20VMConnect%20package%20published%20to%20the%20PyPI%20repo.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&pageViewId=42e0ba40-a9ff-420a-8a0d-3ecc8a682666&v=1.1.5

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.38.98.66 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-38-98-66.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:29 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 35ms
34ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-6H8MZ60CSB&gtm=45je3820&_p=1690305211&gdid=dZTQ1Zm&ul=en-us&sr=1600x1200&cid=1178360728.1691412029&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=ABAI&_s=1&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&dt=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&sid=1691412029&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6H8MZ60CSB&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 12:40:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.reversinglabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 220ms
220ms Image
image/gif 23.38.98.66
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.38.98.66 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-38-98-66.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:30 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame FED3 0
182 B 148ms
44ms Document
text/html 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=7qhctws&ref=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&upid=8t4axvj&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-type: text/html
date: Mon, 07 Aug 2023 12:40:30 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
621 B 152ms
150ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2246696628&v=1.1&a=3375217&pi=128190968732&ct=blog-post&ccu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&cpi=128190968732&cgi=5901382633&lpi=128190968732&lvi=128190968732&lvc=en&pu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&t=VMConnect%3A+Malicious+PyPI+packages+imitate+popular+open+source+modules&cts=1691412030669&vi=6d1867634541ee5e0f493ea1e97297f2&nc=true&u=60854195.6d1867634541ee5e0f493ea1e97297f2.1691412030658.1691412030658.1691412030658.1&b=60854195.1.1691412030659&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 728b65b2-8747-4a64-b865-d51953d08866
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 9
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 728b65b2-8747-4a64-b865-d51953d08866
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4V8hJC%2Fh5sXZT%2F4iNXQJgzsXg%2FXpb4%2F7ZTPcJA%2F4nma3seVr4Xsd56w32e14kRZucS6FkfSqeqgDzzF%2BW%2FenLdSJECVjgYGeGQM5mvINH0fmkug7o09ltcFT0KMXDDm9LtElMkTvHjQfWoS7aY%2Bi"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-5f6448c676-xtt4j
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7f2f96a7dc0f03d0-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
443 B 166ms
164ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=24abef2a-a2f4-4889-8899-dd4026584fa9&fci=eca1a42c-4aa8-46af-aa08-30540979d78f&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2246696628&v=1.1&a=3375217&pi=128190968732&ct=blog-post&ccu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&cpi=128190968732&cgi=5901382633&lpi=128190968732&lvi=128190968732&lvc=en&pu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&t=VMConnect%3A+Malicious+PyPI+packages+imitate+popular+open+source+modules&cts=1691412030674&vi=6d1867634541ee5e0f493ea1e97297f2&nc=true&u=60854195.6d1867634541ee5e0f493ea1e97297f2.1691412030658.1691412030658.1691412030658.1&b=60854195.1.1691412030659&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 85a71cfe-8a8d-47b2-b642-09d6875ce20a
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 16
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 85a71cfe-8a8d-47b2-b642-09d6875ce20a
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cOqrr%2FDuv2g0Vw8U7Smzy%2BQxg0wnkkEUpdHFhcb9FWzkjb%2FXLARPb1lqdvK1j%2BvdYo2uwQQtWTyc%2BUIu99sxpNfzkk2bG9M22yr92dITC0D24uWk0CPFg5oKs2NHUw%2FTPg7UP1EXUPbE9pN4kT1H"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-5f6448c676-hp9v5
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7f2f96a7fc3a03d0-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
433 B 153ms
151ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=24abef2a-a2f4-4889-8899-dd4026584fa9&fci=eca1a42c-4aa8-46af-aa08-30540979d78f&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2246696628&v=1.1&a=3375217&pi=128190968732&ct=blog-post&ccu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&cpi=128190968732&cgi=5901382633&lpi=128190968732&lvi=128190968732&lvc=en&pu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&t=VMConnect%3A+Malicious+PyPI+packages+imitate+popular+open+source+modules&cts=1691412030678&vi=6d1867634541ee5e0f493ea1e97297f2&nc=true&u=60854195.6d1867634541ee5e0f493ea1e97297f2.1691412030658.1691412030658.1691412030658.1&b=60854195.1.1691412030659&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 3dc29c6e-dbd5-45fe-9e33-43d2aa27f706
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3dc29c6e-dbd5-45fe-9e33-43d2aa27f706
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m8StqO1hRe79pZvfpU05UvEkVlyo9zRLBPcpCF4gE4MoBypWCTfmBvjkmxpRCWtRrHhZEUTpw9bwuxXwnvJWoYhaim97iThkz67hEGrk26T8ha4Y3kKIR92rUtmyQfmuZmioiR8URDKxdhzpKBbs"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-5f6448c676-8bmqp
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7f2f96a7fc3d03d0-FRA
x-robots-tag: none

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
1 KB 264ms
198ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=3375217&utk=6d1867634541ee5e0f493ea1e97297f2&__hstc=60854195.6d1867634541ee5e0f493ea1e97297f2.1691412030658.1691412030658.1691412030658.1&__hssc=60854195.1.1691412030659&contentId=128190968732&currentUrl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f428e1b0b867401acbb15f323d0c240ef75f01723f5f1da428614d91a110a39d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ebdbe820-8dc3-4731-aba0-f438b8420c27
content-encoding: br
x-envoy-upstream-service-time: 34
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ebdbe820-8dc3-4731-aba0-f438b8420c27
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1COAdMJPybPzylbtm%2FU9G%2BIUwCTOMTmJ6og91p4eFfz7s1gEsWNvhtr2yRDVgCv1RqHwUVp6Q%2B0NsyvQ0f7wtoERadWuishvTre7bzA9xm4MmEi2bd6B76U0Lc8Au8ulKPUhuvI95I0UZWPDRSUc"}],"group":"cf-nel","max_age":604800}
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 7f2f96a8bf7d5c1a-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-759c64d45c-cxrpn

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 240ms
239ms Image
image/gif 23.38.98.66
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.38.98.66 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-38-98-66.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:31 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 232ms
231ms Image
image/gif 23.38.98.66
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.38.98.66 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-38-98-66.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:32 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 228ms
228ms Image
image/gif 23.38.98.66
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.38.98.66 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-38-98-66.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:33 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 220ms
220ms Image
image/gif 23.38.98.66
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.38.98.66 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-38-98-66.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:34 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 221ms
221ms Image
image/gif 23.38.98.66
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.38.98.66 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-38-98-66.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 12:40:35 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=416db922-ce9d-4ddf-844e-b6cb8b2cf3d8&session=98f2a5ff-990e-490c-8374-0f4747f0df15&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Aug%202023%2012%3A40%3A36%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Aug%202023%2012%3A40%3A35%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%227008%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReversingLabs%20threat%20researchers%20have%20identified%20a%20new%20malicious%20PyPI%20campaign%20that%20includes%20a%20suspicious%20VMConnect%20package%20published%20to%20the%20PyPI%20repo.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&pageViewId=42e0ba40-a9ff-420a-8a0d-3ecc8a682666&v=1.1.5

Verdicts & Comments Add Verdict or Comment

116 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

35 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.reversinglabs.com/	1970-01-20 13:50:13	Name: __cf_bm Value: mKB3mZGKILPUNMyOeoyyOoSToXlgTDsXlmqi0jmkEag-1691412028-0-Ad3B9k67NtK0eV560KP9Pj46crIY05l0T6+knOz+9xcviIDMSHA+jkFsfqfrOpY7STeVtHYSLmdEFlVbO6mVGPY=
.www.reversinglabs.com/	1969-12-31 23:59:59	Name: __cfruid Value: 60f666309260e3f1b526e53e106d3f554d794c0c-1691412028
.reversinglabs.com/	1970-01-20 15:59:48	Name: _fbp Value: fb.1.1691412028747.188521053
.reversinglabs.com/	1970-01-20 22:35:48	Name: _hjSessionUser_3176008 Value: eyJpZCI6IjRjYTg4YmM0LWNlZmEtNWY0Mi1hYmEwLWUxNzliNjJmOGJjNyIsImNyZWF0ZWQiOjE2OTE0MTIwMjg4MzYsImV4aXN0aW5nIjpmYWxzZX0=
.reversinglabs.com/	1970-01-20 13:50:13	Name: _hjFirstSeen Value: 1
.reversinglabs.com/	1970-01-20 13:50:12	Name: _hjIncludedInSessionSample_3176008 Value: 0
.reversinglabs.com/	1970-01-20 13:50:13	Name: _hjSession_3176008 Value: eyJpZCI6IjU2MGYwNTZkLTlhNjYtNDY1OS04OGI4LWY2ZGJkZTA3OTIwZSIsImNyZWF0ZWQiOjE2OTE0MTIwMjg4NDQsImluU2FtcGxlIjpmYWxzZX0=
.reversinglabs.com/	1970-01-20 13:50:13	Name: _hjAbsoluteSessionInProgress Value: 1
.reversinglabs.com/	1970-01-20 15:59:48	Name: _gcl_au Value: 1.1.1323319382.1691412029
.ws.zoominfo.com/	1970-01-20 22:35:48	Name: visitorId Value: f811cd8de8081e84090f687d6c0362aa83b8bf24418dfcef78c6e47bc4428867
.zoominfo.com/	1970-01-20 13:50:13	Name: __cf_bm Value: zm8XsYj6am7syOzaQyie.psZtSUwst9RyVILIWAVr90-1691412028-0-Ad/a9Q87j1qTqf2XarjxDFDji6yNVy98ILmKLk8voDc+jxt3XjCxD39I2o8CAxt0zp7V5u1d6MDDwzyUTRGOHIE=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: .VYH8hJGRGO6qUFzymsG3qMHJrK3I1hWAXcZMp281cc-1691412028965-0-604800000
.hubspot.com/	1970-01-20 13:50:13	Name: __cf_bm Value: 27g8_wLXMQ9V3JHJBDmdzvVA5W9YD8lqnEGSz1kBLjQ-1691412029-0-AXffGQlmYyEEfcUdghpVfZVgY/FS1wvj9yftK1qWpTEsUAf+WR3hfgxldt9/tv9WjxoWs7b+i6kziqfL10xM7oY=
.reversinglabs.com/	1970-01-20 23:26:12	Name: _ga_JVM9Z1XQPL Value: GS1.1.1691412029.1.0.1691412029.60.0.0
www.reversinglabs.com/	1970-01-20 23:26:12	Name: _gd_visitor Value: 416db922-ce9d-4ddf-844e-b6cb8b2cf3d8
www.reversinglabs.com/	1970-01-20 13:50:26	Name: _gd_session Value: 98f2a5ff-990e-490c-8374-0f4747f0df15
.reversinglabs.com/	1970-01-20 15:59:48	Name: _rdt_uuid Value: 1691412029220.3603cd6d-ef02-4127-9dce-f9a3cd485bdc
.reversinglabs.com/	1970-01-20 23:26:12	Name: _ga Value: GA1.2.1178360728.1691412029
.reversinglabs.com/	1970-01-20 13:51:38	Name: _gid Value: GA1.2.1900007417.1691412029
.reversinglabs.com/	1970-01-20 13:50:12	Name: _gat_UA-32828290-1 Value: 1
www.reversinglabs.com/	1970-01-20 13:51:38	Name: ln_or Value: eyI5NzY5MjQiOiJkIn0%3D
.doubleclick.net/	1970-01-20 13:50:12	Name: test_cookie Value: CheckForPermission
.reversinglabs.com/	1970-01-20 23:26:12	Name: _ga_6H8MZ60CSB Value: GS1.2.1691412029.1.0.1691412029.0.0.0
.6sc.co/	1970-01-20 23:26:12	Name: 6suuid Value: 82632617d76c00003de6d0643d02000095240000
.linkedin.com/	1970-01-20 15:59:48	Name: li_sugr Value: 9e514438-941b-45b6-80bb-5331ad75b66e
.linkedin.com/	1970-01-20 22:35:48	Name: bcookie Value: "v=2&78e3f4d8-b2a4-4d23-807a-b2ea94563a2b"
.linkedin.com/	1970-01-20 13:51:38	Name: lidc Value: "b=TGST09:s=T:r=T:a=T:p=T:g=2562:u=1:x=1:i=1691412029:t=1691498429:v=2:sig=AQH5RixQz9lbqK-_D5pLGkL0Zk9sXXpM"
.linkedin.com/	1970-01-20 14:33:24	Name: UserMatchHistory Value: AQLsRtzaHQlBMwAAAYnQA2IFOM0hjLLzVmrs9k9qmOyMqd7euvNLYMh0fVeMsjUdDXr-THgQUvFArQ
.linkedin.com/	1970-01-20 14:33:24	Name: AnalyticsSyncHistory Value: AQI37HwUJQzTaQAAAYnQA2IFErmcAfrQdelTxFMSrvrBCLrIK4gjYijquvSfoNoP42eKsNGncaS0XWMgVFgKAg
.www.linkedin.com/	1970-01-20 22:35:48	Name: bscookie Value: "v=1&2023080712403092114c45-f075-42eb-8406-9532c50bff8fAQGtbm8kVetKom9bFtifXAIBE99ec4Bd"
.linkedin.com/	1970-01-20 18:09:24	Name: li_gc Value: MTswOzE2OTE0MTIwMzA7MjswMjHDsNNwmgRgjXzcmm82uhZ8woVOVMNLj9Yk348+cESjWQ==
.reversinglabs.com/	1970-01-20 18:09:24	Name: __hstc Value: 60854195.6d1867634541ee5e0f493ea1e97297f2.1691412030658.1691412030658.1691412030658.1
.reversinglabs.com/	1970-01-20 18:09:24	Name: hubspotutk Value: 6d1867634541ee5e0f493ea1e97297f2
.reversinglabs.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.reversinglabs.com/	1970-01-20 13:50:13	Name: __hssc Value: 60854195.1.1691412030659

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3375217.fs1.hubspotusercontent-na1.net
alb.reddit.com
api.hubapi.com
app.hubspot.com
b.6sc.co
c.6sc.co
cdn.linkedin.oribi.io
cdn.metadata.io
cdn2.hubspot.net
cdnjs.cloudflare.com
connect.facebook.net
cookieinfoscript.com
fonts.googleapis.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
forms.hubspot.com
googleads.g.doubleclick.net
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js.adsrvr.org
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
js.usemessages.com
platform.linkedin.com
platform.twitter.com
play.vidyard.com
px.ads.linkedin.com
px4.ads.linkedin.com
q.quora.com
region1.analytics.google.com
region1.google-analytics.com
script.hotjar.com
snap.licdn.com
static.hotjar.com
static.hsappstatic.net
stats.g.doubleclick.net
syndication.twitter.com
track.hubspot.com
vc.hotjar.io
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
www.reversinglabs.com
b.6sc.co
104.244.42.200
13.107.42.14
13.227.219.3
151.101.129.181
151.101.193.140
18.66.112.19
2001:4860:4802:34::36
23.38.98.66
2600:9000:20eb:8800:2:53b2:240:93a1
2600:9000:223c:2a00:9:d7d4:1380:93a1
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:2c40::c73c:67e1
2606:4700::6810:77be
2606:4700::6810:8cce
2606:4700::6810:a852
2606:4700::6811:190e
2606:4700::6811:65ac
2606:4700::6811:6bc7
2606:4700::6811:816e
2606:4700::6811:c9cc
2606:4700::6811:d2f3
2606:4700::6811:d3f3
2606:4700::6812:18c4
2606:4700::6812:8e65
2606:4700::6812:cec9
2606:4700::6812:e0f
2606:4700::6813:9a53
2620:1ec:21::14
2a00:1450:4001:806::200a
2a00:1450:4001:809::2008
2a00:1450:4001:80e::2003
2a00:1450:4001:828::2003
2a00:1450:4001:830::200e
2a00:1450:4001:831::2002
2a00:1450:4001:831::2004
2a00:1450:400c:c06::9d
2a02:26f0:480:22::1726:62ee
2a02:26f0:480:f::213:7ecb
2a02:26f0:480:f::213:7ecd
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
2a04:4e42::396
2a06:98c1:3121::3
3.33.220.150
52.21.20.174
52.222.139.110
65.9.78.118
04245f85425b7978fbfd092971444a755772b93d9fb41f4c58f388e520403afd
09d01a00c23781420e6623249a514a995ea7dd8417159f308ca5391078243928
0ab31a97c236988bb6e415187b2197cdbf689664173015dffd6da8eb96b1626f
0d8e30adfec247d61be8172549cc16e36bd1eb63859b8e818aa0f9965b4dcaef
0f631dc190b0572010591fe489a4d434db77ce0ff6156e9e7e9aa745156c095c
12c8e4eb0826656e26b370c3d2b26d918a04cb80a6c7a44f610127babdc9ca77
130eb7bbe1dca232b6636767637e6bdc2a35fc2d412db3a601593d79c1d743a5
199a07091795dc18d5f648c8ae6ea323b953a6232f814e35c0217925de105a94
1a5131ba88c40e02e211f48163838569b854a383f19817b94db2f4e83f5d044d
1a5f6ffeb8930092b29aef8860e2c8ebbe25dd2dcdf70ab4b6b137c4b4592f70
1a949852daa2fe2be0d5e7dfbf2d0edf71121b49a82b1d82992aa8aa9b7c2d9b
1d4548c03b28521204ab490e46b39179b8fa196998d45215a24602306b662ab5
1d61384f0d5d8a3141df497b1b21ef098497db33d3de3a1b546fffaa36e89c78
23a2e2d1bf6093626ba9c1698f07134b1ce1b3fe0aeb94c937ebdcb7fe7dad8f
249d08c8fde3e1912f9d6d25ff14eed26f4adea29df815b794933eb133f8ec37
257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4
262c51d03e4bdb5c91511e2df131b608a522b7a96c6a89048ceb90084b3402dc
27215dede1579d37bcf4ab9ef8fc7d968bd02081c4e61d77837a9bb8f6ca9511
29d170b4f372603eff8bafec8eedd2dc57712f5e38b276f31c4a5295eeeb9de3
2e0e46665e34d5b09152a1ab9be9e89802f26f40b6e1a29780bf07ae94bc2376
2e5436b217fb1a7d9d2365cccfcc95e7483fcba03205c3a216d512302e982d4d
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
350dfd290fcaf704accd61883b7d6dd6e2fcb8d6f10c747ba96707c20bddc000
37eae8190baecf55f16575bf754238976116ad37b55f81e27db05743461cd507
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b
3ac9f879f23b53c0856f5a719a5d2913f2890b5e06b60a8879945c245080fc52
3c50dd5c1727efe22037460b8eaa121b22932d39ab13865d1ecf5b8372d2da4d
3dcf5ab0268e05f2e26960055d40e37a5ec0cb225dcc9da43f52967710cea56b
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
415f1b24f09d34ace4333cdd8a1a2ed4c0f74db2f4f6c76967f1a5555e87d0cc
46bf25777096ef50be3de3b3793ee7cf44f9912016c5553cb448844ad5d4003c
48caefba7197eca695349c196a4fb51a5998c8f3bd365988462d71e3c65a4b1d
4bb147385d4cf6208d0fea887b4afd6bce2645650a16e197d57d971ead6ac875
4bc7148ba69c82eccc86c4a9b90d4cf456d9129c9503ad143c8005735f3fb8ba
4ed697a94ae987ec690170223f411112068b61caf8678788cb4c37347249fd00
4fe6def01e693b4ff7f8a5baa5663c2b2eb7a228d7eb28ca379d255b640df211
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
589ec6096d83ed322d2e1cf7b85f978ecfe80dc19aab6ac106ef5e2352e32269
61ce08dbad99d88826d7e7d374b628662137c7893a943d6a541cf4b0455c5067
68858bf90cb3efb40b74dc096a0c14d3d7d8df522e30067cbee82f0640af2bab
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ba44383bc980179d0772e2785fdb088c71034b7c54607e739bc56c0e1002250
6e4d408ece6803ecb0c2356f7c16a9e1acdbf01228830ac38274ec1ada687e36
6ff2cb75e9629684295d538513cddd941b0bfa7072cd3c6536e6905f6fe921ff
70d1119d232eb54079a766d9e1564320f2c20e6e71683e31edf766c26e9c678e
716dcc9643502eb35aa1f08b4805ec1f377daad3e67c11f9d00d65c6fc6336cf
7426c1c0d2289ccde69718bb10ae44a1a6602702194410999afb700e1e580d94
753fec74228ab233e1072c50b50862ab6bc4d0cc917b48ba7eed7a3647e55304
77b1e37a44606f04534b026795250cfb8f06416adbe129533a6d855e9b573f67
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7b1ecc91aa14b48acb2f7655cc2f4285d7839ab8d239982d4473b02917cd55db
7d6d019be5fdd6ed212ab83345278024e52cb55e59e5a577644a58f1c29ae316
8344291d1321d09d668eaf963e67257d8a44ae16f9dd1cb7a2c34a9fd2f92e6e
84240275eed2746f9d66bb0a5f46915d74ba6a7c6e210ba4634a16e03ca54270
867e2af897e43a15b5cb0cbf905ba563964426f8707d602891643fe039aa2566
86bc7c25a3bf03fad86ce1733e1a562b1395d60635b29960b7b3f68aefa8bc7a
899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1
8ae4a0865523070959595a6df44d592fd924f6a8503d913a2cbfb81b5df45e62
8d3225dafa22e21c74e720deeb3fde4de1235b6f0355955263d874582e9d1c24
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8dc97419c862f91c4279fb9e2d9a0b7b9b63982ae1d3700a351ea1950c46f564
9103cd19fa0db417520474c8682d15529708804e7d5dcee981c8a19a7c083875
94e9a5e460eda83b3532d27cbb92a176ac95f1429ae89f9164d47a29d3370ee2
95fbf2ab9776737534e11c42ed7370e97aa96be93bdda3783a252eab6d9a0e70
96012ea1e665f4555d84592c02ed5ee2ae06ae12e7869c7878a9fb15cf2bd729
96ea6b1e986879257e104371bf5f0cb0bf2bb9957a1aa73fa9df8be99aeeb157
9a612c9ad7bdfdfeb71ed257ea676a5bca9db5694ee8a0f0c1f8a96330429ea3
9b78354357bc04de9fa52562968bad64ef1311b665cc6ea927d2ec08bcc82cd8
9e634b615e771259a6dc723ef2cda097c480ad26dc92faa6450c5e4e16e3288a
a9ff889aa2badd5dcf9989574fa2006fb183febc1685353d19bf1dd28ed7c1b2
abe603cadd5d178715e8d259697dd4470bf63c6ad1115eb0af8715c778640133
ae3536ecd79c98f87387cee9060be3053e0eb8fe0871e7336554812ef8138772
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b452e67d0f273f9147920b2ec0783838b1ee33727eb9c6fae0a7cff22bf0ac85
b500d003603f83f20b5eb963aa9e3eae02a7075d943a8188bb85ceb2797f34f8
b99e57a180459ef9973b9bb3f41ce4a28c015ac31ec686c087bf21f42d366608
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb8007225d94a099cddbade7ea904667c0dd0b68d5e30778e5c6257589ab94d1
bc595999f7c46e3f7a293c86fcc256c35467e9947bf0051464628416f1db14f0
be806513bf84af0e310b27e6d4c7eaa56119e06690c7b0bc50d728b7e82b3c9f
c44bc92eb78d7b1596789095812e8c24f5c3f9b4835318cf329204d1efc37abb
c7d36be0a73651297b0f6b15b1aa2e63a204489bb9c552c11e0cf7db771081d4
c889e86e6c42fc475d139233bc09a8fe599673cfeebe015bd3083cd1ea994e93
c9b277f813652ab4fc3476fe4b9771d2d29e10204caef39416ad8d30e45fc5a2
cafcf576874435cca6e41394ae820ab1573b83f8b405d10d3ff8add93614c8fe
cc3652de6720e88bb9378b09d34a2e807d1706b7a59a2d29903a68fa481759d5
cebbc0e23f1d58a574eab9a677d14629b3aa59a6fbfb0133feb3e03f0e43f754
d09af97ee06f58b7c0e071433e4f08dcfc244e3786639a601e31d3227418473a
d0f80d27eb235c529b6f87057ab7763ab82f8eb2396e8d40df573eb80e5364ec
d450143a0d23455278245568565d48ac7709efeb84504f9bd89873918ee6ebb6
d57a29c035e1164e865f08b030edaa603ee2a60d806138df4c2975eac83cb08f
d58fcc9b037c7817d2d7565a677f19616b2ca13d2575df0a2c82f4ad60b0ec87
d6dc97993d7e4803aeb35d0e9a24f0393eceb43de5f7ff0f0e437f1b05aea4e2
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
ddb82c84e1cb4f9ed0e23ada938029f0ac7a79f8a8215eee7bd5177726c02c32
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e10ce26ead0eca58cd5346843538415611b745bfd29825322efad56424a4c911
e2d14bf82ef15e64d7503eed437a43ad5f26d4f5bcac6745870c32f1ed77a8a6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40c8f9d7a3c7c71ee109b2ae4df7dd9b6e3b0cd287d77f9a98312c53392ae25
e5808455786f658eccda5e658ffcc1073d757dd9b70ea3c931fa7a36d583abbc
e600901c3822e2410c8113d763d1f8babb08aab7d06aa1c861be265408cdf649
e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f
eb8d8c2427fab53f2c4d0c70d9661c7d33d995e486cdb923b0c6d65b6b4fef19
ec283af1b220ae388d616832c82a2612f2630ac572784dd39b6d2c5b8e81e7aa
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f35c317df74c5ceaca83bc620ab17f68e882a21e5378933002f20aae3af0517f
f419ad33d162aefac608940b47d2a524fca46eee0c82f877710a6369e68be33c
f428e1b0b867401acbb15f323d0c240ef75f01723f5f1da428614d91a110a39d
f54b61a120e0240c98428d76beab031099f4f0379cbc623de071277255088fdc
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f827ec383239317deb9387ea204a9a0089594aaa0a763922e3d85222010531e2
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
fb71e0d749623b7c583b86934740d866e5f6fc000204c6b3cb7dfe25a888cc60
fc2fab7ad17829305a9146a6a0db45bf46dba8b104548a2777c5583c0aff059d
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ff5b2a04410456da0a8e7d8a4db3eacf62ab980e163a500b81781ea6c5b0a73b

www.reversinglabs.com Open in urlscan Pro 2606:2c40::c73c:67e1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

160 Requests

99 %HTTPS

77 %IPv6

38 Domains

54 Subdomains

47 IPs

3 Countries

3620 kBTransfer

7289 kBSize

35 Cookies

25 Outgoing links

Redirected requests

160 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.reversinglabs.com Open in urlscan Pro
2606:2c40::c73c:67e1 Public Scan

Screenshot
Live screenshot

Full Image

160
Requests

99 %
HTTPS

77 %
IPv6

38
Domains

54
Subdomains

47
IPs

3
Countries

3620 kB
Transfer

7289 kB
Size

35
Cookies

160 HTTP transactions
1 data transactions