apiiro.com Open in urlscan Pro
199.16.173.39 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
Submission: On March 01 via api (March 1st 2024, 2:11:53 am UTC) from TR — Scanned from DE

Summary HTTP 66 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 19 IPs in 3 countries across 16 domains to perform 66 HTTP transactions. The main IP is 199.16.173.39, located in United States and belongs to AUTOMATTIC, US. The main domain is apiiro.com. The Cisco Umbrella rank of the primary domain is 992932.
TLS certificate: Issued by R3 on January 6th 2024. Valid for: 3 months.

This is the only time apiiro.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
36	199.16.173.39 199.16.173.39	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2606:4700::68... 2606:4700::6810:bd59	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	54.209.50.46 54.209.50.46	14618 (AMAZON-AES) (AMAZON-AES)
4	2a02:26f0:480... 2a02:26f0:480:f::213:7edd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
4 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::6812:22e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:e4a3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4cba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:c9cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
66	19

36 199.16.173.39 (United States)

ASN2635 (AUTOMATTIC, US)

apiiro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:bd59 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.209.50.46 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-209-50-46.compute-1.amazonaws.com

secure.gaug.es	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:480:f::213:7edd (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:22e5 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e4a3 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4cba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:c9cc (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
36	apiiro.com apiiro.com — Cisco Umbrella Rank: 992932	368 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 356 www.linkedin.com — Cisco Umbrella Rank: 633 px4.ads.linkedin.com — Cisco Umbrella Rank: 6419	3 KB
4	licdn.com snap.licdn.com — Cisco Umbrella Rank: 739	36 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	356 KB
3	google.de www.google.de — Cisco Umbrella Rank: 6463	670 B
3	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2533 www.google.com — Cisco Umbrella Rank: 2	813 B
3	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 34 stats.g.doubleclick.net — Cisco Umbrella Rank: 81	4 KB
2	gaug.es secure.gaug.es — Cisco Umbrella Rank: 26429	4 KB
2	wp.com stats.wp.com — Cisco Umbrella Rank: 2741 pixel.wp.com — Cisco Umbrella Rank: 2733	3 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3472	1 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2198	21 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3184	4 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2219	23 KB
1	gstatic.com fonts.gstatic.com	62 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2465	1 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	820 B
66	16

	Domain	Requested by
36	apiiro.com	apiiro.com
4	px.ads.linkedin.com	3 redirects snap.licdn.com
4	snap.licdn.com	apiiro.com snap.licdn.com js.hsadspixel.net
4	www.googletagmanager.com	apiiro.com www.googletagmanager.com js.hsadspixel.net
3	www.google.de	apiiro.com
2	www.google.com	apiiro.com
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	secure.gaug.es	apiiro.com
1	api.hubapi.com	js.hsadspixel.net
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	px4.ads.linkedin.com	apiiro.com
1	www.linkedin.com	1 redirects
1	fonts.gstatic.com	fonts.googleapis.com
1	pixel.wp.com	apiiro.com
1	js.hs-scripts.com	apiiro.com
1	stats.wp.com	apiiro.com
1	fonts.googleapis.com	apiiro.com
66	21

This site contains links to these domains. Also see Links.

Domain
login.apiiro.com
github.com
blog.phylum.io
www.trendmicro.com
www.linkedin.com
trust.apiiro.com
twitter.com
www.instagram.com

Subject Issuer	Validity	Valid
tls.automattic.com R3	`2024-01-06` - `2024-04-05`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2023-11-28` - `2024-12-28`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-03` - `2024-05-02`	a year	crt.sh
*.gaug.es Sectigo RSA Domain Validation Secure Server CA	`2023-03-02` - `2024-04-01`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
www.google.de GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2023-04-07` - `2024-04-06`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
Frame ID: 1FA050C83F31A5B13750DF790E387E99
Requests: 66 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Over 100,000 Infected Repos Found on GitHub

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

66
Requests

98 %
HTTPS

79 %
IPv6

16
Domains

21
Subdomains

19
IPs

3
Countries

885 kB
Transfer

34763 kB
Size

16
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://login.apiiro.com/
Title: Log in

Search URL Search Domain Scan URL

URL: https://github.com/Inplex-sys/BlackCap-Grabber-NoDualHook?tab=readme-ov-file#-%E3%80%A2-features
Title: BlackCap-Grabber

Search URL Search Domain Scan URL

URL: https://github.com/search?q=%F0%9F%94%A5+2024+language%3Apython&type=repositories&s=updated&o=desc
Title: 🔥 2024 language:python

Search URL Search Domain Scan URL

URL: https://github.com/Mattia69?tab=repositories
Title: here

Search URL Search Domain Scan URL

URL: https://github.com/Mattia69/discord-vanity-sniper/forks
Title: none in the details

Search URL Search Domain Scan URL

URL: https://blog.phylum.io/respawning-malware-persists-on-pypi/
Title: originally reported by Phylum

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/en_be/research/23/j/infection-techniques-across-supply-chains-and-codebases.html
Title: a great technical analysis of it

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/gidavid/
Title: LI

Search URL Search Domain Scan URL

URL: https://trust.apiiro.com/
Title: Trust Center

Search URL Search Domain Scan URL

URL: https://twitter.com/apiiroSecurity

Search URL Search Domain Scan URL

URL: https://www.instagram.com/lifeatapiiro/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/apiiro

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 45

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2816610&time=1709259108820&li_adsId=22d09ac0-22f9-4172-aa03-8598bd3f7734&url=https%3A%2F%2Fapiiro.com%2Fblog%2Fmalicious-code-campaign-github-repo-confusion-attack%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2816610&time=1709259108820&li_adsId=22d09ac0-22f9-4172-aa03-8598bd3f7734&url=https%3A%2F%2Fapiiro.com%2Fblog%2Fmalicious-code-campaign-github-repo-confusion-attack%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2816610%26time%3D1709259108820%26li_adsId%3D22d09ac0-22f9-4172-aa03-8598bd3f7734%26url%3Dhttps%253A%252F%252Fapiiro.com%252Fblog%252Fmalicious-code-campaign-github-repo-confusion-attack%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2816610&time=1709259108820&li_adsId=22d09ac0-22f9-4172-aa03-8598bd3f7734&url=https%3A%2F%2Fapiiro.com%2Fblog%2Fmalicious-code-campaign-github-repo-confusion-attack%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2816610&time=1709259108820&li_adsId=22d09ac0-22f9-4172-aa03-8598bd3f7734&url=https%3A%2F%2Fapiiro.com%2Fblog%2Fmalicious-code-campaign-github-repo-confusion-attack%2F&cookiesTest=true&liSync=true&e_ipv6=AQJJKvXS1-AB3QAAAY33yDQADcvhD7uY7tXee8FFjaYXs1hMTQnSC-Hv1ODi8OktRctL8gqgLoeiyg

66 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ 72 KB
16 KB 37ms
7ms Document
text/html 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

190dbaa72f2bda6d5da336ffd5bf5617ff9296d059cb581e871a7c8f3ee7f254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=86349, must-revalidate
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 01 Mar 2024 02:11:48 GMT
host-header: Pressable
last-modified: Thu, 29 Feb 2024 17:18:06 GMT
link: <https://apiiro.com/wp-json/>; rel="https://api.w.org/" <https://apiiro.com/wp-json/wp/v2/posts/7194>; rel="alternate"; type="application/json" <https://apiiro.com/?p=7194>; rel=shortlink
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding Cookie
x-ac: 2.hhn _atomic_ams HIT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-nananana: Batcache-Hit
x-xss-protection: 1; mode=block

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
820 B 67ms
18ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=DM+Sans:opsz,wght@9..40,400;9..40,700&display=swap

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d3aa4bc277a3c6020d2dfccda50cefb99ec1da28212bbfef5a5a9d7ecf8750b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 01 Mar 2024 02:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 01 Mar 2024 02:11:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 01 Mar 2024 02:11:48 GMT

GET
H2 200 urvanov_syntax_highlighter.min.css
apiiro.com/wp-content/plugins/urvanov-syntax-highlighter/css/min/ 27 KB
5 KB 9ms
8ms Stylesheet
text/css 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://apiiro.com/wp-content/plugins/urvanov-syntax-highlighter/css/min/urvanov_syntax_highlighter.min.css?ver=2.8.34

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

90503cf0d53db0247dc6708247b1e67eab2c0e7b35309cf9359fa4eabf456b18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 01 Feb 2024 13:53:38 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65bba262-6c4c"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.min.css
apiiro.com/wp-includes/css/dist/block-library/ 108 KB
15 KB 9ms
8ms Stylesheet
text/css 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://apiiro.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.3

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0085adfd2d08a45f62a06d8f3f969ddc4a94ebe8d226511db90aa038f11ed180

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 24 Jan 2024 19:02:28 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65b15ec4-1ae43"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
apiiro.com/wp-includes/js/mediaelement/ 11 KB
3 KB 9ms
9ms Stylesheet
text/css 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://apiiro.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"5f735862-2bf8"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-mediaelement.min.css
apiiro.com/wp-includes/js/mediaelement/ 4 KB
1 KB 9ms
9ms Stylesheet
text/css 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://apiiro.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.4.3

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"5cfaccce-105a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.min.css
apiiro.com/wp-content/themes/apiirov2/ 32 KB
8 KB 10ms
9ms Stylesheet
text/css 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://apiiro.com/wp-content/themes/apiirov2/style.min.css?ver=1708166179

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

754e71e934ab772754504177f10304f0e76f4a987d4b71dd8a4bf82067042ce4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Sat, 17 Feb 2024 10:36:19 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65d08c23-80cd"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 jquery.min.js Show response
apiiro.com/wp-includes/js/jquery/ 86 KB
31 KB 9ms
7ms Script
application/javascript 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://apiiro.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 28 Aug 2023 17:14:23 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"64ecd5ef-15601"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 jquery-migrate.min.js Show response
apiiro.com/wp-includes/js/jquery/ 13 KB
5 KB 12ms
9ms Script
application/javascript 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://apiiro.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"6482bd64-3509"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 urvanov_syntax_highlighter.min.js Show response
apiiro.com/wp-content/plugins/urvanov-syntax-highlighter/js/min/ 63 KB
13 KB 13ms
10ms Script
application/javascript 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://apiiro.com/wp-content/plugins/urvanov-syntax-highlighter/js/min/urvanov_syntax_highlighter.min.js?ver=2.8.34

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7e6f9e166b0d3d073e50f3b86e1d8704de932b364267ed57ad06e7edb4d730c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 01 Feb 2024 13:53:38 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"65bba262-fd3a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 288 KB
95 KB 63ms
33ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-2VZ9JXH4YV

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

14204a750bb8188ef934a25f79084075b439341b9fa29e66a03fcb1caf16d2e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 97370
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Mar 2024 02:11:48 GMT

GET
H3 200 logo.svg
apiiro.com/wp-content/themes/apiirov2/assets/img/ 6 KB
3 KB 13ms
10ms Image
image/svg+xml 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/themes/apiirov2/assets/img/logo.svg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e631ce6a2fcc4cd7da04228292d10fdf731b51dc25078686d32039072503df37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 10 Nov 2023 07:46:15 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"654ddfc7-1699"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 07 Mar 2024 17:18:31 GMT

GET
H3 200 logo-gradient.svg
apiiro.com/wp-content/themes/apiirov2/assets/img/ 6 KB
3 KB 14ms
11ms Image
image/svg+xml 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/themes/apiirov2/assets/img/logo-gradient.svg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8ce5f8e8b2e830399528c71f3bf1713d9f2122afe8d3d492e7cdaddad3b411c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 10 Nov 2023 07:46:15 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"654ddfc7-17ae"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 07 Mar 2024 17:18:32 GMT

GET
H2 200 arrow-right-gradient.svg
apiiro.com/wp-content/themes/apiirov2/assets/img/ 1007 B
839 B 10ms
9ms Image
image/svg+xml 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/themes/apiirov2/assets/img/arrow-right-gradient.svg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

99180d6dee21d3f807182fd29e105f951a25d549749194dd59f37fa88b504795

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 10 Nov 2023 07:46:15 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"654ddfc7-3ef"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 07 Mar 2024 17:18:57 GMT

GET
H2 200 icon-shieldlock.svg
apiiro.com/wp-content/uploads/2023/05/ 3 KB
1 KB 10ms
9ms Image
image/svg+xml 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/uploads/2023/05/icon-shieldlock.svg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

02050e9a79b30c29f3eafaf1ffe75400b1479659699eab2662d70eafba7f1437

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 May 2023 16:41:24 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"646260b4-ddd"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 07 Mar 2024 17:18:57 GMT

GET
H3 200 icon-sbom.svg
apiiro.com/wp-content/uploads/2023/05/ 3 KB
1 KB 8ms
7ms Image
image/svg+xml 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/uploads/2023/05/icon-sbom.svg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

17d3b713c3ba5d5d427bbd6e97bc2dbeb7425e2ea375d9c356f77fbd5f1c0e92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 May 2023 15:58:43 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"646256b3-cc8"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 07 Mar 2024 17:18:31 GMT

GET
H3 200 icon-api.svg
apiiro.com/wp-content/uploads/2023/05/ 3 KB
2 KB 7ms
7ms Image
image/svg+xml 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/uploads/2023/05/icon-api.svg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a4c69bc1b5b37cb7f13f87e7281dd69e7424940b670c4e470a4968eac47aa9d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 May 2023 15:58:41 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"646256b1-cb8"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 07 Mar 2024 17:18:31 GMT

GET
H3 200 icon-supplychain.svg
apiiro.com/wp-content/uploads/2023/05/ 2 KB
1 KB 8ms
7ms Image
image/svg+xml 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/uploads/2023/05/icon-supplychain.svg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a38770ebf1b6b37f293f15e5dc5bc0bfc6e1449cff7172db2705f496f070f8bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 May 2023 15:58:35 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"646256ab-846"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 07 Mar 2024 17:18:31 GMT

GET
H3 200 icon-sca.svg
apiiro.com/wp-content/uploads/2023/05/ 4 KB
1 KB 14ms
12ms Image
image/svg+xml 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/uploads/2023/05/icon-sca.svg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

bbc7611e52cd22c088343577d6468843671182bfe49cc22e40f573139d6ae563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 May 2023 15:58:38 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"646256ae-e0c"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 07 Mar 2024 17:18:32 GMT

GET
H3 200 icon-secrets.svg
apiiro.com/wp-content/uploads/2023/05/ 3 KB
1 KB 15ms
12ms Image
image/svg+xml 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/uploads/2023/05/icon-secrets.svg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e4228d2650a71f21ea282bce390d9f2b4e261640b8ffb7c6096d116e5a5cdaef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 May 2023 15:58:39 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"646256af-d38"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 07 Mar 2024 17:18:32 GMT

GET
H3 200 icon-iac.svg
apiiro.com/wp-content/uploads/2023/05/ 2 KB
1 KB 16ms
13ms Image
image/svg+xml 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/uploads/2023/05/icon-iac.svg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

215c1c1909dee9cedceace1a28cf7f7007762e5b94a82ef110b20ddf83f54038

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 May 2023 15:58:36 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"646256ac-7f5"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 07 Mar 2024 17:18:32 GMT

GET
H3 200 icon-case.svg
apiiro.com/wp-content/uploads/2023/05/ 2 KB
968 B 16ms
14ms Image
image/svg+xml 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/uploads/2023/05/icon-case.svg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

626767413be930bd758a72b108e1a478127f8defb82d4672c87851fa922ec518

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 May 2023 16:40:05 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"64626065-69e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 07 Mar 2024 17:18:32 GMT

GET
H3 200 icon-star.svg
apiiro.com/wp-content/uploads/2023/05/ 2 KB
2 KB 17ms
15ms Image
image/svg+xml 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/uploads/2023/05/icon-star.svg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5b19dfdb5421c2f3d8c254404e8e7e376e9c8e7ec4f14936b1ed4508d3df0735

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 May 2023 16:45:52 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"646261c0-996"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 07 Mar 2024 17:18:32 GMT

GET
H3 200 icon-questioncomment.svg
apiiro.com/wp-content/uploads/2023/05/ 2 KB
1 KB 17ms
15ms Image
image/svg+xml 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/uploads/2023/05/icon-questioncomment.svg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

23efc37dd2d5e559767ad1f6573817e7d71c8590a81d37c0c84e20841c5d2bfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 May 2023 16:41:06 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"646260a2-92e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 07 Mar 2024 17:18:32 GMT

GET
H3 200 icon-trophy.svg
apiiro.com/wp-content/uploads/2023/05/ 2 KB
1006 B 18ms
16ms Image
image/svg+xml 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/uploads/2023/05/icon-trophy.svg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4bf54623598caae5ff9ffaf7527b1c9f18ff3124070fc0afbf9d7026fe808fae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 15 May 2023 16:46:07 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"646261cf-73d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 07 Mar 2024 17:18:32 GMT

GET
H3 200 icon-bookmark.svg
apiiro.com/wp-content/uploads/2023/06/ 1 KB
961 B 19ms
17ms Image
image/svg+xml 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/uploads/2023/06/icon-bookmark.svg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

775b645121a7067b53379ca4ab491cd2bab511a37262bc598c6b4de282c948bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 01 Jun 2023 19:49:53 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"6478f661-538"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 07 Mar 2024 17:18:32 GMT

GET
H3 200 icon-announcement.svg
apiiro.com/wp-content/uploads/2023/06/ 2 KB
1 KB 19ms
18ms Image
image/svg+xml 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/uploads/2023/06/icon-announcement.svg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

dcd9ff818a4a80cfb8c391cad32658fe315f2378aa7a3d726d30bed5f5353530

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 01 Jun 2023 19:50:18 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"6478f67a-715"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 07 Mar 2024 17:18:32 GMT

GET
H3 200 menu-toggler.svg
apiiro.com/wp-content/themes/apiirov2/assets/img/ 508 B
649 B 20ms
18ms Image
image/svg+xml 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/themes/apiirov2/assets/img/menu-toggler.svg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

778c1c455c2c74c872bfca89e4aed6c4fb7e34259475cc6164bf20d7a099324f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 10 Nov 2023 07:46:15 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"654ddfc7-1fc"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 07 Mar 2024 17:18:32 GMT

GET
H3 200 arrow-left.svg
apiiro.com/wp-content/themes/apiirov2/assets/img/ 579 B
625 B 21ms
19ms Image
image/svg+xml 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/themes/apiirov2/assets/img/arrow-left.svg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

bb510522230bf6f7ae632e8bded4d65c2bdb6bdd476e2e81e3d9ef729faab8c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 10 Nov 2023 07:46:15 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"654ddfc7-243"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 07 Mar 2024 17:28:10 GMT

GET
H3 200 banana4.gif
apiiro.com/wp-content/uploads/2024/02/ 16 MB
0 21ms
20ms Image
image/gif 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/uploads/2024/02/banana4.gif

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
x-ac: 1.hhn _atomic_ams HIT
last-modified: Thu, 22 Feb 2024 19:56:51 GMT
server: nginx
etag: "65d7a703-1df077b"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 31393659
expires: Thu, 07 Mar 2024 17:36:06 GMT

GET
H2 200 image-12-1024x277.png
apiiro.com/wp-content/uploads/2024/02/ 85 KB
85 KB 10ms
9ms Image
image/png 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/uploads/2024/02/image-12-1024x277.png

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

56ac91d36204ebf257caef6ca40dd4530b2eb7e2a5d192300b11ef4830bc8f8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Thu, 22 Feb 2024 21:07:14 GMT
server: nginx
etag: "65d7b782-15264"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 86628
expires: Thu, 07 Mar 2024 17:18:57 GMT

GET
H3 200 fork-bombs.gif
apiiro.com/wp-content/uploads/2024/02/ 16 MB
0 23ms
21ms Image
image/gif 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/uploads/2024/02/fork-bombs.gif

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
x-ac: 1.hhn _atomic_ams HIT
last-modified: Thu, 22 Feb 2024 20:04:46 GMT
server: nginx
etag: "65d7a8de-115a640"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 18196032
expires: Thu, 07 Mar 2024 17:36:06 GMT

GET
H3 200 Malicious-Package-Timeline.png
apiiro.com/wp-content/uploads/2024/02/ 11 KB
11 KB 24ms
22ms Image
image/png 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/uploads/2024/02/Malicious-Package-Timeline.png

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b82dda904fe9c144d2013bf1758d3548177cc51b889f5e4b70af4a3313e5a001

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
x-ac: 1.hhn _atomic_ams HIT
last-modified: Thu, 22 Feb 2024 18:01:52 GMT
server: nginx
etag: "65d78c10-2a78"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 10872
expires: Thu, 07 Mar 2024 18:07:46 GMT

GET
H3 200 cookie.png
apiiro.com/wp-content/themes/apiirov2/assets/img/ 2 KB
2 KB 24ms
23ms Image
image/png 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/themes/apiirov2/assets/img/cookie.png

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8a3e64a7272782641e5ab95ac12427ba92815c0e26983e0019aa7591cf3cad28

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
x-ac: 1.hhn _atomic_ams HIT
last-modified: Fri, 10 Nov 2023 07:46:15 GMT
server: nginx
etag: "654ddfc7-61a"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 1562
expires: Thu, 07 Mar 2024 17:18:32 GMT

GET
H3 200 scripts.min.js Show response
apiiro.com/wp-content/themes/apiirov2/assets/js/ 7 KB
2 KB 25ms
23ms Script
application/javascript 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://apiiro.com/wp-content/themes/apiirov2/assets/js/scripts.min.js

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0361aa32e5eb588ce2aef10651aad2ff44c2aadcc4d1577510db9973d1775231

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Sat, 17 Feb 2024 10:36:19 GMT
server: nginx
x-ac: 1.hhn _atomic_ams HIT
etag: W/"65d08c23-1d3e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Thu, 07 Mar 2024 17:18:34 GMT

GET
H2 200 e-202409.js Show response
stats.wp.com/ 7 KB
3 KB 36ms
9ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202409.js
Requested by: Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 4f9f4e2e225088f9cf3b6b54aa421e0f776d1802255505d2f752e1f83f441641

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn
date: Fri, 01 Mar 2024 02:11:48 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/14377-1704402358485.9985
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400
expires: Mon, 24 Feb 2025 11:43:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 237 KB
83 KB 50ms
23ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-404911737

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2983f8d61e3ce9fcf7558053d1da8f80b2e1e52011a72293a36d4e17d4a688ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 84663
x-xss-protection: 0
last-modified: Fri, 01 Mar 2024 01:13:46 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Mar 2024 02:11:48 GMT

GET
H2 200 8502946.js Show response
js.hs-scripts.com/ 1 KB
1 KB 142ms
115ms Script
application/javascript 2606:4700::6810:bd59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/8502946.js

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:bd59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

feafd430e9d02c4481e61dc0eef3c81ce414d24bd00c44891389934c615638da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 75ef89c5-62b9-4176-8df0-9d9f173999fa
x-envoy-upstream-service-time: 4
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 75ef89c5-62b9-4176-8df0-9d9f173999fa
last-modified: Fri, 01 Mar 2024 01:13:20 GMT
server: cloudflare
x-trace: 2BDBD5D9CB2B9C48FF4F6CB45CDC9C28AF70ADBE05000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://apiiro.com
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-59d6fb747d-m52r9
access-control-allow-credentials: true
cache-control: public, max-age=90
cf-ray: 85d59e55eefb366b-FRA
expires: Fri, 01 Mar 2024 02:13:18 GMT

GET
H/1.1 200
OK track.js Show response
secure.gaug.es/ 4 KB
4 KB 461ms
102ms Script
application/javascript 54.209.50.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gaug.es/track.js
Requested by: Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.209.50.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-209-50-46.compute-1.amazonaws.com
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: df2698e6cf74ed890afa92da10051f880df2ce0b3257b73c5d9ae2f6bea82d3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Fri, 01 Mar 2024 02:11:49 GMT
Last-Modified: Tue, 30 Jan 2024 08:52:21 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "65b8b8c5-ef5"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3829

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1 KB
857 B 49ms
12ms Script
application/javascript 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c12d636cb5268c2f7f86c34ec5b1af2826a685eae5e503aece3c477fdd97a971

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 28 Feb 2024 20:48:24 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=58309
accept-ranges: bytes
content-length: 647

GET
H3 200 Biennale-Black.otf
apiiro.com/wp-content/themes/apiirov2/assets/fonts/ 73 KB
73 KB 23ms
22ms Font
application/octet-stream 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://apiiro.com/wp-content/themes/apiirov2/assets/fonts/Biennale-Black.otf

Requested by

Host: apiiro.com
URL: https://apiiro.com/wp-content/themes/apiirov2/style.min.css?ver=1708166179

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3c572ff243bef61c99c95641ce27c6d818fefc53dc59455aa6ebe73bfd368ea1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://apiiro.com/wp-content/themes/apiirov2/style.min.css?ver=1708166179
Origin: https://apiiro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
x-ac: 1.hhn _atomic_ams HIT
last-modified: Fri, 10 Nov 2023 07:46:15 GMT
server: nginx
etag: "654ddfc7-1221c"
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 74268
expires: Thu, 07 Mar 2024 17:18:31 GMT

GET
H3 200 THZRVLUTD-U05CU82KCES-8d115fd75c3f-512.jpg
apiiro.com/wp-content/uploads/2024/02/ 51 KB
51 KB 16ms
11ms Image
image/jpeg 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/uploads/2024/02/THZRVLUTD-U05CU82KCES-8d115fd75c3f-512.jpg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2ecba00c86f45d276420d5a5ca03d9b3342cd4fc95ed61b640dead4ef0adddce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
x-ac: 1.hhn _atomic_ams HIT
last-modified: Tue, 20 Feb 2024 18:30:09 GMT
server: nginx
etag: "65d4efb1-cab4"
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 51892
expires: Thu, 07 Mar 2024 17:20:26 GMT

GET
H3 200 Gil-David-e1707233265606.jpeg
apiiro.com/wp-content/uploads/2021/04/ 25 KB
25 KB 19ms
13ms Image
image/jpeg 199.16.173.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apiiro.com/wp-content/uploads/2021/04/Gil-David-e1707233265606.jpeg

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

QUIC, , AES_128_GCM

Server

199.16.173.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ca7d87f4d2576ab7b938e93d987da61ca9bbf745869152a873c3fcf9979c4a58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
strict-transport-security: max-age=31536000
x-ac: 1.hhn _atomic_ams HIT
last-modified: Tue, 06 Feb 2024 15:27:46 GMT
server: nginx
etag: "65c24ff2-64cb"
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 25803
expires: Thu, 07 Mar 2024 17:20:26 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
177 B 8ms
7ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=225673089&post=7194&tz=-8&srv=apiiro.com&hp=atomic&ac=3&amp=0&j=1%3A13.2-a.11&host=apiiro.com&ref=&fcp=86&rand=0.6648764591205911
Requested by: Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 01 Mar 2024 02:11:48 GMT
cache-control: no-cache
server: nginx
alt-svc: h3=":443"; ma=86400
content-length: 50
content-type: image/gif

GET
H2 200 insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 48 KB
17 KB 8ms
8ms Script
application/javascript 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.beta.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ee0937e73e9e680905759f1435fee28ddafeb4433ae8de2aee32a2539ad21f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 614
date: Fri, 01 Mar 2024 02:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 28 Feb 2024 20:48:24 GMT
x-cdn: AKAM
x-edgeconnect-midmile-rtt: 0
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=58526
accept-ranges: bytes
content-length: 17199

GET
H2 200 rP2Hp2ywxg089UriCZOIHQ.woff2
fonts.gstatic.com/s/dmsans/v14/ 61 KB
62 KB 30ms
7ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/dmsans/v14/rP2Hp2ywxg089UriCZOIHQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=DM+Sans:opsz,wght@9..40,400;9..40,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef3e7e94fc36d961b807c8fa6c2bbbd5cf60a746a95c0d01f331d847156b198c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://apiiro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Tue, 27 Feb 2024 08:56:13 GMT
x-content-type-options: nosniff
age: 234935
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62704
x-xss-protection: 0
last-modified: Wed, 12 Jul 2023 22:05:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Feb 2025 08:56:13 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2816610&time=1709259108820&li_adsId=22d09ac0-22f9-4172-aa03-8598bd3f7734&url=https%3A%2F%2Fapiiro.com%2Fblog%2Fmalicious-code-campaign-github-repo...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2816610&time=1709259108820&li_adsId=22d09ac0-22f9-4172-aa03-8598bd3f7734&url=https%3A%2F%2Fapiiro.com%2Fblog%2Fmalicious-code-campaign-github-repo...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2816610%26time%3D1709259108820%26li_adsId%3D22d09ac0-22f9-4172-aa03-8598bd3f7734%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2816610&time=1709259108820&li_adsId=22d09ac0-22f9-4172-aa03-8598bd3f7734&url=https%3A%2F%2Fapiiro.com%2Fblog%2Fmalicious-code-campaign-github-repo...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2816610&time=1709259108820&li_adsId=22d09ac0-22f9-4172-aa03-8598bd3f7734&url=https%3A%2F%2Fapiiro.com%2Fblog%2Fmalicious-code-campaign-github-rep...

0
267 B

200ms
157ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2816610&time=1709259108820&li_adsId=22d09ac0-22f9-4172-aa03-8598bd3f7734&url=https%3A%2F%2Fapiiro.com%2Fblog%2Fmalicious-code-campaign-github-repo-confusion-attack%2F&cookiesTest=true&liSync=true&e_ipv6=AQJJKvXS1-AB3QAAAY33yDQADcvhD7uY7tXee8FFjaYXs1hMTQnSC-Hv1ODi8OktRctL8gqgLoeiyg
Requested by: Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: CFBD239A6FC547ACAC4A99B76326E771 Ref B: BRU30EDGE0906 Ref C: 2024-03-01T02:11:49Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYSj+YOCzfQB/W89znnrg==

Redirect headers

date: Fri, 01 Mar 2024 02:11:48 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 6A650F6769BB4C3EB6191C5B74146C1A Ref B: FRAEDGE1219 Ref C: 2024-03-01T02:11:49Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2816610&time=1709259108820&li_adsId=22d09ac0-22f9-4172-aa03-8598bd3f7734&url=https%3A%2F%2Fapiiro.com%2Fblog%2Fmalicious-code-campaign-github-repo-confusion-attack%2F&cookiesTest=true&liSync=true&e_ipv6=AQJJKvXS1-AB3QAAAY33yDQADcvhD7uY7tXee8FFjaYXs1hMTQnSC-Hv1ODi8OktRctL8gqgLoeiyg
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYSj+YLB8tTAELBVuzvIw==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 288 KB
95 KB 30ms
29ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-2VZ9JXH4YV&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-404911737

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

381cf7ba9d099a97a94c35d3e2cff6584d69f75fcab4ac0166abfc0812442415

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 97277
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Mar 2024 02:11:48 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/404911737/ 3 KB
2 KB 65ms
22ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/404911737/?random=1709259108844&cv=11&fst=1709259108844&bg=ffffff&guid=ON&async=1&gtm=45be42s0v9123404105za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fapiiro.com%2Fblog%2Fmalicious-code-campaign-github-repo-confusion-attack%2F&hn=www.googleadservices.com&frm=0&tiba=Over%20100%2C000%20Infected%20Repos%20Found%20on%20GitHub&npa=0&pscdl=noapi&auid=534867096.1709259109&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-404911737

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bd24be69252f270c3e10cb0060084cbf60a21122f5f6ee8cec4d31c5eaf590a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Mar 2024 02:11:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1359
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
250 B 39ms
15ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-2VZ9JXH4YV&gtm=45je42s0v875453550za220&_p=1709259108754&_gaz=1&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=528499491.1709259109&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=EA&_s=1&sid=1709259108&sct=1&seg=0&dl=https%3A%2F%2Fapiiro.com%2Fblog%2Fmalicious-code-campaign-github-repo-confusion-attack%2F&dt=Over%20100%2C000%20Infected%20Repos%20Found%20on%20GitHub&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=188
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2VZ9JXH4YV
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Mar 2024 02:11:48 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://apiiro.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
250 B 56ms
17ms Ping
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-2VZ9JXH4YV&cid=528499491.1709259109&gtm=45je42s0v875453550za220&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l3l1&npa=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2VZ9JXH4YV
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Mar 2024 02:11:48 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://apiiro.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 44ms
21ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-2VZ9JXH4YV&cid=528499491.1709259109&gtm=45je42s0v875453550za220&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l3l1&npa=0&z=61927821

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Mar 2024 02:11:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/8502946/ 69 KB
23 KB 339ms
317ms Script
text/javascript 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/8502946/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/8502946.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8ef1667e5cb4f8f8694a1cea7a87afa64c8c722dd01727bad785944d407966f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:49 GMT
x-amz-version-id: WRdxmbxh9.BPNylml3aYMF4Opf3QqqDw
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: M5PNPQ185Y8W54QX
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: caaf1a71-d8e9-4858-9b54-a756276a2092
x-envoy-upstream-service-time: 30
x-amz-id-2: VXSPRjwCx9m4nCYneuNmtql+9E2hnTQhZ+TWTxKuiYvYxu/WiZlqlHXMqHyLGdj7SBEXkFPsIPM=
x-evy-trace-listener: listener_https
x-request-id: caaf1a71-d8e9-4858-9b54-a756276a2092
x-evy-trace-route-configuration: listener_https/all
last-modified: Tue, 13 Feb 2024 16:59:22 GMT
server: cloudflare
etag: W/"e95f4bac97d2454a9c0dd5ffa5ee3b18"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://apiiro.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8555f56d-pbxg4
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 85d59e56cdb465db-FRA
expires: Fri, 01 Mar 2024 02:16:49 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 36ms
15ms Script
application/javascript 2606:4700::6811:e4a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/8502946.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:e4a3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b650d884c9ec913707f0a33259fbc390572e3c9a365390de0098d0cee5640375

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
x-amz-version-id: DIA242QgKsF8012aTG.YNuqPl0gb3a1X
via: 1.1 bcfffcf7e0fc8cd9cfe4125369a9f036.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 349
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.534/bundles/pixels-release.js&cfRay=85d595cffff88ff2-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: c7e0f63a-29e8-4ed7-acd0-6618aee736ba
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c7e0f63a-29e8-4ed7-acd0-6618aee736ba
last-modified: Thu, 29 Feb 2024 15:04:46 UTC
server: cloudflare
etag: W/"f9e7915ee9a6bca7fde1ccf4d767c3e6"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-576f9d768-q6tzb
cf-ray: 85d59e56cfd6bbe6-FRA
x-amz-cf-id: QxnCh8TlP_ZtBG103NH_fCgKLli8LhzHKhkB5KkPpuomSQ1RXBU31g==
x-hs-target-asset: adsscriptloaderstatic/static-1.534/bundles/pixels-release.js

GET
H2 200 8502946.js Show response
js.hs-analytics.net/analytics/1709259000000/ 66 KB
21 KB 160ms
138ms Script
text/javascript 2606:4700::6810:4cba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1709259000000/8502946.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/8502946.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4cba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d4ed261be1fb3412927e07dd833180ff1809474452446a42e47faa393b7f49b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:49 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: PJDKDPPDK9GCSQNA
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 1935461f-d21f-4416-b75b-65f70f88b2ca
x-envoy-upstream-service-time: 18
x-amz-id-2: Jj7sx776BJ+DXbH8P9Q/PyKaHzvlmeNGEnjxwvVZG6KLdxFUHY5bPXTkwHCIsruF1sHxAdlcPJbeAOObxigntw==
x-evy-trace-listener: listener_https
x-request-id: 1935461f-d21f-4416-b75b-65f70f88b2ca
x-evy-trace-route-configuration: listener_https/all
last-modified: Tue, 27 Feb 2024 15:42:25 GMT
server: cloudflare
etag: W/"6e1c8ac712fc97211937d096d0a7f31a"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8555f56d-hgmm2
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 85d59e56c86319b3-FRA
expires: Fri, 01 Mar 2024 02:16:48 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/404911737/ 42 B
455 B 45ms
22ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/404911737/?random=1709259108844&cv=11&fst=1709258400000&bg=ffffff&guid=ON&async=1&gtm=45be42s0v9123404105za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fapiiro.com%2Fblog%2Fmalicious-code-campaign-github-repo-confusion-attack%2F&frm=0&tiba=Over%20100%2C000%20Infected%20Repos%20Found%20on%20GitHub&npa=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwB7FLtqh_MHhfEulKhfYun0OgKfR1Wtv-vbew&random=676545589&rmt_tld=0&ipr=y

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Mar 2024 02:11:48 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/404911737/ 42 B
154 B 21ms
20ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/404911737/?random=1709259108844&cv=11&fst=1709258400000&bg=ffffff&guid=ON&async=1&gtm=45be42s0v9123404105za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fapiiro.com%2Fblog%2Fmalicious-code-campaign-github-repo-confusion-attack%2F&frm=0&tiba=Over%20100%2C000%20Infected%20Repos%20Found%20on%20GitHub&npa=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwB7FLtqh_MHhfEulKhfYun0OgKfR1Wtv-vbew&random=676545589&rmt_tld=1&ipr=y

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Mar 2024 02:11:48 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK track.gif
secure.gaug.es/ 35 B
389 B 115ms
115ms Image
image/gif 54.209.50.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.gaug.es/track.gif?h[site_id]=643da6baa800a67bdce7c2a6&h[resource]=https%3A%2F%2Fapiiro.com%2Fblog%2Fmalicious-code-campaign-github-repo-confusion-attack%2F&h[referrer]=&h[title]=Over%20100%2C000%20Infected%20Repos%20Found%20on%20GitHub&h[user_agent]=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F122.0.6261.94%20Safari%2F537.36&h[unique]=1&h[unique_hour]=1&h[unique_day]=1&h[unique_month]=1&h[unique_year]=1&h[screenx]=1600&h[browserx]=1600&h[browsery]=1200&timestamp=1709259109220

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.209.50.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-209-50-46.compute-1.amazonaws.com

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Mar 2024 02:11:49 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 01 Mar 2024 02:11:49 GMT
Server: nginx/1.10.3 (Ubuntu)
Content-Type: image/gif
Cache-Control: no-store, no-cache, must-revalidate, private
Connection: keep-alive
Content-Length: 35
Expires: Sat, 25 Nov 2000 05:00:00 GMT

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 1 KB
1 KB 143ms
125ms XHR
application/json 2606:4700::6811:c9cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=8502946

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c9cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

773e7af3c17497c55e6758199ccb53370fbc8c7eb0284cdcea76dc91a6879336

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 13a1f784-a282-4e00-bd00-54f4730cb7b3
content-encoding: br
x-envoy-upstream-service-time: 5
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 13a1f784-a282-4e00-bd00-54f4730cb7b3
server: cloudflare
x-trace: 2B416ED7BF4670E94E34F1BEC13AF01365A6C4869F000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://apiiro.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-59d6fb747d-4txdn
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0J4SEH08CfKi7FFpuuKFIF6jAMOYNqOnn1urzFZ8az5avaqhq3YqptneGYO7smclmpdx1I%2FcRireK7pgWmNSlQT2raWgeoYxmVzXw3t6%2BvDJVL5Q1WU8TrWIgmi7we6quL9ccROThyM5qrtu"}],"group":"cf-nel","max_age":604800}
cf-ray: 85d59e58efa7365d-FRA
access-control-allow-headers: *

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 237 KB
83 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-404911737

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5f3270a1b6684da6f8e8990f4730bcba09651f27fa57d45f586b73b2eb02dd94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 84652
x-xss-protection: 0
last-modified: Fri, 01 Mar 2024 01:13:46 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Mar 2024 02:11:49 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/404911737/ 3 KB
2 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/404911737/?random=1709259109390&cv=11&fst=1709259109390&bg=ffffff&guid=ON&async=1&gtm=45be42s0v9123404105za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fapiiro.com%2Fblog%2Fmalicious-code-campaign-github-repo-confusion-attack%2F&hn=www.googleadservices.com&frm=0&tiba=Over%20100%2C000%20Infected%20Repos%20Found%20on%20GitHub&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=534867096.1709259109&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-404911737

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

203221dfa33999f1bc3883252fb9607a38b6743abc5f59415d00f255c57b76e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Mar 2024 02:11:49 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1377
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1 KB
857 B 9ms
8ms Script
application/javascript 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c12d636cb5268c2f7f86c34ec5b1af2826a685eae5e503aece3c477fdd97a971

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 02:11:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 28 Feb 2024 20:48:24 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=58308
accept-ranges: bytes
content-length: 647

GET
H2 200 insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 48 KB
17 KB 9ms
8ms Script
application/javascript 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.beta.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ee0937e73e9e680905759f1435fee28ddafeb4433ae8de2aee32a2539ad21f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 614
date: Fri, 01 Mar 2024 02:11:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 28 Feb 2024 20:48:24 GMT
x-cdn: AKAM
x-edgeconnect-midmile-rtt: 0
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=58525
accept-ranges: bytes
content-length: 17199

GET
H2 200 /
www.google.com/pagead/1p-user-list/404911737/ 42 B
108 B 18ms
17ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/404911737/?random=1709259109390&cv=11&fst=1709258400000&bg=ffffff&guid=ON&async=1&gtm=45be42s0v9123404105za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fapiiro.com%2Fblog%2Fmalicious-code-campaign-github-repo-confusion-attack%2F&frm=0&tiba=Over%20100%2C000%20Infected%20Repos%20Found%20on%20GitHub&npa=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSKQB7FLtqfUE-6tZzAlecTiMzsAPOiVxJN29ObbB62JxtpndvWUORNBe0&random=3244692134&rmt_tld=0&ipr=y

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Mar 2024 02:11:49 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/404911737/ 42 B
108 B 19ms
18ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/404911737/?random=1709259109390&cv=11&fst=1709258400000&bg=ffffff&guid=ON&async=1&gtm=45be42s0v9123404105za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fapiiro.com%2Fblog%2Fmalicious-code-campaign-github-repo-confusion-attack%2F&frm=0&tiba=Over%20100%2C000%20Infected%20Repos%20Found%20on%20GitHub&npa=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSKQB7FLtqfUE-6tZzAlecTiMzsAPOiVxJN29ObbB62JxtpndvWUORNBe0&random=3244692134&rmt_tld=1&ipr=y

Requested by

Host: apiiro.com
URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Mar 2024 02:11:49 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
191 B 151ms
151ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 01 Mar 2024 02:11:48 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 3D5C65783C0E43D382BBA83EACC1ADF7 Ref B: FRAEDGE1219 Ref C: 2024-03-01T02:11:49Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
access-control-allow-origin: https://apiiro.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYSj+YM26tNAdOEFcLxhw==

Verdicts & Comments Add Verdict or Comment

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.apiiro.com/	1970-01-20 20:57:15	Name: _gcl_au Value: 1.1.534867096.1709259109
.apiiro.com/	1970-01-21 04:23:39	Name: _ga_2VZ9JXH4YV Value: GS1.1.1709259108.1.0.1709259108.60.0.0
.apiiro.com/	1970-01-21 04:23:39	Name: _ga Value: GA1.1.528499491.1709259109
.linkedin.com/	1970-01-20 20:57:15	Name: li_sugr Value: 6a31935c-b061-4f5b-8423-e1429b99661c
.linkedin.com/	1970-01-21 03:33:15	Name: bcookie Value: "v=2&03cfc506-0f74-4e58-877c-44028e9b7445"
.linkedin.com/	1970-01-20 18:49:05	Name: lidc Value: "b=TGST09:s=T:r=T:a=T:p=T:g=2706:u=1:x=1:i=1709259108:t=1709345508:v=2:sig=AQFkewhk2gs77beENSnfwwiJTO0Bgs2y"
.linkedin.com/	1970-01-20 19:30:51	Name: UserMatchHistory Value: AQKpsSs4b3U6lgAAAY33yDLH5Ryv9ChvrNcCFbfCA2LuXTXJ6L3O6Yd8i1c3gZ0gr96Z2xedxF8Bag
.linkedin.com/	1970-01-20 19:30:51	Name: AnalyticsSyncHistory Value: AQIoA4GlO_r-7gAAAY33yDLHMguMyZAtLQi0ntQPbWyP7Ir90uS8NOcCHme95fY9s0CNVEAPsFD5OT2JVSjdRA
apiiro.com/	1970-01-20 18:47:42	Name: _gauges_unique_hour Value: 1
apiiro.com/	1970-01-20 18:49:05	Name: _gauges_unique_day Value: 1
apiiro.com/	1970-01-20 19:32:17	Name: _gauges_unique_month Value: 1
apiiro.com/	1970-01-21 03:33:15	Name: _gauges_unique_year Value: 1
apiiro.com/	1970-01-21 03:33:15	Name: _gauges_unique Value: 1
.www.linkedin.com/	1970-01-21 03:33:15	Name: bscookie Value: "v=1&20240301021149fc2873a0-28fe-41d9-88d2-ed9d8cb6ac62AQETm1fZnbACnOOdJmKhtN5a14wmyqEi"
.linkedin.com/	1970-01-20 23:06:51	Name: li_gc Value: MTswOzE3MDkyNTkxMDk7MjswMjFFRrtSfrcCF59kQXKtYszryAwax30eEMOWDEU/oL4bLw==
.doubleclick.net/	1970-01-21 04:09:15	Name: IDE Value: AHWqTUlk43Q8kO-r7DcBXHH13ZjwsLrcYSnHXOsZM5W31XxVbepJTnuSY1m5ZS8n

39 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hubapi.com
apiiro.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
pixel.wp.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
secure.gaug.es
snap.licdn.com
stats.g.doubleclick.net
stats.wp.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
13.107.42.14
192.0.76.3
199.16.173.39
2001:4860:4802:34::36
2606:4700:4400::6812:22e5
2606:4700::6810:4cba
2606:4700::6810:bd59
2606:4700::6811:c9cc
2606:4700::6811:e4a3
2620:1ec:21::14
2a00:1450:4001:806::200a
2a00:1450:4001:809::2004
2a00:1450:4001:80e::2003
2a00:1450:4001:827::2003
2a00:1450:4001:828::2008
2a00:1450:4001:82b::2002
2a00:1450:400c:c00::9b
2a02:26f0:480:f::213:7edd
54.209.50.46
0085adfd2d08a45f62a06d8f3f969ddc4a94ebe8d226511db90aa038f11ed180
02050e9a79b30c29f3eafaf1ffe75400b1479659699eab2662d70eafba7f1437
0361aa32e5eb588ce2aef10651aad2ff44c2aadcc4d1577510db9973d1775231
14204a750bb8188ef934a25f79084075b439341b9fa29e66a03fcb1caf16d2e3
17d3b713c3ba5d5d427bbd6e97bc2dbeb7425e2ea375d9c356f77fbd5f1c0e92
190dbaa72f2bda6d5da336ffd5bf5617ff9296d059cb581e871a7c8f3ee7f254
203221dfa33999f1bc3883252fb9607a38b6743abc5f59415d00f255c57b76e2
215c1c1909dee9cedceace1a28cf7f7007762e5b94a82ef110b20ddf83f54038
23efc37dd2d5e559767ad1f6573817e7d71c8590a81d37c0c84e20841c5d2bfa
2983f8d61e3ce9fcf7558053d1da8f80b2e1e52011a72293a36d4e17d4a688ad
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2ecba00c86f45d276420d5a5ca03d9b3342cd4fc95ed61b640dead4ef0adddce
381cf7ba9d099a97a94c35d3e2cff6584d69f75fcab4ac0166abfc0812442415
3c572ff243bef61c99c95641ce27c6d818fefc53dc59455aa6ebe73bfd368ea1
4bf54623598caae5ff9ffaf7527b1c9f18ff3124070fc0afbf9d7026fe808fae
4f9f4e2e225088f9cf3b6b54aa421e0f776d1802255505d2f752e1f83f441641
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
56ac91d36204ebf257caef6ca40dd4530b2eb7e2a5d192300b11ef4830bc8f8f
5b19dfdb5421c2f3d8c254404e8e7e376e9c8e7ec4f14936b1ed4508d3df0735
5f3270a1b6684da6f8e8990f4730bcba09651f27fa57d45f586b73b2eb02dd94
626767413be930bd758a72b108e1a478127f8defb82d4672c87851fa922ec518
754e71e934ab772754504177f10304f0e76f4a987d4b71dd8a4bf82067042ce4
773e7af3c17497c55e6758199ccb53370fbc8c7eb0284cdcea76dc91a6879336
775b645121a7067b53379ca4ab491cd2bab511a37262bc598c6b4de282c948bb
778c1c455c2c74c872bfca89e4aed6c4fb7e34259475cc6164bf20d7a099324f
7e6f9e166b0d3d073e50f3b86e1d8704de932b364267ed57ad06e7edb4d730c2
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8a3e64a7272782641e5ab95ac12427ba92815c0e26983e0019aa7591cf3cad28
8ce5f8e8b2e830399528c71f3bf1713d9f2122afe8d3d492e7cdaddad3b411c6
90503cf0d53db0247dc6708247b1e67eab2c0e7b35309cf9359fa4eabf456b18
99180d6dee21d3f807182fd29e105f951a25d549749194dd59f37fa88b504795
a38770ebf1b6b37f293f15e5dc5bc0bfc6e1449cff7172db2705f496f070f8bd
a4c69bc1b5b37cb7f13f87e7281dd69e7424940b670c4e470a4968eac47aa9d4
b650d884c9ec913707f0a33259fbc390572e3c9a365390de0098d0cee5640375
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b82dda904fe9c144d2013bf1758d3548177cc51b889f5e4b70af4a3313e5a001
bb510522230bf6f7ae632e8bded4d65c2bdb6bdd476e2e81e3d9ef729faab8c3
bbc7611e52cd22c088343577d6468843671182bfe49cc22e40f573139d6ae563
bd24be69252f270c3e10cb0060084cbf60a21122f5f6ee8cec4d31c5eaf590a7
c12d636cb5268c2f7f86c34ec5b1af2826a685eae5e503aece3c477fdd97a971
ca7d87f4d2576ab7b938e93d987da61ca9bbf745869152a873c3fcf9979c4a58
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
d3aa4bc277a3c6020d2dfccda50cefb99ec1da28212bbfef5a5a9d7ecf8750b6
d4ed261be1fb3412927e07dd833180ff1809474452446a42e47faa393b7f49b2
dcd9ff818a4a80cfb8c391cad32658fe315f2378aa7a3d726d30bed5f5353530
df2698e6cf74ed890afa92da10051f880df2ce0b3257b73c5d9ae2f6bea82d3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4228d2650a71f21ea282bce390d9f2b4e261640b8ffb7c6096d116e5a5cdaef
e631ce6a2fcc4cd7da04228292d10fdf731b51dc25078686d32039072503df37
e8ef1667e5cb4f8f8694a1cea7a87afa64c8c722dd01727bad785944d407966f
ee0937e73e9e680905759f1435fee28ddafeb4433ae8de2aee32a2539ad21f97
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef3e7e94fc36d961b807c8fa6c2bbbd5cf60a746a95c0d01f331d847156b198c
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
feafd430e9d02c4481e61dc0eef3c81ce414d24bd00c44891389934c615638da

apiiro.com Open in urlscan Pro 199.16.173.39 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

66 Requests

98 %HTTPS

79 %IPv6

16 Domains

21 Subdomains

19 IPs

3 Countries

885 kBTransfer

34763 kBSize

16 Cookies

12 Outgoing links

Redirected requests

66 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

apiiro.com Open in urlscan Pro
199.16.173.39 Public Scan

Screenshot
Live screenshot

Full Image

66
Requests

98 %
HTTPS

79 %
IPv6

16
Domains

21
Subdomains

19
IPs

3
Countries

885 kB
Transfer

34763 kB
Size

16
Cookies

66 HTTP transactions
0 data transactions