jfrog.com Open in urlscan Pro
13.224.193.54  Public Scan

36 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 43

• https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-bintray_40x40.png/mxw_1650,f_auto HTTP 302
• https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-bintray_40x40.png

Request Chain 75

• https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/?random=1447705397&cv=9&fst=1642280764006&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=PDfjYYu2BJyYx_AP0d6X-A8&sscte=1&crd=CNPgGw HTTP 302
• https://www.google.com/pagead/1p-conversion/982905749/?random=1447705397&cv=9&fst=1642280764006&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGw&is_vtc=1&ocp_id=PDfjYYu2BJyYx_AP0d6X-A8&random=1640800814&resp=GooglemKTybQhCsO HTTP 302
• https://www.google.de/pagead/1p-conversion/982905749/?random=1447705397&cv=9&fst=1642280764006&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGw&is_vtc=1&ocp_id=PDfjYYu2BJyYx_AP0d6X-A8&random=1640800814&resp=GooglemKTybQhCsO&ipr=y&prhg=0

Request Chain 105

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1642280765351&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D20396%26time%3D1642280765351%26url%3Dhttps%253A%252F%252Fjfrog.com%252Fblog%252Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%252F%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1642280765351&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1642280765351&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&liSync=true&e_ipv6=AQJ9eUcXlOU06gAAAX5fj8jlA4YXV3CHdFezmak-DpmASk0VUyArirH6xYa1GO-_wyuGvGS6

Request Chain 176

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1642280765666&url=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1642280765666&url=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F&e_ipv6=AQLZTAqpunPfMAAAAX5fj8kbqQwcjN6o4Cwd6MBfpS1NTm_qHLJWptq3MftnScVnDLqlv78r

Request Chain 193

• https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/?random=1033814253&cv=9&fst=1642280765788&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=PTfjYcOIMdjZx_APn5youAs&sscte=1&crd= HTTP 302
• https://www.google.com/pagead/1p-conversion/982905749/?random=1033814253&cv=9&fst=1642280765788&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=PTfjYcOIMdjZx_APn5youAs&cid=CAQSKQCNIrLMVwiC_aTumgdcLYhzV9ZV7Tm0QoTzuCksOtS9WsWtZR2Frjzv&random=3781613176&resp=GooglemKTybQhCsO HTTP 302
• https://www.google.de/pagead/1p-conversion/982905749/?random=1033814253&cv=9&fst=1642280765788&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=PTfjYcOIMdjZx_APn5youAs&cid=CAQSKQCNIrLMVwiC_aTumgdcLYhzV9ZV7Tm0QoTzuCksOtS9WsWtZR2Frjzv&random=3781613176&resp=GooglemKTybQhCsO&ipr=y&prhg=0

Request Chain 204

• https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/?random=470827358&cv=9&fst=1642280765999&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=PjfjYc6tAcLygQfOnKrwDQ&sscte=1&crd=CNPgGw HTTP 302
• https://www.google.com/pagead/1p-conversion/982905749/?random=470827358&cv=9&fst=1642280765999&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGw&is_vtc=1&ocp_id=PjfjYc6tAcLygQfOnKrwDQ&cid=CAQSKQCNIrLMJLlq24e_sl_5gLEoHcga62h0BZpcqvNO69k2o-17957kBlVd&random=3878279214&resp=GooglemKTybQhCsO HTTP 302
• https://www.google.de/pagead/1p-conversion/982905749/?random=470827358&cv=9&fst=1642280765999&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGw&is_vtc=1&ocp_id=PjfjYc6tAcLygQfOnKrwDQ&cid=CAQSKQCNIrLMJLlq24e_sl_5gLEoHcga62h0BZpcqvNO69k2o-17957kBlVd&random=3878279214&resp=GooglemKTybQhCsO&ipr=y&prhg=0

214 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/	179 KB 49 KB	1343ms 1202ms	Document text/html	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 6ecb703f509260162861ac08a63e358735f86a57dc1510f4add9bb7b49d2f618 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers content-type text/html; charset=UTF-8 date Sat, 15 Jan 2022 21:06:02 GMT access-control-allow-origin https://jfrog.com strict-transport-security max-age=31536000; includeSubDomains referrer-policy no-referrer-when-downgrade x-content-type-options nosniff content-security-policy frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/; etag W/"d128df5a5ad26690f64988f108d0e42ff0d336d1" last-modified Thu, 18 Nov 2021 16:06:36 GMT expires Sat, 22 Jan 2022 21:06:02 GMT cache-control public, max-age=604800 pragma public link <https://jfrog.com/wp-json/>; rel="https://api.w.org/" <https://jfrog.com/wp-json/wp/v2/posts/83986>; rel="alternate"; type="application/json" <https://jfrog.com/?p=83986>; rel=shortlink content-encoding gzip vary Accept-Encoding x-cache Miss from cloudfront via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C1 x-amz-cf-id 3Bp4COv4nN44qWVKXb__wOXYrF0N_-iDrOrV4vB54xqT_3lqWKhHAw==
GET H2	200	clicktrue_invocation.js Show response d.rageagainstthesoap.com/	72 KB 26 KB	133ms 54ms	Script text/javascript	2600:9000:234e:4e00:7:4902:e200:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:234e:4e00:7:4902:e200:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Caddy / Resource Hash 568a519bb79d721a7575f9bbabf873b045b71cf523c4cd4250b9d047317ba591 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:03 GMT content-encoding gzip server Caddy x-amz-cf-pop OSL50-P1 etag "11f92-BejVIWWxgR6sMnxgCrkP/wubq24" x-cache Hit from cloudfront content-type text/javascript; charset=utf-8 via 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront) cache-control max-age=43200 content-length 26711 x-amz-cf-id jI9bQIOUm4fhtXALaz_uXwM3sEGXZ7CllO-m15Yea9vCceV_9a7sYw== expires Sun, 16 Jan 2022 08:42:35 GMT
GET H2	200	styles.css jfrog.com/wp-content/plugins/better-click-to-tweet/assets/css/	2 KB 991 B	10ms 10ms	Stylesheet text/css	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/plugins/better-click-to-tweet/assets/css/styles.css?ver=3.0 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash ac588a22069fd96f7979ef0eb66728f0c45d9594c49bea515afe79d229591cdd Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 19:08:13 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:36:04 GMT age 7218 etag W/"61e08d34-809" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id h1tj0wFSgmUV8ys-o_oMbZMSQ4vUHjPj-a5mV5MIxzEujIYCESGShg== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	default.min.css jfrog.com/wp-content/plugins/tablepress/css/	5 KB 3 KB	10ms 10ms	Stylesheet text/css	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/plugins/tablepress/css/default.min.css?ver=1.12 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 19:08:13 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:36:04 GMT age 7218 etag W/"61e08d34-13e4" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id pu42gLyRTVvv0Uqm0BZjZGr3S6TT0kVOk7U7uXXAQW69aKQ1D5KTIw== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	vendor~main~pages.chunk.b1046a82e21d1960b63c.css jfrog.com/wp-content/themes/jfrog.com/dist/	12 KB 6 KB	11ms 11ms	Stylesheet text/css	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~main~pages.chunk.b1046a82e21d1960b63c.css?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 31eae54cf017a16241a52d95bbb40d84a4678d63143813a279dc913c7d209516 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT content-encoding gzip last-modified Wed, 29 Dec 2021 09:27:34 GMT age 172824 etag W/"61cc2a06-3126" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id T9iaTjSFIPFzNzHB99qO9iqlmoomrMoUwVigD5exJMQgrYPR_ur5Qw== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	pages.bundle.b69184e4fedb9285b9ad.css jfrog.com/wp-content/themes/jfrog.com/dist/	1 MB 172 KB	11ms 11ms	Stylesheet text/css	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.b69184e4fedb9285b9ad.css?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash b9c649cdcd14a4efd0a9bcc23ac8dd88397c86a0cf67488b886ffe9a2d3891d0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:33:34 GMT age 172824 etag W/"61e08c9e-144cfd" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id raCDGPxzdgrRNdVvtj4ucLamznRtzQXLwIX7UKj7eXgCYT5zwScNwQ== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	vendor~pages.chunk.b916dc5279409299c884.css jfrog.com/wp-content/themes/jfrog.com/dist/	19 KB 3 KB	11ms 11ms	Stylesheet text/css	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~pages.chunk.b916dc5279409299c884.css?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash acab616ca94eebf4acb5afd392e304c5d9dab3f2e5121c005e2f6460e7a0b5a3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT content-encoding gzip last-modified Wed, 29 Dec 2021 09:32:03 GMT age 172824 etag W/"61cc2b13-4d3d" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id 0kmptV2RzFPvl17rfA2BCFeM0qofDmYQ5zYRC0Gq11WYoYhSZPqNuA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	flag-icon.css jfrog.com/wp-content/themes/jfrog.com/node_modules/flag-icon-css/css/	37 KB 3 KB	12ms 12ms	Stylesheet text/css	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/node_modules/flag-icon-css/css/flag-icon.css?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash f4c6d858f9444d1603c69ae3416514024894e89b50698d44bacb71416750c219 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT content-encoding gzip last-modified Thu, 16 Nov 2017 15:45:52 GMT age 172824 etag W/"5a0db2b0-93d8" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id fl78EWe8DS7-EJ3cs8CgGm1Ir1ZQaatt34aTNb_8QoTFbR2NLLHdOA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	bebasneue-webfont.woff2 jfrog.com/wp-content/themes/jfrog.com/assets/fonts/bebasneue/	15 KB 16 KB	12ms 12ms	Font application/octet-stream	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/bebasneue/bebasneue-webfont.woff2 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash f25af0023f3898c94965f07dd066692f6541970ca482b9fc8631225676531bc0 Request headers Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Origin https://jfrog.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) last-modified Thu, 13 Jan 2022 20:31:39 GMT age 172824 etag "61e08c2b-3d48" x-cache Hit from cloudfront content-type application/octet-stream access-control-allow-origin * cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 15688 x-amz-cf-id 6W45tWizgf7W9zeJlbwlYFyVHdNbH01DQemY6M8mdwp63LbTqqbbbw== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	FontAwesome.woff2 jfrog.com/wp-content/themes/jfrog.com/assets/fonts/jfrogfontawesome/	4 KB 5 KB	12ms 12ms	Font application/octet-stream	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/jfrogfontawesome/FontAwesome.woff2 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash df740a8ffe6449fe8b5404a650078723908ea9b95403dd0327983ce26b6fd7ba Request headers Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Origin https://jfrog.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) last-modified Thu, 13 Jan 2022 20:36:05 GMT age 172824 etag "61e08d35-115c" x-cache Hit from cloudfront content-type application/octet-stream access-control-allow-origin * cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 4444 x-amz-cf-id qxTbd2kwx0pFqA7_dbS38lh5Lnn0AxLztBOEiWvbxh5060ZadjjBDw== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	OpenSans-Bold.woff2 jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/	45 KB 46 KB	12ms 12ms	Font application/octet-stream	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/OpenSans-Bold.woff2 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 46b518780343f2262e168bea5146d1ff30a6253191cc61b486657c76a58fb2bb Request headers Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Origin https://jfrog.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) last-modified Thu, 13 Jan 2022 20:36:05 GMT age 172824 etag "61e08d35-b57c" x-cache Hit from cloudfront content-type application/octet-stream access-control-allow-origin * cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 46460 x-amz-cf-id R_fqA1Jq8EnVr5KyeeAhxmwZF3MbYFwjRbpdjvHqXYzY6NDXMrMgOQ== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	OpenSans-Regular.woff2 jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/	44 KB 44 KB	12ms 12ms	Font application/octet-stream	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/OpenSans-Regular.woff2 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 408fe165dff48eb2f8cb3a2fcbc1dd92b94d56b4ab11813be55c776871c691cf Request headers Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Origin https://jfrog.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) last-modified Thu, 13 Jan 2022 20:31:39 GMT age 172824 etag "61e08c2b-ae68" x-cache Hit from cloudfront content-type application/octet-stream access-control-allow-origin * cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 44648 x-amz-cf-id m20zkZEwEynfbZ6fvVGxJcf6W1rQk8FfaIAw3ZE1SxN6Z67dzqVOog== expires Thu, 31 Dec 2037 23:55:55 GMT
GET		web_cta.png media.jfrog.com/wp-content/uploads/2021/12/17123503/	0 0
GET		mobile_cta.png media.jfrog.com/wp-content/uploads/2021/12/17123501/	0 0
GET		jfrog-logo-2022.svg media.jfrog.com/wp-content/uploads/2021/12/29113553/	0 0
GET		solutions-diagram.svg media.jfrog.com/wp-content/uploads/2020/11/29113725/	0 0
GET H2	200	optimize.js Show response www.googleoptimize.com/	87 KB 35 KB	133ms 47ms	Script application/javascript	2a00:1450:4001:80e::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleoptimize.com/optimize.js?id=GTM-MDG4GXG Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 4f7218d98c5ff6b05532e69b520237f27c3fcd657d3b290a09321de3e226dad9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:03 GMT content-encoding br server Google Tag Manager access-control-allow-headers Cache-Control vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35213 x-xss-protection 0 expires Sat, 15 Jan 2022 21:06:03 GMT
GET H2	200	mxw_1650,f_auto speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/12/17123507/Web_bg.png/	5 KB 6 KB	88ms 10ms	Image image/avif	13.32.99.83 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/12/17123507/Web_bg.png/mxw_1650,f_auto Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-83.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 4028518b689870c036c3ca68fc0a93b1b9e538df659a5a6eed751ee785f7ef91 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 17 Dec 2021 16:11:03 GMT via 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront) last-modified Fri, 17 Dec 2021 11:22:29 GMT server AmazonS3 age 2523301 etag "091872a30f68e6cb84af304e1ea08445" x-cache Hit from cloudfront content-type image/avif x-amz-storage-class STANDARD_IA cache-control max-age=31536000 x-amz-cf-pop FRA60-P3 accept-ranges bytes content-length 5525 x-amz-cf-id WI-Bf_5jOgXJhWWZdSXgdbkoChfK2L-sZ4tuDL3m01mYD-HtxZUIng==
GET H2	200	OpenSans-SemiBold.woff2 jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/	45 KB 46 KB	10ms 9ms	Font application/octet-stream	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/OpenSans-SemiBold.woff2 Requested by Host: jfrog.com URL: https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.b69184e4fedb9285b9ad.css?ver=5.7.2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 7a32484e166e1337fbb0cf4f4262bb385ed9081f1ac20f9efe39e8e50490367a Request headers Referer https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.b69184e4fedb9285b9ad.css?ver=5.7.2 Origin https://jfrog.com dpr 1 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 viewport-width 1600 Response headers date Thu, 13 Jan 2022 21:05:27 GMT via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) last-modified Thu, 13 Jan 2022 20:36:05 GMT age 172836 etag "61e08d35-b5f0" x-cache Hit from cloudfront content-type application/octet-stream access-control-allow-origin * cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 46576 x-amz-cf-id 1CK1Al5lN6I6vGkEwOzTXgM1jooApg3KCd2HifVHxprLynGjYKRGnA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	mxw_1125,f_auto speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/12/17123503/web_cta.png/	3 KB 3 KB	75ms 9ms	Image image/png	13.32.99.83 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/12/17123503/web_cta.png/mxw_1125,f_auto Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-83.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 3a6e01a4667c69033dcd52df0e6ff2c6a3428c91774e530657bf9dc9d61970db Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 17 Dec 2021 11:37:16 GMT via 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront) last-modified Fri, 17 Dec 2021 10:35:45 GMT server AmazonS3 age 2539728 etag "b5d3b4efd88a65d9cfd09c09a6bf4511" x-cache Hit from cloudfront content-type image/png x-amz-storage-class STANDARD_IA cache-control max-age=31536000 x-amz-cf-pop FRA60-P3 accept-ranges bytes content-length 2718 x-amz-cf-id DnPfuEalSvb_JbHg8Mch8IMTirqCVIDJ08olAyAhAy-Oe74QXfxyVw==
GET H2	200	mxw_96,f_auto speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/12/29113553/jfrog-logo-2022.svg/	7 KB 3 KB	74ms 9ms	Image image/svg+xml	13.32.99.83 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/12/29113553/jfrog-logo-2022.svg/mxw_96,f_auto Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-83.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash f68e792f76926ad9a4894d52036dffdfcb37c8639d899f544416ed86a10d4b78 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Wed, 29 Dec 2021 09:37:32 GMT content-encoding br last-modified Wed, 29 Dec 2021 09:35:56 GMT server AmazonS3 age 1510112 etag W/"fefde2f86292800a8485ab52d07f8262" vary Accept-Encoding x-cache Hit from cloudfront content-type image/svg+xml x-amz-storage-class STANDARD_IA cache-control max-age=31536000 x-amz-cf-pop FRA60-P3 x-amz-cf-id xx-euY3y1jBBmikOiqfo7IWm2bfy0BwajEwwLo87fi9f746Ii9wlJA== via 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
GET H2	200	mxw_96,f_auto speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2020/11/29113725/solutions-diagram.svg/	2 KB 1 KB	74ms 9ms	Image image/svg+xml	13.32.99.83 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2020/11/29113725/solutions-diagram.svg/mxw_96,f_auto Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-83.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash e2ea1427124844d6bb845ef0a42734c7f6fd3af45e38406b9fb4f5ba40c60821 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Wed, 29 Dec 2021 09:38:17 GMT content-encoding br last-modified Wed, 29 Dec 2021 09:37:28 GMT server AmazonS3 age 1510067 etag W/"2fd63781a4b85dd9f878bab196569500" vary Accept-Encoding x-cache Hit from cloudfront content-type image/svg+xml x-amz-storage-class STANDARD_IA cache-control max-age=31536000 x-amz-cf-pop FRA60-P3 x-amz-cf-id qNI3WL26_-yIrwgbVO5u-NI4amGGKd7C34_JYqCMr2gY3O5h0pzSnQ== via 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
GET		icon-artifactory-1.png media.jfrog.com/wp-content/uploads/2017/08/20132433/	0 0
GET		icon-xray.png media.jfrog.com/wp-content/uploads/2017/08/20132432/	0 0
GET H2	200	mxw_1650,f_auto speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2017/08/20132432/icon-xray.png/	584 B 964 B	48ms 10ms	Image image/webp	13.32.99.83 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2017/08/20132432/icon-xray.png/mxw_1650,f_auto Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-83.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash daf5359ddb0f5a3cbace56f358e2f06c1f3cd908e180ad663165e160cfbb60aa Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 05 Dec 2021 15:06:48 GMT via 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront) last-modified Tue, 06 Jul 2021 13:09:37 GMT server AmazonS3 age 3563956 etag "f0f8bc09516e15f8b68e114c557d0558" x-cache Hit from cloudfront content-type image/webp x-amz-storage-class STANDARD_IA cache-control max-age=31536000 x-amz-cf-pop FRA60-P3 accept-ranges bytes content-length 584 x-amz-cf-id oJlEinU66qcKoI5cJ4Gl7c3WK0O1vkcoXhn_HKyS8e4QXhXNnZDC9g==
GET H2	200	mxw_1650,f_auto speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-artifactory-1.png/	522 B 902 B	50ms 12ms	Image image/webp	13.32.99.83 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-artifactory-1.png/mxw_1650,f_auto Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-83.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash cf3b6b031f40f296c723cacca30ce7c0364961443d28a28f907b12d8b6b49f14 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 05 Dec 2021 15:06:46 GMT via 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront) last-modified Sun, 27 Jun 2021 11:22:32 GMT server AmazonS3 age 3563958 etag "0cada58301888bacfb1fdf563b5b1b59" x-cache Hit from cloudfront content-type image/webp x-amz-storage-class STANDARD_IA cache-control max-age=31536000 x-amz-cf-pop FRA60-P3 accept-ranges bytes content-length 522 x-amz-cf-id fnSDdbvO5tWEnn3n0SDtnOSmFLPoI-WQrNpvOMwZDlk1mZsgm7DfeQ==
GET BLOB	200 OK	f23dd8b1-62f0-4a48-a2da-6eb624576601 https://jfrog.com/	1 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:https://jfrog.com/f23dd8b1-62f0-4a48-a2da-6eb624576601 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash e43f3575e3f02d59c177ebfc5ffc7fefb0ab4544f3d0554997e27cf1eb0cba9e Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Length 1108
GET H2	200	icon_jfrog-pipeline.png media.jfrog.com/wp-content/uploads/2017/08/20130739/	1 KB 1 KB	9ms 8ms	Image image/png	13.224.193.47 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://media.jfrog.com/wp-content/uploads/2017/08/20130739/icon_jfrog-pipeline.png Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.47 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-47.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash e84c4d081a93c88d1c93acef40fa95fb0edb931e43ac6b1e2eef7d6e4eabbb06 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 26 Jul 2021 23:22:59 GMT via 1.1 d7e55181ad8192e74c103c6003cd4d9c.cloudfront.net (CloudFront) last-modified Mon, 20 Apr 2020 11:07:40 GMT server AmazonS3 age 14938985 etag "14f327774fb8e8a722730ae57b0aac2e" x-cache Hit from cloudfront x-amz-version-id 2x8MI6.BE3irozEUYlz70YI5NwwrkN5C cache-control max-age=31536000 x-amz-cf-pop FRA2-C1 accept-ranges bytes content-type image/png content-length 1071 x-amz-cf-id V6F7b8-Dd84YHc-VSWqtaKS2kVNVnrgG9reExF5esxG9yg5TSl-Naw== expires Tue, 20 Apr 2021 11:07:39 GMT
GET		icon-bintray_40x40.png media.jfrog.com/wp-content/uploads/2017/08/20132433/	0 0
GET		jcr40PX-1.png media.jfrog.com/wp-content/uploads/2017/08/20130019/	0 0
GET		icon-jfrog-connect.svg media.jfrog.com/wp-content/uploads/2017/08/09231026/	0 0
GET		chevron_down.svg media.jfrog.com/wp-content/uploads/2021/12/29113500/	0 0
GET		jfrog-logo-2022.svg media.jfrog.com/wp-content/uploads/2021/12/29113553/	0 0
GET DATA	200 OK	truncated /	10 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 9424e914b87bbcc3e92ba7f1bd1241e9256c7ae1bc58174f398b1b76ba028c61 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/png
GET H2	200	mxw_1650,f_auto speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/07/29141240/background.png/	24 KB 25 KB	10ms 9ms	Image image/avif	13.32.99.83 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/07/29141240/background.png/mxw_1650,f_auto Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-83.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 07812baa0e9b7a86675ea47f0a918a948dbfac2fc20b963478c928755cc0145f Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 17 Dec 2021 16:11:03 GMT via 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront) last-modified Thu, 29 Jul 2021 12:14:20 GMT server AmazonS3 age 2523301 etag "6672fe5fac391ee18012c21f4108ca8c" x-cache Hit from cloudfront content-type image/avif x-amz-storage-class STANDARD_IA cache-control max-age=31536000 x-amz-cf-pop FRA60-P3 accept-ranges bytes content-length 25082 x-amz-cf-id HuSHw-lk1SAIm1WtLqlKuIasHKYkHqRpgyhe4C6wZ8WzUWfM_x3gZg==
GET H2	200	OpenSans-ExtraBold.woff2 jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/	19 KB 19 KB	10ms 9ms	Font application/octet-stream	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/OpenSans-ExtraBold.woff2 Requested by Host: jfrog.com URL: https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.b69184e4fedb9285b9ad.css?ver=5.7.2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 66823bebf2d76d11b13c67782577188b12f1e345cc55d1c60da433d0ff8aae48 Request headers Referer https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.b69184e4fedb9285b9ad.css?ver=5.7.2 Origin https://jfrog.com dpr 1 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 viewport-width 1600 Response headers date Thu, 13 Jan 2022 21:05:46 GMT via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) last-modified Thu, 13 Jan 2022 20:36:05 GMT age 172817 etag "61e08d35-4a90" x-cache Hit from cloudfront content-type application/octet-stream access-control-allow-origin * cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 19088 x-amz-cf-id TTSJRTUPt7GiU6eyQsgLwD0N8JVU6vbIzn_PKwUR-HOwOz4nhFNDZw== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	OpenSans-Italic.woff2 jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/	42 KB 42 KB	9ms 9ms	Font application/octet-stream	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/OpenSans-Italic.woff2 Requested by Host: jfrog.com URL: https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.b69184e4fedb9285b9ad.css?ver=5.7.2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 54fef01d833f38c14a69a3cb14792e03ad94812ef180ee5e10a83bcf2d62cde3 Request headers Referer https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.b69184e4fedb9285b9ad.css?ver=5.7.2 Origin https://jfrog.com dpr 1 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 viewport-width 1600 Response headers date Thu, 13 Jan 2022 21:05:27 GMT via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) last-modified Thu, 13 Jan 2022 20:31:39 GMT age 172836 etag "61e08c2b-a614" x-cache Hit from cloudfront content-type application/octet-stream access-control-allow-origin * cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 42516 x-amz-cf-id tH3zEmzFt6vtbU4dgqokFBqYT6QrqmxneZm2Z8ant2-GSKpzO0xnUg== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	mxw_828,f_auto speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/11/01161423/3_abusing-CDN-TLS-termination-for-data-exfiltration-1024x429.jpg/	5 KB 5 KB	11ms 11ms	Image image/avif	13.32.99.83 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/11/01161423/3_abusing-CDN-TLS-termination-for-data-exfiltration-1024x429.jpg/mxw_828,f_auto Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-83.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 6d207fca17c761b8cd9e4c98126599ae3f6d6171a62858040e9bf6b03d1c18f1 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 31 Dec 2021 14:52:38 GMT via 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront) last-modified Mon, 01 Nov 2021 14:50:10 GMT server AmazonS3 age 1318406 etag "c526e0d51dc083a943c0be4a99fcdf43" x-cache Hit from cloudfront content-type image/avif x-amz-storage-class STANDARD_IA cache-control max-age=31536000 x-amz-cf-pop FRA60-P3 accept-ranges bytes content-length 4953 x-amz-cf-id 3X4XH3sFTxxieanolfH1895CqZz56QvbWNHS0NweBF1xEGOQGnObmw==
GET H2	200	mxw_1024,f_auto speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/11/01161354/2_backend-server-unencrypted-request-1024x262.png/	87 KB 87 KB	1319ms 1318ms	Image image/webp	13.32.99.83 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/11/01161354/2_backend-server-unencrypted-request-1024x262.png/mxw_1024,f_auto Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-83.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash df60c97d425292c5c0d019af88c1ddcefa8dc08424be1b9c7cd5b45d092a878a Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:05 GMT via 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront) last-modified Mon, 01 Nov 2021 14:47:44 GMT server AmazonS3 x-amz-cf-pop FRA60-P3 etag "5c3cfeee8ff4429e88ffc75cbf53af76" x-cache Miss from cloudfront content-type image/webp x-amz-storage-class STANDARD_IA cache-control max-age=31536000 accept-ranges bytes content-length 89050 x-amz-cf-id _TILBw7EtYM-tRtzD023ny30zHI-tJBPOX5rndGnpQu3rU0sV1wk-w==
GET H2	200	mxw_1600,f_auto speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/11/01161309/1_outgoing-encrypted-request.png/	46 KB 47 KB	12ms 11ms	Image image/webp	13.32.99.83 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/11/01161309/1_outgoing-encrypted-request.png/mxw_1600,f_auto Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-83.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 6a4763315fcb0009747d48dd80b0f4d7bd0a9956e8ee4141f52adb4bf82a24a4 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 08:44:26 GMT via 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront) last-modified Mon, 01 Nov 2021 21:19:25 GMT server AmazonS3 age 130898 etag "53f612ce49b18b27032a912bdcbbd0dd" x-cache Hit from cloudfront content-type image/webp x-amz-storage-class STANDARD_IA cache-control max-age=31536000 x-amz-cf-pop FRA60-P3 accept-ranges bytes content-length 47326 x-amz-cf-id baaP385Yw3Jh6_iJzN8pdErr5ysAYM_NEMBTC9dHqhly8EIjT3NcyQ==
GET H2	200	mxw_1024,f_auto speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/11/01161038/PyPI-Malware-Round-2-863x300-1.png/	7 KB 7 KB	16ms 16ms	Image image/avif	13.32.99.83 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/11/01161038/PyPI-Malware-Round-2-863x300-1.png/mxw_1024,f_auto Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-83.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 1c162f4bd025ac9bdc657566d7190108436ecd710149635a89484be564627924 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 10 Jan 2022 07:56:27 GMT via 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront) last-modified Mon, 01 Nov 2021 14:45:00 GMT server AmazonS3 age 479377 etag "3ac31ad3484d1084e57c459a3b4be74d" x-cache Hit from cloudfront content-type image/avif x-amz-storage-class STANDARD_IA cache-control max-age=31536000 x-amz-cf-pop FRA60-P3 accept-ranges bytes content-length 6801 x-amz-cf-id HVL7BjTUL8K4DJCXgYj5V7MdNYyVOEBl835HhlEPIPjE08j_weu-1A==
GET H2	200	mxw_1650,f_auto speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/12/29113500/chevron_down.svg/	247 B 628 B	9ms 9ms	Image image/svg+xml	13.32.99.83 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2021/12/29113500/chevron_down.svg/mxw_1650,f_auto Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-83.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 8ef0de27697541696513dac32bc33d3d2efc30a719af417f6ffbc11e0e385567 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Wed, 29 Dec 2021 09:55:12 GMT via 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront) last-modified Wed, 29 Dec 2021 09:35:04 GMT server AmazonS3 age 1509052 etag "547cb1ee137aa281b3d670d85c2b9780" x-cache Hit from cloudfront content-type image/svg+xml x-amz-storage-class STANDARD_IA cache-control max-age=31536000 x-amz-cf-pop FRA60-P3 accept-ranges bytes content-length 247 x-amz-cf-id 5vznb--yQkgHC0rj053MdKXGw9IKGtky9m_BU6oTbo3DlXzT5tHbCg==
GET H2	200	mxw_1650,f_auto speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2017/08/09231026/icon-jfrog-connect.svg/	4 KB 2 KB	9ms 9ms	Image image/svg+xml	13.32.99.83 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2017/08/09231026/icon-jfrog-connect.svg/mxw_1650,f_auto Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-83.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash e08f1bafa4670ea626f85b7e2948411dfe69cbbf0fbba9b2b7d478665b2e01fd Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 09 Jan 2022 21:21:17 GMT content-encoding br last-modified Sun, 09 Jan 2022 21:10:29 GMT server AmazonS3 age 517487 etag W/"8112d25ce5c98251d4ddc7573b5df0b6" vary Accept-Encoding x-cache Hit from cloudfront content-type image/svg+xml x-amz-storage-class STANDARD_IA cache-control max-age=31536000 x-amz-cf-pop FRA60-P3 x-amz-cf-id 7vKj6rpJ3mZSm_DWiawAmBSZRx0643hafdTQbCZVjXhOFnJRgEdiww== via 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
GET H2	200	mxw_1650,f_auto speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2017/08/20130019/jcr40PX-1.png/	802 B 1 KB	10ms 9ms	Image image/webp	13.32.99.83 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2017/08/20130019/jcr40PX-1.png/mxw_1650,f_auto Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-83.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash c4107a80c034a6fb5e0d432cd31ac8f5e47d2f198dc5d8ee2234aba80de2ba1f Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 05 Dec 2021 15:06:47 GMT via 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront) last-modified Tue, 24 Aug 2021 12:37:27 GMT server AmazonS3 age 3563957 etag "efd43604d1dad07a847449d8e6b3c999" x-cache Hit from cloudfront content-type image/webp x-amz-storage-class STANDARD_IA cache-control max-age=31536000 x-amz-cf-pop FRA60-P3 accept-ranges bytes content-length 802 x-amz-cf-id hde69N8H44UCQiO-DZtRvlQw_wgeE0Hf50jj-ZQ48y-t8UiKIBYDfw==
GET H2	200	icon-bintray_40x40.png media.jfrog.com/wp-content/uploads/2017/08/20132433/ Redirect Chain https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-bintray_40x40.png/mxw_1650,f_auto https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-bintray_40x40.png	505 B 924 B	9ms 8ms	Image image/png	13.224.193.47 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-bintray_40x40.png Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Server 13.224.193.47 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-47.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash 2de04d49a3dda7e2d392604b7225da7f48a3705783be35b66201d33c13339b60 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 24 Jul 2021 17:46:26 GMT via 1.1 d7e55181ad8192e74c103c6003cd4d9c.cloudfront.net (CloudFront) last-modified Mon, 20 Apr 2020 11:24:34 GMT server AmazonS3 age 15131978 etag "3cc90ad1e73c52c73654d642de1a62f2" x-cache Hit from cloudfront x-amz-version-id 4gtOFZE4Sasoi1_BvcV6v3eeJ.T05yrD cache-control max-age=31536000 x-amz-cf-pop FRA2-C1 accept-ranges bytes content-type image/png content-length 505 x-amz-cf-id gdrqDOvlOikHnsfBn_E8yrBkqN0MfbPPWWN_ydisiQudO_nPJRwYhA== expires Tue, 20 Apr 2021 11:24:33 GMT Redirect headers date Fri, 03 Dec 2021 05:39:16 GMT via 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront) server CloudFront age 3770807 x-cache Hit from cloudfront location https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-bintray_40x40.png cache-control s-maxage=31536000 x-amz-cf-pop FRA60-P3 content-length 0 x-amz-cf-id 9jE7UqK3tE6xH3mKLtiIW-a9vgE76FVbXJXX7Hr-SZFMpAKQaOpVHA==
GET H2	200	mxw_1650,f_auto speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2017/08/20130739/icon_jfrog-pipeline.png/	906 B 1 KB	13ms 13ms	Image image/webp	13.32.99.83 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://speedmedia.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/https://media.jfrog.com/wp-content/uploads/2017/08/20130739/icon_jfrog-pipeline.png/mxw_1650,f_auto Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.83 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-83.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 8d4c765e6a0ebcf102de299f3d7322b8d2d3988f95ead9e311fd733887988812 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sun, 05 Dec 2021 15:06:47 GMT via 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront) last-modified Sun, 27 Jun 2021 11:22:29 GMT server AmazonS3 age 3563957 etag "ca70a864152f1e310855be7845a483b9" x-cache Hit from cloudfront content-type image/webp x-amz-storage-class STANDARD_IA cache-control max-age=31536000 x-amz-cf-pop FRA60-P3 accept-ranges bytes content-length 906 x-amz-cf-id Fz3TWnGEBxyF4dc1nxIb8Jan6JBN-2cR-EHBMDbDHWV8JAl8WbNRWA==
GET H2	200	ct Show response en.rageagainstthesoap.com/	4 KB 2 KB	327ms 111ms	Script text/javascript	2600:1f18:e8a:cd02:882c:d916:bae1:7722 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://en.rageagainstthesoap.com/ct?id=11825&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1642280763315&hl=2&op=0&ag=509528714&rand=04997899780970970221815531556105642902112518027011522970999813506916&fs=1600x1200&fst=1600x1200&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDYzMTddLFsiY2IiLCIwLDAsMCwwLDEsMCwwLDAsMCwxLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCw0LDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAiXSxbLTEsIi0iXSxbLTIsIi0iXSxbLTMsIltcImludGVybmFsLXBkZi12aWV3ZXJcIixcIm1oamZibWRnY2ZqYmJwYWVvam9mb2hvZWZnaWVoamFpXCIsXCJpbnRlcm5hbC1uYWNsLXBsdWdpblwiXSJdLFstNCwiLSJdLFstNSwiLSJdLFstNiwie1wid1wiOltcIjBcIixcImNocm9tZVwiLFwiaW5pdEdUTU9uRXZlbnRcIixcImluaXRHVE1cIixcIkxvYWREcmlmdFdpZGdldFwiLFwiaW5pdERyaWZ0T25FdmVudFwiLFwiaW5pdERyaWZ0XCIsXCJhbGdvbGlhXCIsXCJpc01vYmlsZVwiLFwiX19jdGNnX2N0XzExODI1X2V4ZWNcIl0sXCJuXCI6W10sXCJkXCI6W119Il0sWy03LCItIl0sWy04LCItIl0sWy05LCIrIl0sWy0xMCwiLSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcImRlc2NyaXB0aW9uXCIsXCJvZzp0aXRsZVwiLFwib2c6ZGVzY3JpcHRpb25cIl19Il0sWy0xMiwibnVsbCJdLFstMTMsIi0iXSxbLTE0LCItIl0sWy0xNSwiLSJdLFstMTYsIjAiXSxbLTE3LCI0Il0sWy0xOCwiWzAsMCwwLDFdIl0sWy0xOSwiWzAsMCwwLDAsMCwwLDEsMjQsMjQsXCItXCIsMTYwMCwxMjAwLDE2MDAsMTIwMCwxNjAwLDEyMDAsMTYwMCwxMjAwLDAsMCwwLDAsXCItXCIsXCItXCJdIl0sWy0yMCwiLSJdLFstMjEsIi0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy0yMywiKyJdLFstMjQsIltdIl0sWy0yNSwiLSJdLFstMjYsIntcInRqaHNcIjoxMDAwMDAwMCxcInVqaHNcIjoxMDAwMDAwMCxcImpoc2xcIjozNzYwMDAwMDAwfSJdLFstMjcsIlswLDEwLDAsXCI0Z1wiLG51bGxdIl0sWy0yOCwiZW4tVVMiXSxbLTI5LCItIl0sWy0zMCwiW1widlwiLDBdIl0sWy0zMSwiZmFsc2UiXSxbLTMyLCIwIl0sWy0zMywiLSJdLFstMzQsIi0iXSxbLTM1LCJbMTY0MjI4MDc2MzIzMiwwXSJdLFstMzYsIltcIjQvM1wiLFwiNC8zXCJdIl0sWy0zNywiLTE0NC02Ni0xODAtIl0sWy0zOCwibCwtMSwtMSwwLDAsMiwwLDIxLDExOCwtMTY0MjI4MDc2MTgzMSwtMSwwLDE0NTguNCwxNDU4LjQsMTU0NSwxNTQ1Il0sWy0zOSwiW1wiMjAwMzAxMDdcIiwwLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsbnVsbCxudWxsLHRydWUsOCxmYWxzZSxudWxsLDBdIl0sWy00MCwiMzMiXSxbLTQxLCItIl0sWy00MiwiMTcyNDI5NzY1MyJdLFstNDMsIjAwMDAwMDAxMDEwMDAwMDEwMDExMTAxMTAwIl0sWy00NCwiMCwwLDAsNSJdLFstNDUsIi0iXSxbLTQ2LCIwIl0sWy00NywiRXRjL1Vua25vd24sZW4tVVMsbGF0bixncmVnb3J5Il0sWy00OCwiMCwwIl0sWy00OSwiLSJdLFstNTAsIi0iXSxbLTUxLCItIl0sWyJkZGIiLCIwLDAsMSwwLDAsMSwwLDAsMCwxLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwyLDAsMCwwLDAsMSwxLDIsMCwwLDgsMSwxLDAsMCJdLFsiYm5jaCIsMzFdLFsiYXdnbCIsIntcImN0eFwiOlwid2ViZ2xcIixcInZcIjpcImdvb2dsZSBpbmMuIChnb29nbGUpXCIsXCJyXCI6XCJhbmdsZSAoZ29vZ2xlLCB2dWxrYW4gMS4yLjAgKHN3aWZ0c2hhZGVyIGRldmljZSAoc3ViemVybykgKDB4MDAwMGMwZGUpKSwgc3dpZnRzaGFkZXIgZHJpdmVyLTUuMC4wKVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMCAob3BlbmdsIGVzIGdsc2wgZXMgMS4wIGNocm9taXVtKVwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wIChvcGVuZ2wgZXMgMi4wIGNocm9taXVtKVwiLFwiZ3ZlblwiOlwid2Via2l0XCIsXCJiZW5cIjo5LFwid2dsXCI6MCxcImdyZW5cIjpcIndlYmtpdCB3ZWJnbFwiLFwiYWJlblwiOjY2fSJdLFsiYWJuY2giLDk4XV0%3D&dep=0&pre=0&sdd=%7B%7D&cri=ZZvvm3gPrJ&pto=1628&ver=43&gac=-&mei=&ap=&duid=1.1642280763.mkTeP9aCoyyPaT0Q&suid=1.1642280763.efQ3QhhQSbM9K8pw&tuid=1.1642280763.h8Si7qJ1vUQKsm06&fbc=-&gtm=-&it=33%2C1367%2C138&fbcl=-&gacl=-&gacsd=-&rtic=- Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2600:1f18:e8a:cd02:882c:d916:bae1:7722 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software / Resource Hash 1daa8d404649c671d7b8eb3a90429341df28d7385a46da72e5c264a2fc3dd048 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:03 GMT content-encoding gzip cache-control no-cache, no-store, must-revalidate content-type text/javascript content-length 1421 expires Fri, 01 Jan 1990 00:00:00 GMT
GET		close.png media.jfrog.com/wp-content/uploads/2019/12/20130026/	0 0
GET		frog-hand-green.png media.jfrog.com/wp-content/uploads/2019/10/20130240/	0 0
GET		flag_us.png media.jfrog.com/wp-content/uploads/2020/01/20125954/	0 0
GET		jfrog-logo.svg media.jfrog.com/wp-content/uploads/2019/12/20130011/	0 0
GET		flag_chinese.png media.jfrog.com/wp-content/uploads/2020/01/20125954/	0 0
GET		vdoo-popup_jfrog-logo.png media.jfrog.com/wp-content/uploads/2021/09/13130230/	0 0
GET		vdoo-popup_graphic.png media.jfrog.com/wp-content/uploads/2021/09/13130228/	0 0
GET H2	200	jquery-3.5.1.min.js Show response jfrog.com/wp-content/themes/jfrog.com/assets/scripts/	87 KB 31 KB	11ms 9ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/scripts/jquery-3.5.1.min.js Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Request headers Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ dpr 1 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 viewport-width 1600 Response headers date Thu, 13 Jan 2022 21:05:39 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:31:39 GMT age 172824 etag W/"61e08c2b-15d84" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id zTo2N-HWw8UOgYPGyfoPCN8Q3gn6kW5y9HcrX1DThLpMVOfDHdMnqA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	underscore.min.js Show response jfrog.com/wp-includes/js/	16 KB 6 KB	11ms 10ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-includes/js/underscore.min.js?ver=1.8.3 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 6cd0d6897b3d4779f7d88ce72531f22fbf75851b195fb14e6f3f23d051b3d1e9 Request headers Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ dpr 1 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 viewport-width 1600 Response headers date Sat, 15 Jan 2022 19:05:39 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:31:39 GMT age 7224 etag W/"61e08c2b-3ead" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id P2grsKio30Q0LIoeFBG5hj4N4h-HDTUqtlwlsygUfTTmkZXXzSfc1w== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	backbone.min.js Show response jfrog.com/wp-includes/js/	23 KB 8 KB	11ms 10ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-includes/js/backbone.min.js?ver=1.4.0 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash bfa9441fac08fbebcfc65e202a788744aab8e4b1f634eaaf800256dce5012813 Request headers Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ dpr 1 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 viewport-width 1600 Response headers date Sat, 15 Jan 2022 19:08:13 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:36:05 GMT age 7224 etag W/"61e08d35-5d0a" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id u6M4BkC7oc_0GA1Nykj__4OSZiELhZuRmIER4VCbuVFg39gK8hCAnQ== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	api-request.min.js Show response jfrog.com/wp-includes/js/	1 KB 981 B	12ms 11ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-includes/js/api-request.min.js?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 243d0318292081b26db69dad7403b07a4f8c302076bad5ff2f51ce135e19390e Request headers Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ dpr 1 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 viewport-width 1600 Response headers date Sat, 15 Jan 2022 19:08:13 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:31:39 GMT age 7224 etag W/"61e08c2b-401" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id RNPfW8oTBC2cstUiLdzpskLOUWYL9jFP0IMkvJgSPkbO_7cfl3Rf3Q== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	wp-api.min.js Show response jfrog.com/wp-includes/js/	14 KB 4 KB	12ms 11ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-includes/js/wp-api.min.js?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash bdd9517fdb9df0b1631029d96536adb3a35cbdef273de0e877411c47af444f90 Request headers Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ dpr 1 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 viewport-width 1600 Response headers date Sat, 15 Jan 2022 19:08:13 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:31:39 GMT age 7224 etag W/"61e08c2b-395f" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id aSNFivID8g4hlIth2gV9pB-wLeQ8JVV_OoG7YUIEzQvRaV6lYvmZoQ== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	jfrog_general.js Show response jfrog.com/wp-content/themes/jfrog.com/assets/scripts/	1 KB 924 B	12ms 12ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/scripts/jfrog_general.js Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash ce446a4176b98b6069201f77d33be7861cf0e5d4ded6f32326a1725dedfb1796 Request headers Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ dpr 1 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 viewport-width 1600 Response headers date Thu, 13 Jan 2022 21:05:27 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:36:05 GMT age 172836 etag W/"61e08d35-5a0" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id xx0lU79627WRjCwY-Lw-2oz-BSlQNclJIszKBhXX4NDpT8y0SyFINQ== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	wp-embed.min.js Show response jfrog.com/wp-includes/js/	1 KB 1 KB	13ms 12ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-includes/js/wp-embed.min.js?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991 Request headers Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ dpr 1 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 viewport-width 1600 Response headers date Sat, 15 Jan 2022 19:08:13 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:36:05 GMT age 7224 etag W/"61e08d35-592" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id 37mOG0lie-l3-DtvqnI4X9XcgG5HIf_BsXkj_KP5j679ynOeAjGqjA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	403	/ Show response jfrog.com/wp-json/wp/v2/	146 B 362 B	107ms 107ms	XHR text/html	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-json/wp/v2/ Requested by Host: jfrog.com URL: https://jfrog.com/wp-content/themes/jfrog.com/assets/scripts/jquery-3.5.1.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864 Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ X-Requested-With XMLHttpRequest dpr 1 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 viewport-width 1600 Response headers date Sat, 15 Jan 2022 21:06:03 GMT via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C1 vary Accept-Encoding x-cache Error from cloudfront content-type text/html content-encoding gzip x-amz-cf-id 0yxKI1WUjeyfOTQdtXquKYMpAut-sGMEXb694jJ_ba8aIxlm3HdY9A==
GET H2	200	wzbody.js Show response sec.webeyez.com/js/wDv55PKmTtpCTH14WWzDXw2yJ3Gz/	128 KB 28 KB	70ms 10ms	Script text/javascript	2600:9000:21f3:1800:1:a64e:d7c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://sec.webeyez.com/js/wDv55PKmTtpCTH14WWzDXw2yJ3Gz/wzbody.js Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21f3:1800:1:a64e:d7c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 8e4e39548c66ad00f5dc6ef39bd166a7321d60b4d56454047bd711e1328a267f Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 20:17:49 GMT via 1.1 96c1c36adc76f99239fd3220e5be7e6a.cloudfront.net (CloudFront) age 2894 x-cache Hit from cloudfront content-type text/javascript cache-control public, max-age=900 x-amz-cf-pop FRA2-C2 content-encoding gzip content-length 28400 x-amz-cf-id cagB9hkuCkbhSqsOhmdH6VXOYvoShK73HsSap9xSnm2WG96zmBn1Jg== expires Sat, 15 Jan 2022 20:17:50 GMT
GET H2	200	pages.bundle.4df78353b12f3e4dc658.js Show response jfrog.com/wp-content/themes/jfrog.com/dist/	396 KB 69 KB	10ms 9ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.4df78353b12f3e4dc658.js Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 7c911eff8be5f67c4700194385a33cf0d837f314c084ffb82c4159a22b643620 Request headers Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ dpr 1 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 viewport-width 1600 Response headers date Thu, 13 Jan 2022 21:05:40 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 18:43:46 GMT age 172823 etag W/"61e072e2-630cb" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id nYlvaGrhNy2TPG9ifo0Z92HisuJ7bZoUvKvUSq1CzW0S90B3qxU_IA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	vendor~main~pages.chunk.d2df19a83540d754d88d.js Show response jfrog.com/wp-content/themes/jfrog.com/dist/	340 KB 98 KB	10ms 9ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~main~pages.chunk.d2df19a83540d754d88d.js Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash b481b57711d7f9bd179df2aca86dc319bccea9795f6b9bb88f443ac6c169ce70 Request headers Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ dpr 1 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 viewport-width 1600 Response headers date Thu, 13 Jan 2022 21:05:40 GMT content-encoding gzip last-modified Wed, 29 Dec 2021 09:32:03 GMT age 172823 etag W/"61cc2b13-550e3" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id m9t5DkyQYO18IJwkkJTJUJMDnF9os7kiUrRlhlzqipO-6qA99H4c-g== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	vendor~pages.chunk.c146f3208a9f24c5797c.js Show response jfrog.com/wp-content/themes/jfrog.com/dist/	122 KB 38 KB	10ms 10ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~pages.chunk.c146f3208a9f24c5797c.js Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash e6fc22b59637257596dd235e733eab1436302807401778de04459223e1c761ae Request headers Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ dpr 1 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 viewport-width 1600 Response headers date Thu, 13 Jan 2022 21:05:40 GMT content-encoding gzip last-modified Wed, 29 Dec 2021 09:32:03 GMT age 172823 etag W/"61cc2b13-1e915" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id u2UHJufKRag-1mbGkE9XUSPYTyUCsjrGQ2NDVSyszwQLjdf5tfAJ6g== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	98 KB 26 KB	22ms 7ms	Script application/x-javascript	2a03:2880:f01c:216:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 25965 x-xss-protection 0 pragma public x-fb-debug 5x1/7EQMCjqtBbuQrMeMyXi6/iQrIoi2JCOV3IxZrh9b8G3EwcINEkMPyDLaxTi/DCHgLu3oaBOOvyW1LJsTeQ== x-fb-trip-id 686109401 x-frame-options DENY date Sat, 15 Jan 2022 21:06:03 GMT strict-transport-security max-age=31536000; preload; includeSubDomains content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/ Frame 38D2	98 KB 39 KB	142ms 55ms	Script application/javascript	2a00:1450:4001:831::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-982905749 Requested by Host: d.rageagainstthesoap.com URL: https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash ad301dc636fb4beab1bfad6435de15fc33df89f2f5522b4a0d13d43e4e1d8c82 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:03 GMT content-encoding br server Google Tag Manager access-control-allow-headers Cache-Control vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 39730 x-xss-protection 0 expires Sat, 15 Jan 2022 21:06:03 GMT
GET H2	200	/ Show response jfrog.com/invalidppc/ Frame D41F	148 KB 40 KB	1578ms 1578ms	Document text/html	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/invalidppc/ Requested by Host: d.rageagainstthesoap.com URL: https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 83712f37fa33828a05bb5a3b513b7d41b1d0bbe8df51bee4befc8aca9bfe747a Security Headers Name Value Content-Security-Policy frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Response headers content-type text/html; charset=UTF-8 date Sat, 15 Jan 2022 21:06:05 GMT access-control-allow-origin https://jfrog.com strict-transport-security max-age=31536000; includeSubDomains referrer-policy no-referrer-when-downgrade x-content-type-options nosniff content-security-policy frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/; etag W/"ff74facc4f6d9b3abe1b8bcd5711b58b7d7128eb" last-modified Wed, 27 Oct 2021 07:13:53 GMT expires Sat, 22 Jan 2022 21:06:04 GMT cache-control public, max-age=604800 pragma public link <https://jfrog.com/wp-json/>; rel="https://api.w.org/" <https://jfrog.com/wp-json/wp/v2/pages/82184>; rel="alternate"; type="application/json" <https://jfrog.com/?p=82184>; rel=shortlink content-encoding gzip vary Accept-Encoding x-cache Miss from cloudfront via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C1 x-amz-cf-id c_wCglXypZhcAnNmPQBZs1TAC5JprZomS9ThQNhlv5ahjqf6um3j1Q==
GET H2	200	tc_imp.gif en.rageagainstthesoap.com/tracker/	43 B 79 B	102ms 102ms	Image image/gif	2600:1f18:e8a:cd02:882c:d916:bae1:7722 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://en.rageagainstthesoap.com/tracker/tc_imp.gif?e=37dfbd8ee84e00136eecc53dea408c9e9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5f10856f2217071a10acf9f29f674bd48adb0f2c3713fc2d7652d43ade63920c660c24c65b045c305556cfbe384b77be26bb25cb43e2916af05165ad5f2f7a1bda53ec40f4c1d7de3cbb2807ff7ecaa8556d8e0e3143714493d60261a060b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c4b92177af998ffe4198b6dec06c213f85e162ae7d133722b325f817c99ec59b058609fc6e359143e3dd385293e88864c06513c157a77bb9e70392652b48d1c2ad7f4ec3ee3b8192d4079b4afa28a9869badbd758f5519d485d339bb9d8ece93193dbfc68912112c3bb9c6d0a1ce56539ac934531ee8dad7d8803a942b08719ca46c8992ec13c67909020de60c4dbfaef9db1b60b20f127b3a7e86c1368aed971c8f006f3064c1ec8070cc78f8684c0f18a7dc824dd9bf89a63f8767638cb77289a81925e209fe37ca017e4854a8738be76474753ca79ad16cecce169a8843cc317e6c0d7d7288254506af31113497a4270d1bc60a24ed9c0c832a29f6ff19b3fcd85a4be33cfb6e01f3e2dc6a94e43d8a6045642acbdb260b828c9f856fd945ba060b2638759d508c5ed6dd51023f8bcd033696a22417f494e1db8f3907e815aa54f5c1071adf54b9fd84b1ee2aa81ebfa3595bca0a5d9a6bdfb59112ee755d1e72a32da163b5fae374f7b7eeb69b3644f90989d3adf3e935cdfb926dfa51f85694d7d3208171280c3e4d22078579c044690dbc5b8b1c94f1898b0bc618bc9737fc4cf113a69e58cdf5623da3b970bda43b72d9100dad612febe30e09388d59e447cb2bb5f36e27ff7feefe25ffc3d50166486745113f4fa0b9de606cb879ace50cf858f33093144a068fd64a934ead908f5603e283a323d38f3469cc5760ced7dcab5f42bd8c9498e767baf167a2f81b0d96903e9308f8f56bf664a4317bc3d3e9ebd95289d4534f1e80fb3869e86c030860206794cac203758cac1501fef71&cri=ZZvvm3gPrJ&ts=347&cb=1642280763662 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2600:1f18:e8a:cd02:882c:d916:bae1:7722 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software / Resource Hash 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:03 GMT cache-control no-cache, no-store, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT content-length 43 content-type image/gif
GET H2	200	616379538459573 Show response connect.facebook.net/signals/config/	306 KB 88 KB	9ms 9ms	Script application/x-javascript	2a03:2880:f01c:216:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/616379538459573?v=2.9.48&r=stable Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash a54a0597b01d11189a231db3a91bae3d915acb4dbaa1f2f371c3dd17d4f1069d Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 89074 x-xss-protection 0 pragma public x-fb-debug aQagxnWZYcRVhosLWh6sq6bbGFQGYGG5gPcfBnaGglgid93DW+TS+fEhalm6J3NYBcnQSpzUpPjO8IGz1jurAg== x-fb-trip-id 686109401 x-frame-options DENY cross-origin-opener-policy same-origin-allow-popups cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" date Sat, 15 Jan 2022 21:06:03 GMT strict-transport-security max-age=31536000; preload; includeSubDomains report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	44 B 295 B	24ms 7ms	Image image/gif	2a03:2880:f11c:8083:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=616379538459573&ev=CHEQ&dl=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&rl=&if=false&ts=1642280763727&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1642280763725.1848541065&it=1642280763687&coo=false&rqm=GET Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:03 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 44 expires Sat, 15 Jan 2022 21:06:03 GMT
GET H2	200	conversion_async.js Show response www.googleadservices.com/pagead/ Frame 38D2	38 KB 15 KB	135ms 54ms	Script text/javascript	142.250.186.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleadservices.com/pagead/conversion_async.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=AW-982905749 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f2.1e100.net Software cafe / Resource Hash 1fe7c9b04cd9ebd46cd5a636bd2c2b1d54054f3995db24951c0d0318ec71d70c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:03 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14835 x-xss-protection 0 server cafe etag 2630088915750441828 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600 timing-allow-origin * expires Sat, 15 Jan 2022 21:06:03 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/ Frame 38D2	2 KB 2 KB	132ms 48ms	Script text/javascript	2a00:1450:4001:813::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/?random=1642280764003&cv=9&fst=1642280764003&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 69476ab8a00d65456c5bd1da8fe14f398a2fbb4d9e23225ac01cf2f066d42249 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:04 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1063 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ Show response www.googleadservices.com/pagead/conversion/982905749/ Frame 38D2	2 KB 1 KB	100ms 51ms	Script text/javascript	142.250.186.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleadservices.com/pagead/conversion/982905749/?random=1642280764006&cv=9&fst=1642280764006&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f2.1e100.net Software cafe / Resource Hash fa5fea7382d2074064273664a53e857295072a353dc42113ecd222c35362cbc3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:04 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1196 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ 982905749.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/982905749/ Frame 38D2	0 0	169ms 45ms	Image text/html	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://982905749.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/982905749/?random=1642280764006&cv=9&fst=1642280764006&num=1&fmt=3&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers
GET H3	200	/ www.google.de/pagead/1p-conversion/982905749/ Frame 38D2 Redirect Chain https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/?random=1447705397&cv=9&fst=1642280764006&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=120... https://www.google.com/pagead/1p-conversion/982905749/?random=1447705397&cv=9&fst=1642280764006&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&... https://www.google.de/pagead/1p-conversion/982905749/?random=1447705397&cv=9&fst=1642280764006&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u...	42 B 64 B	98ms 53ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-conversion/982905749/?random=1447705397&cv=9&fst=1642280764006&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGw&is_vtc=1&ocp_id=PDfjYYu2BJyYx_AP0d6X-A8&random=1640800814&resp=GooglemKTybQhCsO&ipr=y&prhg=0 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H3 Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:04 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Sat, 15 Jan 2022 21:06:04 GMT x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type image/gif location https://www.google.de/pagead/1p-conversion/982905749/?random=1447705397&cv=9&fst=1642280764006&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGw&is_vtc=1&ocp_id=PDfjYYu2BJyYx_AP0d6X-A8&random=1640800814&resp=GooglemKTybQhCsO&ipr=y&prhg=0 cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.com/pagead/1p-user-list/982905749/ Frame 38D2	42 B 548 B	129ms 48ms	Image image/gif	2a00:1450:4001:829::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/982905749/?random=1642280764003&cv=9&fst=1642280400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&async=1&fmt=3&is_vtc=1&random=588874755&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:04 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/982905749/ Frame 38D2	42 B 548 B	133ms 49ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/982905749/?random=1642280764003&cv=9&fst=1642280400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&async=1&fmt=3&is_vtc=1&random=588874755&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:04 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	200	/ Show response www.facebook.com/tr/ Frame 816A	0 18 B	18ms 7ms	Document text/plain	2a03:2880:f11c:8083:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/tr/ Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Upgrade-Insecure-Requests 1 Origin https://jfrog.com Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Response headers content-type text/plain access-control-allow-origin https://jfrog.com access-control-allow-credentials true strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin content-length 0 server proxygen-bolt alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 priority u=3,i date Sat, 15 Jan 2022 21:06:04 GMT
POST H2	200	mon Show response en.rageagainstthesoap.com/	0 143 B	101ms 101ms	XHR application/json	2600:1f18:e8a:cd02:882c:d916:bae1:7722 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://en.rageagainstthesoap.com/mon Requested by Host: sec.webeyez.com URL: https://sec.webeyez.com/js/wDv55PKmTtpCTH14WWzDXw2yJ3Gz/wzbody.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2600:1f18:e8a:cd02:882c:d916:bae1:7722 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin https://jfrog.com date Sat, 15 Jan 2022 21:06:04 GMT access-control-allow-credentials true content-length 0 access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE content-type application/json
GET H2	200	clicktrue_invocation.js Show response d.rageagainstthesoap.com/ Frame D41F	72 KB 26 KB	30ms 29ms	Script text/javascript	2600:9000:234e:4e00:7:4902:e200:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:234e:4e00:7:4902:e200:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Caddy / Resource Hash 568a519bb79d721a7575f9bbabf873b045b71cf523c4cd4250b9d047317ba591 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:03 GMT content-encoding gzip server Caddy age 1410 etag "11f92-BejVIWWxgR6sMnxgCrkP/wubq24" x-cache Hit from cloudfront content-type text/javascript; charset=utf-8 via 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront) cache-control max-age=43200 x-amz-cf-pop OSL50-P1 content-length 26711 x-amz-cf-id KiCu4wul_344nvvuWw_wUoLh0fJFt26J59ydMba1gncGrQBgHFZA8Q== expires Sun, 16 Jan 2022 08:42:35 GMT
GET H2	200	styles.css jfrog.com/wp-content/plugins/better-click-to-tweet/assets/css/ Frame D41F	2 KB 980 B	9ms 7ms	Stylesheet text/css	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/plugins/better-click-to-tweet/assets/css/styles.css?ver=3.0 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash ac588a22069fd96f7979ef0eb66728f0c45d9594c49bea515afe79d229591cdd Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 19:08:13 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:36:04 GMT age 7220 etag W/"61e08d34-809" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id _ahFEW-L8Q3jowdCi-voato_U8qnR57hnm-PxwGkleXf2araMiDiBw== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	default.min.css jfrog.com/wp-content/plugins/tablepress/css/ Frame D41F	5 KB 3 KB	14ms 12ms	Stylesheet text/css	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/plugins/tablepress/css/default.min.css?ver=1.12 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 19:08:13 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:36:04 GMT age 7220 etag W/"61e08d34-13e4" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id K7uC2mVptFW1zFYFRm0fvXIf6Kye-ApW1j-j578CrtlZoiIAIlMkLg== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	vendor~main~pages.chunk.b1046a82e21d1960b63c.css jfrog.com/wp-content/themes/jfrog.com/dist/ Frame D41F	12 KB 6 KB	10ms 8ms	Stylesheet text/css	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~main~pages.chunk.b1046a82e21d1960b63c.css?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 31eae54cf017a16241a52d95bbb40d84a4678d63143813a279dc913c7d209516 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT content-encoding gzip last-modified Wed, 29 Dec 2021 09:27:34 GMT age 172826 etag W/"61cc2a06-3126" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id aXHRcSP5DaDE_8bUICwmFi4m7__GfT2plQ87BTxNe7lS0k1ag6dcLA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	pages.bundle.b69184e4fedb9285b9ad.css jfrog.com/wp-content/themes/jfrog.com/dist/ Frame D41F	1 MB 172 KB	16ms 14ms	Stylesheet text/css	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.b69184e4fedb9285b9ad.css?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash b9c649cdcd14a4efd0a9bcc23ac8dd88397c86a0cf67488b886ffe9a2d3891d0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:33:34 GMT age 172826 etag W/"61e08c9e-144cfd" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id qruHBC7olelBbeLuyKav1H988I8voFHJlIXiYagvOm3X_pY6lnBVrw== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	vendor~pages.chunk.b916dc5279409299c884.css jfrog.com/wp-content/themes/jfrog.com/dist/ Frame D41F	19 KB 3 KB	16ms 14ms	Stylesheet text/css	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~pages.chunk.b916dc5279409299c884.css?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash acab616ca94eebf4acb5afd392e304c5d9dab3f2e5121c005e2f6460e7a0b5a3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT content-encoding gzip last-modified Wed, 29 Dec 2021 09:32:03 GMT age 172826 etag W/"61cc2b13-4d3d" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id 0_yz-rx9kKuH8sDFKrEszI26B0Nxwvu6d7OKvlKGV344mslWKQv6yA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	flag-icon.css jfrog.com/wp-content/themes/jfrog.com/node_modules/flag-icon-css/css/ Frame D41F	37 KB 3 KB	16ms 14ms	Stylesheet text/css	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/node_modules/flag-icon-css/css/flag-icon.css?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash f4c6d858f9444d1603c69ae3416514024894e89b50698d44bacb71416750c219 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT content-encoding gzip last-modified Thu, 16 Nov 2017 15:45:52 GMT age 172826 etag W/"5a0db2b0-93d8" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id UyiHozycwLBuXZm_pJ6ICJiYzrsH8mr_XSmIQpENVwBRDoKyznuZ0g== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	bebasneue-webfont.woff2 jfrog.com/wp-content/themes/jfrog.com/assets/fonts/bebasneue/ Frame D41F	15 KB 16 KB	12ms 11ms	Font application/octet-stream	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/bebasneue/bebasneue-webfont.woff2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash f25af0023f3898c94965f07dd066692f6541970ca482b9fc8631225676531bc0 Request headers Referer https://jfrog.com/invalidppc/ Origin https://jfrog.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) last-modified Thu, 13 Jan 2022 20:31:39 GMT age 172826 etag "61e08c2b-3d48" x-cache Hit from cloudfront content-type application/octet-stream access-control-allow-origin * cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 15688 x-amz-cf-id wB9RfbnZ2CsUrjs1GKSVaREi6pxS6sshsqBRfPxyBxexb3cOIEL7wQ== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	FontAwesome.woff2 jfrog.com/wp-content/themes/jfrog.com/assets/fonts/jfrogfontawesome/ Frame D41F	4 KB 5 KB	19ms 18ms	Font application/octet-stream	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/jfrogfontawesome/FontAwesome.woff2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash df740a8ffe6449fe8b5404a650078723908ea9b95403dd0327983ce26b6fd7ba Request headers Referer https://jfrog.com/invalidppc/ Origin https://jfrog.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) last-modified Thu, 13 Jan 2022 20:36:05 GMT age 172826 etag "61e08d35-115c" x-cache Hit from cloudfront content-type application/octet-stream access-control-allow-origin * cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 4444 x-amz-cf-id i8lYNGhxnnKyBqDzPa_foIbUnHVaky7Aw4lZIgtYImfkWq4W_xXjOA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	OpenSans-Bold.woff2 jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/ Frame D41F	45 KB 46 KB	18ms 18ms	Font application/octet-stream	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/OpenSans-Bold.woff2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 46b518780343f2262e168bea5146d1ff30a6253191cc61b486657c76a58fb2bb Request headers Referer https://jfrog.com/invalidppc/ Origin https://jfrog.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) last-modified Thu, 13 Jan 2022 20:36:05 GMT age 172826 etag "61e08d35-b57c" x-cache Hit from cloudfront content-type application/octet-stream access-control-allow-origin * cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 46460 x-amz-cf-id WDL87q4SdWqdDIw7k7peApWirmD5kHMzP_QxPWv_DYbIZmAyJ1pAFw== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	OpenSans-Regular.woff2 jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/ Frame D41F	44 KB 44 KB	12ms 11ms	Font application/octet-stream	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/OpenSans-Regular.woff2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 408fe165dff48eb2f8cb3a2fcbc1dd92b94d56b4ab11813be55c776871c691cf Request headers Referer https://jfrog.com/invalidppc/ Origin https://jfrog.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) last-modified Thu, 13 Jan 2022 20:31:39 GMT age 172826 etag "61e08c2b-ae68" x-cache Hit from cloudfront content-type application/octet-stream access-control-allow-origin * cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 44648 x-amz-cf-id j8-cLGfT7MfuhxPkqMT8KrcTgTa1VHN_lNIqp2i04fsJYGgEsbq1Kg== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	web_cta.png media.jfrog.com/wp-content/uploads/2021/12/17123503/ Frame D41F	7 KB 7 KB	11ms 9ms	Image image/png	13.224.193.47 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://media.jfrog.com/wp-content/uploads/2021/12/17123503/web_cta.png Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.47 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-47.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash 913f0deaa801a9965531542c2dbf39f09628fdfe6686176e89cf345c84123820 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 17 Dec 2021 10:38:54 GMT via 1.1 d7e55181ad8192e74c103c6003cd4d9c.cloudfront.net (CloudFront) age 2543231 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 6778 last-modified Fri, 17 Dec 2021 10:35:04 GMT server AmazonS3 etag "97d307be33d7e04e0c501274c5c46106" x-amz-version-id .kXiIJAmcxl4wSELlecJUmwAg40PgOoz cache-control max-age=31536000 x-amz-cf-pop FRA2-C1 accept-ranges bytes content-type image/png x-amz-cf-id ZVpzYGy2AvMEFc7Kb6CUZDvriNrteXnaVlLTTqc32jaUXvNwCvcPZA== expires Sat, 17 Dec 2022 10:35:03 GMT
GET		mobile_cta.png media.jfrog.com/wp-content/uploads/2021/12/17123501/ Frame D41F	0 0
GET		jfrog-logo-2022.svg media.jfrog.com/wp-content/uploads/2021/12/29113553/ Frame D41F	0 0
GET		solutions-diagram.svg media.jfrog.com/wp-content/uploads/2020/11/29113725/ Frame D41F	0 0
GET		icon-artifactory-1.png media.jfrog.com/wp-content/uploads/2017/08/20132433/ Frame D41F	0 0
GET		icon-xray.png media.jfrog.com/wp-content/uploads/2017/08/20132432/ Frame D41F	0 0
GET		icon_jfrog-pipeline.png media.jfrog.com/wp-content/uploads/2017/08/20130739/ Frame D41F	0 0
GET H3	200	optimize.js Show response www.googleoptimize.com/ Frame D41F	87 KB 34 KB	92ms 45ms	Script application/javascript	2a00:1450:4001:80e::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleoptimize.com/optimize.js?id=GTM-MDG4GXG Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 4f7218d98c5ff6b05532e69b520237f27c3fcd657d3b290a09321de3e226dad9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:05 GMT content-encoding br server Google Tag Manager access-control-allow-headers Cache-Control vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35213 x-xss-protection 0 expires Sat, 15 Jan 2022 21:06:05 GMT
GET		icon-bintray_40x40.png media.jfrog.com/wp-content/uploads/2017/08/20132433/ Frame D41F	0 0
GET		jcr40PX-1.png media.jfrog.com/wp-content/uploads/2017/08/20130019/ Frame D41F	0 0
GET		icon-jfrog-connect.svg media.jfrog.com/wp-content/uploads/2017/08/09231026/ Frame D41F	0 0
GET		chevron_down.svg media.jfrog.com/wp-content/uploads/2021/12/29113500/ Frame D41F	0 0
GET H/1.1	200 OK	insight.min.js Show response snap.licdn.com/li.lms-analytics/ Frame D41F	5 KB 2 KB	36ms 8ms	Script application/x-javascript	2a02:26f0:f7::5c7b:e024 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:f7::5c7b:e024 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Sat, 15 Jan 2022 21:06:05 GMT Content-Encoding gzip Last-Modified Wed, 29 Sep 2021 19:17:49 GMT X-CDN AKAM Vary Accept-Encoding Content-Type application/x-javascript;charset=utf-8 Cache-Control max-age=82033 Connection keep-alive Accept-Ranges bytes Content-Length 2036
GET BLOB	200 OK	235e37be-f1f9-4137-8d78-1ed8fa0ecf69 https://jfrog.com/ Frame D41F	1 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:https://jfrog.com/235e37be-f1f9-4137-8d78-1ed8fa0ecf69 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash e43f3575e3f02d59c177ebfc5ffc7fefb0ab4544f3d0554997e27cf1eb0cba9e Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Length 1108
GET H2	200	collect px4.ads.linkedin.com/ Frame D41F Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1642280765351&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D20396%26time%3D1642280765351%26url%3Dhttps%253A%252F%252Fjfrog.com%252Fblog%252Fp... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1642280765351&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&liSyn... https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1642280765351&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&liSy...	0 39 B	326ms 122ms	Image application/javascript	108.174.10.14 LINKEDIN
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1642280765351&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&liSync=true&e_ipv6=AQJ9eUcXlOU06gAAAX5fj8jlA4YXV3CHdFezmak-DpmASk0VUyArirH6xYa1GO-_wyuGvGS6 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Server 108.174.10.14 , United States, ASN14413 (LINKEDIN, US), Reverse DNS 108-174-10-14.fwd.linkedin.com Software Play / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:06 GMT server Play linkedin-action 1 x-li-fabric prod-lva1 x-li-proto http/2 x-li-pop prod-lva1 content-type application/javascript content-length 0 x-li-uuid bUXVzaeNyhaAknasISsAAA== Redirect headers date Sat, 15 Jan 2022 21:06:05 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 688D9F8F9BCD4E6DBBB1F774F35CF87D Ref B: FRAEDGE1315 Ref C: 2022-01-15T21:06:05Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lva1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1642280765351&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&liSync=true&e_ipv6=AQJ9eUcXlOU06gAAAX5fj8jlA4YXV3CHdFezmak-DpmASk0VUyArirH6xYa1GO-_wyuGvGS6 x-li-proto http/2 content-length 0 x-li-uuid AAXVpUmokOtkD1TjzvVKcw==
GET H2	200	ct Show response en.rageagainstthesoap.com/ Frame D41F	3 KB 1 KB	117ms 117ms	Script text/javascript	2600:1f18:e8a:cd02:882c:d916:bae1:7722 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://en.rageagainstthesoap.com/ct?id=11825&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1642280765381&hl=2&op=0&ag=509528714&rand=54687000170022229100059232625990937971282120785007984221055124206182&fs=0x0&fst=1600x1200&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDQ4NTFdLFsiY2IiLCIwLDAsMCwwLDIsMCwwLDAsMCwzLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTEsIi0iXSxbLTIsIi0iXSxbLTMsIltcImludGVybmFsLXBkZi12aWV3ZXJcIixcIm1oamZibWRnY2ZqYmJwYWVvam9mb2hvZWZnaWVoamFpXCIsXCJpbnRlcm5hbC1uYWNsLXBsdWdpblwiXSJdLFstNCwiLSJdLFstNSwiLSJdLFstNiwie1wid1wiOltcIjBcIixcImNocm9tZVwiLFwiaW5pdEdUTU9uRXZlbnRcIixcImluaXRHVE1cIixcIkxvYWREcmlmdFdpZGdldFwiLFwiaW5pdERyaWZ0T25FdmVudFwiLFwiaW5pdERyaWZ0XCIsXCJhbGdvbGlhXCIsXCJpc01vYmlsZVwiLFwiX2xpbmtlZGluX3BhcnRuZXJfaWRcIixcIl9saW5rZWRpbl9kYXRhX3BhcnRuZXJfaWRzXCIsXCJsaW50cmtcIixcIl9fY3RjZ19jdF8xMTgyNV9leGVjXCJdLFwiblwiOltdLFwiZFwiOltdfSJdLFstNywiLSJdLFstOCwiLSJdLFstOSwiKyJdLFstMTAsIi0iXSxbLTExLCJ7XCJ0XCI6XCJcIixcIm1cIjpbXCJkZXNjcmlwdGlvblwiLFwib2c6dGl0bGVcIixcIm9nOmRlc2NyaXB0aW9uXCJdfSJdLFstMTIsIm51bGwiXSxbLTEzLCItIl0sWy0xNCwiLSJdLFstMTUsIi0iXSxbLTE2LCIwIl0sWy0xNywiNCJdLFstMTgsIlswLDAsMCwxXSJdLFstMTksIlswLDAsMCwwLDAsMCwxLDI0LDI0LFwiLVwiLDE2MDAsMTIwMCwxNjAwLDEyMDAsMTYwMCwxMjAwLDAsMCwwLDAsMCwwLFwiLVwiLFwiLVwiXSJdLFstMjAsIi0iXSxbLTIxLCItIl0sWy0yMiwiW1wiblwiLFwiblwiXSJdLFstMjMsIisiXSxbLTI0LCJbXSJdLFstMjUsIi0iXSxbLTI2LCJ7XCJ0amhzXCI6MTAwMDAwMDAsXCJ1amhzXCI6MTAwMDAwMDAsXCJqaHNsXCI6Mzc2MDAwMDAwMH0iXSxbLTI3LCJbMCwxMCwwLFwiNGdcIixudWxsXSJdLFstMjgsImVuLVVTIl0sWy0yOSwiLSJdLFstMzAsIltcInZcIiwwXSJdLFstMzEsImZhbHNlIl0sWy0zMiwiMCJdLFstMzMsIi0iXSxbLTM0LCItIl0sWy0zNSwiWzE2NDIyODA3NjUzNDQsMF0iXSxbLTM2LCJbXCI0LzNcIixcIjQvM1wiXSJdLFstMzcsIi0xNDQtNjYtMTgwLSJdLFstMzgsImwsLTEsLTEsMSwwLDAsMCwwLDAsLTE2NDIyODA3NjM2NjIsLTEsMCwsLDE2ODQsMTY4NSJdLFstMzksIltcIjIwMDMwMTA3XCIsMCxcIkdlY2tvXCIsXCJOZXRzY2FwZVwiLFwiTW96aWxsYVwiLG51bGwsbnVsbCx0cnVlLDgsZmFsc2UsbnVsbCwwXSJdLFstNDAsIjMzIl0sWy00MSwiLSJdLFstNDIsIjE3MjQyOTc2NTMiXSxbLTQzLCIwMDAwMDAwMTAxMDAwMDAxMDAxMTEwMTEwMCJdLFstNDQsIjAsMCwwLDUiXSxbLTQ1LCItIl0sWy00NiwiMCJdLFstNDcsIkV0Yy9Vbmtub3duLGVuLVVTLGxhdG4sZ3JlZ29yeSJdLFstNDgsIjAsMCJdLFstNDksIi0iXSxbLTUwLCJodHRwczovL2pmcm9nLmNvbS9pbnZhbGlkcHBjLyJdLFstNTEsIi0iXSxbImRkYiIsIjAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwyLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDEsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDEsMCwwIl0sWyJibmNoIiwxM10sWyJhd2dsIiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwiZ29vZ2xlIGluYy4gKGdvb2dsZSlcIixcInJcIjpcImFuZ2xlIChnb29nbGUsIHZ1bGthbiAxLjIuMCAoc3dpZnRzaGFkZXIgZGV2aWNlIChzdWJ6ZXJvKSAoMHgwMDAwYzBkZSkpLCBzd2lmdHNoYWRlciBkcml2ZXItNS4wLjApXCIsXCJzbHZcIjpcIndlYmdsIGdsc2wgZXMgMS4wIChvcGVuZ2wgZXMgZ2xzbCBlcyAxLjAgY2hyb21pdW0pXCIsXCJndmVyXCI6XCJ3ZWJnbCAxLjAgKG9wZW5nbCBlcyAyLjAgY2hyb21pdW0pXCIsXCJndmVuXCI6XCJ3ZWJraXRcIixcImJlblwiOjI1LFwid2dsXCI6MCxcImdyZW5cIjpcIndlYmtpdCB3ZWJnbFwiLFwiYWJlblwiOjMzfSJdLFsiYWJuY2giLDQ1XV0%3D&dep=2&pre=0&sdd=%7B%7D&cri=RRUEGC7npR&pto=1721&ver=43&gac=-&mei=&ap=&duid=1.1642280763.mkTeP9aCoyyPaT0Q&suid=1.1642280763.efQ3QhhQSbM9K8pw&tuid=1.1642280763.h8Si7qJ1vUQKsm06&fbc=1.1642280763725.1848541065&gtm=-&it=24%2C1590%2C33&fbcl=-&gacl=-&gacsd=-&rtic=-&ao=https%3A%2F%2Fjfrog.com&aol=2&aot=https%3A%2F%2Fjfrog.com,https%3A%2F%2Fjfrog.com Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2600:1f18:e8a:cd02:882c:d916:bae1:7722 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software / Resource Hash 24e11bd7c3ef23ecc528424793c1d16ee1d1b2b4ecd425a76a1dc1f4558e6638 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:05 GMT content-encoding gzip cache-control no-cache, no-store, must-revalidate content-type text/javascript content-length 1356 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	fbevents.js Show response connect.facebook.net/en_US/ Frame D41F	98 KB 25 KB	11ms 6ms	Script application/x-javascript	2a03:2880:f01c:216:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 25965 x-xss-protection 0 pragma public x-fb-debug 5x1/7EQMCjqtBbuQrMeMyXi6/iQrIoi2JCOV3IxZrh9b8G3EwcINEkMPyDLaxTi/DCHgLu3oaBOOvyW1LJsTeQ== x-frame-options DENY date Sat, 15 Jan 2022 21:06:05 GMT strict-transport-security max-age=31536000; preload; includeSubDomains content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/ Frame 4768	98 KB 39 KB	90ms 47ms	Script application/javascript	2a00:1450:4001:831::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-982905749 Requested by Host: d.rageagainstthesoap.com URL: https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 69e9e1923e81a6476a54c0d945c702e21632530288f7b62674d22567162bc090 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:05 GMT content-encoding br server Google Tag Manager access-control-allow-headers Cache-Control vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 39727 x-xss-protection 0 expires Sat, 15 Jan 2022 21:06:05 GMT
GET H2	200	/ Show response jfrog.com/invalidppc/ Frame DFF6	148 KB 40 KB	20ms 19ms	Document text/html	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/invalidppc/ Requested by Host: d.rageagainstthesoap.com URL: https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 83712f37fa33828a05bb5a3b513b7d41b1d0bbe8df51bee4befc8aca9bfe747a Security Headers Name Value Content-Security-Policy frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ Response headers content-type text/html; charset=UTF-8 date Sat, 15 Jan 2022 21:00:47 GMT access-control-allow-origin https://jfrog.com strict-transport-security max-age=31536000; includeSubDomains referrer-policy no-referrer-when-downgrade x-content-type-options nosniff content-security-policy frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/; etag W/"560c7a51eaf05cc5e19d8b1f73aa604e32b0a486" last-modified Wed, 27 Oct 2021 07:13:53 GMT expires Sat, 22 Jan 2022 21:00:46 GMT cache-control public, max-age=604800 pragma public link <https://jfrog.com/wp-json/>; rel="https://api.w.org/" <https://jfrog.com/wp-json/wp/v2/pages/82184>; rel="alternate"; type="application/json" <https://jfrog.com/?p=82184>; rel=shortlink content-encoding gzip vary Accept-Encoding x-cache Hit from cloudfront via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C1 x-amz-cf-id CO0xsvGoVZLv2K4qCj16mXdSNB7ZvkBgaKZmvoVLbepoTeZZK7jqfw== age 318
GET H2	200	tc_imp.gif en.rageagainstthesoap.com/tracker/ Frame D41F	43 B 68 B	103ms 103ms	Image image/gif	2600:1f18:e8a:cd02:882c:d916:bae1:7722 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://en.rageagainstthesoap.com/tracker/tc_imp.gif?e=37dfbd8ee84e00136eecc53dea408c989225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5f10856f2217071a10acf9f29f674bd48adb0f2c3713fc2d7652d43ade63920c660c24c65b045c305556cfbe384b77be26bb25cb43e2916af05165ad5f2f7a1bda53ec40f4c1d7de3cbb2807ff7ecaa8556d8e0e3143714493d60261a060b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c4b92177af998ffe4198b6dec06c213f85e162ae7d133722b325f817c99ec59b058609fc6e359143e3dd385293e88864c06513c157a77bb9e70392652b48d1c2ad7f4ec3ee3b8192d4079b4afa28a9869badbd758f5519d485d339bb9d8ece93193dbfc68912112c3bb9c6d0a1ce5666bfec1136de7d9ff778c57ab13e1d210c24ecec97fc13d6097c82ed16797d4faef9db1b60b20f127b3a7e86c1368aed971c8f006f3064c1ec8070cc78f8684c0f18a7dc326c49dbb837efc6e7a79c4366b9293d116749ea863ac02f69e41d62ffe2d160514cd76e74dfae0ee31f887789f4fa9cfcbd827d60f0a2ded5910546e5979d7ec3bf4059a8c862ee5c625fc9a2bc9d4fbec7ccffea753656a83ec5d52d0ba051a5ab4e0a27ab66dcb9900b6b570f605f4239f41c906cbba6a95697bbdfbcc22466b7209380a4216ace58e6eda02b0434d442bfdaa4ed79c1009fab9dfbcb97edeffa6a094f2c4f0574c3cf25b85b45f7280466d07d4625e6d71f07bae6a04c1edc17f9766d727e6b73e99fd54cd690533211c7d1598c2e6d33c7c53990618ceb78cdbb99b205ad7f9dd2cf2cf1269c4c0517930ad83d34420a926835b9d18eb3f9c14d8d646aedb3183c3d0b3fb151fe69b3323c564ba9ff4ee4fc87e3e04048a694554b3a1578feb12c987c3c0379480c6490f7122df46e858aa53a09d7bd47215334b511063f303cdf87327e53093fcac6b8edd47da252fec4431&cri=RRUEGC7npR&ts=133&cb=1642280765514 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2600:1f18:e8a:cd02:882c:d916:bae1:7722 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software / Resource Hash 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:05 GMT cache-control no-cache, no-store, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT content-length 43 content-type image/gif
GET H3	200	616379538459573 Show response connect.facebook.net/signals/config/ Frame D41F	306 KB 87 KB	9ms 8ms	Script application/x-javascript	2a03:2880:f01c:216:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/616379538459573?v=2.9.48&r=stable Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash a54a0597b01d11189a231db3a91bae3d915acb4dbaa1f2f371c3dd17d4f1069d Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 89074 x-xss-protection 0 pragma public x-fb-debug aQagxnWZYcRVhosLWh6sq6bbGFQGYGG5gPcfBnaGglgid93DW+TS+fEhalm6J3NYBcnQSpzUpPjO8IGz1jurAg== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Sat, 15 Jan 2022 21:06:05 GMT strict-transport-security max-age=31536000; preload; includeSubDomains report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	clicktrue_invocation.js Show response d.rageagainstthesoap.com/ Frame DFF6	72 KB 26 KB	29ms 28ms	Script text/javascript	2600:9000:234e:4e00:7:4902:e200:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:234e:4e00:7:4902:e200:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Caddy / Resource Hash 568a519bb79d721a7575f9bbabf873b045b71cf523c4cd4250b9d047317ba591 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:03 GMT content-encoding gzip server Caddy age 1410 etag "11f92-BejVIWWxgR6sMnxgCrkP/wubq24" x-cache Hit from cloudfront content-type text/javascript; charset=utf-8 via 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront) cache-control max-age=43200 x-amz-cf-pop OSL50-P1 content-length 26711 x-amz-cf-id wVd-vAJLWaSnQYj19M0by1pLm-gql2DJ62ZU-NxavBaJvbGHQ1OVew== expires Sun, 16 Jan 2022 08:42:35 GMT
GET H2	200	styles.css jfrog.com/wp-content/plugins/better-click-to-tweet/assets/css/ Frame DFF6	2 KB 982 B	8ms 7ms	Stylesheet text/css	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/plugins/better-click-to-tweet/assets/css/styles.css?ver=3.0 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash ac588a22069fd96f7979ef0eb66728f0c45d9594c49bea515afe79d229591cdd Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 19:08:13 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:36:04 GMT age 7220 etag W/"61e08d34-809" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id XUMGw1XqfRv8UPtjJSdt4RFOwMOa_Q0R3PUyewnD3uMKDFwf6nUw_Q== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	default.min.css jfrog.com/wp-content/plugins/tablepress/css/ Frame DFF6	5 KB 3 KB	8ms 6ms	Stylesheet text/css	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/plugins/tablepress/css/default.min.css?ver=1.12 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 19:08:13 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:36:04 GMT age 7220 etag W/"61e08d34-13e4" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id beCz5T9npuCFO8UCVm4RK46jheT2KRpraZtVz-7xQ-q589M09s-QRA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	vendor~main~pages.chunk.b1046a82e21d1960b63c.css jfrog.com/wp-content/themes/jfrog.com/dist/ Frame DFF6	12 KB 6 KB	8ms 7ms	Stylesheet text/css	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~main~pages.chunk.b1046a82e21d1960b63c.css?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 31eae54cf017a16241a52d95bbb40d84a4678d63143813a279dc913c7d209516 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT content-encoding gzip last-modified Wed, 29 Dec 2021 09:27:34 GMT age 172826 etag W/"61cc2a06-3126" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id t9COfRZ1laeO4kZfj_-ZmL8n2G-UNerZCm89oDZ2wpU3LVtIxbIabQ== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	pages.bundle.b69184e4fedb9285b9ad.css jfrog.com/wp-content/themes/jfrog.com/dist/ Frame DFF6	1 MB 172 KB	9ms 7ms	Stylesheet text/css	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.b69184e4fedb9285b9ad.css?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash b9c649cdcd14a4efd0a9bcc23ac8dd88397c86a0cf67488b886ffe9a2d3891d0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:33:34 GMT age 172826 etag W/"61e08c9e-144cfd" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id VQbeyrmGgOKMC3nUGDzlHtzjnfqe_GaU5QVtR0BFDTlE0AYHDdJ5iA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	vendor~pages.chunk.b916dc5279409299c884.css jfrog.com/wp-content/themes/jfrog.com/dist/ Frame DFF6	19 KB 3 KB	10ms 9ms	Stylesheet text/css	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~pages.chunk.b916dc5279409299c884.css?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash acab616ca94eebf4acb5afd392e304c5d9dab3f2e5121c005e2f6460e7a0b5a3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT content-encoding gzip last-modified Wed, 29 Dec 2021 09:32:03 GMT age 172826 etag W/"61cc2b13-4d3d" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id ndsHufWYvItijFL3xZD841F-bCYXZZDmLtDuQxFFsq0RRmEEaE6maA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	flag-icon.css jfrog.com/wp-content/themes/jfrog.com/node_modules/flag-icon-css/css/ Frame DFF6	37 KB 3 KB	11ms 10ms	Stylesheet text/css	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/node_modules/flag-icon-css/css/flag-icon.css?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash f4c6d858f9444d1603c69ae3416514024894e89b50698d44bacb71416750c219 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT content-encoding gzip last-modified Thu, 16 Nov 2017 15:45:52 GMT age 172826 etag W/"5a0db2b0-93d8" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id jFgR56vbuFdSaLsUxiNDzSKoba5Di8a3IU7TKrEcsRPdlUkgAQegOg== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	bebasneue-webfont.woff2 jfrog.com/wp-content/themes/jfrog.com/assets/fonts/bebasneue/ Frame DFF6	15 KB 16 KB	11ms 10ms	Font application/octet-stream	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/bebasneue/bebasneue-webfont.woff2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash f25af0023f3898c94965f07dd066692f6541970ca482b9fc8631225676531bc0 Request headers Referer https://jfrog.com/invalidppc/ Origin https://jfrog.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) last-modified Thu, 13 Jan 2022 20:31:39 GMT age 172826 etag "61e08c2b-3d48" x-cache Hit from cloudfront content-type application/octet-stream access-control-allow-origin * cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 15688 x-amz-cf-id f54y3D4i0U54gXBGJAhL8xjfvHIJBJzYHofufxgVFftfw3L07bNMeA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	FontAwesome.woff2 jfrog.com/wp-content/themes/jfrog.com/assets/fonts/jfrogfontawesome/ Frame DFF6	4 KB 5 KB	11ms 10ms	Font application/octet-stream	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/jfrogfontawesome/FontAwesome.woff2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash df740a8ffe6449fe8b5404a650078723908ea9b95403dd0327983ce26b6fd7ba Request headers Referer https://jfrog.com/invalidppc/ Origin https://jfrog.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) last-modified Thu, 13 Jan 2022 20:36:05 GMT age 172826 etag "61e08d35-115c" x-cache Hit from cloudfront content-type application/octet-stream access-control-allow-origin * cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 4444 x-amz-cf-id xCgoralUZC4UcEYGRlDni55Tozi6hwQ7shS75xDUf-zfynV5Oe7RVw== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	OpenSans-Bold.woff2 jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/ Frame DFF6	45 KB 46 KB	11ms 10ms	Font application/octet-stream	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/OpenSans-Bold.woff2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 46b518780343f2262e168bea5146d1ff30a6253191cc61b486657c76a58fb2bb Request headers Referer https://jfrog.com/invalidppc/ Origin https://jfrog.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) last-modified Thu, 13 Jan 2022 20:36:05 GMT age 172826 etag "61e08d35-b57c" x-cache Hit from cloudfront content-type application/octet-stream access-control-allow-origin * cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 46460 x-amz-cf-id 4mCKNeAyTc8Wj6CUIBMqSZRcAdTRAVNBp5J56_gCSSxhJ7jPDQzfJg== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	OpenSans-Regular.woff2 jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/ Frame DFF6	44 KB 44 KB	12ms 11ms	Font application/octet-stream	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/fonts/opensans/OpenSans-Regular.woff2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 408fe165dff48eb2f8cb3a2fcbc1dd92b94d56b4ab11813be55c776871c691cf Request headers Referer https://jfrog.com/invalidppc/ Origin https://jfrog.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) last-modified Thu, 13 Jan 2022 20:31:39 GMT age 172826 etag "61e08c2b-ae68" x-cache Hit from cloudfront content-type application/octet-stream access-control-allow-origin * cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 44648 x-amz-cf-id h7svTMkRboZmUUeE7NDB6sm5GUzDUk9JP3CSzelxZi9cKf37jEZQWQ== expires Thu, 31 Dec 2037 23:55:55 GMT
GET		web_cta.png media.jfrog.com/wp-content/uploads/2021/12/17123503/ Frame DFF6	0 0
GET		mobile_cta.png media.jfrog.com/wp-content/uploads/2021/12/17123501/ Frame DFF6	0 0
GET		jfrog-logo-2022.svg media.jfrog.com/wp-content/uploads/2021/12/29113553/ Frame DFF6	0 0
GET		solutions-diagram.svg media.jfrog.com/wp-content/uploads/2020/11/29113725/ Frame DFF6	0 0
GET		icon-artifactory-1.png media.jfrog.com/wp-content/uploads/2017/08/20132433/ Frame DFF6	0 0
GET		icon-xray.png media.jfrog.com/wp-content/uploads/2017/08/20132432/ Frame DFF6	0 0
GET		icon_jfrog-pipeline.png media.jfrog.com/wp-content/uploads/2017/08/20130739/ Frame DFF6	0 0
GET H3	200	optimize.js Show response www.googleoptimize.com/ Frame DFF6	87 KB 34 KB	51ms 47ms	Script application/javascript	2a00:1450:4001:80e::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleoptimize.com/optimize.js?id=GTM-MDG4GXG Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 4f7218d98c5ff6b05532e69b520237f27c3fcd657d3b290a09321de3e226dad9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:05 GMT content-encoding br server Google Tag Manager access-control-allow-headers Cache-Control vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35213 x-xss-protection 0 expires Sat, 15 Jan 2022 21:06:05 GMT
GET		icon-bintray_40x40.png media.jfrog.com/wp-content/uploads/2017/08/20132433/ Frame DFF6	0 0
GET		jcr40PX-1.png media.jfrog.com/wp-content/uploads/2017/08/20130019/ Frame DFF6	0 0
GET		icon-jfrog-connect.svg media.jfrog.com/wp-content/uploads/2017/08/09231026/ Frame DFF6	0 0
GET		chevron_down.svg media.jfrog.com/wp-content/uploads/2021/12/29113500/ Frame DFF6	0 0
GET		lang-world-icon.svg media.jfrog.com/wp-content/uploads/2020/12/14151329/ Frame DFF6	0 0
GET		lang-checkmark.svg media.jfrog.com/wp-content/uploads/2020/12/14151326/ Frame DFF6	0 0
GET		close.png media.jfrog.com/wp-content/uploads/2019/12/20130026/ Frame DFF6	0 0
GET		frog-hand-green.png media.jfrog.com/wp-content/uploads/2019/10/20130240/ Frame DFF6	0 0
GET		flag_us.png media.jfrog.com/wp-content/uploads/2020/01/20125954/ Frame DFF6	0 0
GET		jfrog-logo.svg media.jfrog.com/wp-content/uploads/2019/12/20130011/ Frame DFF6	0 0
GET		flag_chinese.png media.jfrog.com/wp-content/uploads/2020/01/20125954/ Frame DFF6	0 0
GET		vdoo-popup_jfrog-logo.png media.jfrog.com/wp-content/uploads/2021/09/13130230/ Frame DFF6	0 0
GET		vdoo-popup_graphic.png media.jfrog.com/wp-content/uploads/2021/09/13130228/ Frame DFF6	0 0
GET H2	200	jquery-3.5.1.min.js Show response jfrog.com/wp-content/themes/jfrog.com/assets/scripts/ Frame DFF6	87 KB 31 KB	7ms 7ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/scripts/jquery-3.5.1.min.js Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:31:39 GMT age 172826 etag W/"61e08c2b-15d84" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id GNDrzobSh3WAdBncUrOrjof1N8NyLXhXRvWubGbV3zNkXQW9He-y6g== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	underscore.min.js Show response jfrog.com/wp-includes/js/ Frame DFF6	16 KB 6 KB	16ms 10ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-includes/js/underscore.min.js?ver=1.8.3 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 6cd0d6897b3d4779f7d88ce72531f22fbf75851b195fb14e6f3f23d051b3d1e9 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 19:05:39 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:31:39 GMT age 7226 etag W/"61e08c2b-3ead" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id BwssRUfb2MR4qmSMLW8PcJksbAvCpXfrSdXvTIyqJvcXSWutofQzgA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	backbone.min.js Show response jfrog.com/wp-includes/js/ Frame DFF6	23 KB 8 KB	19ms 11ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-includes/js/backbone.min.js?ver=1.4.0 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash bfa9441fac08fbebcfc65e202a788744aab8e4b1f634eaaf800256dce5012813 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 19:08:13 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:36:05 GMT age 7226 etag W/"61e08d35-5d0a" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id GCEeM_metmnzVy22JOyKCNfV0iclqKV2IHapp8Y3eDIspOR5MkBu_A== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	api-request.min.js Show response jfrog.com/wp-includes/js/ Frame DFF6	1 KB 982 B	31ms 24ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-includes/js/api-request.min.js?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 243d0318292081b26db69dad7403b07a4f8c302076bad5ff2f51ce135e19390e Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 19:08:13 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:31:39 GMT age 7226 etag W/"61e08c2b-401" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id gPSgZBf7Eu3GkXHrQ1DHJMBOZfTfsKZAqgfQKhfR0ojPWmJ7xYQiCQ== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	wp-api.min.js Show response jfrog.com/wp-includes/js/ Frame DFF6	14 KB 4 KB	18ms 11ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-includes/js/wp-api.min.js?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash bdd9517fdb9df0b1631029d96536adb3a35cbdef273de0e877411c47af444f90 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 19:08:13 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:31:39 GMT age 7226 etag W/"61e08c2b-395f" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id vrlXnniJaYN2DvEpn9a7hfUuT3yImmhhAY47r97j-EaFn6kG0tmYcg== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	jfrog_general.js Show response jfrog.com/wp-content/themes/jfrog.com/assets/scripts/ Frame DFF6	1 KB 923 B	31ms 24ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/scripts/jfrog_general.js Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash ce446a4176b98b6069201f77d33be7861cf0e5d4ded6f32326a1725dedfb1796 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:27 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:36:05 GMT age 172838 etag W/"61e08d35-5a0" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id Z-q6efLEmOFoeYhQSyonTazp6qzuSq7P1SQRbxBG4i0Y5vsTLRqPLQ== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	wp-embed.min.js Show response jfrog.com/wp-includes/js/ Frame DFF6	1 KB 1 KB	18ms 11ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-includes/js/wp-embed.min.js?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 19:08:13 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:36:05 GMT age 7226 etag W/"61e08d35-592" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id RpjE8EHxjzEtpeqyQWcfPWdd_uif2FmjckegGbc5zp_wZ2trVuOVcA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	/ www.facebook.com/tr/ Frame D41F	44 B 88 B	7ms 7ms	Image image/gif	2a03:2880:f11c:8083:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=616379538459573&ev=CHEQ&dl=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F&rl=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&if=true&ts=1642280765562&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1642280763725.1848541065&it=1642280765528&coo=false&exp=p0&rqm=GET Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:05 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin content-length 44 alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 priority u=3,i expires Sat, 15 Jan 2022 21:06:05 GMT
GET H/1.1	200 OK	insight.min.js Show response snap.licdn.com/li.lms-analytics/ Frame DFF6	5 KB 2 KB	13ms 11ms	Script application/x-javascript	2a02:26f0:f7::5c7b:e024 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:f7::5c7b:e024 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Sat, 15 Jan 2022 21:06:05 GMT Content-Encoding gzip Last-Modified Wed, 29 Sep 2021 19:17:49 GMT X-CDN AKAM Vary Accept-Encoding Content-Type application/x-javascript;charset=utf-8 Cache-Control max-age=82033 Connection keep-alive Accept-Ranges bytes Content-Length 2036
GET DATA	200 OK	truncated / Frame DFF6	10 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 9424e914b87bbcc3e92ba7f1bd1241e9256c7ae1bc58174f398b1b76ba028c61 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/png
GET		lang-world-icon.svg media.jfrog.com/wp-content/uploads/2020/12/14151329/ Frame D41F	0 0
GET		chevron_down.svg media.jfrog.com/wp-content/uploads/2021/12/29113500/ Frame D41F	0 0
GET		lang-checkmark.svg media.jfrog.com/wp-content/uploads/2020/12/14151326/ Frame D41F	0 0
GET		jfrog-logo-2022.svg media.jfrog.com/wp-content/uploads/2021/12/29113553/ Frame D41F	0 0
GET		close.png media.jfrog.com/wp-content/uploads/2019/12/20130026/ Frame D41F	0 0
GET		frog-hand-green.png media.jfrog.com/wp-content/uploads/2019/10/20130240/ Frame D41F	0 0
GET		flag_us.png media.jfrog.com/wp-content/uploads/2020/01/20125954/ Frame D41F	0 0
GET		jfrog-logo.svg media.jfrog.com/wp-content/uploads/2019/12/20130011/ Frame D41F	0 0
GET		flag_chinese.png media.jfrog.com/wp-content/uploads/2020/01/20125954/ Frame D41F	0 0
GET		vdoo-popup_jfrog-logo.png media.jfrog.com/wp-content/uploads/2021/09/13130230/ Frame D41F	0 0
GET		vdoo-popup_graphic.png media.jfrog.com/wp-content/uploads/2021/09/13130228/ Frame D41F	0 0
GET H2	200	jquery-3.5.1.min.js Show response jfrog.com/wp-content/themes/jfrog.com/assets/scripts/ Frame D41F	87 KB 31 KB	9ms 7ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/scripts/jquery-3.5.1.min.js Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:39 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:31:39 GMT age 172826 etag W/"61e08c2b-15d84" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id gTG5VsfD5fPZyAv-nPuAYExvS8m05cAiVWi-yH0WO_DJujFYczdzSA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	underscore.min.js Show response jfrog.com/wp-includes/js/ Frame D41F	16 KB 6 KB	9ms 7ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-includes/js/underscore.min.js?ver=1.8.3 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 6cd0d6897b3d4779f7d88ce72531f22fbf75851b195fb14e6f3f23d051b3d1e9 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 19:05:39 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:31:39 GMT age 7226 etag W/"61e08c2b-3ead" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id le1PYyk6osko3joCCLNYFODqc3obxdj-BbqRqSZZnkwoJKKLoQZ47g== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	backbone.min.js Show response jfrog.com/wp-includes/js/ Frame D41F	23 KB 8 KB	17ms 16ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-includes/js/backbone.min.js?ver=1.4.0 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash bfa9441fac08fbebcfc65e202a788744aab8e4b1f634eaaf800256dce5012813 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 19:08:13 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:36:05 GMT age 7226 etag W/"61e08d35-5d0a" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id ugAApfJG6tkSV2M52aP-K8prYeWmepaZ2i6ZJNssy3vaGlt_KCaY8A== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	api-request.min.js Show response jfrog.com/wp-includes/js/ Frame D41F	1 KB 981 B	19ms 17ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-includes/js/api-request.min.js?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 243d0318292081b26db69dad7403b07a4f8c302076bad5ff2f51ce135e19390e Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 19:08:13 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:31:39 GMT age 7226 etag W/"61e08c2b-401" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id Us6O6ilsDL91XhxgaHQ2OA6E33X5YUG8m3au12TRv3RkYdNfUVLBJQ== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	wp-api.min.js Show response jfrog.com/wp-includes/js/ Frame D41F	14 KB 4 KB	18ms 16ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-includes/js/wp-api.min.js?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash bdd9517fdb9df0b1631029d96536adb3a35cbdef273de0e877411c47af444f90 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 19:08:13 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:31:39 GMT age 7226 etag W/"61e08c2b-395f" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id KWCRsUQxaDrXJ3ytNCpdrBLX1Lsn_7zvfDSgZpk2lc1ugoFoeJPaRg== expires Thu, 31 Dec 2037 23:55:55 GMT
GET DATA	200 OK	truncated / Frame D41F	10 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 9424e914b87bbcc3e92ba7f1bd1241e9256c7ae1bc58174f398b1b76ba028c61 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type image/png
GET H2	200	jfrog_general.js Show response jfrog.com/wp-content/themes/jfrog.com/assets/scripts/ Frame D41F	1 KB 914 B	12ms 9ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/assets/scripts/jfrog_general.js Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash ce446a4176b98b6069201f77d33be7861cf0e5d4ded6f32326a1725dedfb1796 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:27 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:36:05 GMT age 172838 etag W/"61e08d35-5a0" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id tIy42pXOKvO_FOrOtNSBvnIP1sJ2KpkhJiok6zpJzOW7HXQ658qeSA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	wp-embed.min.js Show response jfrog.com/wp-includes/js/ Frame D41F	1 KB 1 KB	21ms 20ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-includes/js/wp-embed.min.js?ver=5.7.2 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 19:08:13 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 20:36:05 GMT age 7226 etag W/"61e08d35-592" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id vY7UWLMxH1-rs3zxNYCHv1HKFlZksc6iN3VWq6JnkkIu8NzUfxwDsA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET BLOB	200 OK	cf42fa5c-f3a0-4109-8b7c-b2ceaa76ac23 https://jfrog.com/ Frame DFF6	1 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:https://jfrog.com/cf42fa5c-f3a0-4109-8b7c-b2ceaa76ac23 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash e43f3575e3f02d59c177ebfc5ffc7fefb0ab4544f3d0554997e27cf1eb0cba9e Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Length 1108
GET H2	403	/ Show response jfrog.com/wp-json/wp/v2/ Frame DFF6	146 B 362 B	121ms 120ms	XHR text/html	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-json/wp/v2/ Requested by Host: jfrog.com URL: https://jfrog.com/wp-content/themes/jfrog.com/assets/scripts/jquery-3.5.1.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864 Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://jfrog.com/invalidppc/ X-Requested-With XMLHttpRequest Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:05 GMT via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C1 vary Accept-Encoding x-cache Error from cloudfront content-type text/html content-encoding gzip x-amz-cf-id ZbxUCErkB3f2ceB8qLXYpuTW2CuX6CNap2dUd5qr2IBKsl-7AQnGmg==
GET H2	200	wzbody.js Show response sec.webeyez.com/js/wDv55PKmTtpCTH14WWzDXw2yJ3Gz/ Frame DFF6	128 KB 28 KB	8ms 8ms	Script text/javascript	2600:9000:21f3:1800:1:a64e:d7c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://sec.webeyez.com/js/wDv55PKmTtpCTH14WWzDXw2yJ3Gz/wzbody.js Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21f3:1800:1:a64e:d7c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 8e4e39548c66ad00f5dc6ef39bd166a7321d60b4d56454047bd711e1328a267f Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 20:17:49 GMT via 1.1 96c1c36adc76f99239fd3220e5be7e6a.cloudfront.net (CloudFront) age 2896 x-cache Hit from cloudfront content-type text/javascript cache-control public, max-age=900 x-amz-cf-pop FRA2-C2 content-encoding gzip content-length 28400 x-amz-cf-id yxcjnJOtY_CAQUHxr7JbWTIctcumyF_kuwkSy1FhjPWagszqChWRew== expires Sat, 15 Jan 2022 20:17:50 GMT
GET H2	200	collect px4.ads.linkedin.com/ Frame DFF6 Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1642280765666&url=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1642280765666&url=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F&e_ipv6=AQLZTAqpunPfMAAAAX5fj8kbqQwcjN6o4Cwd6MBfpS1NTm_qHLJWptq3MftnScVnDLqlv78r	0 155 B	264ms 122ms	Image application/javascript	108.174.10.14 LINKEDIN
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1642280765666&url=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F&e_ipv6=AQLZTAqpunPfMAAAAX5fj8kbqQwcjN6o4Cwd6MBfpS1NTm_qHLJWptq3MftnScVnDLqlv78r Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Server 108.174.10.14 , United States, ASN14413 (LINKEDIN, US), Reverse DNS 108-174-10-14.fwd.linkedin.com Software Play / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:06 GMT server Play linkedin-action 1 x-li-fabric prod-lva1 x-li-proto http/2 x-li-pop prod-lva1 content-type application/javascript content-length 0 x-li-uuid eycEzqeNyhaA9QQYIisAAA== Redirect headers date Sat, 15 Jan 2022 21:06:05 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 3529545E39924334A99EAB950F4625C6 Ref B: FRAEDGE1315 Ref C: 2022-01-15T21:06:05Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lva1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=20396&time=1642280765666&url=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F&e_ipv6=AQLZTAqpunPfMAAAAX5fj8kbqQwcjN6o4Cwd6MBfpS1NTm_qHLJWptq3MftnScVnDLqlv78r x-li-proto http/2 content-length 0 x-li-uuid AAXVpUmpZcZZyy6pd3Frrw==
GET H2	403	/ Show response jfrog.com/wp-json/wp/v2/ Frame D41F	146 B 363 B	113ms 112ms	XHR text/html	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-json/wp/v2/ Requested by Host: jfrog.com URL: https://jfrog.com/wp-content/themes/jfrog.com/assets/scripts/jquery-3.5.1.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864 Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://jfrog.com/invalidppc/ X-Requested-With XMLHttpRequest Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:05 GMT via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C1 vary Accept-Encoding x-cache Error from cloudfront content-type text/html content-encoding gzip x-amz-cf-id vzJG18pgZML9gpzoKKYlWuogfXnX-ZTZ39zZst_fIRdpKxN_uwo_fw==
GET H3	200	conversion_async.js Show response www.googleadservices.com/pagead/ Frame 4768	38 KB 15 KB	52ms 52ms	Script text/javascript	142.250.186.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleadservices.com/pagead/conversion_async.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=AW-982905749 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f2.1e100.net Software cafe / Resource Hash 1fe7c9b04cd9ebd46cd5a636bd2c2b1d54054f3995db24951c0d0318ec71d70c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:05 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14835 x-xss-protection 0 server cafe etag 2630088915750441828 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600 timing-allow-origin * expires Sat, 15 Jan 2022 21:06:05 GMT
GET H2	200	pages.bundle.4df78353b12f3e4dc658.js Show response jfrog.com/wp-content/themes/jfrog.com/dist/ Frame DFF6	396 KB 69 KB	12ms 9ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.4df78353b12f3e4dc658.js Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 7c911eff8be5f67c4700194385a33cf0d837f314c084ffb82c4159a22b643620 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:40 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 18:43:46 GMT age 172825 etag W/"61e072e2-630cb" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id 1cWGAHHZ5xXl9tEUqysSgKjzpY07XOqEYsUoWjm8A_11tuDDSr29zA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	vendor~main~pages.chunk.d2df19a83540d754d88d.js Show response jfrog.com/wp-content/themes/jfrog.com/dist/ Frame DFF6	340 KB 98 KB	15ms 13ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~main~pages.chunk.d2df19a83540d754d88d.js Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash b481b57711d7f9bd179df2aca86dc319bccea9795f6b9bb88f443ac6c169ce70 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:40 GMT content-encoding gzip last-modified Wed, 29 Dec 2021 09:32:03 GMT age 172825 etag W/"61cc2b13-550e3" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id Ssws_eJ42ZrYDo3ZjCJlsHRRqAjSvGv6ASeUHN2pW4nVpUHdcG4Gbg== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	vendor~pages.chunk.c146f3208a9f24c5797c.js Show response jfrog.com/wp-content/themes/jfrog.com/dist/ Frame DFF6	122 KB 38 KB	15ms 13ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~pages.chunk.c146f3208a9f24c5797c.js Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash e6fc22b59637257596dd235e733eab1436302807401778de04459223e1c761ae Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:40 GMT content-encoding gzip last-modified Wed, 29 Dec 2021 09:32:03 GMT age 172825 etag W/"61cc2b13-1e915" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id ZiH5g07Nwv_0zveCK6JhYvjokyJGWNGefU4XiYTMBrobkfXOQiy4XQ== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	wzbody.js Show response sec.webeyez.com/js/wDv55PKmTtpCTH14WWzDXw2yJ3Gz/ Frame D41F	128 KB 28 KB	9ms 7ms	Script text/javascript	2600:9000:21f3:1800:1:a64e:d7c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://sec.webeyez.com/js/wDv55PKmTtpCTH14WWzDXw2yJ3Gz/wzbody.js Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21f3:1800:1:a64e:d7c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 8e4e39548c66ad00f5dc6ef39bd166a7321d60b4d56454047bd711e1328a267f Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 20:17:49 GMT via 1.1 96c1c36adc76f99239fd3220e5be7e6a.cloudfront.net (CloudFront) age 2896 x-cache Hit from cloudfront content-type text/javascript cache-control public, max-age=900 x-amz-cf-pop FRA2-C2 content-encoding gzip content-length 28400 x-amz-cf-id msU9rOfvR5tKKBzyQpg_1BG5bJxOU_Uye6ZsV1i4J5y0kRCcgHcDsQ== expires Sat, 15 Jan 2022 20:17:50 GMT
GET H2	200	pages.bundle.4df78353b12f3e4dc658.js Show response jfrog.com/wp-content/themes/jfrog.com/dist/ Frame D41F	396 KB 69 KB	10ms 9ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/dist/pages.bundle.4df78353b12f3e4dc658.js Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash 7c911eff8be5f67c4700194385a33cf0d837f314c084ffb82c4159a22b643620 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:40 GMT content-encoding gzip last-modified Thu, 13 Jan 2022 18:43:46 GMT age 172825 etag W/"61e072e2-630cb" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id rkKtQC8gZqBYFW0rno_GtKncK2_rYlIG8wx-uwdc43V5rGGOXxeHsw== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	vendor~main~pages.chunk.d2df19a83540d754d88d.js Show response jfrog.com/wp-content/themes/jfrog.com/dist/ Frame D41F	340 KB 98 KB	11ms 11ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~main~pages.chunk.d2df19a83540d754d88d.js Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash b481b57711d7f9bd179df2aca86dc319bccea9795f6b9bb88f443ac6c169ce70 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:40 GMT content-encoding gzip last-modified Wed, 29 Dec 2021 09:32:03 GMT age 172825 etag W/"61cc2b13-550e3" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id MSpcFCeOP4wpDlEXe95oEdQ5lYSBjfB9XsBmXh3yDBjbrh2T7E83vw== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	vendor~pages.chunk.c146f3208a9f24c5797c.js Show response jfrog.com/wp-content/themes/jfrog.com/dist/ Frame D41F	122 KB 38 KB	14ms 13ms	Script application/javascript	13.224.193.54 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://jfrog.com/wp-content/themes/jfrog.com/dist/vendor~pages.chunk.c146f3208a9f24c5797c.js Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.193.54 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-193-54.fra2.r.cloudfront.net Software / Resource Hash e6fc22b59637257596dd235e733eab1436302807401778de04459223e1c761ae Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 13 Jan 2022 21:05:40 GMT content-encoding gzip last-modified Wed, 29 Dec 2021 09:32:03 GMT age 172825 etag W/"61cc2b13-1e915" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront) cache-control max-age=315360000, public x-amz-cf-pop FRA2-C1 x-amz-cf-id 1c6N3NQe8n6a8kJUat-BQ33igZOK8NhysrdCZcZShpckOok5PfNqyA== expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	ct Show response en.rageagainstthesoap.com/ Frame DFF6	3 KB 1 KB	133ms 132ms	Script text/javascript	2600:1f18:e8a:cd02:882c:d916:bae1:7722 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://en.rageagainstthesoap.com/ct?id=11825&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1642280765697&hl=2&op=0&ag=509528714&rand=23900910970879502522201640071167632067012671100296604790100503021198&fs=0x0&fst=1600x1200&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDkyOTldLFsiY2IiLCIwLDAsMCwwLDEsMCwwLDEsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTEsIi0iXSxbLTIsIi0iXSxbLTMsIltcImludGVybmFsLXBkZi12aWV3ZXJcIixcIm1oamZibWRnY2ZqYmJwYWVvam9mb2hvZWZnaWVoamFpXCIsXCJpbnRlcm5hbC1uYWNsLXBsdWdpblwiXSJdLFstNCwiLSJdLFstNSwiLSJdLFstNiwie1wid1wiOltcIjBcIixcImNocm9tZVwiLFwiaW5pdEdUTU9uRXZlbnRcIixcImluaXRHVE1cIixcIkxvYWREcmlmdFdpZGdldFwiLFwiaW5pdERyaWZ0T25FdmVudFwiLFwiaW5pdERyaWZ0XCIsXCJhbGdvbGlhXCIsXCJpc01vYmlsZVwiLFwiX2xpbmtlZGluX3BhcnRuZXJfaWRcIixcIl9saW5rZWRpbl9kYXRhX3BhcnRuZXJfaWRzXCIsXCJsaW50cmtcIixcIiRcIixcImpRdWVyeVwiLFwiX19jdGNnX2N0XzExODI1X2V4ZWNcIl0sXCJuXCI6W10sXCJkXCI6W119Il0sWy03LCItIl0sWy04LCItIl0sWy05LCIrIl0sWy0xMCwiLSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcImRlc2NyaXB0aW9uXCIsXCJvZzp0aXRsZVwiLFwib2c6ZGVzY3JpcHRpb25cIl19Il0sWy0xMiwibnVsbCJdLFstMTMsIi0iXSxbLTE0LCItIl0sWy0xNSwiLSJdLFstMTYsIjAiXSxbLTE3LCI0Il0sWy0xOCwiWzAsMCwwLDFdIl0sWy0xOSwiWzAsMCwwLDAsMCwwLDEsMjQsMjQsXCItXCIsMTYwMCwxMjAwLDE2MDAsMTIwMCwxNjAwLDEyMDAsMCwwLDAsMCwwLDAsXCItXCIsXCItXCJdIl0sWy0yMCwiLSJdLFstMjEsIi0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy0yMywiKyJdLFstMjQsIltdIl0sWy0yNSwiLSJdLFstMjYsIntcInRqaHNcIjoxMDAwMDAwMCxcInVqaHNcIjoxMDAwMDAwMCxcImpoc2xcIjozNzYwMDAwMDAwfSJdLFstMjcsIlswLDEwLDAsXCI0Z1wiLG51bGxdIl0sWy0yOCwiZW4tVVMiXSxbLTI5LCItIl0sWy0zMCwiW1widlwiLDBdIl0sWy0zMSwiZmFsc2UiXSxbLTMyLCIwIl0sWy0zMywiLSJdLFstMzQsIi0iXSxbLTM1LCJbMTY0MjI4MDc2NTY1MCwwXSJdLFstMzYsIltcIjQvM1wiLFwiNC8zXCJdIl0sWy0zNywiLTE0NC02Ni0xODAtIl0sWy0zOCwibCwtMSwtMSwxLDAsMCwwLDAsMCwyMSwtMSwwLCwsMTM4LDEzOSJdLFstMzksIltcIjIwMDMwMTA3XCIsMCxcIkdlY2tvXCIsXCJOZXRzY2FwZVwiLFwiTW96aWxsYVwiLG51bGwsbnVsbCx0cnVlLDgsZmFsc2UsbnVsbCwwXSJdLFstNDAsIjMzIl0sWy00MSwiLSJdLFstNDIsIjE3MjQyOTc2NTMiXSxbLTQzLCIwMDAwMDAwMTAxMDAwMDAxMDAxMTEwMTEwMCJdLFstNDQsIjAsMCwwLDUiXSxbLTQ1LCItIl0sWy00NiwiMCJdLFstNDcsIkV0Yy9Vbmtub3duLGVuLVVTLGxhdG4sZ3JlZ29yeSJdLFstNDgsIjAsMCJdLFstNDksIi0iXSxbLTUwLCJodHRwczovL2pmcm9nLmNvbS9pbnZhbGlkcHBjLyJdLFstNTEsIi0iXSxbImRkYiIsIjAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwyLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDEsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMSwwIl0sWyJibmNoIiwxMV0sWyJhd2dsIiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwiZ29vZ2xlIGluYy4gKGdvb2dsZSlcIixcInJcIjpcImFuZ2xlIChnb29nbGUsIHZ1bGthbiAxLjIuMCAoc3dpZnRzaGFkZXIgZGV2aWNlIChzdWJ6ZXJvKSAoMHgwMDAwYzBkZSkpLCBzd2lmdHNoYWRlciBkcml2ZXItNS4wLjApXCIsXCJzbHZcIjpcIndlYmdsIGdsc2wgZXMgMS4wIChvcGVuZ2wgZXMgZ2xzbCBlcyAxLjAgY2hyb21pdW0pXCIsXCJndmVyXCI6XCJ3ZWJnbCAxLjAgKG9wZW5nbCBlcyAyLjAgY2hyb21pdW0pXCIsXCJndmVuXCI6XCJ3ZWJraXRcIixcImJlblwiOjExLFwid2dsXCI6MCxcImdyZW5cIjpcIndlYmtpdCB3ZWJnbFwiLFwiYWJlblwiOjQ0fSJdLFsiYWJuY2giLDU0XV0%3D&dep=4&pre=0&sdd=%7B%7D&cri=TZnY6NtsA2&pto=186&ver=43&gac=-&mei=&ap=&duid=1.1642280763.mkTeP9aCoyyPaT0Q&suid=1.1642280763.efQ3QhhQSbM9K8pw&tuid=1.1642280763.h8Si7qJ1vUQKsm06&fbc=1.1642280763725.1848541065&gtm=W10%3D&it=42%2C35%2C31&fbcl=-&gacl=-&gacsd=-&rtic=-&ao=https%3A%2F%2Fjfrog.com&aol=4&aot=https%3A%2F%2Fjfrog.com,https%3A%2F%2Fjfrog.com,https%3A%2F%2Fjfrog.com,https%3A%2F%2Fjfrog.com Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2600:1f18:e8a:cd02:882c:d916:bae1:7722 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software / Resource Hash f3f4dc5ebcb427ff711b85b4bbbc36041e585483961342eb9510c06127956ed8 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:05 GMT content-encoding gzip cache-control no-cache, no-store, must-revalidate content-type text/javascript content-length 1362 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/ Frame 4768	2 KB 1 KB	106ms 59ms	Script text/javascript	2a00:1450:4001:813::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/?random=1642280765787&cv=9&fst=1642280765787&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 6a64bb375ee09f7eec68dcedcc1cd8a0cf278eb0f99370a186d4dbcd91ddf3a1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:05 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1062 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ Show response www.googleadservices.com/pagead/conversion/982905749/ Frame 4768	2 KB 1 KB	52ms 51ms	Script text/javascript	142.250.186.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleadservices.com/pagead/conversion/982905749/?random=1642280765788&cv=9&fst=1642280765788&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f2.1e100.net Software cafe / Resource Hash a7f45d68ac4b739fa264a3898aeb3b448984b08988b468bf4923d6f065ca9a4a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:05 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1191 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ 982905749.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/982905749/ Frame 4768	0 0	94ms 47ms	Image text/html	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://982905749.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/982905749/?random=1642280765788&cv=9&fst=1642280765788&num=1&fmt=3&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers
GET H3	200	fbevents.js Show response connect.facebook.net/en_US/ Frame DFF6	98 KB 25 KB	7ms 7ms	Script application/x-javascript	2a03:2880:f01c:216:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 25965 x-xss-protection 0 pragma public x-fb-debug 5x1/7EQMCjqtBbuQrMeMyXi6/iQrIoi2JCOV3IxZrh9b8G3EwcINEkMPyDLaxTi/DCHgLu3oaBOOvyW1LJsTeQ== x-frame-options DENY date Sat, 15 Jan 2022 21:06:05 GMT strict-transport-security max-age=31536000; preload; includeSubDomains content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/ Frame D15F	98 KB 39 KB	48ms 48ms	Script application/javascript	2a00:1450:4001:831::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-982905749 Requested by Host: d.rageagainstthesoap.com URL: https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e4515932b0d24cd5115cb961011ca03d67c3e733a2cfbcb983cb73fc7ebd0531 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:05 GMT content-encoding br server Google Tag Manager access-control-allow-headers Cache-Control vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 39729 x-xss-protection 0 expires Sat, 15 Jan 2022 21:06:05 GMT
GET H2	200	tc_imp.gif en.rageagainstthesoap.com/tracker/ Frame DFF6	43 B 68 B	102ms 101ms	Image image/gif	2600:1f18:e8a:cd02:882c:d916:bae1:7722 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://en.rageagainstthesoap.com/tracker/tc_imp.gif?e=37dfbd8ee84e00136eecc53dea408c989225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5f10856f2217071a10acf9f29f674bd48adb0f2c3713fc2d7652d43ade63920c660c24c65b045c305556cfbe384b77be26bb25cb43e2916af05165ad5f2f7a1bda53ec40f4c1d7de3cbb2807ff7ecaa8556d8e0e3143714493d60261a060b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c4b92177af998ffe4198b6dec06c213f85e162ae7d133722b325f817c99ec59b058609fc6e359143e3dd385293e88864c06513c157a77bb9e70392652b48d1c2ad7f4ec3ee3b8192d4079b4afa28a9869badbd758f5519d485d339bb9d8ece93193dbfc68912112c3bb9c6d0a1ce56068a1c64761eedaaf7d8a55fd4eb1801dc74f9eca2dc2303292ca278d6596d6faef9db1b60b20f127b3a7e86c1368aed971c8f006f3064c1ec8070cc78f8684c0f18a7dc326c49dbb837efc6e7a79c4366b9293d116749ea863ac02f69e41d62ffe2d160514cd76e74dfae0ee31f887789f4fa9cfcbd827d60f0a2ded5910546e5979d7ec3bf4059a8c862ee5c625fc9a2bc9d4fbec7ccffea753656a83ec5d52d0ba051a5ab4e0a27ab66dcb9900b6b570f605f4239f41c906cbba6a95697bbdfbcc22466b7209380a4216ace58e6eda02b0434d442bfdaa4ed79c1009fab9dfbcb97edeffa6a094f2c4f0574c3cf25b85b45f7280466d07d4625e6d71f07bae6a04c1edc17f9766d727e6b73e99fd54cd690533211c7d1598c2e6d33c7c53990618ceb78cdbb99b205ad7f9dd2cf2cf1269c4c0517930ad83d34420a926835b9d18eb3f9c14d8d646aedb3183c3d0b3fb151fe69b3323c564ba9ff4ee4fc87e3e04048a694554b3a1578feb12c987c3c0379480c6490f7122df46e858aa53a09d7bd47215334b511063f303cdf87327e53093fcac6b8edd47da252fec4431&cri=TZnY6NtsA2&ts=167&cb=1642280765864 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2600:1f18:e8a:cd02:882c:d916:bae1:7722 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software / Resource Hash 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:05 GMT cache-control no-cache, no-store, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT content-length 43 content-type image/gif
GET H3	200	/ www.google.de/pagead/1p-conversion/982905749/ Frame 4768 Redirect Chain https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/?random=1033814253&cv=9&fst=1642280765788&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=120... https://www.google.com/pagead/1p-conversion/982905749/?random=1033814253&cv=9&fst=1642280765788&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&... https://www.google.de/pagead/1p-conversion/982905749/?random=1033814253&cv=9&fst=1642280765788&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u...	42 B 64 B	58ms 58ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-conversion/982905749/?random=1033814253&cv=9&fst=1642280765788&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=PTfjYcOIMdjZx_APn5youAs&cid=CAQSKQCNIrLMVwiC_aTumgdcLYhzV9ZV7Tm0QoTzuCksOtS9WsWtZR2Frjzv&random=3781613176&resp=GooglemKTybQhCsO&ipr=y&prhg=0 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H3 Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:06 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Sat, 15 Jan 2022 21:06:06 GMT x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type image/gif location https://www.google.de/pagead/1p-conversion/982905749/?random=1033814253&cv=9&fst=1642280765788&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=PTfjYcOIMdjZx_APn5youAs&cid=CAQSKQCNIrLMVwiC_aTumgdcLYhzV9ZV7Tm0QoTzuCksOtS9WsWtZR2Frjzv&random=3781613176&resp=GooglemKTybQhCsO&ipr=y&prhg=0 cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	616379538459573 Show response connect.facebook.net/signals/config/ Frame DFF6	306 KB 87 KB	7ms 7ms	Script application/x-javascript	2a03:2880:f01c:216:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/616379538459573?v=2.9.48&r=stable Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash a54a0597b01d11189a231db3a91bae3d915acb4dbaa1f2f371c3dd17d4f1069d Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 89074 x-xss-protection 0 pragma public x-fb-debug aQagxnWZYcRVhosLWh6sq6bbGFQGYGG5gPcfBnaGglgid93DW+TS+fEhalm6J3NYBcnQSpzUpPjO8IGz1jurAg== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Sat, 15 Jan 2022 21:06:05 GMT strict-transport-security max-age=31536000; preload; includeSubDomains report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H3	200	/ www.facebook.com/tr/ Frame DFF6	44 B 88 B	8ms 8ms	Image image/gif	2a03:2880:f11c:8083:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=616379538459573&ev=CHEQ&dl=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F&rl=https%3A%2F%2Fjfrog.com%2Finvalidppc%2F&if=true&ts=1642280765898&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1642280763725.1848541065&it=1642280765874&coo=false&rqm=GET Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:05 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin content-length 44 alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 priority u=3,i expires Sat, 15 Jan 2022 21:06:05 GMT
GET H3	200	/ www.google.com/pagead/1p-user-list/982905749/ Frame 4768	42 B 64 B	102ms 52ms	Image image/gif	2a00:1450:4001:829::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/982905749/?random=1642280765787&cv=9&fst=1642280400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&async=1&fmt=3&is_vtc=1&random=889618098&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:05 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.google.de/pagead/1p-user-list/982905749/ Frame 4768	42 B 64 B	54ms 53ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/982905749/?random=1642280765787&cv=9&fst=1642280400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&async=1&fmt=3&is_vtc=1&random=889618098&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:05 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	conversion_async.js Show response www.googleadservices.com/pagead/ Frame D15F	38 KB 15 KB	65ms 65ms	Script text/javascript	142.250.186.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleadservices.com/pagead/conversion_async.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=AW-982905749 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f2.1e100.net Software cafe / Resource Hash 1fe7c9b04cd9ebd46cd5a636bd2c2b1d54054f3995db24951c0d0318ec71d70c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:05 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14835 x-xss-protection 0 server cafe etag 2630088915750441828 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600 timing-allow-origin * expires Sat, 15 Jan 2022 21:06:05 GMT
GET H3	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/ Frame D15F	2 KB 1 KB	61ms 61ms	Script text/javascript	2a00:1450:4001:813::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/?random=1642280765998&cv=9&fst=1642280765998&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a323741ebbcc26757328003c627af29851def42ac2834c29a1b489c10f692f6a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:06 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1061 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ Show response www.googleadservices.com/pagead/conversion/982905749/ Frame D15F	2 KB 1 KB	56ms 56ms	Script text/javascript	142.250.186.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleadservices.com/pagead/conversion/982905749/?random=1642280765999&cv=9&fst=1642280765999&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f2.1e100.net Software cafe / Resource Hash 6d21cfda61163513ffa2f89ae67125594e43ba60a158b86d279f9dd72b353f91 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:06 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1196 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ 982905749.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/982905749/ Frame D15F	0 0	48ms 48ms	Image text/html	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://982905749.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/982905749/?random=1642280765999&cv=9&fst=1642280765999&num=1&fmt=3&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1 Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers
GET H3	200	/ www.google.com/pagead/1p-user-list/982905749/ Frame D15F	42 B 64 B	50ms 50ms	Image image/gif	2a00:1450:4001:829::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/982905749/?random=1642280765998&cv=9&fst=1642280400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&async=1&fmt=3&is_vtc=1&random=1606759271&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:06 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.google.de/pagead/1p-user-list/982905749/ Frame D15F	42 B 64 B	50ms 50ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/982905749/?random=1642280765998&cv=9&fst=1642280400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&async=1&fmt=3&is_vtc=1&random=1606759271&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:06 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.google.de/pagead/1p-conversion/982905749/ Frame D15F Redirect Chain https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982905749/?random=470827358&cv=9&fst=1642280765999&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200... https://www.google.com/pagead/1p-conversion/982905749/?random=470827358&cv=9&fst=1642280765999&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u... https://www.google.de/pagead/1p-conversion/982905749/?random=470827358&cv=9&fst=1642280765999&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_...	42 B 64 B	51ms 51ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-conversion/982905749/?random=470827358&cv=9&fst=1642280765999&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGw&is_vtc=1&ocp_id=PjfjYc6tAcLygQfOnKrwDQ&cid=CAQSKQCNIrLMJLlq24e_sl_5gLEoHcga62h0BZpcqvNO69k2o-17957kBlVd&random=3878279214&resp=GooglemKTybQhCsO&ipr=y&prhg=0 Protocol H3 Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Sat, 15 Jan 2022 21:06:06 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Sat, 15 Jan 2022 21:06:06 GMT x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type image/gif location https://www.google.de/pagead/1p-conversion/982905749/?random=470827358&cv=9&fst=1642280765999&num=1&label=Hz8HCPXmp_QCEJXn19QD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dconversion&frm=1&url=https%3A%2F%2Fjfrog.com%2Fblog%2Fpython-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique%2F&auid=1908887739.1642280764&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGw&is_vtc=1&ocp_id=PjfjYc6tAcLygQfOnKrwDQ&cid=CAQSKQCNIrLMJLlq24e_sl_5gLEoHcga62h0BZpcqvNO69k2o-17957kBlVd&random=3878279214&resp=GooglemKTybQhCsO&ipr=y&prhg=0 cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	200	/ Show response www.facebook.com/tr/ Frame AE57	0 15 B	7ms 7ms	Document text/plain	2a03:2880:f11c:8083:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/tr/ Requested by Host: jfrog.com URL: https://jfrog.com/invalidppc/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Upgrade-Insecure-Requests 1 Origin https://jfrog.com Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ Response headers content-type text/plain access-control-allow-origin https://jfrog.com access-control-allow-credentials true strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin content-length 0 server proxygen-bolt alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 priority u=3,i date Sat, 15 Jan 2022 21:06:06 GMT
POST H2	200	1 Show response send.webeyez.com/	8 B 328 B	159ms 30ms	XHR text/plain	54.217.198.53 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://send.webeyez.com/1 Requested by Host: sec.webeyez.com URL: https://sec.webeyez.com/js/wDv55PKmTtpCTH14WWzDXw2yJ3Gz/wzbody.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.217.198.53 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-217-198-53.eu-west-1.compute.amazonaws.com Software / Resource Hash eef2b2669a3f44a7baa7a1bffdf9343ddd11e188f2680c2fb7be9da4793a8efb Request headers Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers date Sat, 15 Jan 2022 21:06:06 GMT access-control-allow-methods POST, GET, OPTIONS content-type text/plain access-control-allow-origin https://jfrog.com cache-control no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0 access-control-allow-credentials true timing-allow-origin * access-control-allow-headers X-Requested-With expires Fri, 31 Dec 1998 12:00:00 GMT
POST H3	200	/ Show response www.facebook.com/tr/ Frame 7E59	0 15 B	8ms 7ms	Document text/plain	2a03:2880:f11c:8083:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/tr/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Upgrade-Insecure-Requests 1 Origin https://jfrog.com Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/invalidppc/ Response headers content-type text/plain access-control-allow-origin https://jfrog.com access-control-allow-credentials true strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin content-length 0 server proxygen-bolt alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 priority u=3,i date Sat, 15 Jan 2022 21:06:06 GMT
POST H2	200	mon Show response en.rageagainstthesoap.com/ Frame D41F	0 39 B	101ms 101ms	XHR application/json	2600:1f18:e8a:cd02:882c:d916:bae1:7722 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://en.rageagainstthesoap.com/mon Requested by Host: d.rageagainstthesoap.com URL: https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2600:1f18:e8a:cd02:882c:d916:bae1:7722 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://jfrog.com/invalidppc/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin https://jfrog.com date Sat, 15 Jan 2022 21:06:06 GMT access-control-allow-credentials true content-length 0 access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE content-type application/json
POST H2	200	mon Show response en.rageagainstthesoap.com/	0 16 B	102ms 102ms	XHR application/json	2600:1f18:e8a:cd02:882c:d916:bae1:7722 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://en.rageagainstthesoap.com/mon Requested by Host: sec.webeyez.com URL: https://sec.webeyez.com/js/wDv55PKmTtpCTH14WWzDXw2yJ3Gz/wzbody.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2600:1f18:e8a:cd02:882c:d916:bae1:7722 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin https://jfrog.com date Sat, 15 Jan 2022 21:06:06 GMT access-control-allow-credentials true content-length 0 access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE content-type application/json
POST H2	200	mon Show response en.rageagainstthesoap.com/ Frame DFF6	0 16 B	102ms 102ms	XHR application/json	2600:1f18:e8a:cd02:882c:d916:bae1:7722 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://en.rageagainstthesoap.com/mon Requested by Host: d.rageagainstthesoap.com URL: https://d.rageagainstthesoap.com/clicktrue_invocation.js?id=11825 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2600:1f18:e8a:cd02:882c:d916:bae1:7722 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://jfrog.com/invalidppc/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin https://jfrog.com date Sat, 15 Jan 2022 21:06:06 GMT access-control-allow-credentials true content-length 0 access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE content-type application/json
GET H3	200	api.js Show response www.google.com/recaptcha/	910 B 601 B	50ms 49ms	Script text/javascript	2a00:1450:4001:829::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js?onload=CaptchaCallback&render=explicit&ver=5.5.1 Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash a50e5253159a7bf944767fecfb656baacfe3803b4e3c778194088b421557e71b Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 21:06:07 GMT content-encoding gzip x-content-type-options nosniff server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin content-security-policy frame-ancestors 'self' alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 580 x-xss-protection 1; mode=block expires Sat, 15 Jan 2022 21:06:07 GMT
GET H2	200	recaptcha__de.js Show response www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/	354 KB 140 KB	211ms 39ms	Script text/javascript	2a00:1450:4001:801::2003
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__de.js Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2003 -, , ASN (), Reverse DNS Software sffe / Resource Hash 544b63f0d07b2a51e01e2ecc3986eb5d07838bb121c4f472f1178b7b94faf463 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Origin https://jfrog.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Sat, 15 Jan 2022 20:31:34 GMT content-encoding gzip x-content-type-options nosniff age 2073 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 143013 x-xss-protection 0 last-modified Mon, 10 Jan 2022 05:01:34 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Sun, 15 Jan 2023 20:31:34 GMT
GET H3	200	anchor www.google.com/recaptcha/api2/ Frame B458	40 KB 20 KB	64ms 64ms	Document text/html	2a00:1450:4001:829::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcL7jYUAAAAAHrAxlQ-iqYhcgQ_kWY5fgfKZs-u&co=aHR0cHM6Ly9qZnJvZy5jb206NDQz&hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=invisible&cb=jz875fyhxmsa Requested by Host: jfrog.com URL: https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-sMNIQiqeNEuzhg7Y3MdibA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/ Response headers cross-origin-resource-policy cross-origin cross-origin-embedder-policy require-corp report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/html; charset=utf-8 cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache expires Mon, 01 Jan 1990 00:00:00 GMT date Sat, 15 Jan 2022 21:06:07 GMT content-security-policy script-src 'report-sample' 'nonce-sMNIQiqeNEuzhg7Y3MdibA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 20878 server GSE alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	styles__ltr.css www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame B458	8 KB 0	81ms 37ms	Stylesheet text/css	2a00:1450:4001:801::2003
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/styles__ltr.css Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcL7jYUAAAAAHrAxlQ-iqYhcgQ_kWY5fgfKZs-u&co=aHR0cHM6Ly9qZnJvZy5jb206NDQz&hl=de&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=invisible&cb=jz875fyhxmsa Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:801::2003 -, , ASN (), Reverse DNS Software sffe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Fri, 14 Jan 2022 12:06:27 GMT content-encoding gzip x-content-type-options nosniff age 118781 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 24237 x-xss-protection 0 last-modified Mon, 10 Jan 2022 05:01:34 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/css cache-control public, max-age=31536000 accept-ranges bytes expires Sat, 14 Jan 2023 12:06:27 GMT
GET		recaptcha__de.js www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame B458	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/12/17123503/web_cta.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/12/17123501/mobile_cta.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/12/29113553/jfrog-logo-2022.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2020/11/29113725/solutions-diagram.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-artifactory-1.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2017/08/20132432/icon-xray.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-bintray_40x40.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2017/08/20130019/jcr40PX-1.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2017/08/09231026/icon-jfrog-connect.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/12/29113500/chevron_down.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/12/29113553/jfrog-logo-2022.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2019/12/20130026/close.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2019/10/20130240/frog-hand-green.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2020/01/20125954/flag_us.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2019/12/20130011/jfrog-logo.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2020/01/20125954/flag_chinese.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/09/13130230/vdoo-popup_jfrog-logo.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/09/13130228/vdoo-popup_graphic.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/12/17123501/mobile_cta.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/12/29113553/jfrog-logo-2022.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2020/11/29113725/solutions-diagram.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-artifactory-1.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2017/08/20132432/icon-xray.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2017/08/20130739/icon_jfrog-pipeline.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-bintray_40x40.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2017/08/20130019/jcr40PX-1.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2017/08/09231026/icon-jfrog-connect.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/12/29113500/chevron_down.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/12/17123503/web_cta.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/12/17123501/mobile_cta.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/12/29113553/jfrog-logo-2022.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2020/11/29113725/solutions-diagram.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-artifactory-1.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2017/08/20132432/icon-xray.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2017/08/20130739/icon_jfrog-pipeline.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2017/08/20132433/icon-bintray_40x40.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2017/08/20130019/jcr40PX-1.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2017/08/09231026/icon-jfrog-connect.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/12/29113500/chevron_down.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2020/12/14151329/lang-world-icon.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2020/12/14151326/lang-checkmark.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2019/12/20130026/close.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2019/10/20130240/frog-hand-green.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2020/01/20125954/flag_us.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2019/12/20130011/jfrog-logo.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2020/01/20125954/flag_chinese.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/09/13130230/vdoo-popup_jfrog-logo.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/09/13130228/vdoo-popup_graphic.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2020/12/14151329/lang-world-icon.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/12/29113500/chevron_down.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2020/12/14151326/lang-checkmark.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/12/29113553/jfrog-logo-2022.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2019/12/20130026/close.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2019/10/20130240/frog-hand-green.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2020/01/20125954/flag_us.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2019/12/20130011/jfrog-logo.svg

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2020/01/20125954/flag_chinese.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/09/13130230/vdoo-popup_jfrog-logo.png

Domain

media.jfrog.com

URL

https://media.jfrog.com/wp-content/uploads/2021/09/13130228/vdoo-popup_graphic.png

Domain

www.gstatic.com

URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__de.js