www.evasec.io Open in urlscan Pro
52.17.119.105 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
Submission: On July 02 via api (July 2nd 2024, 2:12:11 am UTC) from TR — Scanned from DE

Summary HTTP 38 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 15 IPs in 5 countries across 14 domains to perform 38 HTTP transactions. The main IP is 52.17.119.105, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is www.evasec.io.
TLS certificate: Issued by R10 on June 27th 2024. Valid for: 3 months.

This is the only time www.evasec.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	52.17.119.105 52.17.119.105	16509 (AMAZON-02) (AMAZON-02)
13	172.64.153.29 172.64.153.29	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
5	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
1	18.244.20.221 18.244.20.221	16509 (AMAZON-02) (AMAZON-02)
2	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	76.76.21.98 76.76.21.98	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
2	18.173.187.12 18.173.187.12	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
1	142.250.185.99 142.250.185.99	15169 (GOOGLE) (GOOGLE)
38	15

1 52.17.119.105 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-119-105.eu-west-1.compute.amazonaws.com

www.evasec.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 172.64.153.29 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

cdn.prod.website-files.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.244.20.221 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-20-221.fra56.r.cloudfront.net

d3e54v103j8qbb.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.76.21.98 (Walnut, United States)

ASN16509 (AMAZON-02, US)

tools.refokus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.173.187.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-187-12.muc50.r.cloudfront.net

uploads-ssl.webflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	website-files.com cdn.prod.website-files.com — Cisco Umbrella Rank: 9031	816 KB
5	gstatic.com fonts.gstatic.com	153 KB
5	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 381	54 KB
2	webflow.com uploads-ssl.webflow.com — Cisco Umbrella Rank: 15924	68 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 268	2 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 81	104 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 469 fonts.googleapis.com — Cisco Umbrella Rank: 83	7 KB
1	google.de www.google.de — Cisco Umbrella Rank: 8088	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 136	244 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3125
1	youtube.com www.youtube.com — Cisco Umbrella Rank: 96
1	refokus.com tools.refokus.com — Cisco Umbrella Rank: 127710	809 B
1	cloudfront.net d3e54v103j8qbb.cloudfront.net	30 KB
1	evasec.io www.evasec.io	17 KB
38	14

	Domain	Requested by
13	cdn.prod.website-files.com	www.evasec.io cdn.prod.website-files.com
5	fonts.gstatic.com	fonts.googleapis.com
5	cdn.jsdelivr.net	www.evasec.io
2	uploads-ssl.webflow.com	cdn.prod.website-files.com
2	cdnjs.cloudflare.com	www.evasec.io
2	www.googletagmanager.com	www.evasec.io
1	www.google.de	www.evasec.io
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	www.youtube.com	www.evasec.io
1	fonts.googleapis.com	ajax.googleapis.com
1	tools.refokus.com	www.evasec.io
1	d3e54v103j8qbb.cloudfront.net	www.evasec.io
1	ajax.googleapis.com	www.evasec.io
1	www.evasec.io
38	15

This site contains links to these domains. Also see Links.

Domain
www.linkedin.com
en.wikipedia.org
cocoapods.org
guides.cocoapods.org
blog.cocoapods.org
github.com
datatracker.ietf.org
portswigger.net
developer.mozilla.org
twitter.com

Subject Issuer	Validity	Valid
www.evasec.io R10	`2024-06-27` - `2024-09-25`	3 months	crt.sh
prod.website-files.com WE1	`2024-06-25` - `2024-09-23`	3 months	crt.sh
upload.video.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.google-analytics.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
cdnjs.cloudflare.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
tools.refokus.com R11	`2024-06-20` - `2024-09-18`	3 months	crt.sh
*.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
uploads-ssl.webflow.com Amazon RSA 2048 M02	`2024-06-28` - `2025-07-26`	a year	crt.sh
*.gstatic.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.google.de WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
Frame ID: 2FA6DDC3E8CACBBD862DFBE98FC03339
Requests: 37 HTTP requests in this frame

Frame: https://www.youtube.com/embed/nO84n2v3ZyM
Frame ID: 96413EADBDD9DA6933306C9E291D08C6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Highlight.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/(?:([\d.])+/)?highlight(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

38
Requests

100 %
HTTPS

53 %
IPv6

14
Domains

15
Subdomains

15
IPs

5
Countries

1253 kB
Transfer

1938 kB
Size

5
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://www.linkedin.com/in/reef-spektor-02988418b
Title: Reef Spektor

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/eran-vaknin
Title: Eran Vaknin

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Log4Shell
Title: Log4Shell

Search URL Search Domain Scan URL

URL: https://cocoapods.org/
Title: CocoaPods

Search URL Search Domain Scan URL

URL: https://guides.cocoapods.org/syntax/podspec.html
Title: Podspecs

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Downstream_(software_development)
Title: Downstream dependencies

Search URL Search Domain Scan URL

URL: https://blog.cocoapods.org/CocoaPods-Trunk-RCEs-2023/
Title: informed CocoaPods

Search URL Search Domain Scan URL

URL: https://github.com/CocoaPods/trunk.cocoapods.org
Title: 'Trunk’ server

Search URL Search Domain Scan URL

URL: https://cocoapods.org/owners/7
Title: 1,866 orphaned pods

Search URL Search Domain Scan URL

URL: https://github.com/CocoaPods/trunk.cocoapods.org/commit/70c56fba99d53fa5a8930dd4d0d392e4c99a56c4
Title: committed

Search URL Search Domain Scan URL

URL: https://datatracker.ietf.org/doc/html/rfc822
Title: RFC822

Search URL Search Domain Scan URL

URL: https://github.com/dim/rfc-822
Title: package

Search URL Search Domain Scan URL

URL: https://github.com/ReeFSpeK/CocoaPods-RCE
Title: click here

Search URL Search Domain Scan URL

URL: https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn
Title: HTTP smuggling and desynchronization attacks

Search URL Search Domain Scan URL

URL: https://portswigger.net/research/james-kettle
Title: James Kettle

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host
Title: MDN

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host
Title: Host

Search URL Search Domain Scan URL

URL: https://twitter.com/eva_info_sec

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/evainfosec/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

38 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request eva-discovered-supply-chain-vulnerabities-in-cocoapods Show response
www.evasec.io/blog/ 47 KB
17 KB 430ms
54ms Document
text/html 52.17.119.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.119.105 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-119-105.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 4518ec4d58367b4949449f3376118c4b1875e01fe2e8f687d19e312d96ef44d5

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
age: 44622
content-encoding: gzip
content-length: 16644
content-type: text/html
date: Tue, 02 Jul 2024 02:12:06 GMT
vary: Accept-Encoding,x-wf-forwarded-proto
x-cache: MISS, HIT
x-cache-hits: 0, 23
x-cluster-name: eu-west-1-prod-hosting-red
x-lambda-id: 8be84edf-92d9-4b34-84e2-2f118e038c27
x-served-by: cache-iad-kjyo7100073-IAD, cache-dub4366-DUB
x-timer: S1719886327.784227,VS0,VE0

GET
H3 200 evasec.webflow.231be4c11.css
cdn.prod.website-files.com/6637ec84acdca762bbea2e39/css/ 94 KB
18 KB 52ms
31ms Stylesheet
text/css 172.64.153.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.website-files.com/6637ec84acdca762bbea2e39/css/evasec.webflow.231be4c11.css
Requested by: Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d2b3ab5a08899a37f8fc861fa93fb5d67006c8ca8f3aa0a5d3c0e6809cd7b7a0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 02:12:06 GMT
content-encoding: gzip
x-amz-version-id: Z_cqKmQyMNPoI5MRXzVBI7ErwbYidDSE
cf-cache-status: HIT
x-amz-request-id: SXB6KJK20ASBSTR1
age: 41892
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
content-length: 17780
x-amz-id-2: Mr/463rCCVmDLFb7VsFSw5/Z6Kyjn89xgCkBByOTDPRfgeY0rTT98cOXdHKDuFQN2hveeIYWa7nFICrE789Qd3PWsDxPHSz2vh7ZnvT1yD0=
last-modified: Mon, 01 Jul 2024 13:48:07 GMT
server: cloudflare
etag: "cef51ef126b549317065ba2491bbdf38"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 89cb1be6cd7f371d-FRA

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1.6.26/ 13 KB
6 KB 41ms
13ms Script
text/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js

Requested by

Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 13:16:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 392161
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Jun 2025 13:16:05 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 314 KB
104 KB 116ms
64ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-MGQ0PWW7EX

Requested by

Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f45ae5aa1f3e63e16420a417e5d05fcd72c483218ade1517903507a1706fb93e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 02:12:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 106545
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 02 Jul 2024 02:12:06 GMT

GET
H2 200 default.min.css
cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.6.0/build/styles/ 1 KB
1008 B 34ms
12ms Stylesheet
text/css 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.6.0/build/styles/default.min.css

Requested by

Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fbde0ac0921d86c356c41532e7319c887a23bd1b8ff00060cab447249f03c7cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 02 Jul 2024 02:12:06 GMT
x-content-type-options: nosniff
content-encoding: br
age: 505200
x-jsd-version: 11.6.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 565
x-served-by: cache-fra-eddf8230146-FRA
x-jsd-version-type: version
etag: W/"478-na/LbSNHKtuQ+cn1W9nb1ZA5KVM"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 socialshare.js Show response
cdn.jsdelivr.net/npm/@finsweet/attributes-socialshare@1/ 9 KB
4 KB 32ms
31ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@finsweet/attributes-socialshare@1/socialshare.js

Requested by

Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

eafd7e17be354753ca120ef03d28aa45a37c423e89e9f2602e8fd5a24400f150

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 02 Jul 2024 02:12:06 GMT
x-content-type-options: nosniff
content-encoding: br
age: 2589
x-jsd-version: 1.3.1
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3619
x-served-by: cache-fra-eddf8230146-FRA
x-jsd-version-type: version
etag: W/"2385-rwl9CAsmlk954AGumYBzecK5wJE"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 richtext.js Show response
cdn.jsdelivr.net/npm/@finsweet/attributes-richtext@1/ 8 KB
4 KB 33ms
32ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@finsweet/attributes-richtext@1/richtext.js

Requested by

Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2c699eb55ae3fe61b3d783c8936ab1eb949c596a5c89118f703e328ede2b8308

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 02 Jul 2024 02:12:06 GMT
x-content-type-options: nosniff
content-encoding: br
age: 18498
x-jsd-version: 1.10.2
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3918
x-served-by: cache-fra-eddf8230146-FRA
x-jsd-version-type: version
etag: W/"2147-I41v+oq443LPQB6aPqMil27q9QY"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 66546f31b3de5dfcd5785f3b_xOOC9SSDj2wOo_8bNTchKPo9_5I9sxxj47l4_LMIjmZLYJVugCz16zfzH-8TADNrDxSpwoktWUUMvT4xtWmNuYZEit6_jchmxxyTwXqPLLKihJK5lkxh6PBL6oRWwQPHpLJrNjJhyz6hydOcLqaCcJ4.png
cdn.prod.website-files.com/6637ec84acdca762bbea2e55/ 293 KB
293 KB 44ms
23ms Image
image/png 172.64.153.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6637ec84acdca762bbea2e55/66546f31b3de5dfcd5785f3b_xOOC9SSDj2wOo_8bNTchKPo9_5I9sxxj47l4_LMIjmZLYJVugCz16zfzH-8TADNrDxSpwoktWUUMvT4xtWmNuYZEit6_jchmxxyTwXqPLLKihJK5lkxh6PBL6oRWwQPHpLJrNjJhyz6hydOcLqaCcJ4.png
Requested by: Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e04c2ada18ffbd26a0e8a870b8a5a764918bb269168b2671f95aa8a73149264

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 02:12:06 GMT
x-amz-version-id: xSVXgj0El5b_hyPyZEn2D1keZXCm1Gzv
cf-cache-status: HIT
x-amz-request-id: DT24VYKM308J0X0G
age: 19299
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 299903
x-amz-id-2: NfohcF/29ArbKz6Ga1qQzjskXRWLYQeLcJtHox8EpRp+TUUb7dREq/vcQRqDqh1/p8jscJDKfsM=
last-modified: Mon, 27 May 2024 11:32:02 GMT
server: cloudflare
etag: "a3d31447966b20d1e8921fedd98ede3f"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
cf-ray: 89cb1be6cd84371d-FRA

GET
H3 200 66546f313dd887bf4687f5be_HzExDoQBbjF2gS9CDWDPScXsFg95wGkWx5hQat0dpI2ltYvQy52je_4s1g58YFM0q9uR1tUejcBoba905CR_S7kMMWNLgqvOEVdG648rkV5TlSPspqFxDAzCbVMesF05GssYCzvNihSev46Xb8pDQrs.png
cdn.prod.website-files.com/6637ec84acdca762bbea2e55/ 102 KB
103 KB 43ms
22ms Image
image/png 172.64.153.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6637ec84acdca762bbea2e55/66546f313dd887bf4687f5be_HzExDoQBbjF2gS9CDWDPScXsFg95wGkWx5hQat0dpI2ltYvQy52je_4s1g58YFM0q9uR1tUejcBoba905CR_S7kMMWNLgqvOEVdG648rkV5TlSPspqFxDAzCbVMesF05GssYCzvNihSev46Xb8pDQrs.png
Requested by: Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8803acb106816b80ef25e43ce6b6c7bcbacd16dacd794317713a601646ca39ea

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 02:12:06 GMT
x-amz-version-id: lGGjsri_1Og7gcSiX8DVSClAQTIFevrI
cf-cache-status: HIT
x-amz-request-id: SYYGQP0V76TJBXZ3
age: 18397
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
content-length: 104722
x-amz-id-2: NLC2zCgeqK0K4vKjy1mkc/TvUP+u0wgcUMDp9tupHcktiYmS6ONSpzzC+4U3DHhobazgTPGmsRc5nuFEJQQdt6HdFFwyOqwcL2LnB/lFkVI=
last-modified: Mon, 27 May 2024 11:32:03 GMT
server: cloudflare
etag: "7188bc56e7b130e13566c7c82c6181ed"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
cf-ray: 89cb1be6cd86371d-FRA

GET
H2 200 jquery-3.5.1.min.dc5e7f18c8.js Show response
d3e54v103j8qbb.cloudfront.net/js/ 87 KB
30 KB 350ms
22ms Script
application/javascript 18.244.20.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=6637ec84acdca762bbea2e39
Requested by: Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.244.20.221 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-20-221.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Origin: https://www.evasec.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Jul 2024 21:55:38 GMT
content-encoding: br
via: 1.1 0be2062deeede74cb37dc047454ddbce.cloudfront.net (CloudFront)
age: 16053
x-amz-cf-pop: FRA56-P11
x-cache: Hit from cloudfront
last-modified: Mon, 20 Jul 2020 17:53:02 GMT
server: AmazonS3
etag: W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
vary: Accept-Encoding
x-amz-cf-id: 70V8_2kGuqq_K-VA7JrKloxqYu1FO-dWbb2dWTNEJji_ZvDcIkp0Fg==

GET
H3 200 webflow.ba003d20f.js Show response
cdn.prod.website-files.com/6637ec84acdca762bbea2e39/js/ 186 KB
68 KB 81ms
79ms Script
text/javascript 172.64.153.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.website-files.com/6637ec84acdca762bbea2e39/js/webflow.ba003d20f.js
Requested by: Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89c72f8b181cce8317e3da1db75c65b9342e5807946a4d40d6b35a935c2f7546

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 02:12:06 GMT
content-encoding: gzip
x-amz-version-id: dASdfT0QBGwKEdOGRi5vICw5h.OUl6Tj
cf-cache-status: HIT
x-amz-request-id: FHY50S3CKPBYJ290
age: 936203
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
content-length: 68744
x-amz-id-2: CitYxMxAX8n3KkfFjiEd2MECBAd0v0qnzKu+7a3fKPZWvnFUw4wFh8OkQTxbiFvaynX+APo+7xzopgzpGDTAJLIWBkn0Ra+fvBQqdC6zalM=
last-modified: Wed, 19 Jun 2024 19:57:44 GMT
server: cloudflare
etag: "f2fe675feb73f3f112a3be172d5a95c7"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 89cb1be71da4371d-FRA

GET
H3 200 atom-one-dark.css
cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/ 1 KB
1 KB 46ms
28ms Stylesheet
text/css 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/atom-one-dark.css

Requested by

Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5712e31de4df28eed107cd242eb50d280a6578e850fb671e20bc82a137de3fa1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 02:12:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 18078
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 479
last-modified: Mon, 09 Oct 2023 05:35:54 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6523913a-1df"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0SizI4K6MxnkTfsXugFlQJsHFfLJXT4IIX98Tg5TsBCgm9SFcq4IhNwtxAuPaXMglEYZa7QuVHu55EXx4RzrVdjSqN444KkrlKmT3FdvUVWQ7JSHBc4sRZcIvbonkteuAQkEsLIa"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 89cb1be72af0365f-FRA
expires: Sun, 22 Jun 2025 02:12:06 GMT

GET
H2 200 highlight.min.js Show response
cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.9.0/build/ 119 KB
42 KB 16ms
13ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.9.0/build/highlight.min.js

Requested by

Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

837a6fa5b0c736b52bbde2b2b6190f305da3fc9ed41681db5321507057b5c846

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 02 Jul 2024 02:12:06 GMT
x-content-type-options: nosniff
content-encoding: br
age: 1111011
x-jsd-version: 11.9.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 43077
x-served-by: cache-fra-eddf8230146-FRA
x-jsd-version-type: version
etag: W/"1db7f-Dy3HYLZwuw6PDsPQVFNoUqwYKdA"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 http.min.js Show response
cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/languages/ 913 B
1 KB 48ms
30ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/languages/http.min.js

Requested by

Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc86f0ebfcf92f1ed6db4619b0996f58d4f00938295a786a7803d5fa1770bab1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 02:12:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 73
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 443
last-modified: Mon, 09 Oct 2023 05:35:54 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6523913a-1bb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X1tDtbeefdQtf0C9bhBLvKjJS5%2FITUzMFYy%2Fipcjqr1b3qhFOK7XNtGqxG7%2BVO%2F8NLYHAkg%2B78TOktwJCSAtbJQdKODu27c24GHnO5EbdFMPIaCqFkbQVEBCgVwqJOxLPHWpbeUA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 89cb1be72af1365f-FRA
expires: Sun, 22 Jun 2025 02:12:06 GMT

GET
H2 200 medium-zoom.min.js Show response
cdn.jsdelivr.net/npm/medium-zoom@1.0.3/dist/ 9 KB
3 KB 35ms
33ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/medium-zoom@1.0.3/dist/medium-zoom.min.js

Requested by

Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

89aa43cb2db8717165e898b18806ad757585f8815f9f514bb0afbd3c390def95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 02 Jul 2024 02:12:06 GMT
x-content-type-options: nosniff
content-encoding: br
age: 438302
x-jsd-version: 1.0.3
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3091
x-served-by: cache-fra-eddf8230146-FRA
x-jsd-version-type: version
etag: W/"2408-5ck9kUxd8AglB+1wj1aqAh/vLDs"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 bundle.v1.0.0.js Show response
tools.refokus.com/time-to-read/ 545 B
809 B 348ms
57ms Script
application/javascript 76.76.21.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tools.refokus.com/time-to-read/bundle.v1.0.0.js

Requested by

Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.98 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

028c0e868f9747b947ad0eb0d51c1324b3b67bc7292a655481e5406f4de78d66

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 02:12:07 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::6ckrh-1719886327199-4f4c85d8e1bb
age: 848328
etag: "14f56060acf14ed4d3b7e747d91bc7ab"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="bundle.v1.0.0.js"
accept-ranges: bytes
content-length: 545

GET
H2 200 css
fonts.googleapis.com/ 20 KB
1 KB 137ms
63ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed:300,300italic,regular,italic,700,700italic%7CRoboto:regular,500,700

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7474fa7c6dcde3905c422bfb71554b171b2d759597397c6e10ebc0047abf3658

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Tue, 02 Jul 2024 02:12:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 02 Jul 2024 02:03:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 02 Jul 2024 02:12:07 GMT

GET
H2 200 nO84n2v3ZyM
www.youtube.com/embed/ Frame 9641 0
0 102ms
62ms Document
text/html 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/nO84n2v3ZyM

Requested by

Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.evasec.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Tue, 02 Jul 2024 02:12:06 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 6637ec84acdca762bbea2eca_FOOTER%20BG.png
cdn.prod.website-files.com/6637ec84acdca762bbea2e39/ 172 KB
172 KB 76ms
75ms Image
image/png 172.64.153.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6637ec84acdca762bbea2e39/6637ec84acdca762bbea2eca_FOOTER%20BG.png
Requested by: Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6637ec84acdca762bbea2e39/css/evasec.webflow.231be4c11.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7a0cf4aa7b849145192f83a74f5df493e6d0b1782bfd12908362173d095efb5

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cdn.prod.website-files.com/6637ec84acdca762bbea2e39/css/evasec.webflow.231be4c11.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 02:12:06 GMT
x-amz-version-id: GPUzvrH8I57is8tzYquJPAe4O_50kVyg
cf-cache-status: HIT
x-amz-request-id: WT4P81QMMCC9BD9X
age: 41892
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 175778
x-amz-id-2: L5uizQ+Bx9xzSzcUqThxdnElnciy88K81mcr+gccoO6FLGXg1ekG8eAJF4AW81XjTNL4Tl2IoZg=
last-modified: Sun, 05 May 2024 20:31:02 GMT
server: cloudflare
etag: "fcd00fe38deeb911fd4522ed6c800567"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
cf-ray: 89cb1be71da6371d-FRA

GET
H2 200 6637ec84acdca762bbea2e73_Frank-LightRough.ttf
uploads-ssl.webflow.com/6637ec84acdca762bbea2e39/ 109 KB
52 KB 94ms
43ms Font
application/x-font-ttf 18.173.187.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uploads-ssl.webflow.com/6637ec84acdca762bbea2e39/6637ec84acdca762bbea2e73_Frank-LightRough.ttf
Requested by: Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6637ec84acdca762bbea2e39/css/evasec.webflow.231be4c11.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.187.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-187-12.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7d2108b41c3a8f4e21d784b62881500340c6a5368bf1fb72b6b47e9f8814061f

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cdn.prod.website-files.com/
Origin: https://www.evasec.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Jul 2024 13:18:41 GMT
x-amz-version-id: UCc9yskd9SjUHtxxtTqjXAd00ZReAzwA
content-encoding: br
via: 1.1 de8b46af7190cc021fd8b12be6996a2e.cloudfront.net (CloudFront)
age: 46406
x-amz-cf-pop: MUC50-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sun, 05 May 2024 20:31:02 GMT
server: AmazonS3
etag: W/"c5b8ae88d2792c5d58aca95f67582abe"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/x-font-ttf
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
vary: Accept-Encoding
x-amz-cf-id: F34RYahQh6tzrPuQEWrYJ8uVMxXrQn9RZ0C7tpwJ4Dy7b3JJSDKOkA==

GET
H2 200 6637ec84acdca762bbea2e6d_Frank-Bold.ttf
uploads-ssl.webflow.com/6637ec84acdca762bbea2e39/ 33 KB
16 KB 112ms
61ms Font
application/x-font-ttf 18.173.187.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uploads-ssl.webflow.com/6637ec84acdca762bbea2e39/6637ec84acdca762bbea2e6d_Frank-Bold.ttf
Requested by: Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6637ec84acdca762bbea2e39/css/evasec.webflow.231be4c11.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.187.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-187-12.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 84b441a09158f014409767af2c027878636b35b2243f00d2b0b4a25c722b2fb8

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cdn.prod.website-files.com/
Origin: https://www.evasec.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Jul 2024 08:28:38 GMT
x-amz-version-id: f7OBtbHL5nWR.dLHWY94VfJpf8UD_vSZ
content-encoding: br
via: 1.1 de8b46af7190cc021fd8b12be6996a2e.cloudfront.net (CloudFront)
age: 63808
x-amz-cf-pop: MUC50-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sun, 05 May 2024 20:31:02 GMT
server: AmazonS3
etag: W/"3f045edfb7aa57f2b2d9531c1c1aa0ac"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/x-font-ttf
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
vary: Accept-Encoding
x-amz-cf-id: 7RJnhsVPqOv9kn_1ZeRJo5UZR59_po0jfC9aDNdDZb5LKhf4foO1Gg==

GET
H3 200 6637ec84acdca762bbea2ea5_Asset%202.png
cdn.prod.website-files.com/6637ec84acdca762bbea2e39/ 6 KB
7 KB 116ms
115ms Image
image/png 172.64.153.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6637ec84acdca762bbea2e39/6637ec84acdca762bbea2ea5_Asset%202.png
Requested by: Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 35f2a31f659cfa9bda626dbb1ba2c6c9dcc9c88f18508a635150d4c8b9bf4d2e

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 02:12:06 GMT
x-amz-version-id: BEOrl74FcEczxnMh3Vrx1F5G3hUz1oXN
cf-cache-status: HIT
x-amz-request-id: 6X37AFCK7SYNEH01
age: 2612002
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
content-length: 6339
x-amz-id-2: OXaKjvhiLuBuuF9tvjEXeB++5QG2tO/MnPoCV2oaSduY627E+krmTkuNkdcZin+Qb8pSih1Fvmg=
last-modified: Sun, 05 May 2024 20:31:02 GMT
server: cloudflare
etag: "d8126d67dca7545ae8c0def9173de385"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
cf-ray: 89cb1be73db7371d-FRA

GET
H3 200 667edfaf3163605ea44d1da0_portrait2-p-500.jpg
cdn.prod.website-files.com/6637ec84acdca762bbea2e55/ 29 KB
30 KB 116ms
115ms Image
image/jpg 172.64.153.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6637ec84acdca762bbea2e55/667edfaf3163605ea44d1da0_portrait2-p-500.jpg
Requested by: Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 33b9b1bd5422200c5a0f0d4cee9951b01ef547f52b1bbcebc3b265a3c9764047

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 02:12:06 GMT
x-amz-version-id: 49XISANYIbmcxnLWIT7rVtaZskKVrm8B
cf-cache-status: HIT
x-amz-request-id: PKDM9W70HD17T10X
age: 28805
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
content-length: 29927
x-amz-id-2: C/1zM+rik6e8PA85+X//ayr1kIkoK9EC8Dzo9cgfcaAKUzVWIR5C7zuYE4xd+dzSk5qDqbYkByN2Q+dUP0BY7pLiauTLskeS
cf-bgj: h2pri
last-modified: Fri, 28 Jun 2024 16:07:17 GMT
server: cloudflare
etag: "63de3bd01d26f7fd1371fabc1a425172"
vary: Accept-Encoding
content-type: image/jpg
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
cf-ray: 89cb1be73db8371d-FRA

GET
H3 200 665519d6eeeaa979ade532b3_PHOTO-2024-05-28-01-38-28.jpg
cdn.prod.website-files.com/6637ec84acdca762bbea2e55/ 25 KB
26 KB 121ms
120ms Image
image/jpeg 172.64.153.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6637ec84acdca762bbea2e55/665519d6eeeaa979ade532b3_PHOTO-2024-05-28-01-38-28.jpg
Requested by: Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52e33f67f5d8809b2b8a96e69059f65e2c3eb670b4a0b50b4b1c08c96161a4c3

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 02:12:06 GMT
x-amz-version-id: 1mb8y2tn4afwyd7lhJb0hLqKimVxKpPZ
cf-cache-status: HIT
x-amz-request-id: CJAD9TDY7GAAHPD6
age: 42251
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
content-length: 25832
x-amz-id-2: tNAsnksXDSVsvRFGL+6ncguvWkJr0e9yQsMSSVIoIp349Ab9PzXwU1HVnG5gk9eeGM+KZpHD6Tw=
cf-bgj: h2pri
last-modified: Mon, 27 May 2024 23:40:08 GMT
server: cloudflare
etag: "acf1ac53e5c0073ab0096f56c33685b3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
cf-ray: 89cb1be73db9371d-FRA

GET
H3 200 6637ec84acdca762bbea2ee7_x.svg
cdn.prod.website-files.com/6637ec84acdca762bbea2e39/ 19 KB
13 KB 134ms
133ms Image
image/svg+xml 172.64.153.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6637ec84acdca762bbea2e39/6637ec84acdca762bbea2ee7_x.svg
Requested by: Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 169d2f77d393a051e15245fc96019295fd71d8835f7b6663577cb8211e03dff3

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 02:12:06 GMT
x-amz-version-id: SZi_5Ehx00cYArR9aT81pa3UOaExHYBn
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: RNDD8WA92NCV6DXE
age: 2612002
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: s2N/VPMdqTJ3t5auLZ1vuYTmbEBs42eiG1fU5241Zf6m7I8ulA5T7W3HeJpyTwWutOXsyfstHoM=
last-modified: Sun, 05 May 2024 20:31:03 GMT
server: cloudflare
etag: W/"9e30b0a19b1a506f76d0368eec4b8f33"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
cf-ray: 89cb1be73dba371d-FRA

GET
H3 200 6637ec84acdca762bbea2ee8_linkedin.svg
cdn.prod.website-files.com/6637ec84acdca762bbea2e39/ 1 KB
902 B 134ms
133ms Image
image/svg+xml 172.64.153.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6637ec84acdca762bbea2e39/6637ec84acdca762bbea2ee8_linkedin.svg
Requested by: Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 824bc355ebfea304e5f4cd7a6dc1b7742389caeb0b8149cb26a003e193177d9b

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 02:12:06 GMT
x-amz-version-id: zeKsDEWxYcou4T4PWXmGGDCNz2XV_gcA
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: 2HE93J5330QJVFXA
age: 1229634
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: EOMzjjNGfTv/Jckx+qnnxlpcpVg4170up0OKlZqGKVHr7Tsi65os/TwigyVZbqpkN7sl1E0+BRk+PEQOo8zPKow2VLwnMadC
last-modified: Sun, 05 May 2024 20:31:03 GMT
server: cloudflare
etag: W/"0e0ecfa65643be507fdffae5442b735c"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
cf-ray: 89cb1be73dbb371d-FRA

GET
H3 200 6637ec84acdca762bbea2ee9_reddit.svg
cdn.prod.website-files.com/6637ec84acdca762bbea2e39/ 2 KB
1 KB 157ms
156ms Image
image/svg+xml 172.64.153.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6637ec84acdca762bbea2e39/6637ec84acdca762bbea2ee9_reddit.svg
Requested by: Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3075552168ab4fbc806ca1824880830ddae312e36110e937b9436bfbc4fa874

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 02:12:06 GMT
x-amz-version-id: 66CdTx1uZnh1SmpjHKnKa2wmNi03hwfd
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: FRAH54DR6MNBYV1M
age: 72
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: LvYOXWsY01kLRA+5GYayuQpzDRwOchUrbaN3Rhky+gNAFnemQYAsJYKwbT/VGFElaouqLahS7Ks=
last-modified: Sun, 05 May 2024 20:31:03 GMT
server: cloudflare
etag: W/"930d9ce1c868d7b161b7990a50cb9035"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
cf-ray: 89cb1be73dbc371d-FRA

GET
H3 200 666ee5b3de77bc88bb5dc068_EVA_Infographics_Cover_A-p-1080.jpg
cdn.prod.website-files.com/6637ec84acdca762bbea2e55/ 84 KB
84 KB 158ms
157ms Image
image/jpg 172.64.153.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6637ec84acdca762bbea2e55/666ee5b3de77bc88bb5dc068_EVA_Infographics_Cover_A-p-1080.jpg
Requested by: Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1599a4fe7ee43ccfe921a154636dee6769b928fa9c4faac85bb350e8bf60a65

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 02:12:06 GMT
x-amz-version-id: 7MoyQjJXhcJAgHQMoSzGv6fx3e2MQLV5
cf-cache-status: HIT
x-amz-request-id: JZTC1QG79GN1XFXJ
age: 41458
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
content-length: 85619
x-amz-id-2: WHmvEIw7XQzRrfQ+fAFCWy8KMqYMd0wYUgYEk4VUkbLLro0I5jtv55DBC9dixOZycfHnS9imq+M=
cf-bgj: h2pri
last-modified: Sun, 16 Jun 2024 13:16:38 GMT
server: cloudflare
etag: "81377c6a1b51b0d4561483ab3db36eda"
vary: Accept-Encoding
content-type: image/jpg
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
cf-ray: 89cb1be73dbd371d-FRA

GET
H2 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v27/ 50 KB
50 KB 162ms
111ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:300,300italic,regular,italic,700,700italic%7CRoboto:regular,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://www.evasec.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 14:44:54 GMT
x-content-type-options: nosniff
age: 559633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51404
x-xss-protection: 0
last-modified: Wed, 18 Oct 2023 17:52:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Jun 2025 14:44:54 GMT

GET
H2 200 ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLDwM9.woff2
fonts.gstatic.com/s/robotocondensed/v27/ 56 KB
56 KB 155ms
104ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v27/ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLDwM9.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:300,300italic,regular,italic,700,700italic%7CRoboto:regular,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e0d02c04fe3bb456ed7318a162a6248bd481b6f8e955fecda064d7c0ad3d792

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://www.evasec.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 14:57:52 GMT
x-content-type-options: nosniff
age: 558855
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56996
x-xss-protection: 0
last-modified: Wed, 18 Oct 2023 17:53:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Jun 2025 14:57:52 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 102ms
52ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:300,300italic,regular,italic,700,700italic%7CRoboto:regular,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://www.evasec.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 17:31:01 GMT
x-content-type-options: nosniff
age: 376866
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Jun 2025 17:31:01 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 101ms
51ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:300,300italic,regular,italic,700,700italic%7CRoboto:regular,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://www.evasec.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 20:58:55 GMT
x-content-type-options: nosniff
age: 364392
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Jun 2025 20:58:55 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 98ms
48ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:300,300italic,regular,italic,700,700italic%7CRoboto:regular,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://www.evasec.io
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 07:43:41 GMT
x-content-type-options: nosniff
age: 412106
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Jun 2025 07:43:41 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 391ms
332ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-MGQ0PWW7EX&gtm=45je46q0v9188952109za200&_p=1719886326882&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&gdid=dZGVlNj&cid=323121532.1719886327&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1719886327&sct=1&seg=0&dl=https%3A%2F%2Fwww.evasec.io%2Fblog%2Feva-discovered-supply-chain-vulnerabities-in-cocoapods&dt=Vulnerabilities%20in%20CocoaPods%20Open%20the%20Door%20to%20Supply%20Chain%20Attacks%20Against%20Thousands%20of%20iOS%20and%20MacOS%20Applications&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=696&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MGQ0PWW7EX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 02 Jul 2024 02:12:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.evasec.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
244 B 160ms
29ms Ping
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-MGQ0PWW7EX&cid=323121532.1719886327&gtm=45je46q0v9188952109za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MGQ0PWW7EX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 02 Jul 2024 02:12:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.evasec.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 64ms
33ms Image
image/gif 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-MGQ0PWW7EX&cid=323121532.1719886327&gtm=45je46q0v9188952109za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=2036824678

Requested by

Host: www.evasec.io
URL: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 02 Jul 2024 02:12:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 a
www.googletagmanager.com/ 0
59 B 27ms
25ms Image
text/html 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?v=3&t=l&pid=961347449&rv=46q0&u=AAAAAAAAAAAAACCA&ut=AAAAAQ&h=Ag&gtm=45je46q0v9188952109za200&ccid=188952109&cid=G-MGQ0PWW7EX&l=L494.S3.Y5.B16.E517.I880.EC6.TC17.HTC0~gtm.init.S0.V0.E17.TS5ogtcrossdomain.TI8.TE0.TS5ogt1pdatav2.TI10.TE0.TS5ccdgalast.TI11.TE0.TS5ccdautoredact.TI12.TE0.TS5ccdconversionmarking.TI13.TE0.TS5ccdemvideo.TI14.TE0.TS5ccdemsitesearch.TI15.TE0.TS5ccdemscroll.TI16.TE0.TS5ccdempageview.TI17.TE0.TS5ccdemoutboundclick.TI18.TE0.TS5ccdemform.TI19.TE0.TS5ccdemdownload.TI20.TE0.TS5ccdgaregscope.TI21.TE1.TS5ogtgooglesignals.TI22.TE0.TS5setproductsettings.TI23.TE0.TS5ccdgafirst.TI24.TE0~gtm.js.S0.V0.E11.TS5gct.TI5.TE0~*~gtm.dom.S0.V0.E9~gtm.load.S0.V0.E0~gtm.init_consent.S1.V0.E18~GA202

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 02:12:07 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 63444461b973188f92cd0ffd_favicon.png
cdn.prod.website-files.com/63302495047920513dbc3f3a/ 780 B
1 KB 32ms
31ms Other
image/png 172.64.153.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.website-files.com/63302495047920513dbc3f3a/63444461b973188f92cd0ffd_favicon.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9368792193b5b13482df43df9c42302a413dd844be290ed2a907099514e794d0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.evasec.io/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 02:12:07 GMT
x-amz-version-id: ycI_DHOuryhUnEfA.6XIQSOOqrK.Kq9F
cf-cache-status: HIT
x-amz-request-id: AP841KCDHMSJ37WF
age: 42249
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
content-length: 780
x-amz-id-2: MEIloANXMmOFZ6j2HFULsDBxPI09Vq/Rl4tMk04osUeLAbcmgTMz20DzFyIMZZxoG7cDpNVTkRkxrJCP2X4EecNTQe6GJYKGzoZJuaFPWXo=
last-modified: Mon, 10 Oct 2022 16:16:21 GMT
server: cloudflare
etag: "90233de9802afca3a80ccb406c8d4550"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
cf-ray: 89cb1beb7fe0371d-FRA

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: XtEuU8qsP0M
.youtube.com/	1970-01-21 02:03:58	Name: VISITOR_INFO1_LIVE Value: At5tlzmvsOs
.youtube.com/	1970-01-21 02:03:58	Name: VISITOR_PRIVACY_METADATA Value: CgJERRIEEgAgKg%3D%3D
.evasec.io/	1970-01-21 07:20:46	Name: _ga_MGQ0PWW7EX Value: GS1.1.1719886327.1.0.1719886327.60.0.0
.evasec.io/	1970-01-21 07:20:46	Name: _ga Value: GA1.1.323121532.1719886327

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.jsdelivr.net
cdn.prod.website-files.com
cdnjs.cloudflare.com
d3e54v103j8qbb.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
region1.analytics.google.com
stats.g.doubleclick.net
tools.refokus.com
uploads-ssl.webflow.com
www.evasec.io
www.google.de
www.googletagmanager.com
www.youtube.com
104.17.24.14
142.250.185.99
172.64.153.29
18.173.187.12
18.244.20.221
2001:4860:4802:34::36
2a00:1450:4001:808::2003
2a00:1450:4001:810::200e
2a00:1450:4001:829::200a
2a00:1450:4001:82a::200a
2a00:1450:4001:830::2008
2a00:1450:400c:c00::9b
2a04:4e42:400::485
52.17.119.105
76.76.21.98
028c0e868f9747b947ad0eb0d51c1324b3b67bc7292a655481e5406f4de78d66
169d2f77d393a051e15245fc96019295fd71d8835f7b6663577cb8211e03dff3
2c699eb55ae3fe61b3d783c8936ab1eb949c596a5c89118f703e328ede2b8308
33b9b1bd5422200c5a0f0d4cee9951b01ef547f52b1bbcebc3b265a3c9764047
35f2a31f659cfa9bda626dbb1ba2c6c9dcc9c88f18508a635150d4c8b9bf4d2e
4518ec4d58367b4949449f3376118c4b1875e01fe2e8f687d19e312d96ef44d5
4e0d02c04fe3bb456ed7318a162a6248bd481b6f8e955fecda064d7c0ad3d792
517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e
52e33f67f5d8809b2b8a96e69059f65e2c3eb670b4a0b50b4b1c08c96161a4c3
5712e31de4df28eed107cd242eb50d280a6578e850fb671e20bc82a137de3fa1
7474fa7c6dcde3905c422bfb71554b171b2d759597397c6e10ebc0047abf3658
7d2108b41c3a8f4e21d784b62881500340c6a5368bf1fb72b6b47e9f8814061f
7e04c2ada18ffbd26a0e8a870b8a5a764918bb269168b2671f95aa8a73149264
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
824bc355ebfea304e5f4cd7a6dc1b7742389caeb0b8149cb26a003e193177d9b
837a6fa5b0c736b52bbde2b2b6190f305da3fc9ed41681db5321507057b5c846
84b441a09158f014409767af2c027878636b35b2243f00d2b0b4a25c722b2fb8
8803acb106816b80ef25e43ce6b6c7bcbacd16dacd794317713a601646ca39ea
89aa43cb2db8717165e898b18806ad757585f8815f9f514bb0afbd3c390def95
89c72f8b181cce8317e3da1db75c65b9342e5807946a4d40d6b35a935c2f7546
9368792193b5b13482df43df9c42302a413dd844be290ed2a907099514e794d0
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1599a4fe7ee43ccfe921a154636dee6769b928fa9c4faac85bb350e8bf60a65
c3075552168ab4fbc806ca1824880830ddae312e36110e937b9436bfbc4fa874
d2b3ab5a08899a37f8fc861fa93fb5d67006c8ca8f3aa0a5d3c0e6809cd7b7a0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7a0cf4aa7b849145192f83a74f5df493e6d0b1782bfd12908362173d095efb5
eafd7e17be354753ca120ef03d28aa45a37c423e89e9f2602e8fd5a24400f150
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f45ae5aa1f3e63e16420a417e5d05fcd72c483218ade1517903507a1706fb93e
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fbde0ac0921d86c356c41532e7319c887a23bd1b8ff00060cab447249f03c7cf
fc86f0ebfcf92f1ed6db4619b0996f58d4f00938295a786a7803d5fa1770bab1

www.evasec.io Open in urlscan Pro 52.17.119.105 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

38 Requests

100 %HTTPS

53 %IPv6

14 Domains

15 Subdomains

15 IPs

5 Countries

1253 kBTransfer

1938 kBSize

5 Cookies

19 Outgoing links

Redirected requests

38 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.evasec.io Open in urlscan Pro
52.17.119.105 Public Scan

Screenshot
Live screenshot

Full Image

38
Requests

100 %
HTTPS

53 %
IPv6

14
Domains

15
Subdomains

15
IPs

5
Countries

1253 kB
Transfer

1938 kB
Size

5
Cookies

38 HTTP transactions
0 data transactions