urlscan.io logo urlscan.io
SecurityTrails logo

blog.secure.software Open in urlscan Pro
2606:2c40::c73c:67e1  Public Scan

Go To Rescan Add Verdict Report
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Submission: On July 23 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 30 IPs in 3 countries across 27 domains to perform 74 HTTP transactions. The main IP is 2606:2c40::c73c:67e1, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.secure.software.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 14th 2021. Valid for: a year.
This is the only time blog.secure.software was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
22 2606:2c40::c7... 209242 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
3 13.224.193.93 16509 (AMAZON-02)
1 13.226.146.155 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 63.134.242.129 14992 (CRYSTALTECH)
14 104.111.233.140 16625 (AKAMAI-AS)
2 2 13.248.242.197 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a03:2880:f01... 32934 (FACEBOOK)
2 2606:2800:234... 15133 (EDGECAST)
1 104.244.42.136 13414 (TWITTER)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 52.30.148.233 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 172.217.23.98 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
74 30
22    2606:2c40::c73c:67e1 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
blog.secure.software
1    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a02:26f0:6c00::210:ba20 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
platform.linkedin.com
2    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2606:4700:3030::6815:2212 (United States)

ASN13335 (CLOUDFLARENET, US)
cookieinfoscript.com
3    13.224.193.93 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-93.fra2.r.cloudfront.net
vidassets.terminus.services
1    13.226.146.155 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-146-155.dus51.r.cloudfront.net
js.adsrvr.org
4    2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2606:4700::6811:f3cc (United States)

ASN13335 (CLOUDFLARENET, US)
cdn2.hubspot.net
2    63.134.242.129 (United States)

ASN14992 (CRYSTALTECH, US)
PTR: www.visitortracklog.com
code.visitor-track.com
14    104.111.233.140 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-233-140.deploy.static.akamaitechnologies.com
j.6sc.co
c.6sc.co
b.6sc.co
2    13.248.242.197 (United States)

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com
match.adsrvr.org
1    2606:4700::6811:70b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsadspixel.net
1    2606:4700::6812:15bf (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    2606:4700::6811:e8cc (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsleadflows.net
1    2606:4700::6811:7fab (United States)

ASN13335 (CLOUDFLARENET, US)
js.hscollectedforms.net
1    2606:4700::6811:43b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    2606:4700::6810:5705 (United States)

ASN13335 (CLOUDFLARENET, US)
forms.hsforms.com
2    2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
1    104.244.42.136 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
2    2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2606:4700::6811:c9cc (United States)

ASN13335 (CLOUDFLARENET, US)
api.hubapi.com
2    2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)
track.hubspot.com
forms.hubspot.com
1    52.30.148.233 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-148-233.eu-west-1.compute.amazonaws.com
insight.adsrvr.org
1    2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f2.1e100.net
www.googleadservices.com
1    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
Domain Requested by
22 blog.secure.software blog.secure.software
12 b.6sc.co blog.secure.software
4 fonts.gstatic.com fonts.googleapis.com
3 vidassets.terminus.services blog.secure.software
2 www.google-analytics.com blog.secure.software
www.google-analytics.com
2 platform.twitter.com blog.secure.software
platform.twitter.com
2 connect.facebook.net blog.secure.software
connect.facebook.net
2 match.adsrvr.org 2 redirects
2 code.visitor-track.com blog.secure.software
code.visitor-track.com
2 cdnjs.cloudflare.com blog.secure.software
1 www.google.de
1 www.google.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 www.googleadservices.com www.googletagmanager.com
1 www.googletagmanager.com js.hsadspixel.net
1 forms.hubspot.com js.hsleadflows.net
1 insight.adsrvr.org js.adsrvr.org
1 track.hubspot.com
1 api.hubapi.com js.hsadspixel.net
1 c.6sc.co j.6sc.co
1 syndication.twitter.com platform.twitter.com
1 forms.hsforms.com blog.secure.software
1 js.hs-analytics.net blog.secure.software
1 js.hscollectedforms.net blog.secure.software
1 js.hsleadflows.net blog.secure.software
1 js.hs-banner.com blog.secure.software
1 js.hsadspixel.net blog.secure.software
1 j.6sc.co blog.secure.software
1 cdn2.hubspot.net blog.secure.software
1 js.adsrvr.org blog.secure.software
1 cookieinfoscript.com blog.secure.software
1 platform.linkedin.com blog.secure.software
1 fonts.googleapis.com blog.secure.software
74 33
Subject Issuer Validity Valid
blog.secure.software
Cloudflare Inc ECC CA-3		 2021-06-14 -
2022-06-13		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2021-06-28 -
2021-09-20		 3 months crt.sh
platform.linkedin.com
DigiCert SHA2 Secure Server CA		 2020-07-03 -
2022-07-08		 2 years crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-10-21 -
2021-10-20		 a year crt.sh
*.terminus.services
Amazon		 2020-12-16 -
2022-01-14		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
hubspot.net
Cloudflare Inc ECC CA-3		 2021-06-06 -
2022-06-05		 a year crt.sh
*.visitor-track.com
Sectigo RSA Domain Validation Secure Server CA		 2020-09-08 -
2021-10-10		 a year crt.sh
*.6sc.co
DigiCert SHA2 Secure Server CA		 2021-03-09 -
2022-03-16		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-05-26 -
2021-08-24		 3 months crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2020-11-05 -
2021-11-09		 a year crt.sh
syndication.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-05 -
2022-02-04		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
hubapi.com
Cloudflare Inc ECC CA-3		 2021-06-07 -
2022-06-06		 a year crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2021-06-26 -
2022-06-25		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
www.google.de
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Frame ID: 556046653070AFF6206877436096C571
Requests: 72 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fblog.secure.software
Frame ID: FD036A77BA09463E74C99BF7F3AFEDA4
Requests: 2 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=7qhctws&ref=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&upid=8t4axvj&upv=1.1.0
Frame ID: 4F91218A31775F85DB967AE91DF29B17
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • script /\/\/platform\.twitter\.com\/widgets\.js/i

Page Statistics

74
Requests

100 %
HTTPS

73 %
IPv6

27
Domains

33
Subdomains

30
IPs

3
Countries

940 kB
Transfer

2359 kB
Size

9
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 34
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=492173fc-4b58-46c9-a3cc-09a5abedb64b|5f3ee8b2-9872-4827-a690-6f851efd58ee HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=492173fc-4b58-46c9-a3cc-09a5abedb64b|5f3ee8b2-9872-4827-a690-6f851efd58ee HTTP 302
  • https://vidassets.terminus.services/s.gif?d=492173fc-4b58-46c9-a3cc-09a5abedb64b|5f3ee8b2-9872-4827-a690-6f851efd58ee&t=6ff26e8c-bb8d-420d-bf51-337acb62ff5f

74 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request groundhog-day-npm-package-caught-stealing-browser-passwords
blog.secure.software/ 		73 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / HubSpot
Resource Hash
3cdb9a56308234500b4cffa5e73b48dea8e9e13021b08704ccf980c9f863d529
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=0

Request headers

:method
GET
:authority
blog.secure.software
:scheme
https
:path
/groundhog-day-npm-package-caught-stealing-browser-passwords
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:23:59 GMT
content-type
text/html; charset=UTF-8
cache-control
s-maxage=10800, max-age=0
etag
W/"6eae5081adef54e3dbd363681726f49b"
last-modified
Fri, 23 Jul 2021 10:10:27 GMT
link
</hs/hsstatic/cos-i18n/static-1.37/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/HubspotToolsMenu/static-1.103/js/index.js>; rel=preload; as=script
strict-transport-security
max-age=0
cache-tag
CT-49185713833,CT-49186172803,CT-49190721916,CT-50959638137,CG-48790747698,P-3375217,CW-48586804888,CW-48588424977,CW-48588946457,CW-49471664210,CW-5900639500,CW-5901237519,E-48586804881,E-48588097161,E-48588097162,E-48588188716,E-48588408997,E-48588659541,E-48588659542,E-48589134196,E-6021532803,E-6021916068,MENU-48757146151,PGS-ALL,SW-1,GC-48591732344,GC-48756754289,TS-48588946456
content-security-policy
upgrade-insecure-requests
edge-cache-tag
CT-49185713833,CT-49186172803,CT-49190721916,CT-50959638137,CG-48790747698,P-3375217,CW-48586804888,CW-48588424977,CW-48588946457,CW-49471664210,CW-5900639500,CW-5901237519,E-48586804881,E-48588097161,E-48588097162,E-48588188716,E-48588408997,E-48588659541,E-48588659542,E-48589134196,E-6021532803,E-6021916068,MENU-48757146151,PGS-ALL,SW-1,GC-48591732344,GC-48756754289,TS-48588946456
referrer-policy
no-referrer-when-downgrade
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
x-hs-cf-cache-status
HIT
x-hs-combine-css
Disabled
x-hs-content-campaign-id
a58c910c-78ec-4345-850e-d9ca0e888eb1
x-hs-content-id
50959638137
x-hs-hub-id
3375217
x-hs-prerendered
Fri, 23 Jul 2021 10:10:27 GMT
x-powered-by
HubSpot
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nyUnbYRIOtxixCvdE3V8h9FfaNrR2GdX%2BIAW2PZ1%2FoPqgxLOWKqJPh7R%2F2GZY5ulGXyruhP9q1AeKP2eL1UjAKDEq1TWLGQgcy6cyPaMLgSiFIEL8xmKEVDeQNWoRd93HroXq6An1X3N86Lc8%2FLVYnF4"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
set-cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639; path=/; domain=.blog.secure.software; HttpOnly; Secure; SameSite=None
server
cloudflare
cf-ray
673539f66e5c1f25-FRA
content-encoding
br
cf-h2-pushed
</hs/hsstatic/cos-i18n/static-1.37/bundles/project.js>,</hs/hsstatic/HubspotToolsMenu/static-1.103/js/index.js>
project.js
blog.secure.software/hs/hsstatic/cos-i18n/static-1.37/bundles/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.secure.software/hs/hsstatic/cos-i18n/static-1.37/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
69aea70ed00c6297e407afc0b1ccf6db9629eedc412bf0779467f3e462d346e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 e1e056e45a0f8d6bc22b223900511170.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3017877
x-amz-server-side-encryption
AES256
cf-ray
673539f6ef371f25-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-amz-cf-pop
FRA2-C2
content-encoding
br
last-modified
Mon, 14 Jun 2021 16:41:38 GMT
server
cloudflare
etag
W/"6c562b3f1d6a0148fda97d4847422c6f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CwWl6oZ%2BZZXoaomVMZqcV%2Bx3XHd5w6P6v428BR%2BhsFDW8FPhGI8XCLfq0hfBYld1jaJ7bk6JnlEGfa%2Bjx1OX4lU0smoIOS680KgFcyq%2Fio4bCxvzT24uVEZviLxHeFpJC8nzJ6oewPnXjL3d06HdX9R5"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
M9oUePGbwt7hrJpARSIQzQLaIi7kmGEy
cache-control
public, max-age=31536000
set-cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639; path=/; domain=.blog.secure.software; HttpOnly; Secure; SameSite=None
content-type
application/javascript
x-amz-cf-id
DUXbRLuhPxzxlhKqx2KMF2WMfvTtTR6IQDORvdAyUi-gNVGhIKhf-Q==
expires
Sat, 23 Jul 2022 13:23:59 GMT
index.js
blog.secure.software/hs/hsstatic/HubspotToolsMenu/static-1.103/js/ 		51 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.secure.software/hs/hsstatic/HubspotToolsMenu/static-1.103/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e4a38b04932e2ad77d85997f5cef0de384ecc1bb0b854cf619cb32501158692e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 9c7e5857d78c5dc89042979317de5843.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6051935
x-amz-server-side-encryption
AES256
cf-ray
673539f6ef3a1f25-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-amz-cf-pop
DEN50-C2
content-encoding
br
last-modified
Fri, 14 May 2021 12:13:32 GMT
server
cloudflare
etag
W/"006946e614d6ef469f5c9e46b4836d15"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LGQuwo2gwmJKVla0osveqr2kzZm7rJUZEvzGYf3UBx1I%2Bpxl%2Fr0HC5ZMLkVVegYFqBr3g7II%2F4Ju0vxx3RN0yBsZLzS6hjZ%2F4g6T%2FGzLxSsTw3vcmv9Ft230LetW9zXXM9a5%2FboVq3CddrL3YwLbrZ0o"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
NS5brkaR0OO1ViABjiLPNZKumB_gwu3c
cache-control
public, max-age=31536000
set-cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639; path=/; domain=.blog.secure.software; HttpOnly; Secure; SameSite=None
content-type
application/javascript
x-amz-cf-id
I1j6RqtXQalDbXMhdqYXqor4a2LFOh4E-WrqLmy0b_M1v_wzGxNReA==
expires
Sat, 23 Jul 2022 13:23:59 GMT
main.min.css
blog.secure.software/hs-fs/hub/3375217/hub_generated/template_assets/48588097161/1625566673905/secure-software/css/ 		24 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.secure.software/hs-fs/hub/3375217/hub_generated/template_assets/48588097161/1625566673905/secure-software/css/main.min.css
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb6d14a40719f17f35d5418d1ef1e3dc7f395fd40e7cf68beffee30a8ce3ca92

Request headers

:path
/hs-fs/hub/3375217/hub_generated/template_assets/48588097161/1625566673905/secure-software/css/main.min.css
pragma
no-cache
cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
blog.secure.software
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1625566673968
date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 1448f69604d5be1f9c9f0c64cfa90595.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
3A7GMKF7QPX1Z5K1
x-amz-id-2
fLbNN7CtafBQ8BOIGt8anLE+B4Ke67o655XBAKAynZJMc8NMDUTMx+XvheZMpnratSEYYvPohdI=
last-modified
Tue, 06 Jul 2021 10:17:54 GMT
server
cloudflare
etag
W/"11c759f70d75d02fba087e63527f5569"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LWcYcFDjQgSzNc%2FKy73OzCFP5Yi%2BvuUVwMl0bjFc%2FoexURiHBhnxmghkQtErTN1DIrD61Gup%2BM4oRZ8%2FB%2B7aWyAlcoeTAOapdz2wqm02VJdtVxQKCkZy31H0TmxzxYKwZ3STfwP247iP5mSSBdPboORr"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
kHzMI1skR.jwu8yXx5hQG8AMkiOZ2w_V
cf-ray
673539f70f681f25-FRA
x-amz-cf-id
KCrvT6FvQ4q4mHdcnMWYRIDDgVj8xxOaW3gNDPxn43a2TukbnsaGCQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
blog.min.css
blog.secure.software/hs-fs/hub/3375217/hub_generated/template_assets/48588097162/1625136113558/secure-software/css/templates/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.secure.software/hs-fs/hub/3375217/hub_generated/template_assets/48588097162/1625136113558/secure-software/css/templates/blog.min.css
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
79147030f069717742c403b3b4e55fb0a07a2d66f2de460bafe79e39c5e0b852

Request headers

:path
/hs-fs/hub/3375217/hub_generated/template_assets/48588097162/1625136113558/secure-software/css/templates/blog.min.css
pragma
no-cache
cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
blog.secure.software
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1625136113612
date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 c9bc0840da506c3f9fd4715a063463a7.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
RYQK0ZXTQKD3Q1YD
x-amz-id-2
AZyLxHixrTO3qhlpPBJ+sqTNSPrA2vwN4IFNLmBYICoTklK4QYvAtD+tI4g9wT6kBa2ZdcCG5tA=
last-modified
Thu, 01 Jul 2021 10:41:54 GMT
server
cloudflare
etag
W/"f3653f0d10b2cbd7557ae3934d54d180"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BbI88f4d58C%2BepX8ltaWKauCAaL5DuaDvYTEYP6H0LaizBZBn6agJMQ32xE%2BSGDT2p8d9Pgm6kGvnFdTpJ3GeLm58jmCu33XAW%2FtqDroMVFSEx0VoDexmKcsvCJpzQ4uJgJXfAYfQtsYSEUkrhxtINXQ"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
QGGNBHz75SvursIKDJqV0dy_DOAsR7OA
cf-ray
673539f70f6b1f25-FRA
x-amz-cf-id
NfC2gpBWymdR-fNlivy5Wtr5VEJNH3xYEMbThrtyub5dz7QD1sII5A==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
theme-overrides.min.css
blog.secure.software/hs-fs/hub/3375217/hub_generated/template_assets/48588659542/1626722661252/secure-software/css/ 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.secure.software/hs-fs/hub/3375217/hub_generated/template_assets/48588659542/1626722661252/secure-software/css/theme-overrides.min.css
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5bdce858900c33f532d0a01a98dab0b5581277be3ab7a73f6c24309cf3655f8a

Request headers

:path
/hs-fs/hub/3375217/hub_generated/template_assets/48588659542/1626722661252/secure-software/css/theme-overrides.min.css
pragma
no-cache
cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
blog.secure.software
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1626722661330
date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 7c4bbd97f5be908e33f403c3794f629a.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
TS61XQG30GRHER94
x-amz-id-2
lpFf6O9EnOYOSzaV2Hbfudnz2PUhapnd4YN75JgOd08zJcN4cugbXHFHMAZzwyMaFxw7pGowyfA=
last-modified
Mon, 19 Jul 2021 19:24:22 GMT
server
cloudflare
etag
W/"d05d1b7faa7913a5743a3eb9f2193dd4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pYLIwj6m0MTl6spOnubdRDbSEUmxYXB3vzdOazZpu7CV8u8fO7LAGSugeNLtxTK1HJp9%2F7sXupD9F2AkPBraNJGOP9WERCntLnav9%2F2tbcWG8pAJ9kGjOkQ5LoObOu5UlmOVRdLkto%2FGO0VU2K%2Ft%2FIli"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
I0waD0JFivphCvRn8w1PFpkDrqsqOTxX
cf-ray
673539f70f6e1f25-FRA
x-amz-cf-id
exHVU8FIm-jyjyDcMpgxyMovZFT4asgLQzl8x0fSlfmt2-rYcyQ9eQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
module_48588946457_menu-section.min.css
blog.secure.software/hs-fs/hub/3375217/hub_generated/module_assets/48588946457/1626885551528/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.secure.software/hs-fs/hub/3375217/hub_generated/module_assets/48588946457/1626885551528/module_48588946457_menu-section.min.css
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec25b56ae1582d75e62c8c9c935d67339123dd1a397edf689b6b938374703338

Request headers

:path
/hs-fs/hub/3375217/hub_generated/module_assets/48588946457/1626885551528/module_48588946457_menu-section.min.css
pragma
no-cache
cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
blog.secure.software
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1626885551528
date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
PENDING
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
56FVB9PDE44GSEPK
x-amz-id-2
NYt0pOTYk8n+J5etpVo1BnuKYc9F6ZW5LSF3NEh+I06/ydMzKdHgMKTOXWR1ifRP
last-modified
Wed, 21 Jul 2021 16:39:12 GMT
server
cloudflare
etag
W/"68134cff20a54a67d72055553bf7c285"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=In76oEw4dWZjZIWIo9bTRrul%2F0jFyz6BdW42WrWNYva%2BUwf1FWyv0w2rnfYTw0QGEeKgui7Qu08SlDd%2FeqBT7birt7lOto290AONZ%2BdxsunNe4ikka%2FTEnW%2BGHt2mRuqnKWMXFb2toU%2F7Y7zMk03DIE9"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
yAYRLUMzjOBBDXlHZLfAjO.GXhEH4rOz
cf-ray
673539f70f701f25-FRA
x-amz-cf-id
9UMrroLcXZzqBqHzTen_U83PiADyb1vmrO_5jkKrG9mCIGqEYHrciQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
module_48588424977_ss-blog-listings.min.css
blog.secure.software/hs-fs/hub/3375217/hub_generated/module_assets/48588424977/1626876668517/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.secure.software/hs-fs/hub/3375217/hub_generated/module_assets/48588424977/1626876668517/module_48588424977_ss-blog-listings.min.css
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e126b0dea17f677e897f6ede03a9adfdc65df70d6bf0a28cac48b966399579d

Request headers

:path
/hs-fs/hub/3375217/hub_generated/module_assets/48588424977/1626876668517/module_48588424977_ss-blog-listings.min.css
pragma
no-cache
cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
blog.secure.software
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1626876668517
date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 824fe21e467658628899bdd8725649ee.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
PENDING
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
3DHDDDEPY1JGBP0P
x-amz-id-2
baC9gJl84vjo45RucfOtGMIVGPP6yw74ZMD3cnDercUROPS0TNh/MAIwOzfI+3TXBfBPABgoNNw=
last-modified
Wed, 21 Jul 2021 14:11:09 GMT
server
cloudflare
etag
W/"8deb5deb2fb817bb58b3d421b94848ef"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cNgP8a6AsGrgd8bcyQuP%2FDjwsppEHvDB8SRpVPHxF1JV1RlmKPL%2FzTBZUgyvecRHeyMYQbcqj8b8kF4P7F9K714Z3%2FljRQV8MiiHl3Dk3%2BnUe05ztNhHDEsvpBAfrdQ4yNKOeupVSqK2lUdWqgDT1e6N"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
l8LQ.9gegOrgkJNIVjMc52RocHQwdZAg
cf-ray
673539f70f711f25-FRA
x-amz-cf-id
62nmLTDp2ZY0Ia8HVVwf2jtRBpYiEX4Y08Q5FOL_Ho-pb9e9M9jNEA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
module_49471664210_ss-to-top.min.css
blog.secure.software/hs-fs/hub/3375217/hub_generated/module_assets/49471664210/1624562699817/ 		226 B
731 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.secure.software/hs-fs/hub/3375217/hub_generated/module_assets/49471664210/1624562699817/module_49471664210_ss-to-top.min.css
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2dd71a5fa8d4638da1cd57021fe3ddb527a109770c86bb8d3e2a5ab8d17daef

Request headers

:path
/hs-fs/hub/3375217/hub_generated/module_assets/49471664210/1624562699817/module_49471664210_ss-to-top.min.css
pragma
no-cache
cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
blog.secure.software
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1624562699817
date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 9b097dfab92228268a37145aac5629c1.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
BV8QMSSQZ7D1AWH8
x-amz-id-2
/vxKTiPoV24/G9spxg3kumcASKdDTM5Gp6qVB4aCDHsLG8xH9f66R4uEGY8CBY+/NgX/MQR4BiI=
last-modified
Thu, 24 Jun 2021 19:25:00 GMT
server
cloudflare
etag
W/"2d3af943bdbbc2717cc3efe6569ce5ea"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F0jq8duFNt%2B92OS2YI4KWwlnI1b7ovsQaEq3NL930tDkXG6MXHI6kl4Gzspt%2BBXV0ynPcSmyYTjjE45ME5TJPHt2GdgKQIY5nzcmIaGcAQHkIZDTAP7QqZVhv7kQxo0S8UxHrnTLuODqAGvqXq8zogqG"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
KU9rwbc5FORYpj_8hx1fbD7_.C2FNAvj
cf-ray
673539f70f731f25-FRA
x-amz-cf-id
rbPReXZUBkj1Z_tm-6jXcR0j6jbGDYGMkYnA7hRZt9vR7woe1uAH3g==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
module_48586804888_ss-social-follow.min.css
blog.secure.software/hs-fs/hub/3375217/hub_generated/module_assets/48586804888/1624191967013/ 		552 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.secure.software/hs-fs/hub/3375217/hub_generated/module_assets/48586804888/1624191967013/module_48586804888_ss-social-follow.min.css
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ab81367fff0d57cd291c12125d4f45d2d9cf1fed04a18f0461a263b8db267b0

Request headers

:path
/hs-fs/hub/3375217/hub_generated/module_assets/48586804888/1624191967013/module_48586804888_ss-social-follow.min.css
pragma
no-cache
cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
blog.secure.software
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1624191967013
date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 7dc4818c830423900ae855831181d2b8.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
RXYGDMMZ4207A3V6
x-amz-id-2
wgjqRzSBwxJOEEBzkenTPwtCzc7malWvsqdANguUVRYF+AriR/fvfBV9I7lTDKiuApcOnqo1kDE=
last-modified
Sun, 20 Jun 2021 12:26:08 GMT
server
cloudflare
etag
W/"cdcc1e6b91fe1387dd8cf98ca71cb191"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GFSL6gBJqyPhZiLOw21BVdS2F%2FVkYNlaszTUZF%2F6rGYo9eOsdQNQHfElXu2O3wWHThySvQjGs15TYVxzFsZ1y56siNzO1mEXTI6067ilMMFFauEejRKt793f%2FfjZDXIFOWWRTMd29w8lcYEfll5VhtCQ"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
b5d5JrW3yb0o58Njrhyd.pOzPOXOEgUq
cf-ray
673539f70f751f25-FRA
x-amz-cf-id
mvDxFsVR-yx9L7DiMswBPGwEbv6c8dmD9WodT2KaeDwXKDdskBpgnA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
css
fonts.googleapis.com/ 		8 KB
827 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:regular,300,400,700,900&display=swap
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
65c018236473b9645e14fa5f19a3030130966ae819361573f96214f51dddcb92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 23 Jul 2021 13:23:59 GMT
server
ESF
date
Fri, 23 Jul 2021 13:23:59 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 23 Jul 2021 13:23:59 GMT
simplelightbox.min.css
blog.secure.software/hs-fs/hub/3375217/hub_generated/template_assets/6021532803/1569840493756/Reversinglabs_July2018_Theme/Coded_Files/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.secure.software/hs-fs/hub/3375217/hub_generated/template_assets/6021532803/1569840493756/Reversinglabs_July2018_Theme/Coded_Files/simplelightbox.min.css
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c44bc92eb78d7b1596789095812e8c24f5c3f9b4835318cf329204d1efc37abb

Request headers

:path
/hs-fs/hub/3375217/hub_generated/template_assets/6021532803/1569840493756/Reversinglabs_July2018_Theme/Coded_Files/simplelightbox.min.css
pragma
no-cache
cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
blog.secure.software
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 71f1cca040033ebffc591cf9392d1528.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
QB5M7T3TNFWACHF5
x-amz-id-2
/p60TFzncj4jwBzFLKnCVN4bTru3OvCNA9jQDjCHtUEepFqJ2rOwjW7Iukek3Pff9eSKASqhmGU=
last-modified
Mon, 30 Sep 2019 10:48:14 GMT
server
cloudflare
etag
W/"9c259f55b65931c5838c0f7cd5f58f93"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8rYgiRVJgE%2FxnUj%2BTMpXrAzT26hfiPIOmpsmFdlT%2FDubLMLRHyr1AELX8YtwUmtnDkeLNNcsK5WPjkE%2BIHYvKqsY0gUVlu7r5361X5kbtV73OjJkEzn%2FlW83XuSE3O8tICpZfgDgWZgleuxHTIzs9c2d"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
Y9o3twj1TmNPLtARM7I8GKUA.atzxWnP
cf-ray
673539f70f761f25-FRA
x-amz-cf-id
3R1WhkNFtCufmi2txvCf7m6hvAJP41B_jpCq2OLRyIXaimIYGrtVsg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
in.js
platform.linkedin.com/ 		181 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.linkedin.com/in.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba20 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Play /
Resource Hash
31af6375885bd89ee3cd1f70272f478ec4d5ea01638a580c0fdadb3e15f6eb14

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-LI-UUID
VsGLnyBslBZAuwN5yCoAAA==
Date
Fri, 23 Jul 2021 13:23:59 GMT
Content-Encoding
gzip
X-CDN-CLIENT-IP-VERSION
IPV6
Server
Play
X-Li-Pop
prod-eda6
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Cache-Control
public, max-age=3600
Connection
keep-alive
X-LI-Proto
http/1.1
Content-Length
55565
X-CDN
AKAM
X-Li-Fabric
prod-ltx1
Expires
Fri, 23 Jul 2021 13:44:12 GMT
secure.software-logo.png
blog.secure.software/hs-fs/hubfs/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.secure.software/hs-fs/hubfs/secure.software-logo.png?width=439&name=secure.software-logo.png
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f3178b4d77e3502da5ed010344bd012cba35b3c429cecdfe1934f8fde94ad86

Request headers

:path
/hs-fs/hubfs/secure.software-logo.png?width=439&name=secure.software-logo.png
pragma
no-cache
cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
blog.secure.software
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 f9efe5e72b7e5cc47bf34a0b0debcbe2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
168667
cf-polished
origFmt=png, origSize=16906
edge-cache-tag
F-48593102085,P-3375217,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="secure.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-length
7460
x-amz-server-side-encryption
AES256
last-modified
Tue, 06 Jul 2021 05:45:53 GMT
server
cloudflare
x-cache
RefreshHit from cloudfront
etag
"5805ad0e4690003fc0c3373f6b110995"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yCYrGtItfmonO4fWtbVm14jLy8l%2Ftngi42NkEWu6KrzdDKp8iMTy01z%2F5uUxazl2HtFqkiJ2ril7tC1LkUIw4n7yeeFK5lPReGD3CzJco90rys%2B5CglSjUGdqok7LKvC2RZbMPAShC%2FNByJ5%2BRiJMHa3"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
accept-ranges
bytes
cf-ray
673539f96b761f25-FRA
x-amz-cf-id
WOONdeVxMncZO3SpFn3xFINQXREoufd_2mdBgwosWIdZ6iPkbhCw9g==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
main.min.js
blog.secure.software/hs-fs/hub/3375217/hub_generated/template_assets/48588659541/1624437584929/secure-software/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.secure.software/hs-fs/hub/3375217/hub_generated/template_assets/48588659541/1624437584929/secure-software/js/main.min.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f85464f108589dca87408834c16278e76635a2dcc5e202deb5020a6411e4d4b

Request headers

:path
/hs-fs/hub/3375217/hub_generated/template_assets/48588659541/1624437584929/secure-software/js/main.min.js
pragma
no-cache
cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.secure.software
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1624437585321
date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 9b097dfab92228268a37145aac5629c1.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
6X9EG85JGJY16YVX
x-amz-id-2
BJXl5d8fzMMOBGzpjXeO/cLDfU3GTUCqcnM1rbFD1DmS/BZCJ6XDHvWxlrN005+63uP/ED08MOY=
last-modified
Wed, 23 Jun 2021 08:39:46 GMT
server
cloudflare
etag
W/"ff39989523559c17d56962da6cbac52a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VMJOwe5SXiFLWmMtVXtzUL3PhdiY%2FnHrklR3XeWwjhfxqV46Le6m57A6%2F6H5h6b094Lb2HF%2FZPcJSfyExHEWUcnA8ghzrpRKzJvEwp7PTMvxHUwGCgpEg4lIqYih13Hs6KJCSE2dl8KDnWxkbabYWWHn"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
krc6nFWJIKgy9lfibXh1qxDlJOcSlkKc
cf-ray
673539f8ea9b1f25-FRA
x-amz-cf-id
V6-yASTd7oDrgAOatrcwoOAchmvalMSWk2AN9gC0ude1JXL3A43GZg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 		87 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:23:59 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
4989858
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
27938
cf-request-id
0a4bb75f26000098087f9c6000000001
timing-allow-origin
*
last-modified
Tue, 02 Mar 2021 18:58:36 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"603e8adc-15d9d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O%2Bslg9mGyCFOKjbsWHbFrmXVSqpjb1k0%2B%2BYB%2FO6lSQ1zW0LWchWL3Acy28IHeSttE0p1%2Fx9bf0qYBOBDTKO6PuM6WgQT0vVPF4iGVQrr1NrbQQ0bsc0RRdauLQJF0IXZOHtUi6KSkrBoHOGP5JnSdDDI"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
673539f949cd4351-FRA
expires
Wed, 13 Jul 2022 13:23:59 GMT
jquery-migrate.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.2/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.2/jquery-migrate.min.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
106fcd8d723eda7d92a26893a439ccef998e5fc68ad228253607143d801e8cd8
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:23:59 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
1803265
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
3718
timing-allow-origin
*
last-modified
Wed, 18 Nov 2020 00:51:42 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5fb4701e-2c03"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O68qNmnf4BehaRZLdjKXem9TAALp2p6Ne4biPI%2BxqA4vh1mmwShRjYP1%2BalLCVytB6jil%2BLaE%2Fwkpqyt2GR5ZbC2kxqZCSu3rIBOEIgKhDYt9Kb%2BOT74zun5VzX%2B%2FXCJDh%2Fq1zRq9dD0idYw%2BUhZGIHY"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
673539f97e9c2b59-FRA
expires
Wed, 13 Jul 2022 13:23:59 GMT
module_48588946457_menu-section.min.js
blog.secure.software/hs-fs/hub/3375217/hub_generated/module_assets/48588946457/1626885551451/ 		763 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.secure.software/hs-fs/hub/3375217/hub_generated/module_assets/48588946457/1626885551451/module_48588946457_menu-section.min.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
abdbde3abe016129376406826cd6a50bd786bd8392f882efe2b3616c9e9cf801

Request headers

:path
/hs-fs/hub/3375217/hub_generated/module_assets/48588946457/1626885551451/module_48588946457_menu-section.min.js
pragma
no-cache
cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.secure.software
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1626885551451
date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 55b6418a8a2f714a67d8e4d292154ef3.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
PENDING
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
SAYYM13A4H08KGR7
x-amz-id-2
xXj7fMDIkHElVsa+l9yb39u+syFpryUtPmrkXdi0o3LlUvuAomAwgIUksrLCbDRyTNUH4CNHt18=
last-modified
Wed, 21 Jul 2021 16:39:12 GMT
server
cloudflare
etag
W/"9f82d164db36fcb9df98ab1118b0ff37"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EQOetjvLGOsFjgEX7VT79dgN4L5Ms2TGzvu6UQwSINBQ3etGNwFLoCkAdpzFczLFi1vZ9Nn3s7uWl4NJgxwoanlHfB2vVAWtP776Ky96kWpjs3Pm7uIVWf2L%2BzVJ5SBrJ8rRk2ZqgOZ4vMRKu%2F5LxUOp"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
F0xNiCkESPfH67DMyYqcutcdkqZrMuV2
cf-ray
673539f96b6f1f25-FRA
x-amz-cf-id
v7NSg178-Gu-0Q6ESbZqsPXKOcAmbAiGYIhAZMuk8X4SfZjsNCKeCQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
module_49471664210_ss-to-top.min.js
blog.secure.software/hs-fs/hub/3375217/hub_generated/module_assets/49471664210/1624562699751/ 		291 B
750 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.secure.software/hs-fs/hub/3375217/hub_generated/module_assets/49471664210/1624562699751/module_49471664210_ss-to-top.min.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6556d4b79b327522bad306de36b02e0239d30d5c385a6ec1eac16a654e9e020f

Request headers

:path
/hs-fs/hub/3375217/hub_generated/module_assets/49471664210/1624562699751/module_49471664210_ss-to-top.min.js
pragma
no-cache
cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.secure.software
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1624562699751
date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 8fc9659fc06389e49927f68638e9bc94.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
6SD4YEQQ3GTVB5NR
x-amz-id-2
p5jOeENefk07oYgFgSq5LefPxbaWe5WsaUbiVqoeQlZHtju4k0Wbif4jcDgMiv1BjTneBGMBHZE=
last-modified
Thu, 24 Jun 2021 19:25:00 GMT
server
cloudflare
etag
W/"c42610f453b0928034f594b5617b0ea5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wpYEXNGEPtdnRdahIb7d3oy2NvMbXgSg3oUWTm1dGBsMImKHRQCsyVuqQ7PHE%2Bdj974rRPHsBj0Sgb45H2KXqRULgaC8N6PogAZStQc3EJRkKfUrciXbfG%2BKTs2eGO6qqdH6qb7CKtY4vjkNSF0X2yxF"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
HoAiLcGdBR797xRlsrb6QVlIGwNL_d4l
cf-ray
673539f96b701f25-FRA
x-amz-cf-id
uXc2xLbR7ZYgX6jdPgIv992zEqlROnf4TAlJz4BT_4wVVUI5VfZ96g==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
3375217.js
blog.secure.software/hs/scriptloader/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.secure.software/hs/scriptloader/3375217.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9500f9ad9e35a1127cca48ea998966c10e8e6957a713413ab74eaa4ae70fd1d9

Request headers

:path
/hs/scriptloader/3375217.js
pragma
no-cache
cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.secure.software
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:23:59 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
EXPIRED
nel
{"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
a110e557-4f5c-4553-9afa-8a0bbc944dd0
server
cloudflare
x-trace
2BFA350651B99D355266A0A6B9F642E3EA128C2DEE000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d7gn9c6iket9OYaLIgX9M0SNz2KSxRCuqnvtKYBgWb%2F7Ay11H5%2B2WroOl7Mq9lj%2B9yehLr35JLXcKCTFVnfgxVd9eZg958EBXP4HTCGquYTYbgAmSE1yIVNJLvIJL06%2BworrAG%2BIRxFSa2rDqaKdO70y"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
673539f96b781f25-FRA
expires
Fri, 23 Jul 2021 13:24:59 GMT
cookieinfo.min.js
cookieinfoscript.com/js/ 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cookieinfoscript.com/js/cookieinfo.min.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:2212 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ab31a97c236988bb6e415187b2197cdbf689664173015dffd6da8eb96b1626f

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:23:59 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
1981
x-amz-meta-cb-modifiedtime
Wed, 07 Apr 2021 11:38:58 GMT
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id
6FZAM1364E2BV84G
x-amz-id-2
+Uhlf5OUoVQ5xFl26ru3QJIN8Q2TaB/GZHt1NWs2sCynlXAyIfWOeCU/H17Ts5pLUVeqfjdmw+o=
last-modified
Wed, 07 Apr 2021 11:39:17 GMT
server
cloudflare
etag
W/"d15d93068c1121f63008407d339bd819"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LDJxGZ0U%2FmnzTb%2FAlfu5Y7clL2X4746GzrgUL46VsvnuS%2B9CZlcKB4vEACCoLbcI5JfR5t1bq%2BbKU4e%2BixK50zCrNLQO%2BGkVtm9KBR6S4GCKvKxp08qEgYfhIEPHPNPwmCYd4mHU2lPk1kijUbZ%2FqbZRkw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
cache-control
max-age=2678400
cf-ray
673539f989babeb5-FRA
t.js
vidassets.terminus.services/492173fc-4b58-46c9-a3cc-09a5abedb64b/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidassets.terminus.services/492173fc-4b58-46c9-a3cc-09a5abedb64b/t.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.193.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-193-93.fra2.r.cloudfront.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
0e4b8d24a97bf67e39fcebe6b138ff9db6a5a01b38b3f2d2d2ab0ee90f44a729
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:09:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
873
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Tue, 20 Jul 2021 22:16:42 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript;charset=utf-8
via
1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control
public, s-maxage=2700
x-amz-cf-pop
FRA2-C1
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id
w0W6taju1JYv0dJxQ5nRkG7ZljL-EXLjrvY1WoL_H76Wwawxj0BDbg==
up_loader.1.1.0.js
js.adsrvr.org/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.adsrvr.org/up_loader.1.1.0.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.226.146.155 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-146-155.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Jul 2021 03:47:12 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Sep 2020 15:15:34 GMT
Server
AmazonS3
Age
34608
ETag
W/"98d98b3499058b76d58073cf8ede2f10"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/x-javascript
Via
1.1 2395e6175733260a159a0b484ed8febd.cloudfront.net (CloudFront)
Connection
keep-alive
Transfer-Encoding
chunked
X-Amz-Cf-Pop
DUS51-C1
X-Amz-Cf-Id
QzM4JTM26oFv69QgUNUn-gNo9kaEtvF8_qU5hT4wG-0f9g3BE9_kWg==
simple-lightbox-min.js
blog.secure.software/hs-fs/hub/3375217/hub_generated/template_assets/6021916068/1569840500063/Reversinglabs_July2018_Theme/Coded_Files/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.secure.software/hs-fs/hub/3375217/hub_generated/template_assets/6021916068/1569840500063/Reversinglabs_July2018_Theme/Coded_Files/simple-lightbox-min.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6dc97993d7e4803aeb35d0e9a24f0393eceb43de5f7ff0f0e437f1b05aea4e2

Request headers

:path
/hs-fs/hub/3375217/hub_generated/template_assets/6021916068/1569840500063/Reversinglabs_July2018_Theme/Coded_Files/simple-lightbox-min.js
pragma
no-cache
cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.secure.software
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:24:00 GMT
via
1.1 fba666ceffdeb316c8edf476d8994bd5.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
VJNSB0T3XWJ4MX4Z
x-amz-id-2
lMOaVqereVsMjX44j1SS9gLCs7lCIKx/5+8r0nGFONuTli0H/pr2rEqJJdwCl4cHGGd14aPtz/0=
last-modified
Mon, 30 Sep 2019 10:48:21 GMT
server
cloudflare
etag
W/"d02c339064b8d2b370bc4e18fa6ae421"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kKYBqP2Aa7tYxxdYLPpkJUXGy2NIkO3vXg9BzwoBy7g3vVBqz1TBrnNEPoBalVAfshqT80%2B5VjITQ66ffLdhyQOX07YW%2B7ZtkPQXMO95T%2FAw8q5JpXIL2z0o5D1dSjBBHrWFLT3qKYu9h%2BEBk%2B2DvEZU"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
FsEJuIr7CYCWLWb_isdf3JLdbLwDP7p.
cf-ray
673539f96b721f25-FRA
x-amz-cf-id
vRujpKhkYf46fjgvtR-CDA6PYy55XT_5K9-cV5X6f_7KdyuksE5hAw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:regular,300,400,700,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://blog.secure.software
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 20 Jul 2021 01:45:21 GMT
x-content-type-options
nosniff
age
301118
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15732
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:39 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 20 Jul 2022 01:45:21 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:regular,300,400,700,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://blog.secure.software
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 19 Jul 2021 18:26:24 GMT
x-content-type-options
nosniff
age
327455
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:35 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 19 Jul 2022 18:26:24 GMT
KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:regular,300,400,700,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0e868ca932480407e63d27e8e868cb1514581142928b9be15ec9039bf5fe348f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://blog.secure.software
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 20 Jul 2021 12:36:34 GMT
x-content-type-options
nosniff
age
262045
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15724
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:50 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 20 Jul 2022 12:36:34 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:regular,300,400,700,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://blog.secure.software
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 20 Jul 2021 12:00:01 GMT
x-content-type-options
nosniff
age
264238
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:46 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 20 Jul 2022 12:00:01 GMT
rl-icons.woff
cdn2.hubspot.net/hubfs/3375217/Reversinglabs_July2018/Fonts/ 		4 KB
6 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn2.hubspot.net/hubfs/3375217/Reversinglabs_July2018/Fonts/rl-icons.woff
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/hs-fs/hub/3375217/hub_generated/template_assets/48588659542/1626722661252/secure-software/css/theme-overrides.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f3cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0520cedb8db5d7ef2f9d6669197754d34e599f8da50dfcad5a68761b8d7a07e4

Request headers

Origin
https://blog.secure.software
Referer
https://blog.secure.software/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-methods
GET
date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 8e380527758859f940c2c93ed9fbd5d8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-6021618119,FD-5926386258,P-3375217,FLS-ALL
age
173987
edge-cache-tag
F-6021618119,FD-5926386258,P-3375217,FLS-ALL
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
5WH6718R5JP8CGM4
x-amz-id-2
fMYjwp/6HQpQaWyXFkUTjxXs9LpHN8gmVG2VcxNXrD5lPqVK6ejaFABxzbMnzY2Cs/M99jV0Xp8=
last-modified
Tue, 16 Jul 2019 11:02:24 GMT
server
cloudflare
etag
W/"4180106e5d8b742e8e85be86c0202973"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b1UQOLdUwz%2FoAfccAMKLrWouaT0so2WupKmQqA8qvQOW%2FRdRMxtvandssfQe5%2FZ6IQ60Hz90hJcpAsFd9xDxJzgCRHBF9dLLZyaPHv8wz5QIHsCLY8dcZMEZpJCnHZGDP1VXsx9E3rWYSRF09sg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/font-woff
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
gcSb1W8E8ctX14cK0Z9WIcdM_QpsLfWC
x-amz-cf-pop
AMS1-C1
cf-ray
673539f98b6f074a-FRA
x-amz-cf-id
wqPKkSOBdUrx1c3yj8GZmQF7VvwZlgXpYxTUZBq3Ak9AAj6muZDmmA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
NPM-package-caught-stealing-browser-passwords-1.jpg
blog.secure.software/hs-fs/hubfs/Blog/ 		46 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.secure.software/hs-fs/hubfs/Blog/NPM-package-caught-stealing-browser-passwords-1.jpg?width=960&name=NPM-package-caught-stealing-browser-passwords-1.jpg
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
548858a24b55104a345e2ed3c2204e3ed33d51d3d99d60f4878479b3561f8525

Request headers

:path
/hs-fs/hubfs/Blog/NPM-package-caught-stealing-browser-passwords-1.jpg?width=960&name=NPM-package-caught-stealing-browser-passwords-1.jpg
pragma
no-cache
cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
blog.secure.software
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 f88487c9214731db4c82619c9183bf7b.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
154529
cf-polished
qual=85, origFmt=jpeg, origSize=67905
edge-cache-tag
F-51271099480,FD-11822274822,P-3375217,FLS-ALL
x-amz-replication-status
PENDING
content-disposition
inline; filename="NPM-package-caught-stealing-browser-passwords-1.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-length
46832
x-amz-server-side-encryption
AES256
last-modified
Wed, 21 Jul 2021 18:03:55 GMT
server
cloudflare
x-cache
RefreshHit from cloudfront
etag
"cdaa3aa887281909e29bd95160033c58"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3AdEG%2BWeh%2FdeODX6egxb4KRpxkMSaG8yE0pXOLs1vMzjz%2FAYu5ZC6IMmB50jH9qntn3a04WejFwiePE8iOZvoQM4TMQkxrXiHTBBAlxsfxZl2m8bOud3wMBc8QZiilz6nK6o1s5iOHLeo1p8QoHr467I"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
accept-ranges
bytes
cf-ray
673539fa1c721f25-FRA
x-amz-cf-id
Z6KDk68SGBkI1-5G8ke0jiAqeLUKYntASQN2caxY40D3cx6wdooL6w==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
Figure-1-Screenshot-of-Chrom-Pass-tool.png
blog.secure.software/hs-fs/hubfs/Blog/ 		45 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.secure.software/hs-fs/hubfs/Blog/Figure-1-Screenshot-of-Chrom-Pass-tool.png?width=700&name=Figure-1-Screenshot-of-Chrom-Pass-tool.png
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fcf89e82962c3e3bd07b793a5e5cfa362b86d8d96025c4222a44bd85273507e4

Request headers

:path
/hs-fs/hubfs/Blog/Figure-1-Screenshot-of-Chrom-Pass-tool.png?width=700&name=Figure-1-Screenshot-of-Chrom-Pass-tool.png
pragma
no-cache
cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
blog.secure.software
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

age
168658
x-amz-server-side-encryption
AES256
edge-cache-tag
F-51126547736,FD-11822274822,P-3375217,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="Figure-1-Screenshot-of-Chrom-Pass-tool.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
cf-bgj
imgq:85,h2pri
etag
"edbc13ac112637d74ad40cae8b334774"
vary
Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis
1626728941065
content-type
image/webp
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 1448f69604d5be1f9c9f0c64cfa90595.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=56193
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
content-length
45900
last-modified
Mon, 19 Jul 2021 21:09:02 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8%2FEBuGYl7GfhT7UCV%2BXk9dymSICS10mrzRT4jg8UW45YGn6ahcHvkCE1ES9dGETTZ1Z%2BwG4038ShOaiyOUS8PsYD7es7qDuQ4IWcjku1o8cukdmUZX90TjphtJLqD%2FpBVfW6LMRUqtcdglgfsRMlKNBI"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
673539fa1c751f25-FRA
x-amz-cf-id
pgmgiBOMLrTsOuMi2Kcwn1u7LqoQI3bIrTtot-fou1uBPWV5WWmUAA==
Figure-2-nodejs_net_server-NPM-package-summary.png
blog.secure.software/hs-fs/hubfs/Blog/ 		47 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.secure.software/hs-fs/hubfs/Blog/Figure-2-nodejs_net_server-NPM-package-summary.png?width=360&name=Figure-2-nodejs_net_server-NPM-package-summary.png
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
75ac1bdf2d43ddd4ed8a6310fe745c9606c8e466011da246ec1c5ae352c4452d

Request headers

:path
/hs-fs/hubfs/Blog/Figure-2-nodejs_net_server-NPM-package-summary.png?width=360&name=Figure-2-nodejs_net_server-NPM-package-summary.png
pragma
no-cache
cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
blog.secure.software
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 6b7e1e42d74fd61097787cc6c1a37c35.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
168657
cf-polished
origFmt=png, origSize=79428
edge-cache-tag
F-51126700354,FD-11822274822,P-3375217,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="Figure-2-nodejs_net_server-NPM-package-summary.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-length
48530
x-amz-server-side-encryption
AES256
last-modified
Mon, 19 Jul 2021 21:19:08 GMT
server
cloudflare
x-cache
RefreshHit from cloudfront
etag
"3392d386a196188907d3ee78bc9ef6ce"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3zZ8qxCXIlYDa4FDuIhcEaYDSomr%2BqpGr%2Fpvesqb4OGeidxdpDwNI34h5YypmzPxr2z8mD83KT4mSpQjEO4yFipyJc5yWMqxQzlLZnsV7ItrrbLURt3JrMS9F%2FQVjMGQLM9j2qjH2ZB96zl7jPAcwdZg"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
accept-ranges
bytes
cf-ray
673539fa1c7a1f25-FRA
x-amz-cf-id
jiq3Ru6FTXgYrgHkVcj0DBK4qfTDoIVQGrHIIb5bmNLtDsJ-iQwVYw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
Figure-3-chrunlees-github-profile.png
blog.secure.software/hs-fs/hubfs/Blog/ 		116 KB
117 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.secure.software/hs-fs/hubfs/Blog/Figure-3-chrunlees-github-profile.png?width=360&name=Figure-3-chrunlees-github-profile.png
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
afb803eeb921928e155b890461db2ea6925d657bf5d81f2b436fb3dd254633b6

Request headers

:path
/hs-fs/hubfs/Blog/Figure-3-chrunlees-github-profile.png?width=360&name=Figure-3-chrunlees-github-profile.png
pragma
no-cache
cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
blog.secure.software
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 417c242b19212928b079740e6dd8f54c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
168642
cf-polished
origFmt=png, origSize=201202
edge-cache-tag
F-51126548631,FD-11822274822,P-3375217,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="Figure-3-chrunlees-github-profile.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-length
119264
x-amz-server-side-encryption
AES256
last-modified
Mon, 19 Jul 2021 21:19:06 GMT
server
cloudflare
x-cache
RefreshHit from cloudfront
etag
"ea94594a8196297a8df043250c0ee663"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m5qJidYvEzoQot3MrwkYwxRiboNOGC5AQ%2BBxXVzS1BEJzrR36lo4cfi5NPALzb8NPWBGveoCLU8k60SDzOsIqUIY6XLxGLYzEMjeIqYGOejPlPmeriYpI4dHlVp%2Bblacg%2Fgv8C9E8NGuo5MjG6Yfbh15"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
accept-ranges
bytes
cf-ray
673539fa1c7c1f25-FRA
x-amz-cf-id
5y2F1k7PQWkfx7WKlIr1SABHWeTt_EERRsHlizCZTpjMzQRekvnuJg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
VisitorTrack2.js
code.visitor-track.com/ 		358 B
661 B 		Script
General
Check archive.org
Download Go to
Full URL
https://code.visitor-track.com/VisitorTrack2.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
63.134.242.129 , United States, ASN14992 (CRYSTALTECH, US),
Reverse DNS
www.visitortracklog.com
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
a969e5f8c4950230af86fcc3fa95485eb505cb6c58574146b87115ee6bd7bfdf

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Jul 2021 13:23:48 GMT
Content-Encoding
gzip
Last-Modified
Mon, 15 Apr 2019 22:27:51 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
ETag
"3214e76daf3d41:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
355
6si.min.js
j.6sc.co/ 		25 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
9fd49a60b770f517f719373a0297b43246efc3e39bcf6735a7f8a0449789f9f0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Jul 2021 13:24:00 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
8067
Pragma
no-cache
Last-Modified
Wed, 21 Jul 2021 22:38:08 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60f8a1d0-62f2"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
application/javascript
Access-Control-Allow-Origin
Cache-Control
private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Fri, 23 Jul 2021 13:24:00 GMT
s.gif
vidassets.terminus.services/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=492173fc-4b58-46c9-a3cc-09a5abedb64b|5f3ee8b2-9872-4827-a690-6f851efd58ee
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=492173fc-4b58-46c9-a3cc-09a5abedb64b|5f3ee8b2-9872-4827-a690-6f851efd58ee
  • https://vidassets.terminus.services/s.gif?d=492173fc-4b58-46c9-a3cc-09a5abedb64b|5f3ee8b2-9872-4827-a690-6f851efd58ee&t=6ff26e8c-bb8d-420d-bf51-337acb62ff5f
42 B
682 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://vidassets.terminus.services/s.gif?d=492173fc-4b58-46c9-a3cc-09a5abedb64b|5f3ee8b2-9872-4827-a690-6f851efd58ee&t=6ff26e8c-bb8d-420d-bf51-337acb62ff5f
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.193.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-193-93.fra2.r.cloudfront.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 12:48:57 GMT
via
1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
2104
x-cache
Hit from cloudfront
content-length
42
last-modified
Tue, 20 Jul 2021 22:16:42 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control
public, s-maxage=2700
x-amz-cf-pop
FRA2-C1
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id
9kFZoBbL3yyGXl86-s6JG_uCmEeCSAAP13TwzS1orH6AY8ouiOLX5A==

Redirect headers

pragma
no-cache
date
Fri, 23 Jul 2021 13:24:00 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://vidassets.terminus.services/s.gif?d=492173fc-4b58-46c9-a3cc-09a5abedb64b|5f3ee8b2-9872-4827-a690-6f851efd58ee&t=6ff26e8c-bb8d-420d-bf51-337acb62ff5f
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
343
t.gif
vidassets.terminus.services/492173fc-4b58-46c9-a3cc-09a5abedb64b/ 		42 B
688 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://vidassets.terminus.services/492173fc-4b58-46c9-a3cc-09a5abedb64b/t.gif?d=5f3ee8b2-9872-4827-a690-6f851efd58ee&s=80f3a33e-cf24-40e0-9918-d46068ca7a39&p=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&cb=1627046639910
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.193.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-193-93.fra2.r.cloudfront.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:24:00 GMT
via
1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
x-content-type-options
nosniff
last-modified
Tue, 20 Jul 2021 22:16:42 GMT
server
nginx/1.10.3 (Ubuntu)
x-amz-cf-pop
FRA2-C1
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control
public, s-maxage=2700
x-cache
RefreshHit from cloudfront
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
content-length
42
x-amz-cf-id
e0C-kUBGR7UR-T76mY7nQg4VmrIFSyIJdY4iVoKclAH0Fpfu0Gzmig==
fb.js
js.hsadspixel.net/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/hs/scriptloader/3375217.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:70b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c91959cba13f585a90c75338d4648c4a85ba1fa37bebc831ddc5570bb31b553

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 224f09e9c236b40d399a8b2851ac0069.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
247
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.239/bundles/pixels-release.js&cfRay=673533ee2c244ecd-EWR
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Thu, 22 Jul 2021 07:43:27 UTC
server
cloudflare
etag
W/"e44498e40f8702c62c71cd0534a32a9f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
g5yPrf7s3oYLkRu1P6pmcpnvL8S03uLm
cache-control
max-age=600
x-hs-cache-status
HIT
x-amz-cf-pop
IAD89-C3
cf-ray
673539fb9fa94351-FRA
x-amz-cf-id
RZpEyjDt2jvZNBYBhnrYLSyGT6oH9zqBzX40O-hWGe28Wyqtx67VVA==
x-hs-target-asset
adsscriptloaderstatic/static-1.239/bundles/pixels-release.js
3375217.js
js.hs-banner.com/ 		60 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/3375217.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/hs/scriptloader/3375217.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3de2ca4c86eaa78b341bda9be6cd1e96d3dfa429069139d1a99b9afb419f26b8

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:23:59 GMT
content-encoding
br
cf-cache-status
HIT
age
96
x-amz-server-side-encryption
AES256
content-type
text/javascript; charset=UTF-8
access-control-max-age
604800
x-amz-request-id
31MSS7TDARJM2843
x-amz-id-2
wdsLmI+iz3k6HwqGe6vq/5w371pf9ZxcmhBWj9jaTeiJl7mpSWuvkUepoA0jDkEqZM186tn+vhg=
timing-allow-origin
*
last-modified
Wed, 14 Jul 2021 14:41:11 GMT
server
cloudflare
etag
W/"6c0f43a91c65cd86bc4d4e4ad3b4929f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id
DafOVlOv88JXsZ_VmcohZg1hlM_4DKr2
access-control-allow-origin
https://www.reversinglabs.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
cf-ray
673539fb68b24ed9-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires
Fri, 23 Jul 2021 13:27:23 GMT
leadflows.js
js.hsleadflows.net/ 		474 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/hs/scriptloader/3375217.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:e8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
17c7e09d9fe7d9c61cc885e9d053de58fafb62a5140b04984c71bbe159301338

Request headers

Origin
https://blog.secure.software
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 157ebd6865840045fc8b5ed1cce7e466.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
74478
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1035/bundle/main/lead-flows-release.js&cfRay=672e1fa68f732bf6-EWR
x-cache
Hit from cloudfront
access-control-max-age
3000
x-amz-replication-status
COMPLETED
content-encoding
br
cf-ray
673539fb7fd42bd6-FRA
last-modified
Wed, 21 Jul 2021 03:45:33 UTC
server
cloudflare
etag
W/"47b28ae8fd0bd675890aecdb6c642f6f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
x-amz-version-id
xeFySbcGH2DZm4AVMZRI0AvG7v40l60B
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=0
x-hs-cache-status
MISS
x-amz-cf-pop
IAD89-C3
content-type
application/javascript; charset=utf-8
x-amz-cf-id
n3dBGnouJ3AG1bl_xnEAqX-rO0djvpTg488gHRyWd6Cox43G0_9_JQ==
x-hs-target-asset
lead-flows-js/static-1.1035/bundle/main/lead-flows-release.js
collectedforms.js
js.hscollectedforms.net/ 		81 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hscollectedforms.net/collectedforms.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/hs/scriptloader/3375217.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:7fab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa8f98ad518df97fb35059f4a8105dc6f572b17e3f4ae934cb9193cd2843d5ae

Request headers

Origin
https://blog.secure.software
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:23:59 GMT
via
1.1 a075746ea1824aa1c02a5e26a9e968e5.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
83797
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.242/bundles/project.js&cfRay=672d3c2489ba4e79-EWR
x-cache
Hit from cloudfront
access-control-max-age
3000
x-amz-replication-status
COMPLETED
content-encoding
br
cf-ray
673539fb8cc94ec1-FRA
last-modified
Fri, 25 Jun 2021 08:15:33 UTC
server
cloudflare
etag
W/"967b75dccc0e4df7c9b30c52323c326e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
x-amz-version-id
13QfqPUxBOKtottH5P65GPqLYrlORKQ4
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=0
x-hs-cache-status
MISS
x-amz-cf-pop
IAD89-C3
content-type
application/javascript; charset=utf-8
x-amz-cf-id
sB-rmjlXbbjtja2HpERyzzGkwWzA__awtMbIIfhXHEF7thTCPziylQ==
x-hs-target-asset
collected-forms-embed-js/static-1.242/bundles/project.js
3375217.js
js.hs-analytics.net/analytics/1627046400000/ 		62 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1627046400000/3375217.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/hs/scriptloader/3375217.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:43b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a32ecdf4d3b1220f186b83f3255e42bd561beb5419be7cb4cfaa6a153ab7aba

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:24:00 GMT
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
24C0DQPXB0A7MSTY
x-amz-server-side-encryption
AES256
cf-ray
673539fb7930c286-FRA
x-amz-id-2
2Xzg1aAaSy9E64KsAqUKijMSejn47EVl+DFeloPoQUdRalA2PgeASlfskEbrdF4yH2uA+cRrMiI=
last-modified
Mon, 19 Jul 2021 17:00:59 GMT
server
cloudflare
etag
W/"6ef024bbac18e71385ba9a013452d6e9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
max-age=300, public
access-control-allow-credentials
false
content-type
text/javascript
expires
Fri, 23 Jul 2021 13:29:00 GMT
counters.gif
forms.hsforms.com/embed/v3/ 		35 B
504 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-error-caught&count=1
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5705 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:24:00 GMT
cf-cache-status
DYNAMIC
server
cloudflare
x-hubspot-correlation-id
84018ce3-cf75-4957-80c1-e528b8abfb23
x-trace
2B8A654203A9F4221749815FEDD4A822D3DBC2B479000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
673539fc4d184df4-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
35
all.js
connect.facebook.net/en_GB/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_GB/all.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9814e1fa66dd6a81ed9d2e17ff0dd2e5294f361d1e18b6265ebc359ae303f518
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
41AOXDHKF9VOEsIsTiEZEQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1688
x-fb-rlafr
0
x-fb-debug
vkEcTteGrmpDGdFWUqx8o02rdTZ8j6xcVKbDHbT2MNFX+G0loJWHcURn+iAsTTfhFh5iM4OCBCCgcxoXsIWt6A==
x-fb-trip-id
686109401
x-fb-content-md5
c00f1d3882886dbee772b0fee41a7430
x-frame-options
DENY
date
Fri, 23 Jul 2021 13:24:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"18cbe8ae4703947239643a49f7d1c52f"
timing-allow-origin
*
expires
Fri, 23 Jul 2021 13:30:56 GMT
widgets.js
platform.twitter.com/ 		95 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67D5) /
Resource Hash
a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Jul 2021 13:24:00 GMT
Content-Encoding
gzip
Last-Modified
Wed, 28 Apr 2021 17:57:32 GMT
Server
ECS (frb/67D5)
Age
935
Etag
"9eb59e5602fef4b3ebf6090856ff21db+gzip"
Vary
Accept-Encoding
x-tw-cdn
VZ
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
X-Cache
HIT
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Content-Length
28779
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
all.js
connect.facebook.net/en_GB/ 		233 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_GB/all.js?hash=750414323bdb9285b81423efe2a84505
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
be73644d77a1007058fab73088230015ef2bd6fd92cd8ce9f3f2facee6cdb4fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Origin
https://blog.secure.software
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
08BN7kHlvasIUqQ9yIu6fA==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
69106
x-fb-rlafr
0
x-fb-debug
WJ/w7jSnH7MzsYFlbILbi9uFVMxruwZ8r9cOfFbQrFY8FwFQ0wv1Hs80qclG9agUDGZZdQekEmCa0wNuZgB22w==
x-fb-content-md5
eac2b1895066056eb1f3d80c814e613d
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 23 Jul 2021 13:24:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"1f3debafd291e3582a15505bbb029a95"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 23 Jul 2022 12:10:50 GMT
widget_iframe.06c6ee58c3810956b7509218508c7b56.html
platform.twitter.com/widgets/ Frame FD03 		319 KB
103 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fblog.secure.software
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BA) /
Resource Hash
5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
153984
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Fri, 23 Jul 2021 13:24:00 GMT
Etag
"dab7ee9ff99366614e06e117bab5e542+gzip"
Last-Modified
Wed, 28 Apr 2021 17:56:54 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/67BA)
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
105298
settings
syndication.twitter.com/ Frame FD03 		183 B
416 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=bba23085384fd307f45e8e801c90dffbf1841857
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fblog.secure.software
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.136 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ced34f591157438ef47695f979ac95f8758408e8d9b88e63aee8b382ec975785
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:24:00 GMT
content-encoding
gzip
last-modified
Fri, 23 Jul 2021 13:24:00 GMT
server
tsa_o
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
x-connection-hash
ca10cc1ef4a7c3fe7fedb8ad7d158e35286120e0d2d1c1bfeaa5dd7f21459795
content-length
152
vt2.aspx
code.visitor-track.com/ 		0
323 B 		Script
General
Check archive.org
Download Go to
Full URL
https://code.visitor-track.com/vt2.aspx?v=6&id=110888&r=&u=https%3A//blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Requested by
Host: code.visitor-track.com
URL: https://code.visitor-track.com/VisitorTrack2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
63.134.242.129 , United States, ASN14992 (CRYSTALTECH, US),
Reverse DNS
www.visitortracklog.com
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Jul 2021 13:23:48 GMT
Cache-Control
private
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Length
0
Content-Type
text/javascript
/
c.6sc.co/ 		47 B
376 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4e6ae20226941f3ead7808b65a056d9e2487cf93434d05d14cfc799bb276b2e9

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Jul 2021 13:24:00 GMT
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
text/plain
Access-Control-Allow-Origin
https://blog.secure.software
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
47
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&session=fa9b7e3d-2304-420b-812a-0280bb9a8806&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A00%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Today%20almost%20everyone%20knows%20that%20they%20need%20to%20protect%20their%20publicly%20exposed%20services%20and%20applications%20against%20the%20potential%20attacks%20from%20the%20outside%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Groundhog%20day%3A%20NPM%20package%20caught%20stealing%20browser%20passwords%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&pageViewId=775fdf35-3d6b-452e-8481-939052be7b50
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Jul 2021 13:24:01 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Mon, 07 Jun 2021 21:53:38 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60be9562-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
analytics.js
www.google-analytics.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Jun 2021 17:36:57 GMT
server
Golfe2
age
1981
date
Fri, 23 Jul 2021 12:50:59 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19661
expires
Fri, 23 Jul 2021 14:50:59 GMT
json
api.hubapi.com/hs-script-loader-public/v1/config/pixel/ 		67 B
930 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.hubapi.com/hs-script-loader-public/v1/config/pixel/json?portalId=3375217
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:c9cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aba43a2f3d0af8618f96387996f22eeacbb19e61315e1de7513be0276f987fae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:24:00 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
10b8f0bc-a3c7-4a0e-81b3-4a9a712c7b1e
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server
cloudflare
x-trace
2B16C9ED2B3870B9A3B54E4A5A62292D63582ACCFC000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
180
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PWuO%2FQvjYSltXcQVryeSx%2FhSyA9NDi507QOQNFfH%2F4JuHplb3XqiqCBftsenGdLBfAh2iG9znchaS9P0brz7cDh770OypZx5D68V%2Bi%2Fqs4o8NnKh2hXGmjDCUdIpdj1D%2FIRZhUwmZKY2hFpS"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
access-control-allow-origin
https://blog.secure.software
access-control-allow-credentials
false
cf-ray
67353a012f162b71-FRA
access-control-allow-headers
*
__ptq.gif
track.hubspot.com/ 		45 B
381 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=3375217&pi=50959638137&ct=blog-post&ccu=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&cpi=50959638137&cgi=48790747698&lpi=50959638137&lvi=50959638137&lvc=en&pu=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&t=Groundhog+day%3A+NPM+package+caught+stealing+browser+passwords&cts=1627046640808&vi=7d0a02df3041ae7af727c7cb460fedfb&nc=true&u=32391265.7d0a02df3041ae7af727c7cb460fedfb.1627046640792.1627046640792.1627046640792.1&b=32391265.1.1627046640793&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:24:00 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
6a958a5e-4773-4e51-89bf-87aca5a758b1
cf-ray
67353a010a6805b7-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EGJbO1B7uTkER6%2Bg%2F72yWIlVLstO1RWzi6sAY8ArNVlGC8IQ7VNqtbdWpe7T6x%2F4U9OfRZp2TMeLXERSuGA3w1PiStkUCQpXutstcIYdnfwXgLAFkhDzs9jQTc7Snmss%2BSLRE3CADXezQNuhhlUy"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
up
insight.adsrvr.org/track/ Frame 4F91 		0
182 B 		Document
General
Check archive.org
Download Go to
Full URL
https://insight.adsrvr.org/track/up?adv=7qhctws&ref=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&upid=8t4axvj&upv=1.1.0
Requested by
Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.148.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-148-233.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method
GET
:authority
insight.adsrvr.org
:scheme
https
:path
/track/up?adv=7qhctws&ref=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&upid=8t4axvj&upv=1.1.0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
TDID=6ff26e8c-bb8d-420d-bf51-337acb62ff5f; TDCPM=CAEYBSABKAIyCwi4hPzO-_nmORAFOAE.
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords

Response headers

date
Fri, 23 Jul 2021 13:24:00 GMT
content-type
text/html
cache-control
private,no-cache, must-revalidate
pragma
no-cache
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j91&a=553984421&t=pageview&_s=1&dl=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&ul=en-us&de=UTF-8&dt=Groundhog%20day%3A%20NPM%20package%20caught%20stealing%20browser%20passwords&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1286851695&gjid=1820851970&cid=588652718.1627046641&tid=UA-32828290-1&_gid=1356593427.1627046641&_r=1&_slc=1&z=1362418639
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 23 Jul 2021 13:24:00 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.secure.software
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
json
forms.hubspot.com/lead-flows-config/v1/config/ 		167 B
500 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=3375217&utk=7d0a02df3041ae7af727c7cb460fedfb&__hstc=32391265.7d0a02df3041ae7af727c7cb460fedfb.1627046640792.1627046640792.1627046640792.1&__hssc=32391265.1.1627046640793&contentId=50959638137&currentUrl=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords
Requested by
Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ff528c681929b5ff4f3541a46f2ec6de74ea3e83c3f87ca14e4e77cb917119e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:24:01 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
f79f880a-385b-4c7e-8e18-fd1951ac6fa2
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-robots-tag
none
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
180
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S9bOlIZaRrwlAdQJ3NP%2BJq3k78j%2FQRIuVsUMaaUXgc%2BgLVo84tCeNl7oSiJ4cMr0nqffVnciUKcbwM0FfFa%2B0uSpH9MpV0AaseoCOVwjxf7pTsgt8987M9%2F9TfZ0ZHv40MncmWpkBFJuqzq4%2Bpbx"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
access-control-allow-origin
https://blog.secure.software
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
cf-ray
67353a015af22bf6-FRA
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
js
www.googletagmanager.com/gtag/ 		94 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-970567826
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a2f29aff7e24a9d58e3a5728b03d0988db7b35a27750dffe7f469508074b17c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:24:00 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38171
x-xss-protection
0
last-modified
Fri, 23 Jul 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 23 Jul 2021 13:24:00 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-970567826
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f2.1e100.net
Software
cafe /
Resource Hash
8069956acb4c566506ff71f7a23c8e23f75ce9443384fe3393ed5c846924026e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Jul 2021 13:24:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13910
x-xss-protection
0
server
cafe
etag
8154934153164151798
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 23 Jul 2021 13:24:01 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/970567826/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/970567826/?random=1627046641042&cv=9&fst=1627046641042&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7l1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&tiba=Groundhog%20day%3A%20NPM%20package%20caught%20stealing%20browser%20passwords&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
60a7ffb25ac66bcccc8df3ab55f3bb8c8ba7490f596e2954e1575599241343bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Jul 2021 13:24:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1086
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/970567826/ 		42 B
138 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/970567826/?random=1627046641042&cv=9&fst=1627045200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7l1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&tiba=Groundhog%20day%3A%20NPM%20package%20caught%20stealing%20browser%20passwords&async=1&fmt=3&is_vtc=1&random=2568895372&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Jul 2021 13:24:01 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/970567826/ 		42 B
154 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/970567826/?random=1627046641042&cv=9&fst=1627045200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7l1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&tiba=Groundhog%20day%3A%20NPM%20package%20caught%20stealing%20browser%20passwords&async=1&fmt=3&is_vtc=1&random=2568895372&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Jul 2021 13:24:01 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=64bb10020e7f0000f0c2fa6005000000ed652400&session=fa9b7e3d-2304-420b-812a-0280bb9a8806&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A01%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A00%20GMT%22%2C%22timeSpent%22%3A%221745%22%2C%22totalTimeSpent%22%3A%221745%22%7D&isIframe=false&m=%7B%22description%22%3A%22Today%20almost%20everyone%20knows%20that%20they%20need%20to%20protect%20their%20publicly%20exposed%20services%20and%20applications%20against%20the%20potential%20attacks%20from%20the%20outside%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Groundhog%20day%3A%20NPM%20package%20caught%20stealing%20browser%20passwords%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&pageViewId=775fdf35-3d6b-452e-8481-939052be7b50
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Jul 2021 13:24:01 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Sat, 05 Jun 2021 07:56:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60bb2e15-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=64bb10020e7f0000f0c2fa6005000000ed652400&session=fa9b7e3d-2304-420b-812a-0280bb9a8806&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A02%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A01%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222746%22%7D&isIframe=false&m=%7B%22description%22%3A%22Today%20almost%20everyone%20knows%20that%20they%20need%20to%20protect%20their%20publicly%20exposed%20services%20and%20applications%20against%20the%20potential%20attacks%20from%20the%20outside%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Groundhog%20day%3A%20NPM%20package%20caught%20stealing%20browser%20passwords%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&pageViewId=775fdf35-3d6b-452e-8481-939052be7b50
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Jul 2021 13:24:02 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
perf
blog.secure.software/_hcms/ 		2 B
452 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.secure.software/_hcms/perf
Requested by
Host: blog.secure.software
URL: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-fetch-mode
cors
origin
https://blog.secure.software
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
empty
cookie
__cfruid=f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639; d-a8e6=5f3ee8b2-9872-4827-a690-6f851efd58ee; s-9da4=80f3a33e-cf24-40e0-9918-d46068ca7a39; _gd_visitor=58994240-55e3-421c-8ab3-19974d56cacf; _gd_session=fa9b7e3d-2304-420b-812a-0280bb9a8806; __hstc=32391265.7d0a02df3041ae7af727c7cb460fedfb.1627046640792.1627046640792.1627046640792.1; hubspotutk=7d0a02df3041ae7af727c7cb460fedfb; __hssrc=1; __hssc=32391265.1.1627046640793; _ga=GA1.2.588652718.1627046641; _gid=GA1.2.1356593427.1627046641; _gat=1; _gd_svisitor=64bb10020e7f0000f0c2fa6005000000ed652400; _gcl_au=1.1.1914676148.1627046641
content-length
827
:path
/_hcms/perf
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type
application/json
accept
*/*
cache-control
no-cache
:authority
blog.secure.software
referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
:scheme
https
sec-fetch-site
same-origin
:method
POST
Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type
application/json

Response headers

cf-ray
67353a13aeb81f25-FRA
date
Fri, 23 Jul 2021 13:24:03 GMT
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-hubspot-correlation-id
95b08024-7391-478f-bd2e-f77fbb7138e3
x-trace
2B5A853E147FB65F707855B95F0AEE1A952840F094000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bKkYX3JAB1SZu4fic0nwPHV%2BXHwU%2Bf3uWvIYsukFaU%2Fv35gyq7r5gxiOfzpEjT0HUf3XydSKKkm34KwORsVKcv9%2BUM%2BSLBCcA7xjzAwY0p6g9pPOYeKCpFoJAQVl4ZSSyTCBQKjroqh8klkOSZnmTBiK"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=utf-8
access-control-allow-credentials
false
x-robots-tag
none
content-length
2
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=64bb10020e7f0000f0c2fa6005000000ed652400&session=fa9b7e3d-2304-420b-812a-0280bb9a8806&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A03%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A02%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223747%22%7D&isIframe=false&m=%7B%22description%22%3A%22Today%20almost%20everyone%20knows%20that%20they%20need%20to%20protect%20their%20publicly%20exposed%20services%20and%20applications%20against%20the%20potential%20attacks%20from%20the%20outside%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Groundhog%20day%3A%20NPM%20package%20caught%20stealing%20browser%20passwords%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&pageViewId=775fdf35-3d6b-452e-8481-939052be7b50
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Jul 2021 13:24:03 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Sat, 05 Jun 2021 07:56:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60bb2e15-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=64bb10020e7f0000f0c2fa6005000000ed652400&session=fa9b7e3d-2304-420b-812a-0280bb9a8806&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A04%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A03%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224748%22%7D&isIframe=false&m=%7B%22description%22%3A%22Today%20almost%20everyone%20knows%20that%20they%20need%20to%20protect%20their%20publicly%20exposed%20services%20and%20applications%20against%20the%20potential%20attacks%20from%20the%20outside%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Groundhog%20day%3A%20NPM%20package%20caught%20stealing%20browser%20passwords%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&pageViewId=775fdf35-3d6b-452e-8481-939052be7b50
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Jul 2021 13:24:04 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Sat, 05 Jun 2021 07:56:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60bb2e15-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&session=f968620a-3620-40d1-842c-31ebd4e3e30d&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A05%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A04%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225749%22%7D&isIframe=false&m=%7B%22description%22%3A%22Today%20almost%20everyone%20knows%20that%20they%20need%20to%20protect%20their%20publicly%20exposed%20services%20and%20applications%20against%20the%20potential%20attacks%20from%20the%20outside%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Groundhog%20day%3A%20NPM%20package%20caught%20stealing%20browser%20passwords%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&pageViewId=775fdf35-3d6b-452e-8481-939052be7b50
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Jul 2021 13:24:05 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&session=f968620a-3620-40d1-842c-31ebd4e3e30d&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A06%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A05%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%226753%22%7D&isIframe=false&m=%7B%22description%22%3A%22Today%20almost%20everyone%20knows%20that%20they%20need%20to%20protect%20their%20publicly%20exposed%20services%20and%20applications%20against%20the%20potential%20attacks%20from%20the%20outside%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Groundhog%20day%3A%20NPM%20package%20caught%20stealing%20browser%20passwords%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&pageViewId=775fdf35-3d6b-452e-8481-939052be7b50
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Jul 2021 13:24:06 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&session=f968620a-3620-40d1-842c-31ebd4e3e30d&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A07%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A06%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%227754%22%7D&isIframe=false&m=%7B%22description%22%3A%22Today%20almost%20everyone%20knows%20that%20they%20need%20to%20protect%20their%20publicly%20exposed%20services%20and%20applications%20against%20the%20potential%20attacks%20from%20the%20outside%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Groundhog%20day%3A%20NPM%20package%20caught%20stealing%20browser%20passwords%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&pageViewId=775fdf35-3d6b-452e-8481-939052be7b50
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Jul 2021 13:24:07 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Mon, 07 Jun 2021 21:53:38 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60be9562-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&session=f968620a-3620-40d1-842c-31ebd4e3e30d&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A08%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A07%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%228754%22%7D&isIframe=false&m=%7B%22description%22%3A%22Today%20almost%20everyone%20knows%20that%20they%20need%20to%20protect%20their%20publicly%20exposed%20services%20and%20applications%20against%20the%20potential%20attacks%20from%20the%20outside%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Groundhog%20day%3A%20NPM%20package%20caught%20stealing%20browser%20passwords%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&pageViewId=775fdf35-3d6b-452e-8481-939052be7b50
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Jul 2021 13:24:08 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&session=f968620a-3620-40d1-842c-31ebd4e3e30d&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A09%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A08%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%229756%22%7D&isIframe=false&m=%7B%22description%22%3A%22Today%20almost%20everyone%20knows%20that%20they%20need%20to%20protect%20their%20publicly%20exposed%20services%20and%20applications%20against%20the%20potential%20attacks%20from%20the%20outside%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Groundhog%20day%3A%20NPM%20package%20caught%20stealing%20browser%20passwords%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&pageViewId=775fdf35-3d6b-452e-8481-939052be7b50
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Jul 2021 13:24:09 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Sat, 05 Jun 2021 07:56:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60bb2e15-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&session=f968620a-3620-40d1-842c-31ebd4e3e30d&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A10%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A09%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%2210757%22%7D&isIframe=false&m=%7B%22description%22%3A%22Today%20almost%20everyone%20knows%20that%20they%20need%20to%20protect%20their%20publicly%20exposed%20services%20and%20applications%20against%20the%20potential%20attacks%20from%20the%20outside%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Groundhog%20day%3A%20NPM%20package%20caught%20stealing%20browser%20passwords%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&pageViewId=775fdf35-3d6b-452e-8481-939052be7b50
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Jul 2021 13:24:10 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Mon, 07 Jun 2021 21:53:38 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60be9562-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&session=367491b7-98e6-4460-81f5-74eca4666203&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A13%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2023%20Jul%202021%2013%3A24%3A10%20GMT%22%2C%22timeSpent%22%3A%223001%22%2C%22totalTimeSpent%22%3A%2213758%22%7D&isIframe=false&m=%7B%22description%22%3A%22Today%20almost%20everyone%20knows%20that%20they%20need%20to%20protect%20their%20publicly%20exposed%20services%20and%20applications%20against%20the%20potential%20attacks%20from%20the%20outside%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Groundhog%20day%3A%20NPM%20package%20caught%20stealing%20browser%20passwords%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fblog.secure.software%2Fgroundhog-day-npm-package-caught-stealing-browser-passwords&pageViewId=775fdf35-3d6b-452e-8481-939052be7b50
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Jul 2021 13:24:13 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Sat, 05 Jun 2021 07:56:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60bb2e15-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

85 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| _hsp object| __core-js_shared__ object| Sslac object| IN function| $ function| jQuery function| hs_i18n_log function| hs_i18n_substituteStrings function| hs_i18n_insertPlaceholders function| hs_i18n_getMessage undefined| module_48588946457 function| i18n_getmessage function| i18n_getlanguage undefined| module_49471664210 object| _hsq object| hsVars number| vtid object| _6si function| cookieinfo object| cbinstance function| ttd_dom_ready function| TTDUniversalPixelApi boolean| _hspb_loaded function| bindToWindowOnError function| defineProperties object| globalRoot undefined| hns object| leadflows object| hubspot function| OutpostErrorReporter boolean| popupPoliceActive undefined| hns2 undefined| jade undefined| I18n undefined| hubspot_mailcheck undefined| Pikaday undefined| reqwest undefined| exports undefined| define boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN boolean| PIXELS_RAN object| __hsCollectedFormsDebug object| _paq function| sanitizeKey boolean| _hstc_loaded function| SimpleLightbox object| FB object| __twttrll object| twttr object| __twttr string| vtsrc object| n object| e string| GoogleAnalyticsObject function| ga boolean| _hspb_ran boolean| _hstc_ran string| __hsUserToken number| expireDateTime object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| dataLayer object| google_tag_manager boolean| LEAD_FLOW_DOCUMENT_READY_RAN function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO

9 Cookies

Domain/Path Name / Value
.secure.software/ Name: __hssc
Value: 32391265.1.1627046640793
.secure.software/ Name: __hssrc
Value: 1
.secure.software/ Name: hubspotutk
Value: 7d0a02df3041ae7af727c7cb460fedfb
.secure.software/ Name: __hstc
Value: 32391265.7d0a02df3041ae7af727c7cb460fedfb.1627046640792.1627046640792.1627046640792.1
blog.secure.software/ Name: _gd_visitor
Value: 58994240-55e3-421c-8ab3-19974d56cacf
blog.secure.software/ Name: s-9da4
Value: 80f3a33e-cf24-40e0-9918-d46068ca7a39
blog.secure.software/ Name: _gd_session
Value: fa9b7e3d-2304-420b-812a-0280bb9a8806
blog.secure.software/ Name: d-a8e6
Value: 5f3ee8b2-9872-4827-a690-6f851efd58ee
.blog.secure.software/ Name: __cfruid
Value: f71aa4a3a22a0656134ffa4bb973ed52feb9ecaa-1627046639

1 Console Messages

Source Level URL
Text
console-api log URL: https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.2/jquery-migrate.min.js(Line 2)
Message:
JQMIGRATE: Migrate is installed, version 3.3.2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hubapi.com
b.6sc.co
blog.secure.software
c.6sc.co
cdn2.hubspot.net
cdnjs.cloudflare.com
code.visitor-track.com
connect.facebook.net
cookieinfoscript.com
fonts.googleapis.com
fonts.gstatic.com
forms.hsforms.com
forms.hubspot.com
googleads.g.doubleclick.net
insight.adsrvr.org
j.6sc.co
js.adsrvr.org
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
match.adsrvr.org
platform.linkedin.com
platform.twitter.com
syndication.twitter.com
track.hubspot.com
vidassets.terminus.services
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
104.111.233.140
104.244.42.136
13.224.193.93
13.226.146.155
13.248.242.197
172.217.23.98
2606:2800:234:59:254c:406:2366:268c
2606:2c40::c73c:67e1
2606:4700:3030::6815:2212
2606:4700::6810:125e
2606:4700::6810:5705
2606:4700::6811:43b0
2606:4700::6811:70b0
2606:4700::6811:7fab
2606:4700::6811:c9cc
2606:4700::6811:e8cc
2606:4700::6811:f3cc
2606:4700::6812:15bf
2606:4700::6813:9b53
2a00:1450:4001:800::2003
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:828::2004
2a00:1450:4001:828::2008
2a00:1450:4001:82b::2002
2a00:1450:4001:831::200a
2a02:26f0:6c00::210:ba20
2a03:2880:f01c:8012:face:b00c:0:3
52.30.148.233
63.134.242.129
0520cedb8db5d7ef2f9d6669197754d34e599f8da50dfcad5a68761b8d7a07e4
0ab31a97c236988bb6e415187b2197cdbf689664173015dffd6da8eb96b1626f
0e4b8d24a97bf67e39fcebe6b138ff9db6a5a01b38b3f2d2d2ab0ee90f44a729
0e868ca932480407e63d27e8e868cb1514581142928b9be15ec9039bf5fe348f
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0f3178b4d77e3502da5ed010344bd012cba35b3c429cecdfe1934f8fde94ad86
106fcd8d723eda7d92a26893a439ccef998e5fc68ad228253607143d801e8cd8
17c7e09d9fe7d9c61cc885e9d053de58fafb62a5140b04984c71bbe159301338
1e126b0dea17f677e897f6ede03a9adfdc65df70d6bf0a28cac48b966399579d
31af6375885bd89ee3cd1f70272f478ec4d5ea01638a580c0fdadb3e15f6eb14
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
3cdb9a56308234500b4cffa5e73b48dea8e9e13021b08704ccf980c9f863d529
3de2ca4c86eaa78b341bda9be6cd1e96d3dfa429069139d1a99b9afb419f26b8
3f85464f108589dca87408834c16278e76635a2dcc5e202deb5020a6411e4d4b
4c91959cba13f585a90c75338d4648c4a85ba1fa37bebc831ddc5570bb31b553
4e6ae20226941f3ead7808b65a056d9e2487cf93434d05d14cfc799bb276b2e9
548858a24b55104a345e2ed3c2204e3ed33d51d3d99d60f4878479b3561f8525
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a32ecdf4d3b1220f186b83f3255e42bd561beb5419be7cb4cfaa6a153ab7aba
5bdce858900c33f532d0a01a98dab0b5581277be3ab7a73f6c24309cf3655f8a
5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3
60a7ffb25ac66bcccc8df3ab55f3bb8c8ba7490f596e2954e1575599241343bb
6556d4b79b327522bad306de36b02e0239d30d5c385a6ec1eac16a654e9e020f
65c018236473b9645e14fa5f19a3030130966ae819361573f96214f51dddcb92
69aea70ed00c6297e407afc0b1ccf6db9629eedc412bf0779467f3e462d346e3
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
75ac1bdf2d43ddd4ed8a6310fe745c9606c8e466011da246ec1c5ae352c4452d
79147030f069717742c403b3b4e55fb0a07a2d66f2de460bafe79e39c5e0b852
8069956acb4c566506ff71f7a23c8e23f75ce9443384fe3393ed5c846924026e
9500f9ad9e35a1127cca48ea998966c10e8e6957a713413ab74eaa4ae70fd1d9
9814e1fa66dd6a81ed9d2e17ff0dd2e5294f361d1e18b6265ebc359ae303f518
9ab81367fff0d57cd291c12125d4f45d2d9cf1fed04a18f0461a263b8db267b0
9fd49a60b770f517f719373a0297b43246efc3e39bcf6735a7f8a0449789f9f0
9ff528c681929b5ff4f3541a46f2ec6de74ea3e83c3f87ca14e4e77cb917119e
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19
a2dd71a5fa8d4638da1cd57021fe3ddb527a109770c86bb8d3e2a5ab8d17daef
a2f29aff7e24a9d58e3a5728b03d0988db7b35a27750dffe7f469508074b17c1
a969e5f8c4950230af86fcc3fa95485eb505cb6c58574146b87115ee6bd7bfdf
aa8f98ad518df97fb35059f4a8105dc6f572b17e3f4ae934cb9193cd2843d5ae
aba43a2f3d0af8618f96387996f22eeacbb19e61315e1de7513be0276f987fae
abdbde3abe016129376406826cd6a50bd786bd8392f882efe2b3616c9e9cf801
afb803eeb921928e155b890461db2ea6925d657bf5d81f2b436fb3dd254633b6
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
be73644d77a1007058fab73088230015ef2bd6fd92cd8ce9f3f2facee6cdb4fc
c44bc92eb78d7b1596789095812e8c24f5c3f9b4835318cf329204d1efc37abb
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ced34f591157438ef47695f979ac95f8758408e8d9b88e63aee8b382ec975785
d6dc97993d7e4803aeb35d0e9a24f0393eceb43de5f7ff0f0e437f1b05aea4e2
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4a38b04932e2ad77d85997f5cef0de384ecc1bb0b854cf619cb32501158692e
eb6d14a40719f17f35d5418d1ef1e3dc7f395fd40e7cf68beffee30a8ce3ca92
ec25b56ae1582d75e62c8c9c935d67339123dd1a397edf689b6b938374703338
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fcf89e82962c3e3bd07b793a5e5cfa362b86d8d96025c4222a44bd85273507e4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e