www.reversinglabs.com Open in urlscan Pro
199.60.103.31 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
Submission: On July 12 via api (July 12th 2024, 2:12:50 am UTC) from TR — Scanned from DE

Summary HTTP 134 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 50 IPs in 4 countries across 39 domains to perform 134 HTTP transactions. The main IP is 199.60.103.31, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.reversinglabs.com.
TLS certificate: Issued by GTS CA 1P5 on May 14th 2024. Valid for: 3 months.

This is the only time www.reversinglabs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
34	199.60.103.31 199.60.103.31	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	151.101.1.181 151.101.1.181	54113 (FASTLY) (FASTLY)
2	2a02:26f0:350... 2a02:26f0:3500:10::210:a9a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.18.89.62 104.18.89.62	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:440... 2606:4700:4400::6812:297c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2606:4700::68... 2606:4700::6811:f6cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:b05b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.172.103.101 18.172.103.101	16509 (AMAZON-02) (AMAZON-02)
1	18.66.102.106 18.66.102.106	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1	54.230.228.40 54.230.228.40	16509 (AMAZON-02) (AMAZON-02)
1	104.16.118.43 104.16.118.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	157.240.0.6 157.240.0.6	32934 (FACEBOOK) (FACEBOOK)
2	2606:2800:234... 2606:2800:234:46c:e8b:1e2f:2bd:694	15133 (EDGECAST) (EDGECAST)
2	2606:4700::68... 2606:4700::6810:6cfe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:440... 2606:4700:4400::6812:22e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8d11	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4e8e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:80ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:a0a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a03:2880:f17... 2a03:2880:f177:185:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
5	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:f26c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.19.175.188 104.19.175.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.80.204 104.18.80.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6813:afbc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2.17.100.210 2.17.100.210	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a04:4e42:600... 2a04:4e42:600::396	54113 (FASTLY) (FASTLY)
1	162.159.153.247 162.159.153.247	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2600:9000:26d... 2600:9000:26db:8600:9:d7d4:1380:93a1	16509 (AMAZON-02) (AMAZON-02)
3	18.194.229.254 18.194.229.254	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6812:1fb0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.5.214.35 52.5.214.35	14618 (AMAZON-AES) (AMAZON-AES)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.26.13.205 104.26.13.205	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.193.140 151.101.193.140	54113 (FASTLY) (FASTLY)
1	151.101.1.140 151.101.1.140	54113 (FASTLY) (FASTLY)
1	2a02:26f0:ab0... 2a02:26f0:ab00::214:8e70	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	44.240.141.254 44.240.141.254	16509 (AMAZON-02) (AMAZON-02)
1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
134	50

34 199.60.103.31 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.reversinglabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.181 (San Francisco, United States)

ASN54113 (FASTLY, US)

play.vidyard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:10::210:a9a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.89.62 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::6812:297c (United States)

ASN13335 (CLOUDFLARENET, US)

3375217.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:f6cb (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:b05b (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

cookieinfoscript.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.172.103.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-172-103-101.fra60.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.102.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-106.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.228.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-228-40.muc50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.118.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.0.6 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6cfe (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::6812:22e5 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8d11 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4e8e (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:80ac (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a0a8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f26c (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.175.188 (None, )

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.80.204 (None, )

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:afbc (United States)

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.17.100.210 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-210.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.153.247 (None, )

ASN13335 (CLOUDFLARENET, US)

a.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:26db:8600:9:d7d4:1380:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.metadata.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.194.229.254 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-229-254.eu-central-1.compute.amazonaws.com

snid.snitcher.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:1fb0 (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.5.214.35 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-5-214-35.compute-1.amazonaws.com

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.13.205 (None, )

ASN13335 (CLOUDFLARENET, US)

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

pixel-config.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:ab00::214:8e70 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.240.141.254 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-240-141-254.us-west-2.compute.amazonaws.com

api-gw.metadata.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	reversinglabs.com www.reversinglabs.com	2 MB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 5073 c.6sc.co — Cisco Umbrella Rank: 6994 ipv6.6sc.co — Cisco Umbrella Rank: 5182 b.6sc.co — Cisco Umbrella Rank: 3153	21 KB
8	gstatic.com fonts.gstatic.com	161 KB
7	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 3865 app.hubspot.com — Cisco Umbrella Rank: 5364 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 3922 track.hubspot.com — Cisco Umbrella Rank: 2271 forms.hubspot.com — Cisco Umbrella Rank: 5404	29 KB
6	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 240	52 KB
5	metadata.io cdn.metadata.io — Cisco Umbrella Rank: 9787 api-gw.metadata.io — Cisco Umbrella Rank: 36212	7 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 72	575 KB
5	linkedin.com 1 redirects platform.linkedin.com — Cisco Umbrella Rank: 3135 px.ads.linkedin.com — Cisco Umbrella Rank: 333 px4.ads.linkedin.com — Cisco Umbrella Rank: 5939	162 KB
4	hsforms.com forms-na1.hsforms.com — Cisco Umbrella Rank: 6802 forms.hsforms.com — Cisco Umbrella Rank: 4521 perf-na1.hsforms.com — Cisco Umbrella Rank: 4164	4 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 116	5 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 191	161 KB
3	snitcher.com snid.snitcher.com — Cisco Umbrella Rank: 78964	25 KB
3	hubspotusercontent-na1.net 3375217.fs1.hubspotusercontent-na1.net	40 KB
2	reddit.com pixel-config.reddit.com — Cisco Umbrella Rank: 1794 alb.reddit.com — Cisco Umbrella Rank: 1164	761 B
2	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 7473	2 KB
2	quora.com a.quora.com — Cisco Umbrella Rank: 6696 q.quora.com — Cisco Umbrella Rank: 4585	15 KB
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1006	13 KB
2	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2093	26 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4638 forms.hscollectedforms.net — Cisco Umbrella Rank: 4696	25 KB
2	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1315	28 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 74	2 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 829 script.hotjar.com — Cisco Umbrella Rank: 1135	60 KB
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1479 insight.adsrvr.org — Cisco Umbrella Rank: 882	5 KB
2	unpkg.com 1 redirects unpkg.com — Cisco Umbrella Rank: 889	627 KB
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 143	64 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2681
1	ipify.org api.ipify.org — Cisco Umbrella Rank: 2036	154 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 779	14 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3670	1 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2118	24 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3299	4 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 5101	24 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5164	92 KB
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4279	2 KB
1	cookieinfoscript.com cookieinfoscript.com — Cisco Umbrella Rank: 129307	4 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5460	5 KB
1	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 8318	2 KB
1	vidyard.com play.vidyard.com — Cisco Umbrella Rank: 7670	23 KB
0	anura.io Failed script.anura.io Failed
134	39

	Domain	Requested by
34	www.reversinglabs.com	www.reversinglabs.com js.usemessages.com
8	b.6sc.co	www.reversinglabs.com
8	fonts.gstatic.com	fonts.googleapis.com
6	cdnjs.cloudflare.com	www.reversinglabs.com
5	www.googletagmanager.com	www.reversinglabs.com js.hsadspixel.net www.googletagmanager.com
4	www.facebook.com	www.reversinglabs.com
4	connect.facebook.net	www.reversinglabs.com connect.facebook.net
3	track.hubspot.com
3	px.ads.linkedin.com	1 redirects snap.licdn.com
3	snid.snitcher.com	www.reversinglabs.com snid.snitcher.com
3	cdn.metadata.io	www.reversinglabs.com cdn.metadata.io
3	3375217.fs1.hubspotusercontent-na1.net	www.reversinglabs.com
2	api-gw.metadata.io	cdn.metadata.io
2	tracking.g2crowd.com	www.reversinglabs.com tracking.g2crowd.com
2	www.redditstatic.com	www.googletagmanager.com www.redditstatic.com
2	forms-na1.hsforms.com	www.reversinglabs.com
2	js.hs-banner.com	www.reversinglabs.com js.hs-banner.com
2	platform.twitter.com	www.reversinglabs.com platform.twitter.com
2	fonts.googleapis.com	www.reversinglabs.com
2	unpkg.com	1 redirects www.reversinglabs.com
1	forms.hubspot.com	js.hsleadflows.net
1	pagead2.googlesyndication.com	www.googletagmanager.com
1	region1.google-analytics.com	www.googletagmanager.com
1	insight.adsrvr.org	js.adsrvr.org
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	alb.reddit.com	www.reversinglabs.com
1	pixel-config.reddit.com	www.redditstatic.com
1	api.ipify.org	cdn.metadata.io
1	px4.ads.linkedin.com	www.reversinglabs.com
1	q.quora.com	www.reversinglabs.com
1	snap.licdn.com	www.googletagmanager.com
1	a.quora.com	www.googletagmanager.com
1	j.6sc.co	www.reversinglabs.com
1	perf-na1.hsforms.com	www.reversinglabs.com
1	forms.hsforms.com	www.reversinglabs.com
1	api.hubapi.com	js.hsadspixel.net
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	app.hubspot.com	www.reversinglabs.com
1	js.hs-analytics.net	www.reversinglabs.com
1	js.hsadspixel.net	www.reversinglabs.com
1	js.hubspot.com	www.reversinglabs.com
1	js.usemessages.com	www.reversinglabs.com
1	js.hsleadflows.net	www.reversinglabs.com
1	js.hscollectedforms.net	www.reversinglabs.com
1	ws.zoominfo.com	www.reversinglabs.com
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	www.reversinglabs.com
1	js.adsrvr.org	www.reversinglabs.com
1	cookieinfoscript.com	www.reversinglabs.com
1	static.hsappstatic.net	www.reversinglabs.com
1	cdn2.hubspot.net	www.reversinglabs.com
1	platform.linkedin.com	www.reversinglabs.com
1	play.vidyard.com	www.reversinglabs.com
0	script.anura.io Failed	www.googletagmanager.com
134	56

This site contains links to these domains. Also see Links.

Domain
register.reversinglabs.com
support.reversinglabs.com
rli.reversinglabs.com
www.secure.software
github.com
www.mono-project.com
www.nuget.org
blog.reversinglabs.com
content.reversinglabs.com
x.com
www.youtube.com
www.linkedin.com
twitter.com
www.facebook.com
www.instagram.com
cookieinfoscript.com

Subject Issuer	Validity	Valid
www.reversinglabs.com GTS CA 1P5	`2024-05-14` - `2024-08-12`	3 months	crt.sh
*.vidyard.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-04-03` - `2025-05-05`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2024-03-29` - `2025-03-28`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2024-03-06` - `2024-12-31`	10 months	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-12-26` - `2024-12-25`	a year	crt.sh
cdnjs.cloudflare.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
hsappstatic.net E5	`2024-07-06` - `2024-10-04`	3 months	crt.sh
cookieinfoscript.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2024-04-23` - `2025-05-25`	a year	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-04-20` - `2024-07-19`	3 months	crt.sh
upload.video.google.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
*.gstatic.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
zoominfo.com E5	`2024-06-17` - `2024-09-15`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-08` - `2025-07-07`	a year	crt.sh
hscollectedforms.net E1	`2024-05-27` - `2024-08-25`	3 months	crt.sh
hs-banner.com E1	`2024-05-30` - `2024-08-28`	3 months	crt.sh
hsleadflows.net E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
usemessages.com E5	`2024-06-10` - `2024-09-08`	3 months	crt.sh
hubspot.com E1	`2024-05-23` - `2024-08-21`	3 months	crt.sh
hsadspixel.net E6	`2024-06-14` - `2024-09-12`	3 months	crt.sh
hs-analytics.net WE1	`2024-06-11` - `2024-09-09`	3 months	crt.sh
*.google-analytics.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
hubapi.com E6	`2024-07-02` - `2024-09-30`	3 months	crt.sh
hsforms.com WE1	`2024-06-14` - `2024-09-12`	3 months	crt.sh
6sc.co R11	`2024-07-03` - `2024-10-01`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-23` - `2024-11-18`	6 months	crt.sh
quora.com R11	`2024-07-09` - `2024-10-07`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.metadata.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-29` - `2025-01-28`	a year	crt.sh
snid.snitcher.com Amazon RSA 2048 M01	`2023-08-18` - `2024-09-14`	a year	crt.sh
g2crowd.com WE1	`2024-06-23` - `2024-09-21`	3 months	crt.sh
*.quora.com R11	`2024-07-09` - `2024-10-07`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-07-01` - `2025-01-01`	6 months	crt.sh
ipify.org GTS CA 1P5	`2024-05-19` - `2024-08-17`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-05-30` - `2024-11-26`	6 months	crt.sh
*.g.doubleclick.net WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
Frame ID: 90A6FBC8E53028E7E12AC81AAD4619FB
Requests: 131 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.reversinglabs.com
Frame ID: 0F4BD57AACBD9A8851306B662A6AAC99
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=7qhctws&ref=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&upid=8t4axvj&upv=1.1.0
Frame ID: D0265807997B5B23E9B13D37E02BBF05
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Malicious NuGet campaign uses homoglyphs and IL weaving to fool devs

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Lightbox (JavaScript Libraries) Expand

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

134
Requests

98 %
HTTPS

53 %
IPv6

39
Domains

56
Subdomains

50
IPs

4
Countries

3897 kB
Transfer

9003 kB
Size

26
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://register.reversinglabs.com/demo
Title: Request a Demo

Search URL Search Domain Scan URL

URL: https://support.reversinglabs.com/hc/en-us/restricted
Title: Support

Search URL Search Domain Scan URL

URL: https://rli.reversinglabs.com/accounts/login/
Title: Login

Search URL Search Domain Scan URL

URL: https://www.secure.software/
Title: Developer Portal

Search URL Search Domain Scan URL

URL: https://github.com/dotnet/runtime/blob/main/docs/design/specs/Ecma-335-Augments.md#module-initializer
Title: Dotnet documentation

Search URL Search Domain Scan URL

URL: https://www.mono-project.com/docs/tools+libraries/libraries/Mono.Cecil/
Title: Mono.Cecil

Search URL Search Domain Scan URL

URL: https://github.com/Fody/Fody
Title: Fody

Search URL Search Domain Scan URL

URL: https://www.nuget.org/packages/Guna.UI2.WinForms
Title: Guna.UI2.WinForms

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/hubfs/Blog/Blog-Malicious-NuGet-campaign-goes-on-Figure-2.png

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/hubfs/Blog/Blog-Malicious-NuGet-campaign-goes-on-Figure-3.png

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/hubfs/Blog/Blog-Malicious-NuGet-campaign-goes-on-Figure-4.png

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/hubfs/Blog/Blog-Malicious-NuGet-campaign-goes-on-Figure-5.png

Search URL Search Domain Scan URL

URL: https://github.com/VirusTotal/yara/blob/4fc1ff822c11988ef616882a1a32e787359fdef4/libyara/modules/dotnet/dotnet.c#L1528
Title: skipping parsing that class

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/hubfs/Blog/Blog-Malicious-NuGet-campaign-goes-on-Figure-6.png

Search URL Search Domain Scan URL

URL: https://content.reversinglabs.com/gartner-leaders-sscs/gartner-leaders-sscs
Title: Get the new Gartner Leader's Guide

Search URL Search Domain Scan URL

URL: https://content.reversinglabs.com/gartner-leaders-sscs/
Title: Special Report

Search URL Search Domain Scan URL

URL: https://content.reversinglabs.com/complex-binary-analysis-sscs/
Title: Special Report

Search URL Search Domain Scan URL

URL: https://content.reversinglabs.com/complex-binary-analysis-sscs/complex-binary-analysis-wp
Title: RL's white paper.

Search URL Search Domain Scan URL

URL: https://content.reversinglabs.com/c/assess-and-manage-cots-risk?x=V8kodi
Title: Special Report

Search URL Search Domain Scan URL

URL: https://content.reversinglabs.com/c/managing-Commercial-Software-Risk-White-Paper?x=V8kodi
Title: white paper

Search URL Search Domain Scan URL

URL: https://content.reversinglabs.com/c/managing-your-third-party-software-risks?x=V8kodi
Title: our related Webinar for more insights

Search URL Search Domain Scan URL

URL: https://content.reversinglabs.com/buyers-guide-sscs-2024
Title: upgrade your AppSec tools for the SSCS era

Search URL Search Domain Scan URL

URL: https://content.reversinglabs.com/buyers-guide-sscs-2024/buyers-guide-sscs-pdf
Title: our Definitive Guide to SSCS.

Search URL Search Domain Scan URL

URL: https://x.com/reversinglabs
Title: X

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/reversinglabs
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/reversinglabs
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/reversinglabs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/reversinglabs

Search URL Search Domain Scan URL

URL: https://www.instagram.com/reversinglabs

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/blog/rss.xml

Search URL Search Domain Scan URL

URL: https://cookieinfoscript.com/
Title: cookie script

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 32

https://unpkg.com/@dotlottie/player-component@latest/dist/dotlottie-player.js HTTP 302
https://unpkg.com/@dotlottie/player-component@2.7.12/dist/dotlottie-player.js

Request Chain 104

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1720750365240&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&tm=gtmv2 HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1720750365240&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&tm=gtmv2&e_ipv6=AQJ9GsKkzZ2VgAAAAZCkttxW4QvRZlnEtHZH5eWnckaKiAYVZaRG-3wPeVWQhmJmbL2T_SU

134 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs Show response
www.reversinglabs.com/blog/ 209 KB
34 KB 1170ms
1100ms Document
text/html 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e61e6816281655078661b3cbcb07fda07ce89bfcb32e079eefa8e3859c6c4e3

Security Headers

Name	Value
Content-Security-Policy	Content-Security-Policy: frame-ancestors 'self' http://reversinglabs.lookbookhq.com https://reversinglabs.lookbookhq.com http://reversinglabs.pathfactory.com https://reversinglabs.pathfactory.com http://content.reversinglabs.com https://content.reversinglabs.com; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=0,max-age=5
cache-tag: CT-172717357380,CG-3375217,CG-5901382633,P-3375217,L-137874121636,L-151291886696,CW-103636562700,CW-10782554896,CW-137935116631,CW-140969871649,CW-144803306068,CW-149435964191,CW-151292754277,CW-151549639208,CW-151597054095,CW-151597569943,CW-151597570095,CW-151597990913,CW-154010290546,CW-23776629869,CW-23799638916,CW-79001037452,CW-87757605656,E-11708570900,E-137900387987,E-139051314810,E-156258291223,E-156261533259,E-164711782321,E-5951651806,PGS-ALL,SW-1,B-36295514385,B-5901382633,B-70179327783,GC-103819429689,GC-139369207705,GC-140831756371,GC-151549770891,GC-151595222825,GC-151597570069,GC-151597990813,GC-151607465033,GC-154018987956,GC-25875947801,GC-87768577627
cf-cache-status: MISS
cf-ray: 8a1d82869de2451c-TXL
content-encoding: gzip
content-security-policy: Content-Security-Policy: frame-ancestors 'self' http://reversinglabs.lookbookhq.com https://reversinglabs.lookbookhq.com http://reversinglabs.pathfactory.com https://reversinglabs.pathfactory.com http://content.reversinglabs.com https://content.reversinglabs.com; upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Fri, 12 Jul 2024 02:12:43 GMT
edge-cache-tag: CT-172717357380,CG-3375217,CG-5901382633,P-3375217,L-137874121636,L-151291886696,CW-103636562700,CW-10782554896,CW-137935116631,CW-140969871649,CW-144803306068,CW-149435964191,CW-151292754277,CW-151549639208,CW-151597054095,CW-151597569943,CW-151597570095,CW-151597990913,CW-154010290546,CW-23776629869,CW-23799638916,CW-79001037452,CW-87757605656,E-11708570900,E-137900387987,E-139051314810,E-156258291223,E-156261533259,E-164711782321,E-5951651806,PGS-ALL,SW-1,B-36295514385,B-5901382633,B-70179327783,GC-103819429689,GC-139369207705,GC-140831756371,GC-151549770891,GC-151595222825,GC-151597570069,GC-151597990813,GC-151607465033,GC-154018987956,GC-25875947801,GC-87768577627
last-modified: Fri, 12 Jul 2024 02:12:43 GMT
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hfmxiufBNdLdURA1kz5c22apJweP8mzet7pFRpVPqSeUv5TEbAXkzXsRBAqPxKpJ5ZZrgqmx8fd5NyNk%2FDjf1K7T%2FW9FiOkR1z8edyg9r1hwja5MmUyBRpxY915gipn52JPdhD6bzA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 190
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-10-19-td/envoy-proxy-64f59868fc-bczww
x-evy-trace-virtual-host: all
x-hs-cache-config: BrowserCache-5s-EdgeCache-0s
x-hs-content-id: 172717357380
x-hs-hub-id: 3375217
x-hubspot-correlation-id: de3cf224-01f3-488c-a36e-a9c9da357bd3
x-request-id: de3cf224-01f3-488c-a36e-a9c9da357bd3
x-xss-protection: 1

GET
H3 200 project.js Show response
www.reversinglabs.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 149ms
149ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:43 GMT
content-encoding: gzip
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000
age: 6082364
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
content-security-policy: upgrade-insecure-requests
x-cache: Hit from cloudfront
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lVQzZ2wRRCVoFWqDMBBauKNywKWIzMdyjZ8cGnfLEaBpo0QmLl1M5yM3ZdgMRWfQDO5dYGFpYTix9YHTdCJFPyYJ1gziwSnQsfBCJI77jSt45%2BrGG7I3HShZSxdCut%2FxCf9gH5h98w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8a1d828d89bd451c-TXL
x-amz-cf-id: vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires: Sat, 12 Jul 2025 02:12:43 GMT

GET
H3 200 v2.js Show response
www.reversinglabs.com/_hcms/forms/ 482 KB
160 KB 93ms
93ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 447
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5387/bundles/project-v2.js&cfRay=89a4df7e433b4504-TXL
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"56164b8f5dbcf6e65e555e48d5d6176a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5387/bundles/project-v2.js
date: Fri, 12 Jul 2024 02:12:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 70e40bc3fbbdbf0242115d0ef383be56.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: mnlqbpb.vUvH_hPLxl7NeOxIrfIBia92
x-amz-cf-pop: IAD55-P5
x-hubspot-correlation-id: a653c1b8-5a19-490b-8374-5eef5d74861e
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: a653c1b8-5a19-490b-8374-5eef5d74861e
last-modified: Thu, 06 Jun 2024 13:36:59 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bum4cWIL%2Bttc3uXPCwz80XDKSUSpKezZ%2BLAthoVQtvDAiZsRkI6bsfGTKLX%2BTOyoQXdYrENJABaQcrQNAmhGvgNj7%2Fc77E9GtxHV41TS7tM%2BHstt3AEfVbLxN7qM4DEfqkCXEshenA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-kt4hg
cf-ray: 8a1d828d89bf451c-TXL
x-amz-cf-id: xtyqenGSyDCDeZmNAN7cq0l8OouW834RqQ_YJ4NEdnx1lTSFb22GgQ==

GET
H3 200 tag-list.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11708570900/1704219240190/Redesign_2023/css/blog/ 679 B
2 KB 180ms
179ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11708570900/1704219240190/Redesign_2023/css/blog/tag-list.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6767c2fe6d7e1ad86580596bf56802fe8bdd92698be3ae701f5f9d440aa1339f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 83ES523N75QDKW17
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"e2fa49efde00550874fc59a5334066f9"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1704219240879
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 9b097dfab92228268a37145aac5629c0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: m2JlYhkcTT5eJjT5qHpTHCGbuM7xJSYv
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 0fcfa45d-6204-49b9-a4a7-98efa61a0fa7
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 177
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 3+sxzIlNRTIYYfOy8p6adqR0Qs+zisNweA+BKFI/EBf4tllZ5UCgTWlJrIlAmU/caNbEYG1bjH0=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 0fcfa45d-6204-49b9-a4a7-98efa61a0fa7
last-modified: Tue, 02 Jan 2024 18:14:01 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JSnv%2B%2B6LDqZSs%2FnohJNgMd35ez9mzKLMnW2s0tMgjEXahn5pX7%2FYdclHRJxIrA6qmHBkLV0636THgLUCqPRhDcPQbUtvxp1DHhAbp3iU7MGzZHl0%2FCZk5FncxQ6k8ZFi0bRoZ6Su4w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-x5qbk
access-control-allow-credentials: false
cf-ray: 8a1d828d89c0451c-TXL
timing-allow-origin: www.reversinglabs.com
x-amz-cf-id: id67Ur5CtyvdaGN-HSojCLeXZ0WjSHwdmnsGOy0FhRZf1yMMlbGqXA==

GET
H3 200 module_103636562700_Footer_Categories_Text_-_global_-_stage.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/103636562700/1704221872335/ 89 B
1 KB 180ms
179ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/103636562700/1704221872335/module_103636562700_Footer_Categories_Text_-_global_-_stage.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

350dfd290fcaf704accd61883b7d6dd6e2fcb8d6f10c747ba96707c20bddc000

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: DW9GC1Y8VKMESDKF
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"0e24424bd7a91e1adc940105ffcd26d9"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1704221872335
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ZOZlbLZSyRAVjdWaJ.Pa_7VPoYKdfw72
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: f7411fe2-b32a-4824-ae72-a1369f500b64
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 176
alt-svc: h3=":443"; ma=86400
x-amz-id-2: e/UoIa3HJMhWJnznYTcotD7CIiQ398ptSTGEfGj7eiqXpt54Sy7EJFk8k5z1Sv/AllPr3CxBZrs=
x-evy-trace-route-configuration: listener_https/all
x-request-id: f7411fe2-b32a-4824-ae72-a1369f500b64
last-modified: Tue, 02 Jan 2024 18:57:53 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EfivH1bjI9h8bsZvR0lLANj%2FiEVE4wM%2BYS2whS9JwQt%2FiO%2BhkUekSfUL%2BdU%2ByeEIxhAVQvf2AHuhVyoB7TC74Eq2v0mibEcuvEpcysKmhnNRqGJN1G4akAFYTOLMDKC0hn1og1Ew4A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-x5qbk
access-control-allow-credentials: false
cf-ray: 8a1d828d89c2451c-TXL
timing-allow-origin: www.reversinglabs.com
x-amz-cf-id: BPUI9Ee6CD8-NOLpQDzG0TyU51qfwJ4H8OaScktpfI3f17p_EYY2pA==

GET
H3 200 module_87757605656_Footer_Categories_Blog_Listing_-_global_-_stage.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/87757605656/1704221991640/ 83 B
1 KB 180ms
179ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/87757605656/1704221991640/module_87757605656_Footer_Categories_Blog_Listing_-_global_-_stage.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

77af0a963d2016e3165d4e70050e60f0054e70ed0dba5ae5c2be14bcccbff207

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 6NFG4AC8HSV99BCY
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"7a2a8d16729e44cc5588c37604841314"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1704221991640
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 50f5f6b4e0025748bb74dce1db44c750.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: JClTVOGSysB.wU8UI69LU_2ZN01jOavM
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 2ab72849-9e4f-4a0d-b8f5-3038fdb3c1bf
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 184
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ZlEa8ChpjzJZQ7AYUD3lT8bnkGhFZl/3jLlFVk2BT69Ox3x+H2qdiLm76G7N3RIH4MP/oJIFeuTdvKbX69ZzGA==
x-evy-trace-route-configuration: listener_https/all
x-request-id: 2ab72849-9e4f-4a0d-b8f5-3038fdb3c1bf
last-modified: Tue, 02 Jan 2024 18:59:52 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ijm09qaG%2BeFKF%2B587sfwgJ3Sc3zXsf73DHKT66BrUhJ8MOQWbgFOUMUZN79P6or%2BBTwrQ2xa5sGh0aUyDwTfUEPuI4XkF7k4BC3qEHW5r5FkLKQokHz57xSTbcGSirivHzuwh%2BtoKA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-jn7vt
access-control-allow-credentials: false
cf-ray: 8a1d828d89c4451c-TXL
timing-allow-origin: www.reversinglabs.com
x-amz-cf-id: vAEf7RDiDOnAPxISOd6j4fwzpWmeLkbfkYDOCDw4YRyycKy7KjpLaQ==

GET
H3 200 blog-listing-cards-stage.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/156258291223/1713351281045/Redesign_2023/css/blog/ 276 B
2 KB 180ms
179ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/156258291223/1713351281045/Redesign_2023/css/blog/blog-listing-cards-stage.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d58a239de270c77f029acf34f953155d505bb414b58d9aab5d9d2f3aa315d376

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: C4YG30F2FHV8A77Q
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"3cfa2a4bcdfc14ee98512abb831ec400"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1713351281662
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 99baebf4b5bb631267dcfa82456151cc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: mwoJkbZG4Hm6TC6qIV75ftJsud9D5lLP
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: f7be5a20-b2f1-4e9e-b5f3-48619f6cf7b8
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 186
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 554bZUblmkFegB65RGlDta1dprl01WG2p3GtPXH5DjuHCIn/qpDZ4d09Y808vsMkNGZZ15Hj+kc=
x-evy-trace-route-configuration: listener_https/all
x-request-id: f7be5a20-b2f1-4e9e-b5f3-48619f6cf7b8
last-modified: Wed, 17 Apr 2024 10:54:42 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aUCl7e7ehnuTB%2BkZZXu2zkK91Eehm09QobjkI0Qw97%2FuOGbRfcpr0GUbWMCqXrozYpghmRN6InnOcbwzj8VndOwx1tALmV0viIv0JxoyVLRJsWUaVfbgT%2F5VspG1ZakfZ97QQuse%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials: false
cf-ray: 8a1d828d89c7451c-TXL
timing-allow-origin: www.reversinglabs.com
x-amz-cf-id: PoOcPqf7dRfIpQEkNoTyDCqS8QLO_R4XF6rKjfXb6W4E0yMjfWzelg==

GET
H2 200 v4.js Show response
play.vidyard.com/embed/ 70 KB
23 KB 133ms
40ms Script
application/javascript 151.101.1.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/embed/v4.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.181 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

170d7b2dda1cde0aad9938ebc0e3f7f1e08b01221eead69e14784fdb089543b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits: 458
date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 148151
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 23041
x-served-by: cache-fra-etou8220042-FRA
x-china: 0
last-modified: Mon, 27 May 2024 17:23:30 GMT
etag: "ce0d570084d38bcc12da3fb96d2c4cba"
vary: X-China, accept-language, Accept-Encoding
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 188ms
40ms Script
text/javascript 2a02:26f0:3500:10::210:a9a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a9a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

87d049fc6d16da1f81063235c0e3d31a4656800cbbdca8277d6ae56614a52aba

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
server: Play
x-li-pop: prod-lva1-x
x-cdn: AKAM
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-lva1
cache-control: public, max-age=3600
x-li-proto: http/1.1
content-length: 163630
x-li-uuid: AAYdAtWUSJtwCjIX9VhwiA==
expires: Fri, 12 Jul 2024 02:31:10 GMT

GET
H3 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1720723148034/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 124ms
77ms Stylesheet
text/css 104.18.89.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1720723148034/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.89.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
age: 16268
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"fda5882b24ca5a84d04d090722dc713b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1720723148686
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: de86eac4-802b-4c75-9b4f-58837f6036c9
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 239
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: de86eac4-802b-4c75-9b4f-58837f6036c9
last-modified: Thu, 11 Jul 2024 18:39:09 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WrPcdM9VLjkW%2FmR9EVFpl9Hy4gnB59dabm%2FTuRG5pEuhX%2FvGfdi5PrlpRRO14xaxir3lwkNgGSwoZDBR0mWwvmRTCkgWChFyufUA1VFo9feop0pwREzNTuUgkBLU%2BI6vYTg%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-7bc58b7fb6-9fg76
cf-ray: 8a1d828ddbba6a78-TXL
timing-allow-origin: cdn2.hubspot.net

GET
H3 200 RL-custom.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/5951651806/1720439988722/Reversinglabs_July2018_Theme/Coded_Files/ 12 KB
5 KB 180ms
179ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/5951651806/1720439988722/Reversinglabs_July2018_Theme/Coded_Files/RL-custom.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1fd7c4306f905dd7c185853f3ea95970a8e6e791952279f1d980c3922affa8e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
x-amz-request-id: VP66MNRM70G77NCM
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"16c6a97700df7b888edb18522202f043"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1720439989427
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:43 GMT
via: 1.1 64c95802ff188dd41dd32c313bef089c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-amz-version-id: LjWGXd0x2gLJ08dvsNrgNDd1NPvIu16M
x-cache: RefreshHit from cloudfront
x-hubspot-correlation-id: 14cb31bc-8840-47a9-870c-ed412a520889
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 164
alt-svc: h3=":443"; ma=86400
x-amz-id-2: wBjPuitRmMsWhWMIbLay0sskxj/8SRcRL140IORI7p1fJnjHkjq8z4Pbwti3dXMeiVH/lQLeC20BxvC6J/Pm+YI3CBCZSIowTIb+xBbUta8=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 14cb31bc-8840-47a9-870c-ed412a520889
last-modified: Mon, 08 Jul 2024 11:59:50 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qp3NZMNBSLDx4iiuRR2IR1JGa3lm2PxTxpsd9xKBIGcLDiwuvC8UZUpzh0snnNXniVOZJ0M3JVfW%2FjgObW3E%2F4f394vqIBx4bY606JTO3sz373QxWDLkQz%2FcH6Jl6vDIwFkyyDTx%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54bddf99d6-4fh2w
access-control-allow-credentials: false
cf-ray: 8a1d828d89ca451c-TXL
timing-allow-origin: www.reversinglabs.com
x-amz-cf-id: 4US11iPifrxD_rqpQfCQ654etuom2hBx32bPgFXzFyJiPxwPw6cCig==

GET
H3 200 main.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/137900387987/1720712931284/Redesign_2023/css/globals/ 83 KB
22 KB 91ms
91ms Stylesheet
text/css 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/137900387987/1720712931284/Redesign_2023/css/globals/main.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

79352e30a9fe7e78ee8924721ad55392be75dc93060fd370875da6c66a52f82b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
x-amz-request-id: AHNC3Q44D32SAQPS
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"561103666554473dea939f2ab5d51174"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1720712931284
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:43 GMT
via: 1.1 d1cde188ada6755fe03b8541b71fce4a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: WW1FZRLJWSM5E1Dkr_X_GNd86BKQDqjP
x-cache: RefreshHit from cloudfront
x-hubspot-correlation-id: 09e1fcbe-9d61-4351-916b-c4f28498b3f3
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 159
alt-svc: h3=":443"; ma=86400
x-amz-id-2: n9fSVGITDi+oC15VW0E5+5yoBFEpDRzEep2ydiKwPNVePhxuEL+wm+ZDa46nK1BJUWzlcJ8buRk=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 09e1fcbe-9d61-4351-916b-c4f28498b3f3
last-modified: Thu, 11 Jul 2024 15:48:52 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5iYhpDg02iW%2FXaAntvsRpuSv6VBcrAsU5UnK8WpNNC8%2FVdg2Gdz7qfUMkeeh5Yoa1pV9%2FQTRKDY8YCZfBeq74KnYQcupg%2BBFJNnq%2F96h5Ts003WG6sJNXVLarmcZJBByULxNzG7VDw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54bddf99d6-bsggk
access-control-allow-credentials: false
cf-ray: 8a1d828d89cb451c-TXL
timing-allow-origin: www.reversinglabs.com
x-amz-cf-id: FmcKFRhmkNt2bNkTOk70-9mdjE1Z3TiqOtb8ooi_qFfHxLMafuOMzw==

GET
H3 200 rl-logo-long.svg
www.reversinglabs.com/hubfs/RL%20Logo/ 6 KB
4 KB 180ms
179ms Image
image/svg+xml 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/RL%20Logo/rl-logo-long.svg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

da0183f97db8d8d2af9a74abfdf38270689dec5cc34c7b0ec229ba69e9bcc756

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-141442306568,FD-6244989567,P-3375217,FLS-ALL
age: 1530023
x-amz-request-id: GAVJWEXZRH7NHK4M
x-amz-server-side-encryption: AES256
edge-cache-tag: F-141442306568,FD-6244989567,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"d4a2965692559440f150bd2f13f6e019"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1697983483504
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 1c6954b6a2b349a78fb0daa669c3e984.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Ny5kNhA6D3ymMFZxy2PPRX0g0w0iXW.D
x-amz-cf-pop: VIE50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-141442306568,FD-6244989567,P-3375217,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: W3UwmFYlzw0xZA1TaGZH/FPuJFYZHOHCRftLevcrQRCr/tHeD2xYwxfVPJE27HpIpGfAPj+7VrU=
last-modified: Sun, 22 Oct 2023 14:14:23 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b1ljqSR%2BO23frvavTpeXU0v3Pdf3ZU7URzGn6hj%2FAqPSvnOX7BYMGXiuKudcP71SQxgooiOqdRQLExcF9n8vt%2BM%2F2js2eZlYFp6ob2FZLm0Oc11WFmiDiSFruCtev4GA0Xavviy5cQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8a1d828d89ce451c-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: fwKqPgY3jS7kolfMeh2QJMfFHkdvP_Ikat79Sr1TGtFtFkcyu_FMwg==

GET
H3 200 karlo_zanki.jpg
www.reversinglabs.com/hubfs/Imported_Blog_Media/authors/ 18 KB
19 KB 181ms
180ms Image
image/jpeg 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/Imported_Blog_Media/authors/karlo_zanki.jpg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

262c51d03e4bdb5c91511e2df131b608a522b7a96c6a89048ceb90084b3402dc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-24367560330,FD-8444884887,P-3375217,FLS-ALL
x-amz-request-id: NHTC9WY3NF4TVC17
edge-cache-tag: F-24367560330,FD-8444884887,P-3375217,FLS-ALL
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "c40419dee622f0738b5c1f8a5152db50"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 ee464261ee466fae8314a91098b35372.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: lfcykLsw0R1YXz10xZ03n4UPI8BPc.OS
x-amz-cf-pop: MRS52-P2
cf-polished: degrade=85, origSize=90381, status=webp_bigger
x-cache: RefreshHit from cloudfront
cache-tag: F-24367560330,FD-8444884887,P-3375217,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 18276
x-amz-id-2: LwDWG31gRnpglT+Dt00yGnIZjVzksd34mRvtWZJtSH+vQ7pOOML+CSdMRTdCFC9dD/XCIUNEGU42VmnZ7jBkPg==
last-modified: Tue, 14 Jan 2020 16:45:17 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H9vP1nJmezjGPx8Qqd4nhv%2BJxh1c2S%2FNsTT7DFREo8h%2FEdJ7MlEnzqmNa5obzvn2iqgxEx9OrIZw7tF7AfzXXKqZaYSRpR6TRW7H9pLrre3KT21R7%2Bgq0C%2FfJUI5iNgeifij%2BO55Vw%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8a1d828d89d0451c-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: B_Tqn9eG5cPjGgq4yCoSgp3oblVt-W2zKRnhQv_rqCwZ6lIZxUzx-w==

GET
H3 200 Blog-Malicious-NuGet-campaign-goes-on-Figure-2.png
www.reversinglabs.com/hs-fs/hubfs/Blog/ 10 KB
11 KB 90ms
89ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/Blog-Malicious-NuGet-campaign-goes-on-Figure-2.png?width=1400&name=Blog-Malicious-NuGet-campaign-goes-on-Figure-2.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

112e04a9a68473c84a6f4707484a895bf43250cda052d6c44fcdfd61290dd973

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
strict-transport-security: max-age=31536000
via: 1.1 02f18a297253b2e336ff43d5a9bf889c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-172632887306,FD-11822274822,P-3375217,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 10576
cf-resized: internal=ok/m q=0 n=777+0 c=2+35 v=2024.6.0 l=10576
last-modified: Wed, 10 Jul 2024 15:02:16 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfvP2PeKNP9rrDIVr4pXnQ8kp6G4ubIV2ePdeCXg6EDQ:a0f3d5538b00bd5ac9a520df6857c438"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tipaes4ooRBsJ35mlNtUBrwwuS8hJ1lP5ozDOtDnw8bMdu6jTDNXHybQluvHkuAjfXdA2QJhKJHPle5O%2F1LVz%2BTaBnermVzj0KeJtLYriHi%2BAo1GJnYDDbTcdezvLQXtWw7Jj3iZYw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8a1d828ebbf8451c-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 Blog-Malicious-NuGet-campaign-goes-on-Figure-3.png
www.reversinglabs.com/hs-fs/hubfs/Blog/ 72 KB
72 KB 93ms
93ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/Blog-Malicious-NuGet-campaign-goes-on-Figure-3.png?width=1400&name=Blog-Malicious-NuGet-campaign-goes-on-Figure-3.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

316659528f351f3ec5635641f8930279efff68ab8f4f48387e0bfad68a6d914f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
strict-transport-security: max-age=31536000
via: 1.1 3819bdccafa1c9757fb28029ca406092.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-172633103511,FD-11822274822,P-3375217,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 73408
cf-resized: internal=ok/m q=0 n=778+0 c=11+210 v=2024.6.0 l=73408
last-modified: Wed, 10 Jul 2024 15:02:18 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cf4dSfH0MwbPMdHVzLbp8jR36RG4ubIV2ePdeCXg6EDQ:d0bb6871f37a682ca973b8dd6b3fad26"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xwQCY33slnRxvbIcUnKjXly%2FZ96nvufOzdgDlUn39pZVtxIxn%2FEWBjzdsas19Csk6yRPM4jyaFjN8mgqLTcHLNufdIAsM%2Fg47y5h7R%2FHbPOA0LsFRqgQ%2FvC3Q6bybhIKTCBrag3eBg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8a1d828ebbfe451c-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 Blog-Malicious-NuGet-campaign-goes-on-Figure-4.png
www.reversinglabs.com/hs-fs/hubfs/Blog/ 311 KB
312 KB 117ms
117ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/Blog-Malicious-NuGet-campaign-goes-on-Figure-4.png?width=1400&name=Blog-Malicious-NuGet-campaign-goes-on-Figure-4.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c9a75774902f13673b3465d48f40aa9ef4ad8a2dff8bb64f359c6a6d85ed45d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
strict-transport-security: max-age=31536000
via: 1.1 40a902f286563915aea80584452db576.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-172633132399,FD-11822274822,P-3375217,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 318510
cf-resized: internal=ok/h q=0 n=100+0 c=44+344 v=2024.6.0 l=318510
last-modified: Wed, 10 Jul 2024 15:02:29 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfSCvg4kO6jj8TmVHZ4GZGZRs5G4ubIV2ePdeCXg6EDQ:09e3d8cbc4b07e10fc3ed402cddee8cd"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I4KTJ0Wla%2FMX3CjaCGuWXqJQzhamLawfUN03LMTVHWCoCxOV1td9sX7NhWihQn6GPzGPFLfguIWgW2k4we6l2vJz4lT6u9zU8NzpOOzonml%2FNka1QSeyXD4L7Qkwk0si396hTTafxg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8a1d828f4ccc451c-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 Blog-Malicious-NuGet-campaign-goes-on-Figure-5.png
www.reversinglabs.com/hs-fs/hubfs/Blog/ 63 KB
64 KB 124ms
122ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/Blog-Malicious-NuGet-campaign-goes-on-Figure-5.png?width=1400&name=Blog-Malicious-NuGet-campaign-goes-on-Figure-5.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

66c878263a4da1e8bceed109ec6c40426d581601ac339c977f9dc01ac2a4866a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
strict-transport-security: max-age=31536000
via: 1.1 b6fbc074b6a76c1767be39d5e3a2839a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-172626296482,FD-11822274822,P-3375217,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 64630
cf-resized: internal=ok/m q=0 n=761+0 c=11+106 v=2024.6.0 l=64630
last-modified: Wed, 10 Jul 2024 15:02:18 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfbplro0AA3PxMEg4iSGM8qEf_G4ubIV2ePdeCXg6EDQ:aca91b236c0b634ccf566242b2ba7511"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gyMhbleJRyOXX4TSss7AwrRKhdXsHODupd0qn6MV7uvGdsGAxKzgz%2BcgzpNGykgd6%2BX%2FEnuAjeMLVoVrmDP%2Ftev40SDs1REniqLzq4hkFyjF9qRwVZDTrDwEMqx3oHnyvPTry%2BU1qw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8a1d828f7d15451c-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 Blog-Malicious-NuGet-campaign-goes-on-Figure-6.png
www.reversinglabs.com/hs-fs/hubfs/Blog/ 84 KB
85 KB 150ms
148ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/Blog-Malicious-NuGet-campaign-goes-on-Figure-6.png?width=1400&name=Blog-Malicious-NuGet-campaign-goes-on-Figure-6.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc30e5ac2673ee4b7308fc4f6f574f22653f2a6e85cb93a99101280294454009

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
strict-transport-security: max-age=31536000
via: 1.1 28ca17b64df04e89cdcb9c061b0e8072.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-172625887588,FD-11822274822,P-3375217,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 86146
cf-resized: internal=ok/m q=0 n=658+0 c=6+161 v=2024.6.0 l=86146
last-modified: Wed, 10 Jul 2024 15:02:19 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfI0CaOQCOhZo8oOBHUj0cbQ8-G4ubIV2ePdeCXg6EDQ:bf0d2bb0b50da694551129cb93632625"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uFctFyb2vaJU1FLckC02s6giHj96n85Un3cmFwJ9ioHgvRoZiX0WJwl6NPaS%2BV2ccvhdvcLD29dUxLmjB6s1PqR%2B168cxrSjpHNu38xzB4Ry%2BaeGKsNd5cG094bOvo4%2BJwg%2Bi8FY9w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8a1d828f7d17451c-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 Malicious-NuGet-campaign-uses-homoglyphs-and-IL-weaving-to-fool-devs.webp
www.reversinglabs.com/hs-fs/hubfs/Blog/ 28 KB
29 KB 204ms
202ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/Malicious-NuGet-campaign-uses-homoglyphs-and-IL-weaving-to-fool-devs.webp?width=480&name=Malicious-NuGet-campaign-uses-homoglyphs-and-IL-weaving-to-fool-devs.webp

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8a778f26aa1bb1a30c122dc60348955a16c5827a1fe82b0f7a546f8691e07b6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
strict-transport-security: max-age=31536000
via: 1.1 7c67d002cb723179087e7a16d8fc7bae.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-172633132396,FD-11822274822,P-3375217,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 29170
cf-resized: internal=ok/h q=0 n=14+0 c=13+35 v=2024.6.0 l=29170
last-modified: Wed, 10 Jul 2024 15:02:27 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfEGOW58cRYuxpvHGNrLOzmjrdzQG3Dz_JuxJXtzypDQ:82e49c025398be37e47c7bd4c0a6803c"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cpf7JdRZ%2F7iI8uhVFys%2F%2FSnRaI2sxS57HMFF0HeXPO4NlkLRpfm%2FQ470D4iwITrWtKBuRIXYFx3A0QLfr%2Bou%2BzsMfQ2wN2ptUUhMkZTDburnzy1bihzYCcmRkjsakLsbzCumJR5%2Bew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8a1d828f7d1a451c-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H2 200 state-of-devsecops-upgrade-appsec.jpg
3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/ 11 KB
12 KB 269ms
175ms Image
image/webp 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/state-of-devsecops-upgrade-appsec.jpg?width=480&name=state-of-devsecops-upgrade-appsec.jpg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb05c32e8ab63eafd9a01d00b47e635edc2d53b0269a0650c4e1818ec2817689

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
via: 1.1 263d97c176fc51d1d08116820c013de4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-171177063040,P-3375217,FLS-ALL
content-length: 11552
cf-resized: internal=ok/m q=0 n=404+0 c=8+27 v=2024.6.0 l=11552
last-modified: Mon, 24 Jun 2024 20:40:43 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfAV99BFlsaW2j3y-HFy2-IG6WzQG3Dz_JuxJXtzypDQ:cb88897b5ae067b36d4673e37b08a47f"
vary: Accept, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8a1d829098ae65c4-FRA
timing-allow-origin: 3375217.fs1.hubspotusercontent-na1.net

GET
H2 200 Blog-Gartner-cover-1.webp
3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/Blog/ 19 KB
20 KB 273ms
179ms Image
image/webp 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/Blog/Blog-Gartner-cover-1.webp?width=480&name=Blog-Gartner-cover-1.webp

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c72a76026111d8d71ae586c7272b29fe92e33154f545d2f5fa5f8a784bd6c681

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
via: 1.1 dd169cfdbbafbb3da513bede6bc6640e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-172601156191,FD-11822274822,P-3375217,FLS-ALL
content-length: 19908
cf-resized: internal=ok/m q=0 n=198+0 c=11+34 v=2024.6.0 l=19908
last-modified: Wed, 10 Jul 2024 11:25:17 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfIQyoTfsgc4tggaftsebAIRrVzQG3Dz_JuxJXtzypDQ:98eae7f88b8714e628d589881db9157d"
vary: Accept, Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8a1d829098ad65c4-FRA
timing-allow-origin: 3375217.fs1.hubspotusercontent-na1.net

GET
H3 200 SSCS-Report-2024.webp
www.reversinglabs.com/hubfs/images/ 45 KB
46 KB 154ms
152ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/images/SSCS-Report-2024.webp

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cfd62a134cdab910bf1fde5f6aee5b28bb00d29b020ddcb53fbd3d437043256

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-152712655442,FD-41794900664,P-3375217,FLS-ALL
age: 392735
x-amz-request-id: 69TH63AH067D7WEP
x-amz-server-side-encryption: AES256
edge-cache-tag: F-152712655442,FD-41794900664,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "7b754ec9dc936126046ce5ce3d7ca92f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1704982035707
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:44 GMT
strict-transport-security: max-age=31536000
via: 1.1 4b2484d6f9d7f95a0e92598c0f620970.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Yn6XqCw8xwH.yxLDoBVTERKuw.ntdIYX
x-amz-cf-pop: WAW51-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-152712655442,FD-41794900664,P-3375217,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 46104
x-amz-id-2: B61ZD987X9O0jK9nZsN2wWc20fqHgKkInjoHcRDoaQCCTYYriDk0QvQY1s2ZqOUaC+SUUyluFgM=
last-modified: Thu, 11 Jan 2024 14:07:16 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Xi3P8Zhv%2Ff8t%2FTMr%2B34MZHs0I96AZykZyxAKN313t9EpuB0p8k2aWxaaiyOljXW%2BQBsU4lvSxAJQSybjazDGPHyl1TlfAsEgt4jdwzGxRVVUYepRYwo4pMgAUHYpkFdhXSguD09GA%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8a1d828f7d1d451c-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: 99jAIxwsAMpUkkUratYv-f67BxDplqyYmIgXBWAI0nd_AjFZV1BmHg==

GET
H3 200 1400x732%20-%20HubSpot%20Featured%20image-Jun-24-2024-08-55-42-3218-PM.png
www.reversinglabs.com/hubfs/ 427 KB
428 KB 155ms
154ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/1400x732%20-%20HubSpot%20Featured%20image-Jun-24-2024-08-55-42-3218-PM.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0064c2da72d80b01589d488459021d045fefd9a5fd2826d4229b79705057b6ec

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-171177059246,P-3375217,FLS-ALL
x-amz-request-id: QPEYBJQ00KHEKJG3
x-amz-server-side-encryption: AES256
edge-cache-tag: F-171177059246,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="1400x732%20-%20HubSpot%20Featured%20image-Jun-24-2024-08-55-42-3218-PM.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
cf-bgj: imgq:85,h2pri
etag: "7d55ec3b2d2c3c3f46772990e27febd4"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1719262542321
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:44 GMT
strict-transport-security: max-age=31536000
via: 1.1 ab94358e0d2d36f8b4f6ff94645b8b38.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: CC1EBkb84.F7fgH4DPotWV_puw5QlYuk
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=736088
x-cache: RefreshHit from cloudfront
cache-tag: F-171177059246,P-3375217,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 436816
x-amz-id-2: bWMMzWfDZZHKMaKKWjt/rZ6JM+e/Q7J461X+kvzrgysuH0Mswb4gTaTAP6zWoabfHHA0gY9Pc9px/JajM3E85ZuW7VzkJr+g43BPnfhPg+U=
last-modified: Mon, 24 Jun 2024 20:55:43 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hqn22neYK5reyfTXl6wu1%2FD1K%2F1UMTwdvBDhvD%2FHL6PDDuIxzQygf%2Fz53U1iR%2B%2B13LjZOItUYTLkKrdVYXcHDy8%2FM6jWCxrF9hpfc888G7p7cqrKkNLQglVhmr37qQXAB1Y%2FWQCtfw%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8a1d828f7d1f451c-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: cRtZTWg1jINhSumi9-H7mO_uYAhpUMjQ0Z39VAoioX5g3Q2gswFkBg==

GET
H3 200 1400x732%20-%20HubSpot%20Featured%20image-4.jpg
www.reversinglabs.com/hubfs/ 87 KB
88 KB 184ms
183ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/1400x732%20-%20HubSpot%20Featured%20image-4.jpg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5727706148501a5619adffc52a8da8793c342e06b263a279dbe770fbfa720c11

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-171481962843,P-3375217,FLS-ALL
x-amz-request-id: 2A4RBF430VNTXEPW
x-amz-server-side-encryption: AES256
edge-cache-tag: F-171481962843,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="1400x732%20-%20HubSpot%20Featured%20image-4.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
cf-bgj: imgq:85,h2pri
etag: "73d4ed6f2f86499de4f1d5e252cb2b20"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1719497993103
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:44 GMT
strict-transport-security: max-age=31536000
via: 1.1 2c9382933d14baedd47f7fd736589872.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 0L_Uk3HK1PGyOXnWX.tyUtnsQymPTgRp
x-amz-cf-pop: LHR3-C2
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=275271
x-cache: Miss from cloudfront
cache-tag: F-171481962843,P-3375217,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 89152
x-amz-id-2: 9j5NXV7545UnmdMqTjDfu+4KlbTHVUVuL/zc0juCnj+6AzCbZhMhv2kxpPAcvw47A31l4SbBStEEmOtOMLW2lYufKlwiQERp
last-modified: Thu, 27 Jun 2024 14:19:54 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SVVR3%2BMZfypX%2BQrHDl8oszx%2FbRFQuzBVKZGxcwiSwx0bJeSntoN%2FmGsIOW9es2%2FIJ2GLjhBV5bNjEbnfCY49LecxJAlwzF7MJkP9UfVKNdq5I1eGxobUGQuGpNzc7ikcVIU%2Bv%2F4DWg%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8a1d828f7d20451c-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: ffDfNTZX_ByiM6jWmWuZ0ZIlXSdnKaH4rJbGDbj423RVkS6OrbXTnw==

GET
H3 200 ConversingLabs%20for%20Social%20and%20Featured%20image-03%20%281%29.jpg
www.reversinglabs.com/hubfs/ 56 KB
58 KB 186ms
185ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/ConversingLabs%20for%20Social%20and%20Featured%20image-03%20%281%29.jpg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f153110f5d653ddb101c545c539d99648e6a152919b26be74d76078f8a65da41

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-168052187032,P-3375217,FLS-ALL
x-amz-request-id: RQNF11NW47D9Z752
x-amz-server-side-encryption: AES256
edge-cache-tag: F-168052187032,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="ConversingLabs%20for%20Social%20and%20Featured%20image-03%20%281%29.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
cf-bgj: imgq:85,h2pri
etag: "9a69fab675c825b36082686159084620"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1716300924048
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:44 GMT
strict-transport-security: max-age=31536000
via: 1.1 80bcffad35f0e189a9bd523dae37d460.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: A1LeUYykOgwr.SwmHp42KQRY4LZiPGLO
x-amz-cf-pop: WAW51-P1
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=272240
x-cache: RefreshHit from cloudfront
cache-tag: F-168052187032,P-3375217,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 57818
x-amz-id-2: Vl38X+Ey2SgsWUkAvw4wqaYqNygSeF2F6UuvpKYmESa2FE5+PbmPSDAEn06KTYxyIZWM2oFek0E=
last-modified: Tue, 21 May 2024 14:15:25 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ZRV8OqYb1ooEEzYKKFJKEf9i%2FkR%2FXf2S2F9nu57%2BLt5DMjCrHLggV85QOmzVtiESe8xVzSrsDflLfi%2BpfHfkRJBjw5D7gd9s3c5LPVRDRz16mcD5EzsNvqcg7PFgi%2BBNm3tFTRVFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8a1d828f7d26451c-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: SNxHbh0VzCR9FjmrW26lCCef9QvdK75HkUK0X6ssQMk1mdZ_12QvGA==

GET
H3 200 ConversingLabs%20S6E4%20-%20Danny%20Adamitis%20-%20Web.png
www.reversinglabs.com/hubfs/ConversingLabs/ 46 KB
47 KB 189ms
188ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/ConversingLabs/ConversingLabs%20S6E4%20-%20Danny%20Adamitis%20-%20Web.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8173ccfac5e779a6878c865cad048f0eeac20cd305737a72828cce37c981bbfa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-158903348334,FD-69168798251,P-3375217,FLS-ALL
x-amz-request-id: 67R45J283HBW3KWS
x-amz-server-side-encryption: AES256
edge-cache-tag: F-158903348334,FD-69168798251,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="ConversingLabs%20S6E4%20-%20Danny%20Adamitis%20-%20Web.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "3b67a8f4aed5c870712dfee9baff71aa"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1709228249935
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:44 GMT
strict-transport-security: max-age=31536000
via: 1.1 f2b02f5afeb695ea85b659be98f49e92.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: IRVDTCPSOuSsk0gvHzxGi_tC7lP2BTMb
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=99009
x-cache: RefreshHit from cloudfront
cache-tag: F-158903348334,FD-69168798251,P-3375217,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 47010
x-amz-id-2: VCIMEdD8qyCdD2g0vezblui58BdeS8xCTJxckvYk5j7rixCbjUJKHom3hNuTiw6qAEeFXwNrxZo=
last-modified: Thu, 29 Feb 2024 17:40:52 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nAadjkjpQNy6uYD3%2Bi3IKCYGKx%2BExVaEEeLSSKBS6fIOa4erjqmJqQX5t5ebR4xLBcHsH2YW3DZnZzXwClOgEVkm4E8883mUuDjS6J5xfl6mFekSFjUDehLJKFyZ9%2FN8Ky5vOmgEyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8a1d828f7d28451c-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: YeepAPIFY4dsGvMiO5bKb8ciuKVPHFGBZU22LOgjx54Hmx0S8FbyAg==

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.7.0/ 85 KB
27 KB 131ms
86ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.0/jquery.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.reversinglabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 192352
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27437
last-modified: Sun, 07 Jan 2024 20:26:00 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "659afac8-6b2d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1BJD1AeVYvWtoKwki5oHut3QytjoDnjDVawP%2FfjH12298BojTbd1J9PX5zjxOR%2FyW0h%2FItMk24YflPY7vDKH3lkBM1%2BFdIDsbRPxEY7rxkyTihzTeOzCg2ao0vGa4eqX3SfoClLM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a1d828fbd0c2c53-FRA
expires: Wed, 02 Jul 2025 02:12:44 GMT

GET
H3 200 js.cookie.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-cookie/3.0.5/ 2 KB
1 KB 82ms
48ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-cookie/3.0.5/js.cookie.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

582cc085dd8fea044917d1efde838e77e845262fd025bbfe0339f808607c81f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.reversinglabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 893585
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 740
last-modified: Sun, 07 Jan 2024 07:24:00 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "659a4380-2e4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h9rI2N%2FZ1cx1aL6a0s%2BADBDhgwfGFJPur17p3Y8YW24pxbaF2QiERondN0NyXiMz3QkECCTq7oBhoE0pip8QhdNZsLIzUcPmDIIpfm7nymqq6sJWQqQp55vSQhdHTOxLuhL8iASo"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a1d828fbd0b2c53-FRA
expires: Wed, 02 Jul 2025 02:12:44 GMT

GET
H3 200 tiny-slider.css
cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.4/ 2 KB
1 KB 84ms
51ms Stylesheet
text/css 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.4/tiny-slider.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9b8906a8b7540b8accfd2a491c0821d6bd6d8ccbd4ab53a56da8906ff028423

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.reversinglabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1987665
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 573
last-modified: Tue, 26 Oct 2021 21:33:28 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61787428-23d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wasWsirZz8WCJCPUdWORQkgnZsGDXVrW%2Be1FyC7oRHfvEJxtCGl%2F5uFOYqAyAvRxRIhKDjBX4ILxwJzaf3gH3eHCCyWlv3fmcs%2BJLMUW5yfAqxWsSaVgKlKbsGVV5GMsJwSgh3mX"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a1d828fbd0d2c53-FRA
expires: Wed, 02 Jul 2025 02:12:44 GMT

GET
H3 200 tiny-slider.js Show response
cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.4/min/ 31 KB
12 KB 121ms
87ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.4/min/tiny-slider.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46c40fb973de87b70f9c738df7e9dc501f85fda35e5aac8aead035ee6957a625

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.reversinglabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 110028
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 11445
last-modified: Tue, 26 Oct 2021 21:33:28 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61787428-2cb5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yVSq7glTYHvEjMVBZFD4rp2O6GAxRhWem3tutlPDYH5X7XdnCJiiRndIJBUjBLGHtE%2FIQMhfkPGtkLuOVQz%2FGJFcwdd8Oti6sO9umfOZUI8ji3HlaEa%2FNyxjmopNR1SpzY8h1Wwp"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a1d828fbd0f2c53-FRA
expires: Wed, 02 Jul 2025 02:12:44 GMT

GET
H3 200 simple-lightbox.jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/simplelightbox/2.14.2/ 48 KB
9 KB 84ms
51ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/simplelightbox/2.14.2/simple-lightbox.jquery.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1039d8c6d5ca0ae27a058e460a3496ac932a0ed7b21496e3a7be5063c605ac5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.reversinglabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 712031
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 8422
last-modified: Thu, 31 Aug 2023 21:00:58 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64f0ff8a-20e6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LgHA23A4zRrr8jCugvjydvapKGYEFgipwwQUlha%2FRVV0Ki4SPbvcU65OEc6Ccx%2BaR2D3Zd%2BHuanz5wpxMowrz92ekRFv1RnQ8Gf68ADDrEg9bFjBH29MMR5IfF7XwxyHytZcjKo1"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a1d828fbd112c53-FRA
expires: Wed, 02 Jul 2025 02:12:44 GMT

GET
H3 200 simple-lightbox.min.css
cdnjs.cloudflare.com/ajax/libs/simplelightbox/2.14.2/ 4 KB
1 KB 161ms
127ms Stylesheet
text/css 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/simplelightbox/2.14.2/simple-lightbox.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afcb95431b4036fd54fe79de411493352c550220beb8328f459663da5bc1b552

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.reversinglabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 180548
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 839
last-modified: Thu, 31 Aug 2023 21:00:58 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64f0ff8a-347"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q3aMfvit6vdACvRdun1X9sEq2PBqF2TPb7EBCl7dT8CXoHQdvQwb6U97ApmJtLy5ycXaZ03tIB7huWA2bRqVcOxreD1jzxmEjTc%2BnkVDS%2FiYUHnD0k6AFjdv6uySy8IWIXt0ZJrn"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a1d828fbd132c53-FRA
expires: Wed, 02 Jul 2025 02:12:44 GMT

GET
H2

200

dotlottie-player.js Show response
unpkg.com/@dotlottie/player-component@2.7.12/dist/
Redirect Chain

https://unpkg.com/@dotlottie/player-component@latest/dist/dotlottie-player.js
https://unpkg.com/@dotlottie/player-component@2.7.12/dist/dotlottie-player.js

2 MB
626 KB

53ms
52ms

Script
application/javascript

2606:4700::6811:f6cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/@dotlottie/player-component@2.7.12/dist/dotlottie-player.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Server

2606:4700::6811:f6cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f899fd2e84404932ca119af28487a7796c151fc9e15d87bd19467f712f26d50c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1330291
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01J1APR5R8VYYT8P39JW483V38-fra
server: cloudflare
etag: "1d4303-33H4NZwlvtJ4779XWNwLde7YRLc"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8a1d82905feea5f4-FRA

Redirect headers

date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
fly-request-id: 01J2JBDCW3WTZS0CJSD78CQNTH-fra
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 9
server: cloudflare
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /@dotlottie/player-component@2.7.12/dist/dotlottie-player.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 8a1d82900fc1a5f4-FRA

GET
H3 200 functions.min.js Show response
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/139051314810/1719919330819/Redesign_2023/js/ 15 KB
6 KB 124ms
121ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/139051314810/1719919330819/Redesign_2023/js/functions.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8fcde1c4799400031e5d9621751b553c039e3d68efac89296aed953cd46feaf1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: AKFXWZP6GPK84DZ9
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"c22e92be2fc6024e5c681da7793b5b8c"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1719919331102
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:44 GMT
strict-transport-security: max-age=31536000
via: 1.1 e32f3698b8d39139f138de8a86d00996.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: rOAw.ohnNcPYiLwNE0x3MFUwSHoCs.rH
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 053908b8-4cd8-4b7a-a7f6-d4bb0884fe7d
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 180
alt-svc: h3=":443"; ma=86400
x-amz-id-2: TmP7ZcBuTCR/Qzxx0A/TZSjCxjGGZ5Gtk2GvO8yOD2WcJ9vaLyFFEAaNbB7nC8r6nf6quFUe/6au5X1y0ms1qA==
x-evy-trace-route-configuration: listener_https/all
x-request-id: 053908b8-4cd8-4b7a-a7f6-d4bb0884fe7d
last-modified: Tue, 02 Jul 2024 11:22:12 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yvqvE3DDyZDjuCJcMcUwcruT2bm4Z3AtpOHiU6h536v1MdydA8Yxk%2F%2BIa6Ql1aNZU4xXX2vLx2q5PYV1UaGSQl9y97WVnZnzsiwmi7tBWt5VjGLHNOhAsju7VMGVUcS0Oqu4ickKJA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54bddf99d6-4fh2w
access-control-allow-credentials: false
cf-ray: 8a1d828f7d0d451c-TXL
timing-allow-origin: www.reversinglabs.com
x-amz-cf-id: Fh-6qao4URkKvDtSj8HZd4eHPeTDXngjz2BLg2AonePZU_UsdsW_0A==

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.971/ 13 KB
5 KB 148ms
54ms Script
application/javascript 2606:4700::6811:b05b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.971/embed.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b05b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
x-amz-version-id: 1gm1MaaLzWiIBc2FerIVtLdckhSMSaY7
content-encoding: gzip
cf-cache-status: HIT
via: 1.1 18fab39b23fb6b3013058d6df5faf0bc.cloudfront.net (CloudFront)
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
age: 576177
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 05 Jun 2024 15:05:39 GMT
server: cloudflare
etag: W/"26c40482b55a607cd44486a2958741d4"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TwASUF9Tfsd%2Bf4%2BqqFarn3pAgSnDNBhrFaItJ%2B1kxSaKvFCI652GK0tMQ8jK1XUs%2FLhR5uFn0HYGDtd%2FOYUTC%2Bzn3DXpwq63z0rVPi99hAWsxYzt6CLJc1OuFLPlZhbsVJR1lGgiFJ6gu6%2FX6Nm6h%2FzyX08%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8a1d82909ba59125-FRA
x-amz-cf-id: lEGvwrTGJqZ2O6fxk0_3bnjSm4fK8__hUDVF23Uszs_fPcZWhCrfhQ==
expires: Sat, 12 Jul 2025 02:12:44 GMT

GET
H3 200 blog-listing-card-stage.min.js Show response
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/156261533259/1713293658806/Redesign_2023/js/blog/ 694 B
2 KB 124ms
122ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/156261533259/1713293658806/Redesign_2023/js/blog/blog-listing-card-stage.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca27601c0d2a15cc23d9038896c3c2a857ce6da0bd24ee51266a1516aae0a4a4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: C4YPMKX3MWJVN0Y6
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"fd9a3b7b7594ee4b9bf2fe07886d2fcd"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1713293658943
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:44 GMT
strict-transport-security: max-age=31536000
via: 1.1 fba666ceffdeb316c8edf476d8994bd4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: NSgPmXU.or.Ckf7xF5ODukuyCLWbtqCV
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 8897a863-444d-4326-9eea-ea63463d67fa
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 151
alt-svc: h3=":443"; ma=86400
x-amz-id-2: RJyjNco1CgFnR8rpuX9jFO/wPypHWKmNemreVW+yVtOe4cd61bPiB6Q9gE5lhlIG3bibc4CIyF/XoHU8GGteOfVk+fiKysUP
x-evy-trace-route-configuration: listener_https/all
x-request-id: 8897a863-444d-4326-9eea-ea63463d67fa
last-modified: Tue, 16 Apr 2024 18:54:19 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q%2B4jbW3QKwLRCYdIQ1juaSsFoCi4xMTaPoNus7TwtpwEHSyWgqYNyA9ezoCLmAgn%2FVaXwGvpq70%2B%2FAqOFeKIRBhLIXnpw0bmr54n%2F4U9h2oEeEZx7BWP7aG59H5nhf1OeCqZOV0KDA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-ts7f8
access-control-allow-credentials: false
cf-ray: 8a1d828f7d10451c-TXL
timing-allow-origin: www.reversinglabs.com
x-amz-cf-id: nf914ZLbqnvC0OSxu0RrIw4dnmCj9_qs-vhRlvqBocWTvnxMNAvmCA==

GET
H3 200 module_149435964191_Site_Search_Input_-_stage.min.js Show response
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/149435964191/1712214122331/ 3 KB
3 KB 147ms
145ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/149435964191/1712214122331/module_149435964191_Site_Search_Input_-_stage.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

03c30b3cb8bfcb6c97b324ef18840cebdbe696a9f50ad21285329699a6d6bd01

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 6NFZ3JWDTGRZVNZJ
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"8cfe1587167ebda531327cb947c48468"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1712214122331
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:44 GMT
strict-transport-security: max-age=31536000
via: 1.1 a251e31740a6e166e8fdccf296c41644.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: LkgWLYCxs63FpgVdi1tkf4HSeHF60GA0
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: febb2ba5-f649-4da3-9780-bcda432b988f
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 233
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BAV3afkdMXjlN8b/9BqbL7Avazc1Kp8tYnlz2g+gSrfIK7ST6TaHvNRo+wf530MWMcgzDn/0cnMRbM+1Jgh+Fy6Fy9g6M4B3pv9srUQDfaA=
x-evy-trace-route-configuration: listener_https/all
x-request-id: febb2ba5-f649-4da3-9780-bcda432b988f
last-modified: Thu, 04 Apr 2024 07:02:03 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5yQjiZ%2FFjG2fX9E1hKw73yt%2BYN5zIENhzfMXkGBWjyG9KW3MfMAeE7t6KFXpzA7nnqJaiB%2FL7D2FpEdK%2BcQESCexpgqXG06awDx2LiX7XKPJuCBq0rGwzXel52FN0wST%2BuOCaqvVrA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials: false
cf-ray: 8a1d828f7d12451c-TXL
timing-allow-origin: www.reversinglabs.com
x-amz-cf-id: r5AHgqaPbBnMZM2ogOA5PPaLuwutm2FBKuBS8pxTRgojIlGTfNS7tA==

GET
H3 200 3375217.js Show response
www.reversinglabs.com/hs/scriptloader/ 3 KB
2 KB 247ms
246ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs/scriptloader/3375217.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4d055c00091ad0c418a3719aab82bdff79b5f817223b0cc29286b8f73dcfd2c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9f2b0b32-0874-43cc-afcd-83d562cf34e3
content-security-policy: upgrade-insecure-requests
x-envoy-upstream-service-time: 16
alt-svc: h3=":443"; ma=86400
content-length: 733
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9f2b0b32-0874-43cc-afcd-83d562cf34e3
last-modified: Thu, 11 Jul 2024 22:28:53 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-7dd59b876-sfcqs
cache-control: public, max-age=90
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6CT01htl8qBlz9%2FjY0O70DbJh4HjTTPHPGM9igahCtXDAJBanWiXMRqAt85dUUKiUaa%2BBur9ZVVDx681rZjYbyGeMuZC9pNmJp7LJ0KPF%2BvgAGQZRg765lfcGweJlW4IPCZaz05KrA%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8a1d828f7d2c451c-TXL
expires: Fri, 12 Jul 2024 02:14:14 GMT

GET
H3 200 index.js Show response
www.reversinglabs.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/ 12 KB
5 KB 83ms
83ms Script
application/javascript 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: gzip
via: 1.1 44a23a2f4d4e9659f5b008d1f39e1318.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000
age: 6076834
x-amz-cf-pop: WAW51-P3
x-amz-server-side-encryption: AES256
content-security-policy: upgrade-insecure-requests
x-cache: Hit from cloudfront
x-amz-version-id: 1rlxLpliQ7bEVIEMqiesE48_Sx9RmqkP
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 15:59:57 GMT
server: cloudflare
etag: W/"5885ac5129ee80f8b7e1e228e142587d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qw3SzI%2BZsntpCLxfBUG9rzwnfRZ5b1rnhdf0BEISAmF4pmMcqVEDUzuGXqVnOpKzvjvheZ4jFunCRhAS9ZoZfn%2B1iMYCCpI7HQi7cLZjMYyR%2BLkJ0wGBmjFhZeJuBssspsa29EpwGw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8a1d828f7d2e451c-TXL
x-amz-cf-id: 5LTyQyxZIRPK3NZXGJfmCy10Vf8EZlRquB0oSXT-gV1kjarqaNrJ5Q==
expires: Sat, 12 Jul 2025 02:12:44 GMT

GET
H3 200 cookieinfo.min.js Show response
cookieinfoscript.com/js/ 7 KB
4 KB 102ms
49ms Script
application/x-javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookieinfoscript.com/js/cookieinfo.min.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ab31a97c236988bb6e415187b2197cdbf689664173015dffd6da8eb96b1626f

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: FWF126ZAZ92S7684
age: 784
x-amz-meta-cb-modifiedtime: Mon, 03 Jul 2023 14:52:01 GMT
alt-svc: h3=":443"; ma=86400
x-amz-id-2: JrA+z1tVfGwkyAT83/pkiwu63DBbHnlKymH9SvX8iCLHIKKnHZVaT1sMr7RmMtWCPQcVUjhBqPI=
last-modified: Wed, 05 Jul 2023 10:39:27 GMT
server: cloudflare
etag: W/"d15d93068c1121f63008407d339bd819"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aq1xEBl0U12d1ViPStWFdaJUiLqjPa81nXXtbcoDzq9P%2FP0puDqioxQ6bXGgR3HmMC8yi9DwAXCArtrgm0cxUZjseAQ9JwZdcxUVQwc%2BzTw0sOwPU5eKICzrx9LtRW6x2JHXWzmJ1g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=2678400
cf-ray: 8a1d828fde1a9bef-FRA
priority: u=2,i=?0

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 12 KB
5 KB 131ms
40ms Script
application/x-javascript 18.172.103.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.172.103.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-172-103-101.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f4d1e641d47b4af1b6cb7936c59626f4dbab3933473009b447406034c34facb5

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Thu, 11 Jul 2024 05:01:33 GMT
Content-Encoding: gzip
Via: 1.1 58e9d1f8f21a3575fa58a14f7f39c636.cloudfront.net (CloudFront)
Last-Modified: Fri, 07 Jun 2024 09:20:53 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P8
Age: 76273
x-amz-server-side-encryption: AES256
ETag: W/"a7eb6794e868fe870db350518165c868"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: ssqY1-NPj-tHRjMyFwsHBpg3-Ae_G-jbmzZdTocfMQHYuKG7vUOD2A==

GET
H2 200 hotjar-3176008.js Show response
static.hotjar.com/c/ 9 KB
4 KB 161ms
72ms Script
application/javascript 18.66.102.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-3176008.js?sv=6

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.106 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-106.fra56.r.cloudfront.net

Software

Resource Hash

012ac0d5bbf3afc87b088b9405486c6fea6b3b013d783bb8c47d2bc6d7766c3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 4d0ae7ca3bb5e2d6eaa1450e1906adb4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/4828a1f657893f7f1a1f697488019fb4
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: Xi5kjDD1fSueIR8WAuvO99tqRD20m7iD9b4Fg--LpIsnyutrcwLk2w==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 223 KB
60 KB 137ms
41ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c4832b19dd5406ac0855426096610e532861e94c65819651ada45299002455de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 12 Jul 2024 02:12:44 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58653
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=12, mss=1297, tbw=2809, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: f8Rkbif+uZKQccdxxxx2eO7OstPuN9Ggj4+re5XnfIPWQY1E1h3VdVyslB9mvY88HflzDKI0pQcrdNDNekoA/Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 16 KB
1 KB 146ms
57ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/137900387987/1720712931284/Redesign_2023/css/globals/main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

92b7d2521a258609fb0fd998b5db42022bc54c9f71faf87511488582ecc4ebdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/137900387987/1720712931284/Redesign_2023/css/globals/main.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 12 Jul 2024 02:12:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 12 Jul 2024 02:12:44 GMT

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
872 B 137ms
48ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=DM+Sans:opsz,wght@9..40,100;9..40,200;9..40,300;9..40,400;9..40,500;9..40,600&display=swap

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/137900387987/1720712931284/Redesign_2023/css/globals/main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8d0aa85467b8c837e3dd6ae9303205f9f6ed7fdb4c956086b7899a3a4e13bbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/137900387987/1720712931284/Redesign_2023/css/globals/main.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 12 Jul 2024 02:12:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 12 Jul 2024 02:12:44 GMT

GET
H3 200 rl-logo-long.svg
www.reversinglabs.com/hubfs/RL%20Logo/ 6 KB
1 KB 187ms
186ms Other
image/svg+xml 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hubfs/RL%20Logo/rl-logo-long.svg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

da0183f97db8d8d2af9a74abfdf38270689dec5cc34c7b0ec229ba69e9bcc756

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-141442306568,FD-6244989567,P-3375217,FLS-ALL
age: 1530024
x-amz-request-id: GAVJWEXZRH7NHK4M
x-amz-server-side-encryption: AES256
edge-cache-tag: F-141442306568,FD-6244989567,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"d4a2965692559440f150bd2f13f6e019"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-meta-created-unix-time-millis: 1697983483504
access-control-allow-origin: *
content-type: image/svg+xml
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:44 GMT
strict-transport-security: max-age=31536000
via: 1.1 1c6954b6a2b349a78fb0daa669c3e984.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Ny5kNhA6D3ymMFZxy2PPRX0g0w0iXW.D
x-amz-cf-pop: VIE50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-141442306568,FD-6244989567,P-3375217,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: W3UwmFYlzw0xZA1TaGZH/FPuJFYZHOHCRftLevcrQRCr/tHeD2xYwxfVPJE27HpIpGfAPj+7VrU=
last-modified: Sun, 22 Oct 2023 14:14:23 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XyEy9RhqpMuQVUyDrZCexEiswLl0lYJNZsltwQxvboV9a9XhmvM%2BCbRv1L6dL2fRPLWEcwCbeoDpBjx60J7BXMZSlDqUyGP2CC0h5BkFwRwihiBQht2GtWra%2BiPgOSNN86ZKa%2FaGFw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8a1d828f7d30451c-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: fwKqPgY3jS7kolfMeh2QJMfFHkdvP_Ikat79Sr1TGtFtFkcyu_FMwg==

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 138ms
50ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.reversinglabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 09:35:19 GMT
x-content-type-options: nosniff
age: 232645
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Jul 2025 09:35:19 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 127ms
39ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.reversinglabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 10:19:17 GMT
x-content-type-options: nosniff
age: 230007
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Jul 2025 10:19:17 GMT

GET
H2 200 rl-icons.ttf
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/raw_assets/public/Redesign_2023/icons/fonts/ 10 KB
8 KB 250ms
170ms Font
font/ttf 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/raw_assets/public/Redesign_2023/icons/fonts/rl-icons.ttf
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/137900387987/1720712931284/Redesign_2023/css/globals/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51e587bceb7d256696cb2887caf036e9dc6db178f9ae5497c2e9755aec0330a8

Request headers

Referer: https://www.reversinglabs.com/
Origin: https://www.reversinglabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-139510720360,FD-139508672619,P-3375217,FLS-ALL
age: 1421760
x-amz-request-id: Q75TEEDPNVHD2980
x-amz-server-side-encryption: AES256
edge-cache-tag: F-139510720360,FD-139508672619,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-not-indexable
etag: W/"f6e95e1fc62eeeb7e9df078a98cc1ee6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/ttf
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1696946198131
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:44 GMT
via: 1.1 134eef7df83fe066fda8a86e722c33dc.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: tzqaZFGSARRTlEKo4KZWxmMwSHgDF5.r
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-139510720360,FD-139508672619,P-3375217,FLS-ALL
x-amz-meta-index-tag: none
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-id-2: IA4MmwMu19It2VFMzrelsZIg0+YFE7LtSXOFLd40aaeLPeQTcXR7br1twDsbOl8Wn+iK4Yzv1fQ=
last-modified: Wed, 27 Mar 2024 12:47:39 GMT
server: cloudflare
cf-ray: 8a1d82912e2a1e4b-FRA
timing-allow-origin: 3375217.fs1.hubspotusercontent-na1.net
x-amz-cf-id: j5_jlZxkkTWQZc1fFZQXF2srurnMwROj-4yE3weaLwqBE8ft_Om9cQ==

GET
H2 200 rP2Hp2ywxg089UriCZOIHQ.woff2
fonts.gstatic.com/s/dmsans/v15/ 61 KB
61 KB 219ms
132ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/dmsans/v15/rP2Hp2ywxg089UriCZOIHQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=DM+Sans:opsz,wght@9..40,100;9..40,200;9..40,300;9..40,400;9..40,500;9..40,600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

177628e7287755e9c42cb9adcee0d7b59183e2c1c9480a047005b39d806089c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.reversinglabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 10:14:56 GMT
x-content-type-options: nosniff
age: 230268
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62792
x-xss-protection: 0
last-modified: Thu, 21 Mar 2024 23:58:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Jul 2025 10:14:56 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 171ms
84ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.reversinglabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 09:41:41 GMT
x-content-type-options: nosniff
age: 232263
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Jul 2025 09:41:41 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2
fonts.gstatic.com/s/roboto/v30/ 17 KB
17 KB 196ms
109ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb8007225d94a099cddbade7ea904667c0dd0b68d5e30778e5c6257589ab94d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.reversinglabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 09:41:03 GMT
x-content-type-options: nosniff
age: 232301
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17508
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Jul 2025 09:41:03 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51TjASc-CsTKlA.woff2
fonts.gstatic.com/s/roboto/v30/ 10 KB
10 KB 214ms
128ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TjASc-CsTKlA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76945c7494c20515bb45d1dedab8f7062020a8252297f8e24ab4fa908ac24032

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.reversinglabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 09:45:08 GMT
x-content-type-options: nosniff
age: 232056
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10428
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Jul 2025 09:45:08 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 9 KB
9 KB 209ms
123ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47aa3bfad6cb9e2d63abdd58f4e6ce4f7b9fd2704b2b15193c71874035fe025d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.reversinglabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 09:41:03 GMT
x-content-type-options: nosniff
age: 232301
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9576
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Jul 2025 09:41:03 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 182ms
96ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.reversinglabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 09:42:42 GMT
x-content-type-options: nosniff
age: 232202
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Jul 2025 09:42:42 GMT

GET
H3 200 Malicious-NuGet-campaign-uses-homoglyphs-and-IL-weaving-to-fool-devs.webp
www.reversinglabs.com/hs-fs/hubfs/Blog/ 95 KB
96 KB 91ms
91ms Image
image/webp 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Blog/Malicious-NuGet-campaign-uses-homoglyphs-and-IL-weaving-to-fool-devs.webp?width=1400&height=732&name=Malicious-NuGet-campaign-uses-homoglyphs-and-IL-weaving-to-fool-devs.webp

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9153821aa69a0b9c127668123bca9687461f8375418f8cb32d74744479920e23

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
strict-transport-security: max-age=31536000
via: 1.1 41ef3b5e61707f8600cd12eaad85b048.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-172633132396,FD-11822274822,P-3375217,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 97338
cf-resized: internal=ok/m q=0 n=813+0 c=16+1 v=2024.6.0 l=97338
last-modified: Wed, 10 Jul 2024 15:02:27 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cfEGOW58cRYuxpvHGNrLOzmjrdsvDsvdffkG1yWKzcDQ:82e49c025398be37e47c7bd4c0a6803c"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=30Lqj2VuJMLE3vBpsbRlC5LgvDgeZHBRGIQbuO2jK3h2%2F%2Fn4tOIXC24vGPMP4YSQKgvAVkocAhkCWv3x%2Bxrbt1LAD5m25p%2BY1Jm11DIb9%2FLZZ6K2Yr86CnyODfRCgLRStsj02V35Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8a1d82909f55451c-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 Blog-Malicious-NuGet-campaign-goes-on-Figure-1.svg
www.reversinglabs.com/hubfs/Blog/ 97 KB
42 KB 100ms
100ms Image
image/svg+xml 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/Blog/Blog-Malicious-NuGet-campaign-goes-on-Figure-1.svg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cad72492b8e2e9d10145086fa357469e150267e6cca335e7db37d00ed94738b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-172626296484,FD-11822274822,P-3375217,FLS-ALL
x-amz-request-id: DA59HF316DGE2ZK1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-172626296484,FD-11822274822,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
etag: W/"e106c1536aa1efbc26c5a35ede1445c8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1720623737629
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:44 GMT
strict-transport-security: max-age=31536000
via: 1.1 91fb3e9ebee74bb1d6b947180efb488c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 9J5EO4Mz4BbEBUnd4lL6JAFXM8ePqQvn
x-amz-cf-pop: CDG52-P5
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-172626296484,FD-11822274822,P-3375217,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Gu/gMk/D6tHpEdZq1DcoCfVjDm28EDd/vHTavI41iPXW0l77w6ML4LLsZwGsx8A6h1/Jdqh/TEBT2Nv4rU4JRhHRcHj/lFippyT9KbUwFd4=
last-modified: Wed, 10 Jul 2024 15:02:18 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uoxQ7W7VA2PAicAkxSyJMnv%2FNO0Ip%2BuGWbrycE0ovLmNxIgPOmaZEP9KkujxFKi%2FpJyuKLkSpBediufc8HcGNI3w2lFoMKpy78nJFqDh0fzz7RhM8Sc0PTOJrNkfl3H%2BmK8PYXNyrg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8a1d82909f58451c-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: _iaktf0uj5AEOsPRupDhfhffClul1P_mBWxynyJDNJZn0aX8SWfxWQ==

GET
H2 200 modules.e4b2dc39f985f11fb1e4.js Show response
script.hotjar.com/ 223 KB
56 KB 130ms
45ms Script
application/javascript 54.230.228.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.e4b2dc39f985f11fb1e4.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3176008.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.230.228.40 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-230-228-40.muc50.r.cloudfront.net

Software

Resource Hash

619feac205d68f6356fcad13d6758533011a8acc7830e3deb0f763249d7516c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 01 Jul 2024 08:11:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 37efbeb485d6113a0b2df63b2f651402.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P5
age: 928897
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 56291
last-modified: Mon, 01 Jul 2024 08:10:34 GMT
etag: "ca025d2d8ae4b3dc51e058b782590501"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: ERRa_43_XLtjf8c990xuXixh-O7CbWYslXEgSq-t9u6grAcjLwI6zg==

GET
H2 200 1076912843267184 Show response
connect.facebook.net/signals/config/ 60 KB
12 KB 41ms
41ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1076912843267184?v=2.9.161&r=stable&domain=www.reversinglabs.com&hme=e67e7d148043b3a377ad0eb1c82669792a67ba5e3bb5734b69e611ae38f939ca&ex_m=68%2C115%2C102%2C106%2C59%2C3%2C95%2C67%2C15%2C92%2C85%2C49%2C52%2C163%2C166%2C178%2C174%2C175%2C177%2C28%2C96%2C51%2C74%2C176%2C158%2C161%2C171%2C172%2C179%2C124%2C39%2C33%2C136%2C14%2C48%2C184%2C183%2C126%2C17%2C38%2C1%2C41%2C63%2C64%2C65%2C69%2C89%2C16%2C13%2C91%2C88%2C87%2C103%2C50%2C105%2C37%2C104%2C29%2C25%2C159%2C162%2C133%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C55%2C60%2C62%2C72%2C97%2C26%2C73%2C8%2C7%2C77%2C46%2C20%2C99%2C98%2C100%2C93%2C9%2C19%2C18%2C82%2C54%2C80%2C32%2C71%2C0%2C90%2C31%2C79%2C84%2C45%2C44%2C83%2C36%2C4%2C86%2C78%2C42%2C34%2C81%2C2%2C35%2C61%2C40%2C101%2C43%2C76%2C66%2C107%2C58%2C57%2C30%2C94%2C56%2C53%2C47%2C75%2C70%2C23%2C108

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

074c06097a3a6ac53032ef4c0fe419c65601e44beb8185a54fd0bcc46e7bd49c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 12 Jul 2024 02:12:44 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 12368
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=65, mss=1297, tbw=64217, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: Wkl0KjwoV4U830/4QcyCNRzkfJGYy023EEA0KPhyLVz3w3fJYGMtBgCth0hwvM89JqIvk9H/GiylEOdbUZS9dg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 json Show response
www.reversinglabs.com/_hcms/forms/embed/v3/form/3375217/e23cfb45-bf85-4928-8983-102133f2cc3a/ 17 KB
4 KB 396ms
395ms XHR
application/json 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/_hcms/forms/embed/v3/form/3375217/e23cfb45-bf85-4928-8983-102133f2cc3a/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ed275899c38f48387b314c6f16ead78055b6a19ec27302ff057724cbf4824ed

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-origin-hublet: na1
date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2ecd0c6b-4dbc-4dc7-9a37-3a4d66f8e688
content-security-policy: upgrade-insecure-requests
x-envoy-upstream-service-time: 12
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2ecd0c6b-4dbc-4dc7-9a37-3a4d66f8e688
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-gqvsp
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FcBc9EhSHgNSjEKBS0nN1DMIWIX634G8QBNO%2B%2BRPH2Tk3hCYYmgyGetYGa48RWhnTSDXspp8fHcngWl3AMoF38PCf3taO70q%2BXsfLa9laMVs9FuV%2BWyZmcuT2BUSiWo1cZ79pi7T7w%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8a1d82924a44451c-TXL
access-control-allow-headers: *
x-robots-tag: none

GET
H3 200 JrRu3vUM8j33QSR7Bwxw Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 268ms
218ms Script
text/javascript 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/JrRu3vUM8j33QSR7Bwxw

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

00737871c06855774c55631ef453fe78c74af5040995f8c8ab735f0692d130dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 8a1d829299f66a75-TXL

GET
H3 200 sdk.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 44ms
44ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

a10b6071217a8785be6f6bd0019e022991d5409936c1eeb72a6808c96b58bd41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 12 Jul 2024 02:12:44 GMT
content-md5: iDQCNJbXJLl0K3Px9kivFQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1684
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=43, rtx=0, c=23, mss=1232, tbw=4335, tp=9, tpl=0, uplat=2, ullat=-1
x-fb-debug: W6BR8SxtCbNMcpyB71GglFj3IJc5c0QufjqzWCEPxU63uFLSG4OVByTx0uhOmMaVXXmIlz9MJFJfwH62z255QQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 0dd1958894db858abab5664b23fa7065
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "9d07f35ccdb07b6722f94b7bdc49b9eb"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Fri, 12 Jul 2024 02:28:06 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 172ms
41ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67C1) /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Fri, 12 Jul 2024 02:12:44 GMT
Content-Encoding: gzip
Age: 786
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27597
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
Server: ECS (frb/67C1)
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
24 KB 224ms
140ms Script
application/javascript 2606:4700::6810:6cfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6cfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
Origin: https://www.reversinglabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
x-amz-version-id: WQne3xdBhaNpu67z_dXMAVxQ_qJQQf8W
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 73c5607bdb5db0d651e25c848846d554.cloudfront.net (CloudFront)
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 3c950508-a841-460e-9045-2fce78b34c0b
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.503/bundles/project.js&cfRay=8a1d82930e214d40-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3c950508-a841-460e-9045-2fce78b34c0b
last-modified: Wed, 15 May 2024 14:34:44 UTC
server: cloudflare
etag: W/"7d377a186677c174f204d466b8fa5fdb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-5bdqs
cf-ray: 8a1d82930e214d40-FRA
x-amz-cf-id: rrdvB3pAvyd3pW3NCHCWmzln1fWbNP7uDrId9JUM9M8rKC0pMIj1nQ==
x-hs-target-asset: collected-forms-embed-js/static-1.503/bundles/project.js

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/3375217/ 71 KB
26 KB 266ms
177ms Script
text/javascript 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/3375217/banner.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e72a24747991522d9a3efacd06164c7881c3950ccdacb2c8f78008a43e1b06b1

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
x-amz-version-id: 2PKeR_FPNvSqzeciPcoi508cDnXziwIo
content-encoding: gzip
cf-cache-status: REVALIDATED
x-amz-request-id: 4Z9CSZN3PVEJTC4Q
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: e7b95c34-9b45-4b98-b344-2d4cc1504572
x-envoy-upstream-service-time: 106
x-amz-id-2: 0oHk/4/08hMVTq7gn2eiOVudBuOP344wNzn4RXLuRdVBZkEiZdvRZAfCydHnGoZnc/BXf15SbVc=
x-evy-trace-listener: listener_https
x-request-id: e7b95c34-9b45-4b98-b344-2d4cc1504572
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 06 Jun 2024 20:17:11 GMT
server: cloudflare
etag: W/"14bc4884471be3ebe3e36aff8ce0edeb"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-q4rbs
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8a1d82930e6703a0-FRA
expires: Fri, 12 Jul 2024 02:17:44 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 551 KB
92 KB 285ms
194ms Script
application/javascript 2606:4700::6812:8d11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8d11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd26d9d88899d0587c9377964b7d1ab478a318b0fdbee7b9d6a084e4aa6425f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
Origin: https://www.reversinglabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1355/bundle/main/lead-flows-release.js&cfRay=8a1d82930bcf4d4a-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"be45bdb720f44c8db4ee42bc228ff2a8"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1355/bundle/main/lead-flows-release.js
date: Fri, 12 Jul 2024 02:12:44 GMT
x-amz-version-id: HLkmxotJV8gQ_mnvhNwLT9fnVmh1uWjb
x-content-type-options: nosniff
cf-cache-status: EXPIRED
via: 1.1 3203c4b5504fa019a752072f0419ef6a.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 1132e327-530f-4d85-b30b-8e1e5752667c
x-cache: RefreshHit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 45
x-evy-trace-route-configuration: listener_https/all
x-request-id: 1132e327-530f-4d85-b30b-8e1e5752667c
last-modified: Thu, 30 May 2024 10:22:15 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-fvpqg
cf-ray: 8a1d82930bcf4d4a-FRA
x-amz-cf-id: _iuilWRGI6vqYRPtcUzuabqsAY-sJ6bqdhO2R3csbwJdidG-p22bQw==

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 85 KB
24 KB 143ms
52ms Script
application/javascript 2606:4700::6810:4e8e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4e8e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb1d31828eed1b9e8828be0489a1e87ba8fa4f029d4e1b9f6d7f336d315f3624

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
x-amz-version-id: k.XGAYZ8n1ss.Z2E96L58BxmSp8u0Q1i
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 c13d71f8919c23db6bbd1c08a4dfb350.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 325
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.16861/bundles/project.js&cfRay=8a1d7aa0fd649193-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: abe8495d-938c-43d1-8b18-7476803d1efd
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: abe8495d-938c-43d1-8b18-7476803d1efd
last-modified: Thu, 11 Jul 2024 15:16:05 UTC
server: cloudflare
etag: W/"9b968cf845d3660d0c2a95ae936c085e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-wf75s
cf-ray: 8a1d82930fd8918f-FRA
x-amz-cf-id: UfbwcGo8XI5UO0Qei0KT0o92l5PckbwC2RUc1jkjIkwEIoXOEcUAGA==
x-hs-target-asset: conversations-embed/static-1.16861/bundles/project.js

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 82 KB
24 KB 253ms
160ms Script
application/javascript 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

223ce47ad1f37b0e8d8d12e8333faa417930d86e8a2b69e932364cd4fa725310

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
Origin: https://www.reversinglabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1232/bundles/project.js&cfRay=8a1d82931dc41e5a-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"a72ef6dcb4ff7248d922f14d4297ff6d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.1232/bundles/project.js
date: Fri, 12 Jul 2024 02:12:44 GMT
x-amz-version-id: VlZofOO6XLIMBEw0GCyKL1V6eti3_6c2
x-content-type-options: nosniff
cf-cache-status: EXPIRED
via: 1.1 73c5607bdb5db0d651e25c848846d554.cloudfront.net (CloudFront)
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: c1f03929-291a-46f0-9266-356cc42279c5
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 5
x-evy-trace-route-configuration: listener_https/all
x-request-id: c1f03929-291a-46f0-9266-356cc42279c5
last-modified: Wed, 10 Jul 2024 15:31:47 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K4naJLOsQCqHsNDQwVy3zv9b%2B%2FcDGViRDHjk35icwN7cyrOFNc0jztnND%2B3beQ%2Fp3bZNMzO2wNY%2BBHcw%2BNdq4yklQjX%2FGj%2Bq%2FfYVgw62kEACtJ%2FhG42OWrcojZY5Fbi7MFk3hiy%2BSn08lZuv"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-csnpm
cf-ray: 8a1d82931dc41e5a-FRA
x-amz-cf-id: kL6t0E0GxXmpe4ctxkRKnjLrDvHC2GRQfKrbTksDcp4_v0h-6HT76w==

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 132ms
48ms Script
application/javascript 2606:4700::6811:80ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:80ac , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

265e4bbd1db28d8f58e233e0992fb26719b1226402f84985e269dcd1a3dbb83a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
x-amz-version-id: UWSQIcf29vJdwcwnUNcwRMWbLRONtdx9
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 b9e3ae23b2e5d7b2e1c159467ba23f34.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 152
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.567/bundles/pixels-release.js&cfRay=8a1d7ed98f0a1c19-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: ec05a860-f40b-4873-993f-358e5fc668c4
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ec05a860-f40b-4873-993f-358e5fc668c4
last-modified: Thu, 11 Jul 2024 14:18:51 UTC
server: cloudflare
etag: W/"426dc06770cc2e882c1638294f975a21"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-wf75s
cf-ray: 8a1d8293091b8fd0-FRA
x-amz-cf-id: kl6UrlJB6a9N_SpIuzlFytr_a2twObSyC3XkzZ1Soo2n-sijBCOE5w==
x-hs-target-asset: adsscriptloaderstatic/static-1.567/bundles/pixels-release.js

GET
H2 200 3375217.js Show response
js.hs-analytics.net/analytics/1720750200000/ 67 KB
24 KB 256ms
164ms Script
text/javascript 2606:4700::6810:a0a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1720750200000/3375217.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a0a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27399f658df94d828fe7a618f8307edadd04b0d8420cbea424fe25517ac29963

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: MISS
x-amz-request-id: 2J7HEFFY5AWSHERW
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 093cffc8-4975-4d55-afe1-c671cac1cd80
x-envoy-upstream-service-time: 25
x-amz-id-2: Ys+03ctqInVZcCPvTvQatblNzTg8qAVgv08t+r5NZo0DOSgskOTsuX5KZ2YKedTu+ES0yM1GWbc=
x-evy-trace-listener: listener_https
x-request-id: 093cffc8-4975-4d55-afe1-c671cac1cd80
x-evy-trace-route-configuration: listener_https/all
last-modified: Tue, 09 Jul 2024 17:53:21 GMT
server: cloudflare
etag: W/"54a190e22e2b7d9ee6321e7449b473c9"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-762px
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 8a1d829318554da1-FRA
expires: Fri, 12 Jul 2024 02:17:44 GMT

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
1 KB 507ms
416ms XHR
text/plain 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=3375217

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 6baf51cc-e892-4ac5-a5b9-e38b35f1f7ed
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8a1d82931e6b3835&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 6baf51cc-e892-4ac5-a5b9-e38b35f1f7ed
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-fvpqg
cache-control: max-age=0
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 8a1d82931e6b3835-FRA

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 127ms
42ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1076912843267184&ev=Lead&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&rl=&if=false&ts=1720750364574&sw=1600&sh=1200&v=2.9.161&r=stable&ec=0&o=4126&fbp=fb.1.1720750364573.68638678618963234&ler=empty&cdl=API_unavailable&it=1720750364417&coo=false&rqm=GET

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=10, mss=1297, tbw=2779, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 12 Jul 2024 02:12:44 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 209ms
209ms Image
image/png 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1076912843267184&ev=Lead&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&rl=&if=false&ts=1720750364574&sw=1600&sh=1200&v=2.9.161&r=stable&ec=0&o=4126&fbp=fb.1.1720750364573.68638678618963234&ler=empty&cdl=API_unavailable&it=1720750364417&coo=false&rqm=FGET

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x3654c7c734a887a6","source_keys":["1","2"]},{"key_piece":"0x4c1b654032a7ca18","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding: zstd
x-content-type-options: nosniff
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
date: Fri, 12 Jul 2024 02:12:44 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7390566538374202934", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=43, rtx=0, c=12, mss=1297, tbw=3132, tp=-1, tpl=-1, uplat=167, ullat=0
pragma: no-cache
x-fb-debug: nWQ+hTn7FPknIXYM3UaxssM2h2zKvbeT/jqyMmayIbuTz9PuWmE6x94K7G0CmzOfVvn1MaDO32pN+N0+PxsbWg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7390566538374202934"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_GB/ 305 KB
87 KB 88ms
47ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js?hash=117aea8908bee3a24e0f16ef280de1aa

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

2a292a803eb0d1026a1342faf504f55b44e464e833704574615979a994510f24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
Origin: https://www.reversinglabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 12 Jul 2024 02:12:44 GMT
content-md5: tgfoLGInOUFBFOkgGYUXzA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 89066
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=23, mss=1232, tbw=4300, tp=9, tpl=0, uplat=7, ullat=-1
x-fb-debug: ehkZh03IogNp2EyxeWEBE2+4temYHTHOKDJ6MgP+vJPjCxGnftHZ4rG+yBZ47UpiUgmKDxNMNgupua27bQYwLg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: a4324f89a8379c366f8fa01665cb4c19
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "4b4fc358b7d21e065772b99d16a62875"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Fri, 11 Jul 2025 23:56:47 GMT

GET
H3 200 widget Show response
www.reversinglabs.com/_hcms/livechat/ 337 B
1 KB 377ms
376ms XHR
application/json 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/_hcms/livechat/widget?portalId=3375217&conversations-embed=static-1.16861&mobile=false&messagesUtk=a8be1ad4d7134be78644fc154229d911&traceId=a8be1ad4d7134be78644fc154229d911

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

66a73d05aa5dc1498649771edde25d1e17bd80eab4c7bf33ffc39cdaed421110

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
X-HubSpot-Messages-Uri: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 3558ec38-af0a-4157-8623-8dc620f41a92
x-envoy-upstream-service-time: 12
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3558ec38-af0a-4157-8623-8dc620f41a92
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-7dd59b876-l4ql2
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SbAz4iBs0yF1R1idASwKFXFyiecV%2BoV3ekKXMc0uTzbXzUf0S7ldjwWKddw%2FF6ctSrlBANR4W7TpHiokNWFJtX6BGt%2FrnLR4jO6owlBT55Poj4f9JGyObrEsIHsDPUcHNHwKnhliZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8a1d82936bf7451c-TXL
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H/1.1 200
OK widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame 0F4B 0
0 154ms
39ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.reversinglabs.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6712) /
Resource Hash

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 9417912
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Fri, 12 Jul 2024 02:12:44 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:49 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6712)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 133 B
456 B 154ms
153ms XHR
application/json 2606:4700::6810:6cfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=3375217&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6cfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9dad1c0db8f609fc3fa93ed9a02f23f1fde3497445fa1f83c71f0816376f7cd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 10ce8fbc-c072-46bd-b13d-f8c035323d32
x-envoy-upstream-service-time: 8
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 10ce8fbc-c072-46bd-b13d-f8c035323d32
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-8zszv
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 8a1d82940eb14d40-FRA

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 108 B
1 KB 182ms
174ms Fetch
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=3375217&currentUrl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&contentId=172717357380

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a45c89da6cfa94009a61215c8921175ec1bf18444adb5bcba07e22e9b12954d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a3e2f930-4542-4c4d-af6e-08b99f8dde5f
content-encoding: br
x-envoy-upstream-service-time: 28
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a3e2f930-4542-4c4d-af6e-08b99f8dde5f
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H3af%2FCrLw7f4v%2BQuvDVFv4ABrSyZZsVoIIeY1iAMksxQo%2BITiyDNx9YYVcAncFyYnsPTQ0s%2F6BdBlD%2BUiRNjJ2peur8GLvC49tocl7SCoP9cC1Fg8TZ283pkuY5zgjXyE0jgeu3l791%2B2EvXjH5FBpuW7hBRo%2F3xTyk%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8a1d82943e991e5a-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-6lppp

GET
H2 200 cf-location Show response
js.hs-banner.com/v2/ 2 B
145 B 130ms
46ms Fetch
text/plain 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/cf-location
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/3375217/banner.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=1500
cf-ray: 8a1d8294beea65bb-FRA
content-length: 2

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 338 KB
109 KB 151ms
64ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c659d48de243c3ad9f9d07133b5df4acb5a1e9cea5240e9c721b5566263409f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111539
x-xss-protection: 0
last-modified: Fri, 12 Jul 2024 01:00:20 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 12 Jul 2024 02:12:44 GMT

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 115 B
1 KB 253ms
159ms XHR
application/json 2606:4700::6812:f26c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=3375217

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f26c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

816360b9246cc268283dad1c2dae8f48e40df1cee8b234412201f4a03541e4a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: da347b41-3903-41a0-968d-c99acb34593d
content-encoding: br
x-envoy-upstream-service-time: 9
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: da347b41-3903-41a0-968d-c99acb34593d
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-7dd59b876-94hvq
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6U0HqAsCQO0RVBOGQ52qjopFM%2FwQ0I0uSL%2FiKtCAr%2B8ZK1CakJ3ijmhTdgykYMbOE8SZd3plDH%2BaDWulbf%2B30mPr1hdVzxwbo%2FbVIuAtGL5KYY0bnfRVaWxxFYj5nWEED3KFIStTfRhSLLNt"}],"group":"cf-nel","max_age":604800}
cf-ray: 8a1d8294cebc18d2-FRA
access-control-allow-headers: *

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
849 B 200ms
156ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5ddd592f-10bd-427a-b1b2-8e864751d90a
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5ddd592f-10bd-427a-b1b2-8e864751d90a
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-5974s
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8a1d82951e4c4528-TXL

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
887 B 179ms
153ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 4b3877ad-0539-4ddd-81c2-ab7f63e42574
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4b3877ad-0539-4ddd-81c2-ab7f63e42574
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-5974s
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8a1d82951e4f4528-TXL

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
888 B 198ms
162ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=3

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7ccbf6f8-3dde-4f68-a7ae-60791ee7e7fe
x-envoy-upstream-service-time: 11
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7ccbf6f8-3dde-4f68-a7ae-60791ee7e7fe
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-ptpxr
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8a1d82953ace6a74-TXL

GET
H/1.1 200
OK counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
1 KB 249ms
160ms Image
image/gif 2606:4700::6813:afbc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:afbc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Fri, 12 Jul 2024 02:12:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: de39312a-87c4-4a49-bef9-14f5c1226d5e
x-envoy-upstream-service-time: 7
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: de39312a-87c4-4a49-bef9-14f5c1226d5e
Last-Modified: Fri, 12 Jul 2024 02:12:45 GMT
Server: cloudflare
vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-5974s
access-control-expose-headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
Accept-Ranges: bytes
x-robots-tag: none
CF-RAY: 8a1d8295decd925f-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 352 KB
116 KB 57ms
56ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-970567826

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

78bfcb3bf2ebccbf23c7147271a1c9f8a137857ac3a9df7f0edaab09636e889a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 119131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 12 Jul 2024 02:12:45 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 352 KB
116 KB 67ms
67ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

81e5d9dfbc0bdc340ba6419809c7d791566d7d64eb41c0fc7edcb36dceea901d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 119040
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 12 Jul 2024 02:12:45 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 66 KB
18 KB 152ms
51ms Script
application/javascript 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

4d3dab569c7b9e24ba3484873769a6b4a34bd3ab4ef6ff53b1c5a5c60f7d5663

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Jul 2024 02:12:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 14 Jun 2024 00:42:44 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "666b9204-10980"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 18315
expires: Fri, 12 Jul 2024 02:12:45 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 42 KB
13 KB 156ms
47ms Script
application/javascript 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 20 Jun 2024 19:23:03 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "71b328aff914ada8b774bfa8fff542c4"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 12116

GET
H3 200 qevents.js Show response
a.quora.com/ 41 KB
15 KB 98ms
42ms Script
text/plain 162.159.153.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.quora.com/qevents.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.153.247 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5af5ee0b37b1f0ef31c42932bbf81424e4bb53e95e87a47e058625c1af2245db

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
x-amz-version-id: jrgqQn59BHyNBJEhUqaibHl1Lk06.AzO
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: M04HPBTPY5GDBBF5
age: 6063311
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Tl+NCrT4/ROq8BOB/jXEFbjekr+B/799PB4hsh4cPaz8GcT19YQzaMe+k+f+IJxKpv7tKCeNqoQ=
last-modified: Thu, 28 Mar 2024 17:33:19 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: md5:87b5ecaafd0e88097cbbb1bbb7695fe9
etag: W/"87b5ecaafd0e88097cbbb1bbb7695fe9"
vary: Accept-Encoding
content-type: text/plain
cache-control: public, max-age=14400
cf-ray: 8a1d82963b4958ea-TXL
expires: Fri, 12 Jul 2024 06:12:45 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 38 KB
14 KB 138ms
40ms Script
application/javascript 2a02:26f0:3500:10::210:a9a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a9a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

dbfeb010a0c8acddc38dea97e228787f16ac5e30b4af96b764fa2252fe3827e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 11 Jul 2024 09:19:33 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=62264
accept-ranges: bytes
content-length: 14011

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 352 KB
117 KB 89ms
89ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-970567826&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

74dc3d6d06d207bc9d88085b915bb8b39d37c8341760cd079c0b855c6b3c772d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 119191
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 12 Jul 2024 02:12:45 GMT

GET request.js
script.anura.io/ 0
0

GET
H2 200 site-script.js Show response
cdn.metadata.io/ 8 KB
3 KB 144ms
41ms Script
application/javascript 2600:9000:26db:8600:9:d7d4:1380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.metadata.io/site-script.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:26db:8600:9:d7d4:1380:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

5802ed3fbc14809835a679954070d666df21bcc6e9e8f5330e2b61af5de87d08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 2gBfyfaxB3fqKDB22TRp1x_OR_dQWkeC
content-encoding: gzip
via: 1.1 18d0e038a55eccdc9f0ad716edf64962.cloudfront.net (CloudFront)
date: Thu, 11 Jul 2024 04:38:14 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: MUC50-P3
age: 82275
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 06 Jun 2024 17:28:53 GMT
server: AmazonS3
etag: W/"f5b0e390c41325729288339b59a46ae1"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-amz-cf-id: P2VdfSGidzOLiEXexddt7jWngGTVH_KjdXLJrBrM8Y4iIwCldbTJEQ==

GET
H2 200 8423336.js Show response
snid.snitcher.com/ 24 KB
25 KB 419ms
317ms Script
application/javascript 18.194.229.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://snid.snitcher.com/8423336.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.194.229.254 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-229-254.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: c1a34670533c5c2e58dc39821dccecb87ad3a2d2a45797a51146a44acd4d36bb

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
x-vapor-base64-encode: True
date: Fri, 12 Jul 2024 02:12:45 GMT
cache-control: max-age=1800, private
content-length: 24876
apigw-requestid: axucni4hFiAEPLA=
content-type: application/javascript

GET
H2 200 site-insights.js Show response
cdn.metadata.io/ 7 KB
2 KB 119ms
41ms Script
application/javascript 2600:9000:26db:8600:9:d7d4:1380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.metadata.io/site-insights.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:26db:8600:9:d7d4:1380:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

476cda2bde7910a58186b7b58d2be6d22d3cfacdfeda3354134b84e43d76ac98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: GL5Tx2BZR8maW_iFgMB1W5mptWqV16dc
content-encoding: gzip
via: 1.1 18d0e038a55eccdc9f0ad716edf64962.cloudfront.net (CloudFront)
date: Fri, 12 Jul 2024 01:33:25 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: MUC50-P3
age: 2387
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 19 Jun 2024 15:02:09 GMT
server: AmazonS3
etag: W/"9c747cf07b2623fe6f77e47f5a134103"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-amz-cf-id: 8kmR93wcUXRXalsXllYbZ9uoYJioyQnp029afPGd8bPx9aXd4n7nUg==

GET
H2 200 1010075.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 2 KB
2 KB 227ms
126ms Script
text/javascript 2606:4700::6812:1fb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1010075.js?p=https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&e=

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f220f668e1971fdd97b14c8e30c59714ce190abcb3dae7f3e318ec7f61fd790a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
x-permitted-cross-domain-policies: none
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
content-disposition: inline
x-xss-protection: 0
referrer-policy: no-referrer
server: cloudflare
cross-origin-opener-policy: same-origin
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
origin-agent-cluster: ?1
cf-ray: 8a1d8296eaf4912a-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 352 KB
116 KB 98ms
98ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-970567826&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3470b2c8cee160b7a7f95dd14291654378167cd37108f6d630a763a327246269

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 119038
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 12 Jul 2024 02:12:45 GMT

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/91aab57be1f94ec2a2ef647592767813/ 43 B
421 B 475ms
119ms Image
image/gif 52.5.214.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/91aab57be1f94ec2a2ef647592767813/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.214.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-214-35.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Fri, 12 Jul 2024 02:12:45 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Server: nginx
Connection: keep-alive
Content-Length: 43
X-Q-Stat: ,520125d7a572975c7a0c0b16ecbb4813,10.0.0.236,59552,80.255.7.108,,390332154827,1,1720750365.632,0.002,,.,0,0,0.000,0.004,-,0,0,203,129,64,10,26847,,,,,,-,
Content-Type: image/gif

GET
H2 200 /
www.facebook.com/tr/ 0
125 B 42ms
41ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1076912843267184&ev=PageView&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&rl=&if=false&ts=1720750365100&sw=1600&sh=1200&v=2.9.161&r=stable&a=tmgoogletagmanager&ec=1&o=4126&fbp=fb.1.1720750364573.68638678618963234&ler=empty&cdl=API_unavailable&it=1720750364417&coo=false&rqm=GET

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=42, rtx=0, c=10, mss=1297, tbw=6380, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 12 Jul 2024 02:12:45 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
1 KB 81ms
81ms Image
image/png 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1076912843267184&ev=PageView&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&rl=&if=false&ts=1720750365100&sw=1600&sh=1200&v=2.9.161&r=stable&a=tmgoogletagmanager&ec=1&o=4126&fbp=fb.1.1720750364573.68638678618963234&ler=empty&cdl=API_unavailable&it=1720750364417&coo=false&rqm=FGET

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x09c0dee8544b27a6","source_keys":["1","2"]},{"key_piece":"0xf5934c129f968ddc","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding: zstd
x-content-type-options: nosniff
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
date: Fri, 12 Jul 2024 02:12:45 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7390566544369457658", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=10, mss=1297, tbw=6549, tp=-1, tpl=-1, uplat=41, ullat=0
pragma: no-cache
x-fb-debug: ZlCCzhw0a8D5Mw7cyUHq03dCQECL7E3+vHXvGXCyBDZRnFIu4xn7H47LwyOOhAejxNNdVSvbUzao/0DVeq3fgA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7390566544369457658"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
700 B 314ms
224ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 3BC10297381B485899158C303AB57526 Ref B: FRAEDGE1321 Ref C: 2024-07-12T02:12:45Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://www.reversinglabs.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYdA2pHTkWcyisR0bWTaQ==

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
816 B 303ms
208ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=976924&time=1720750365240&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&tm=gtmv2
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: *
Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:44 GMT
content-encoding: gzip
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 80B416B678A447AB9118414ECA147571 Ref B: DUS30EDGE0806 Ref C: 2024-07-12T02:12:45Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-lva1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYdA2pG0yTJQ1igOKY5Pw==
x-fs-uuid: 00061d036a46d324c94358a038a6393f

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1720750365240&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&tm...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1720750365240&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&t...

0
266 B

317ms
222ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1720750365240&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&tm=gtmv2&e_ipv6=AQJ9GsKkzZ2VgAAAAZCkttxW4QvRZlnEtHZH5eWnckaKiAYVZaRG-3wPeVWQhmJmbL2T_SU
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 4FCACDA6041B45DA87D60C1AA39A5CA4 Ref B: DUS30EDGE0807 Ref C: 2024-07-12T02:12:45Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYdA2pRXMF4eAUxw3mtNw==

Redirect headers

date: Fri, 12 Jul 2024 02:12:44 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 5A6312CC280444E1A1A96C1DCA211DCB Ref B: FRAEDGE1321 Ref C: 2024-07-12T02:12:45Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1720750365240&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&tm=gtmv2&e_ipv6=AQJ9GsKkzZ2VgAAAAZCkttxW4QvRZlnEtHZH5eWnckaKiAYVZaRG-3wPeVWQhmJmbL2T_SU
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYdA2pMk1sXaN+FEpLrzw==

GET
H2 200 / Show response
api.ipify.org/ 21 B
154 B 220ms
126ms Fetch
application/json 104.26.13.205
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cdn.metadata.io
URL: https://cdn.metadata.io/site-insights.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e33a708ad9d04c864fdd86f9ccfdfbbdf24c3b2585bed619367ba4c4747c4e20

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: application/json
access-control-allow-origin: *
cf-ray: 8a1d82978cf091f6-FRA
content-length: 21

GET
H2 200 1174.json Show response
cdn.metadata.io/pixel/config/ 357 B
963 B 127ms
49ms Fetch
application/json 2600:9000:26db:8600:9:d7d4:1380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.metadata.io/pixel/config/1174.json

Requested by

Host: cdn.metadata.io
URL: https://cdn.metadata.io/site-insights.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:26db:8600:9:d7d4:1380:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

92430dc2fbdad4b6edf798f2490016c5d6b72fd5938eb091f2b868e067e2f1da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: wGSoVsS9H_GBxl1aDwvrzKa3102hPPGw
date: Thu, 11 Jul 2024 10:25:12 GMT
via: 1.1 fd4a06b35c482e680f7f3fd9baaa0090.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: MUC50-P3
age: 56854
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 357
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Jul 2024 11:50:55 GMT
server: AmazonS3
etag: "3a86d81afb3a8ce03709d9cdcff675fb"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
x-amz-cf-id: BPC5qOGSxZl1D-fBnhTQufPpjMrSeDwl_RHC5mdWMS8SB7R8jDlGKQ==

GET
H2 200 config Show response
pixel-config.reddit.com/pixels/t2_neftrm6a/ 3 B
124 B 525ms
438ms XHR
application/json 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-config.reddit.com/pixels/t2_neftrm6a/config
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
content-encoding: gzip
via: 1.1 varnish
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
content-length: 27

GET
H2 200 t2_neftrm6a_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
699 B 149ms
54ms XHR
application/json 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_neftrm6a_telemetry
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
content-encoding: gzip
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server: snooserv
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
content-length: 97

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 126ms
40ms Image
image/gif 151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1720750365254&id=t2_neftrm6a&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=e57d958e-757d-4993-8c46-05cba1941bf8&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_e9773deb&dpm=&dpcc=&dprc=
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 / Show response
c.6sc.co/ 7 B
197 B 139ms
138ms XHR
text/html 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-210.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:45 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.reversinglabs.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 19 B
312 B 137ms
41ms XHR
text/html 2a02:26f0:ab00::214:8e70
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ab00::214:8e70 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 40b3b2394802a2951bbb2f37a41326ef6056e5fd68cbda83c657e79c10ffa9e7

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Jul 2024 02:12:45 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.reversinglabs.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a01:4a0:1338:92::8
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1720750365346_34901612_669364676_20_914_38_42_219";dur=1
content-length: 19
expires: Fri, 12 Jul 2024 02:12:45 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 223ms
215ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=e356d025-4d57-4514-8bf7-759520ed3a7f&session=78336028-5d65-46de-8814-631146325eb6&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A45%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Malware%20authors%20upped%20their%20game%2C%20using%20homoglyphs%20to%20impersonate%20a%20protected%20NuGet%20prefix%20and%20IL%20weaving%20to%20inject%20malicious%20code%2C%20RL%20researchers%20found.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malicious%20NuGet%20campaign%20uses%20homoglyphs%20and%20IL%20weaving%20to%20fool%20devs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&pageViewId=348c768a-6110-4306-8515-3b44f942aac2&v=1.1.21

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Jul 2024 02:12:45 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 12 Jul 2024 02:12:45 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 224ms
216ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=e356d025-4d57-4514-8bf7-759520ed3a7f&session=78336028-5d65-46de-8814-631146325eb6&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2012%20Jul%202024%2002%3A12%3A45%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22125cf4892bae30e8b53458235ef53f8d%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2012%20Jul%202024%2002%3A12%3A45%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2012%20Jul%202024%2002%3A12%3A45%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Malware%20authors%20upped%20their%20game%2C%20using%20homoglyphs%20to%20impersonate%20a%20protected%20NuGet%20prefix%20and%20IL%20weaving%20to%20inject%20malicious%20code%2C%20RL%20researchers%20found.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malicious%20NuGet%20campaign%20uses%20homoglyphs%20and%20IL%20weaving%20to%20fool%20devs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&pageViewId=348c768a-6110-4306-8515-3b44f942aac2&v=1.1.21

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Jul 2024 02:12:45 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 12 Jul 2024 02:12:45 GMT

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 155ms
154ms Ping
text/html 2606:4700::6812:1fb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: tracking.g2crowd.com
URL: https://tracking.g2crowd.com/attribution_tracking/conversions/1010075.js?p=https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&e=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary5wgvmaOg8ZgW12lV

Response headers

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 133ms
133ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=e356d025-4d57-4514-8bf7-759520ed3a7f&session=78336028-5d65-46de-8814-631146325eb6&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A1338%3A92%3A%3A8%22%7D&isIframe=false&m=%7B%22description%22%3A%22Malware%20authors%20upped%20their%20game%2C%20using%20homoglyphs%20to%20impersonate%20a%20protected%20NuGet%20prefix%20and%20IL%20weaving%20to%20inject%20malicious%20code%2C%20RL%20researchers%20found.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malicious%20NuGet%20campaign%20uses%20homoglyphs%20and%20IL%20weaving%20to%20fool%20devs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&pageViewId=348c768a-6110-4306-8515-3b44f942aac2&v=1.1.21

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Jul 2024 02:12:45 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 12 Jul 2024 02:12:45 GMT

POST
H2 202 traffic
api-gw.metadata.io/ 0
0 214ms
212ms Fetch
application/json 44.240.141.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-gw.metadata.io/traffic
Requested by: Host: cdn.metadata.io
URL: https://cdn.metadata.io/site-insights.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.240.141.254 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-240-141-254.us-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 12 Jul 2024 02:12:46 GMT
x-amzn-remapped-content-length: 0
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: f804e12a-ee98-4d2b-bf2b-1ea577d6a33c
access-control-max-age: 1728000
access-control-allow-methods: OPTIONS,POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
content-length: 0
x-amzn-remapped-date: Fri, 12 Jul 2024 02:12:46 GMT
x-amz-apigw-id: axucxFcnvHcEd6Q=

OPTIONS
H2 200 traffic
api-gw.metadata.io/ Frame 0
0 654ms
214ms Preflight
application/json 44.240.141.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-gw.metadata.io/traffic
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.240.141.254 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-240-141-254.us-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.reversinglabs.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: *
access-control-max-age: 86400
content-length: 0
content-type: application/json
date: Fri, 12 Jul 2024 02:12:46 GMT
x-amz-apigw-id: axucvEJAvHcEb8g=
x-amzn-requestid: e83768ec-fe35-404b-bbfe-06d0204684c7

OPTIONS
H2 204 verify
snid.snitcher.com/ Frame 0
0 140ms
63ms Preflight 18.194.229.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://snid.snitcher.com/verify
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.194.229.254 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-229-254.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.reversinglabs.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: axucrji-liAEP1w=
cache-control: no-cache, private
date: Fri, 12 Jul 2024 02:12:45 GMT
vary: Access-Control-Request-Method, Access-Control-Request-Headers

POST
H2 200 verify Show response
snid.snitcher.com/ 6 B
148 B 184ms
184ms XHR
application/json 18.194.229.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://snid.snitcher.com/verify
Requested by: Host: snid.snitcher.com
URL: https://snid.snitcher.com/8423336.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.194.229.254 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-229-254.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: d9ea8a8cab935e18796b1a064b1644c0f5db2d967a60e5f7cb8b37066b2399a4

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Fri, 12 Jul 2024 02:12:45 GMT
cache-control: no-cache, private
content-length: 6
apigw-requestid: axucshkXFiAEPhg=
content-type: application/json

GET
H2 200 up
insight.adsrvr.org/track/ Frame D026 0
0 171ms
55ms Document
text/html 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=7qhctws&ref=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&upid=8t4axvj&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-length: 0
content-type: text/html
date: Fri, 12 Jul 2024 02:12:46 GMT
server: Kestrel

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
613 B 173ms
172ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=321484724&v=1.1&a=3375217&pi=172717357380&ct=blog-post&ccu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&cpi=172717357380&cgi=5901382633&lpi=172717357380&lvi=172717357380&lvc=en&pu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&t=Malicious+NuGet+campaign+uses+homoglyphs+and+IL+weaving+to+fool+devs&cts=1720750366217&vi=d1d72be871d343da891062d219adeb68&nc=true&u=60854195.d1d72be871d343da891062d219adeb68.1720750366215.1720750366215.1720750366215.1&b=60854195.1.1720750366215&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 0038456f-92fc-4c28-a5ed-56935808f7d1
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0038456f-92fc-4c28-a5ed-56935808f7d1
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QpG95B2%2F53Z23nfMjnRncGvkVWbLBwHGVwFrcOYgPmGlgtAlk5ZCKVo87UT%2BcDafUdHPb2ybu4ybqPLzjWAS%2B73hGs7TIGRXPEUuWMF7l6S%2Fx4e%2B9udCicIA9cs8txWuBj1PinJvnYz7GufcU2pG"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-nxqrk
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8a1d829cfd3f3835-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
445 B 181ms
180ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=e23cfb45-bf85-4928-8983-102133f2cc3a&fci=168bb6f4-4645-49ec-b10a-9469bdd06ad9&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=321484724&v=1.1&a=3375217&pi=172717357380&ct=blog-post&ccu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&cpi=172717357380&cgi=5901382633&lpi=172717357380&lvi=172717357380&lvc=en&pu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&t=Malicious+NuGet+campaign+uses+homoglyphs+and+IL+weaving+to+fool+devs&cts=1720750366218&vi=d1d72be871d343da891062d219adeb68&nc=true&u=60854195.d1d72be871d343da891062d219adeb68.1720750366215.1720750366215.1720750366215.1&b=60854195.1.1720750366215&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 3972f4b0-b58e-4a67-a852-43b2399b9336
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 13
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3972f4b0-b58e-4a67-a852-43b2399b9336
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AhcZubV2LnSOOwURpqJqYCsTqGxufwqke3kWjUeJ9W3GbG9v6AHVRyYKSXaG8hf0WcoDoW%2F5VN%2BlAOd0MtAzLnOi%2BLSWn%2FX3ZhAWCrTiAACyXiE%2F8AkInRwgOAuKg5Ow7M1xIeIb4PEENlR%2Fd5Fn"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-4g7wv
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8a1d829d0d453835-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
398 B 173ms
172ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=e23cfb45-bf85-4928-8983-102133f2cc3a&fci=168bb6f4-4645-49ec-b10a-9469bdd06ad9&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=321484724&v=1.1&a=3375217&pi=172717357380&ct=blog-post&ccu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&cpi=172717357380&cgi=5901382633&lpi=172717357380&lvi=172717357380&lvc=en&pu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&t=Malicious+NuGet+campaign+uses+homoglyphs+and+IL+weaving+to+fool+devs&cts=1720750366219&vi=d1d72be871d343da891062d219adeb68&nc=true&u=60854195.d1d72be871d343da891062d219adeb68.1720750366215.1720750366215.1720750366215.1&b=60854195.1.1720750366215&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 36bda0f2-ab8d-414d-aa95-63a1441a7145
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 14
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 36bda0f2-ab8d-414d-aa95-63a1441a7145
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I3havQBewUIwDQnxbM12hzBZ3OdCi3sNSbykXgTtOCr%2Fj6DA1X45nn%2FRrBt8cHunJTw5JPw7nN8GevbKENvHN%2B9QbpLBcNe8DzkUOG58XKhs%2Fqa%2FMN7bw80CPBJqjtdHKbfYQSWslRTcG2BOe8w0"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-nxqrk
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8a1d829d0d463835-FRA
x-robots-tag: none

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 133ms
47ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-JVM9Z1XQPL&gtm=45be4790v867824530z8856083864za200zb856083864&_p=1720750364814&gcs=G100&gcd=13p3p3p2p5&npa=1&dma_cps=-&dma=1&tag_exp=0&gdid=dZTQ1Zm&cid=1838943867.1720750366&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_s=1&sid=1720750365&sct=1&seg=0&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&dt=Malicious%20NuGet%20campaign%20uses%20homoglyphs%20and%20IL%20weaving%20to%20fool%20devs&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3669&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-970567826
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Jul 2024 02:12:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.reversinglabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 landing
pagead2.googlesyndication.com/pagead/ 42 B
64 B 155ms
73ms Ping
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/landing?gcs=G100&gcd=13p3p3p2p5&tag_exp=0&rnd=843649838.1720750366&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&dma_cps=-&dma=1&npa=1&gtm=45He4790n81MKL9P8Bv856083864za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Jul 2024 02:12:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
1 KB 187ms
179ms XHR
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=3375217&utk=d1d72be871d343da891062d219adeb68&__hstc=60854195.d1d72be871d343da891062d219adeb68.1720750366215.1720750366215.1720750366215.1&__hssc=60854195.1.1720750366215&contentId=172717357380&currentUrl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33bd9b43eb815f274a6b0a8b9b4e681c8a5d21d655a00d1e6c8fe351d7a1672f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c5b62ce9-4210-4418-bac8-6cfc2b9ede5a
content-encoding: br
x-envoy-upstream-service-time: 31
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c5b62ce9-4210-4418-bac8-6cfc2b9ede5a
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-virtual-host: all
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-njspp
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S1%2BLoeq3xzh8noqXRxLUy5r3Ss9bovE60OmaccxVYNeNCNEQRBfm%2FnJKdFeVAFxJMQvBXgRXX9KtALeCX9%2FFKW9EWUDnnW%2Bs9bkhNoXxanDe%2F4%2BDFuzg4EutgHrHCm2y%2Fgo4bcs2tSxQVa3CG5Hy"}],"group":"cf-nel","max_age":604800}
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8a1d829d6da01e5a-FRA

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 141ms
141ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=e356d025-4d57-4514-8bf7-759520ed3a7f&session=78336028-5d65-46de-8814-631146325eb6&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A46%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A45%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Malware%20authors%20upped%20their%20game%2C%20using%20homoglyphs%20to%20impersonate%20a%20protected%20NuGet%20prefix%20and%20IL%20weaving%20to%20inject%20malicious%20code%2C%20RL%20researchers%20found.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malicious%20NuGet%20campaign%20uses%20homoglyphs%20and%20IL%20weaving%20to%20fool%20devs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&pageViewId=348c768a-6110-4306-8515-3b44f942aac2&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Jul 2024 02:12:46 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 12 Jul 2024 02:12:46 GMT

GET
H3 200 favicon.ico
www.reversinglabs.com/hubfs/favicons/ 1 KB
1 KB 64ms
64ms Other
image/vnd.microsoft.icon 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hubfs/favicons/favicon.ico?v=XBJLaGAQax

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0db68a93d1f97f0fb1224f0734697114c7abc9fc403c920fb05f88a10b4db79

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 02:12:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 21f03f5333352c6494e837ba1b3bb6ce.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10257692869,FD-10257700017,P-3375217,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 52735
x-amz-cf-pop: FRA60-P7
x-amz-request-id: AYJPTPRGTE3D0BYB
content-encoding: br
edge-cache-tag: F-10257692869,FD-10257700017,P-3375217,FLS-ALL
cache-tag: F-10257692869,FD-10257700017,P-3375217,FLS-ALL
x-amz-version-id: Z.0e2dNlpNVLjiXXR6ElKaqWvTbbFyc_
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ZNBNR1V4Zu992Mi6Jg6FhAOBO/RpIsO/9rnDS02VaPSEqUwhUtLNAEdx6FX9nzyb0UxMLZxEDcg=
last-modified: Thu, 06 Jun 2019 14:09:52 GMT
server: cloudflare
etag: W/"65232b94b8bed83757bff14ed51e92b5"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/vnd.microsoft.icon
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kt%2FYy9xfCUHS2UOT1QCXL13H9kjBRsEq6EW6QfNx4GWIWnkMq%2FIPgI3EOzglZIvjNhjtdTJChvCxq30eZ8Y3mpkNYG%2BIeRm9CGn6Hhy3bPXXYuRy2tBOvbRoOlDClPcA7iXXUbT%2FJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 8a1d829e3c20451c-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: -uXjjWI3Vhxu5mcPIUHRxSL1D_G12mICr4bOIPgrjZ8vAnfZ008N5g==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 RL.svg
www.reversinglabs.com/hubfs/favicons/ 1 KB
2 KB 58ms
58ms Other
image/svg+xml 199.60.103.31
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hubfs/favicons/RL.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4d858c8735257088f8afec4218614b0de5de80c4740a1e3d85177d32fcf59f2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-145184489380,FD-10257700017,P-3375217,FLS-ALL
age: 1441505
x-amz-request-id: 1841WPYMXSTKG5K1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-145184489380,FD-10257700017,P-3375217,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"f5495c5973bd36c9aef68e8932961a19"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1699788902625
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Fri, 12 Jul 2024 02:12:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 1947a094c5f1be25e44f62ae3fb60d94.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: CF4go1_hFRfTbqIKmg2EpHi6K6Q8eeO.
x-amz-cf-pop: WAW51-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-145184489380,FD-10257700017,P-3375217,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 2MYkiCwpJ31sKh+Se9Devs6rfTLeioS9cZUbfyyfS4M7peJdmmNDzKX5+MctFK3jhLsIyjcWsDw=
last-modified: Sun, 12 Nov 2023 11:35:03 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T76424zWnu%2BtnIPmFfAvbpuDHPz0BUxXV6HocMG3jV20zlUJdmq%2FxffEIreXONRYlng%2Fk9VpXH5hc6uTfoy7Hiai3GS0uRYeBfO2DLprdtGcPlyS4g5p62UjtEIwEsLkYqBJA1t73g%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8a1d829eacae451c-TXL
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: RdnqnRGxFdOWkx07N-cYAo3C9trLE168SGOhKsGZZr5qDIW--d5dZQ==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 221ms
221ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=e356d025-4d57-4514-8bf7-759520ed3a7f&session=78336028-5d65-46de-8814-631146325eb6&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A47%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A46%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%222002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Malware%20authors%20upped%20their%20game%2C%20using%20homoglyphs%20to%20impersonate%20a%20protected%20NuGet%20prefix%20and%20IL%20weaving%20to%20inject%20malicious%20code%2C%20RL%20researchers%20found.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malicious%20NuGet%20campaign%20uses%20homoglyphs%20and%20IL%20weaving%20to%20fool%20devs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&pageViewId=348c768a-6110-4306-8515-3b44f942aac2&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Jul 2024 02:12:47 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 12 Jul 2024 02:12:47 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 142ms
142ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=e356d025-4d57-4514-8bf7-759520ed3a7f&session=78336028-5d65-46de-8814-631146325eb6&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A48%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A47%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Malware%20authors%20upped%20their%20game%2C%20using%20homoglyphs%20to%20impersonate%20a%20protected%20NuGet%20prefix%20and%20IL%20weaving%20to%20inject%20malicious%20code%2C%20RL%20researchers%20found.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malicious%20NuGet%20campaign%20uses%20homoglyphs%20and%20IL%20weaving%20to%20fool%20devs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&pageViewId=348c768a-6110-4306-8515-3b44f942aac2&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Jul 2024 02:12:48 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 12 Jul 2024 02:12:48 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 252ms
251ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=e356d025-4d57-4514-8bf7-759520ed3a7f&session=78336028-5d65-46de-8814-631146325eb6&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A49%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A48%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%224003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Malware%20authors%20upped%20their%20game%2C%20using%20homoglyphs%20to%20impersonate%20a%20protected%20NuGet%20prefix%20and%20IL%20weaving%20to%20inject%20malicious%20code%2C%20RL%20researchers%20found.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malicious%20NuGet%20campaign%20uses%20homoglyphs%20and%20IL%20weaving%20to%20fool%20devs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&pageViewId=348c768a-6110-4306-8515-3b44f942aac2&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Jul 2024 02:12:49 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 12 Jul 2024 02:12:49 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 134ms
133ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=e356d025-4d57-4514-8bf7-759520ed3a7f&session=78336028-5d65-46de-8814-631146325eb6&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A50%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2012%20Jul%202024%2002%3A12%3A49%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Malware%20authors%20upped%20their%20game%2C%20using%20homoglyphs%20to%20impersonate%20a%20protected%20NuGet%20prefix%20and%20IL%20weaving%20to%20inject%20malicious%20code%2C%20RL%20researchers%20found.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malicious%20NuGet%20campaign%20uses%20homoglyphs%20and%20IL%20weaving%20to%20fool%20devs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs&pageViewId=348c768a-6110-4306-8515-3b44f942aac2&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Jul 2024 02:12:50 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 12 Jul 2024 02:12:50 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: script.anura.io
URL: https://script.anura.io/request.js?instance=1480878102&1720750365094

Verdicts & Comments Add Verdict or Comment

130 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.reversinglabs.com/	1970-01-20 21:59:12	Name: __cf_bm Value: fi0TQoTMP_9r1HH73IXseuVDWmpeIZm.rnjTi0_9z10-1720750363-1.0.1.1-7RYbI_GJB3G9PbK1CVYDt90q5uat7OMSJGlld42NGCw6YGwfhDP_P6uCCN5ppnQm3PNcshvZpLw.lRipzzqBAA
.www.reversinglabs.com/	1969-12-31 23:59:59	Name: __cfruid Value: 021d72bf927abf77b4e152d3240c79dbb95a5d09-1720750363
.reversinglabs.com/	1970-01-21 00:08:46	Name: _fbp Value: fb.1.1720750364573.68638678618963234
.reversinglabs.com/	1970-01-21 06:44:46	Name: _hjSessionUser_3176008 Value: eyJpZCI6ImRhYzA5YTVhLTY1MmQtNThjNy04ODYxLTRhMWVkNjQ5OTgyMCIsImNyZWF0ZWQiOjE3MjA3NTAzNjQ1OTgsImV4aXN0aW5nIjpmYWxzZX0=
.reversinglabs.com/	1970-01-20 21:59:12	Name: _hjSession_3176008 Value: eyJpZCI6IjVkYzFiY2RjLWViYWMtNGNiYS04OWFiLTIyNTkzZDNkZDg3MyIsImMiOjE3MjA3NTAzNjQ1OTksInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.ws.zoominfo.com/	1970-01-21 06:44:46	Name: visitorId Value: fa4c38be0efa1e567561ab609399e63c2380a711cdccb88d2a7491c5ea3dfacf
.zoominfo.com/	1970-01-20 21:59:12	Name: __cf_bm Value: UKZyhCyDekdZf8mSEKlmc9qqV2MNyM4TPxflNm.pwb8-1720750364-1.0.1.1-GFp.HMnzozLbxEyTKtAI4L57E7oQkU_vbdks.iXoLB74IdsR8Volv8pRVYY6GMwi0zpO.xHNd5w1r942vctTEw
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: iVk3jWszOCsvczDuQ8CGTp6Oj0AVKC0MibSBw1SvW68-1720750364768-0.0.1.1-604800000
.hubspot.com/	1970-01-20 21:59:12	Name: __cf_bm Value: mBrKNQ9331SsI.PUz41ThcP_3n0yMVI352Zn_xVGjdc-1720750365-1.0.1.1-OaiNtVPDltfMiUBArDFWG7MLFxm3r9kqUxEZsUxF5AxkzBuRKEgNLDIjAroP45jWdNu9wKZQ4E78cPgCm4rxcg
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: oSUhp0qp8Xp2yxRrMUD4swhyNYCFNXKGYBBqzmLAk8o-1720750365028-0.0.1.1-604800000
.hsforms.com/	1970-01-20 21:59:12	Name: __cf_bm Value: VvLCv3v5xLoTqN3_ddrREzIWUMBu5k8UsaqsIo0z9a4-1720750365-1.0.1.1-ysIElCcIonWNy8wWTV6NKzCU1Xsv5oeT1lAl_4u8KZyS4QyyB7HSR8PjTIMJ8s0b1n5d8.9pca9rckrVnXYDvg
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: LCRQsWun_KN8Pw8nSazkAkA6nAMIWmNqpRJ9q77axEY-1720750365216-0.0.1.1-604800000
www.reversinglabs.com/	1970-01-21 06:44:46	Name: Metadata_visitor_id Value: lyi2c7cyr2ve09a3cs
www.reversinglabs.com/	1970-01-20 21:59:12	Name: Metadata_session_id Value: lyi2c7cz39uqluxodd6
.reversinglabs.com/	1970-01-21 00:08:46	Name: _rdt_uuid Value: 1720750365253.e57d958e-757d-4993-8c46-05cba1941bf8
www.reversinglabs.com/	1970-01-21 07:35:10	Name: _gd_visitor Value: e356d025-4d57-4514-8bf7-759520ed3a7f
www.reversinglabs.com/	1970-01-20 21:59:24	Name: _gd_session Value: 78336028-5d65-46de-8814-631146325eb6
.g2crowd.com/	1970-01-20 21:59:12	Name: __cf_bm Value: YlxKk6gxkpufm_4mi_aUnYWq6AV1rF8HkbMrq0BY2DQ-1720750365-1.0.1.1-V_1Rtuy.4501tauzqixgDyDMz72wQ.JA.AvEh9vVVl2eRZBQNWddargCPEoCN.zHJGNzsZoukvtG_jYwMB2pjg
snid.snitcher.com/	1970-01-21 07:35:10	Name: SNID Value: eyJpdiI6IkpMUVEvekNnQllxdmQyUklXQ0kwNXc9PSIsInZhbHVlIjoiaHMrM1NtQjVuZmRyYndsNWthMmxRZy9VSkpyTnpJV3Y3UTFrOEI0M3UwWTRKK1NkYXJQbkhhd2RCWjJoSUlWYUVFekpZR0s4Z3hINm5HMkU5eFF6WEVXS3JTMmxhTGFHMjN3cnZWK0tUUFhBVHowYVhZTFkvYWs1YTB2SjFIeFYiLCJtYWMiOiJjZWFlYmE4M2JmOWEyNjRlNTVmYTk5ZmE0NWNmZDRlODY2NTUwZThhNDhkOTI1YjAwZTg1ZjVmNGFjMmVkYmY0IiwidGFnIjoiIn0%3D
.linkedin.com/	1970-01-20 22:00:36	Name: lidc Value: "b=OGST08:s=O:r=O:a=O:p=O:g=2919:u=1:x=1:i=1720750365:t=1720836765:v=2:sig=AQHjRlvmLYm0V_IZfqDvq9o1OkSjmM2c"
.linkedin.com/	1970-01-21 06:44:46	Name: bcookie Value: "v=2&7a676171-9790-439d-8b03-e732c544e5d5"
.linkedin.com/	1970-01-21 02:18:22	Name: li_gc Value: MTswOzE3MjA3NTAzNjU7MjswMjFJpIExg03mFRe6KDN9SSwFslnxjnqgQ9fja6TcmwSSQQ==
.reversinglabs.com/	1970-01-21 02:18:22	Name: __hstc Value: 60854195.d1d72be871d343da891062d219adeb68.1720750366215.1720750366215.1720750366215.1
.reversinglabs.com/	1970-01-21 02:18:22	Name: hubspotutk Value: d1d72be871d343da891062d219adeb68
.reversinglabs.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.reversinglabs.com/	1970-01-20 21:59:12	Name: __hssc Value: 60854195.1.1720750366215

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://script.hotjar.com/modules.e4b2dc39f985f11fb1e4.js(Line 1) Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://script.hotjar.com/modules.e4b2dc39f985f11fb1e4.js(Line 1) Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://platform.twitter.com/widgets.js(Line 7) Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://js.hscollectedforms.net/collectedforms.js Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://js.hscollectedforms.net/collectedforms.js Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://www.reversinglabs.com/_hcms/forms/v2.js Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://www.reversinglabs.com/_hcms/forms/v2.js Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://platform.twitter.com/widgets.js(Line 7) Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://platform.twitter.com/widgets.js(Line 7) Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://js.adsrvr.org/up_loader.1.1.0.js Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	Content-Security-Policy: frame-ancestors 'self' http://reversinglabs.lookbookhq.com https://reversinglabs.lookbookhq.com http://reversinglabs.pathfactory.com https://reversinglabs.pathfactory.com http://content.reversinglabs.com https://content.reversinglabs.com; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3375217.fs1.hubspotusercontent-na1.net
a.quora.com
alb.reddit.com
api-gw.metadata.io
api.hubapi.com
api.ipify.org
app.hubspot.com
b.6sc.co
c.6sc.co
cdn.metadata.io
cdn2.hubspot.net
cdnjs.cloudflare.com
connect.facebook.net
cookieinfoscript.com
cta-service-cms2.hubspot.com
fonts.googleapis.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
forms.hubspot.com
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js.adsrvr.org
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
js.hubspot.com
js.usemessages.com
pagead2.googlesyndication.com
perf-na1.hsforms.com
pixel-config.reddit.com
platform.linkedin.com
platform.twitter.com
play.vidyard.com
px.ads.linkedin.com
px4.ads.linkedin.com
q.quora.com
region1.google-analytics.com
script.anura.io
script.hotjar.com
snap.licdn.com
snid.snitcher.com
static.hotjar.com
static.hsappstatic.net
track.hubspot.com
tracking.g2crowd.com
unpkg.com
ws.zoominfo.com
www.facebook.com
www.googletagmanager.com
www.redditstatic.com
www.reversinglabs.com
script.anura.io
104.16.118.43
104.17.24.14
104.18.80.204
104.18.89.62
104.19.175.188
104.26.13.205
13.107.42.14
142.250.185.130
151.101.1.140
151.101.1.181
151.101.193.140
157.240.0.6
162.159.153.247
18.172.103.101
18.194.229.254
18.66.102.106
188.114.97.3
199.60.103.31
2.17.100.210
2001:4860:4802:34::36
2600:9000:26db:8600:9:d7d4:1380:93a1
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:4700:4400::6812:22e5
2606:4700:4400::6812:297c
2606:4700::6810:4e8e
2606:4700::6810:6cfe
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6810:a0a8
2606:4700::6811:80ac
2606:4700::6811:b05b
2606:4700::6811:f6cb
2606:4700::6812:1fb0
2606:4700::6812:8d11
2606:4700::6812:f26c
2606:4700::6813:afbc
2620:1ec:21::14
2a00:1450:4001:81c::200a
2a00:1450:4001:829::2003
2a00:1450:4001:830::2008
2a02:26f0:3500:10::210:a9a
2a02:26f0:ab00::214:8e70
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
2a04:4e42:600::396
3.33.220.150
44.240.141.254
52.5.214.35
54.230.228.40
0064c2da72d80b01589d488459021d045fefd9a5fd2826d4229b79705057b6ec
00737871c06855774c55631ef453fe78c74af5040995f8c8ab735f0692d130dd
012ac0d5bbf3afc87b088b9405486c6fea6b3b013d783bb8c47d2bc6d7766c3c
03c30b3cb8bfcb6c97b324ef18840cebdbe696a9f50ad21285329699a6d6bd01
074c06097a3a6ac53032ef4c0fe419c65601e44beb8185a54fd0bcc46e7bd49c
0ab31a97c236988bb6e415187b2197cdbf689664173015dffd6da8eb96b1626f
1039d8c6d5ca0ae27a058e460a3496ac932a0ed7b21496e3a7be5063c605ac5a
112e04a9a68473c84a6f4707484a895bf43250cda052d6c44fcdfd61290dd973
170d7b2dda1cde0aad9938ebc0e3f7f1e08b01221eead69e14784fdb089543b6
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
177628e7287755e9c42cb9adcee0d7b59183e2c1c9480a047005b39d806089c2
223ce47ad1f37b0e8d8d12e8333faa417930d86e8a2b69e932364cd4fa725310
262c51d03e4bdb5c91511e2df131b608a522b7a96c6a89048ceb90084b3402dc
265e4bbd1db28d8f58e233e0992fb26719b1226402f84985e269dcd1a3dbb83a
27399f658df94d828fe7a618f8307edadd04b0d8420cbea424fe25517ac29963
2a292a803eb0d1026a1342faf504f55b44e464e833704574615979a994510f24
316659528f351f3ec5635641f8930279efff68ab8f4f48387e0bfad68a6d914f
33bd9b43eb815f274a6b0a8b9b4e681c8a5d21d655a00d1e6c8fe351d7a1672f
3470b2c8cee160b7a7f95dd14291654378167cd37108f6d630a763a327246269
350dfd290fcaf704accd61883b7d6dd6e2fcb8d6f10c747ba96707c20bddc000
356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1
40b3b2394802a2951bbb2f37a41326ef6056e5fd68cbda83c657e79c10ffa9e7
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9
46c40fb973de87b70f9c738df7e9dc501f85fda35e5aac8aead035ee6957a625
476cda2bde7910a58186b7b58d2be6d22d3cfacdfeda3354134b84e43d76ac98
47aa3bfad6cb9e2d63abdd58f4e6ce4f7b9fd2704b2b15193c71874035fe025d
4d3dab569c7b9e24ba3484873769a6b4a34bd3ab4ef6ff53b1c5a5c60f7d5663
51e587bceb7d256696cb2887caf036e9dc6db178f9ae5497c2e9755aec0330a8
53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5727706148501a5619adffc52a8da8793c342e06b263a279dbe770fbfa720c11
5802ed3fbc14809835a679954070d666df21bcc6e9e8f5330e2b61af5de87d08
582cc085dd8fea044917d1efde838e77e845262fd025bbfe0339f808607c81f6
5af5ee0b37b1f0ef31c42932bbf81424e4bb53e95e87a47e058625c1af2245db
5e61e6816281655078661b3cbcb07fda07ce89bfcb32e079eefa8e3859c6c4e3
619feac205d68f6356fcad13d6758533011a8acc7830e3deb0f763249d7516c0
66a73d05aa5dc1498649771edde25d1e17bd80eab4c7bf33ffc39cdaed421110
66c878263a4da1e8bceed109ec6c40426d581601ac339c977f9dc01ac2a4866a
6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9
6767c2fe6d7e1ad86580596bf56802fe8bdd92698be3ae701f5f9d440aa1339f
6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
74dc3d6d06d207bc9d88085b915bb8b39d37c8341760cd079c0b855c6b3c772d
76945c7494c20515bb45d1dedab8f7062020a8252297f8e24ab4fa908ac24032
77af0a963d2016e3165d4e70050e60f0054e70ed0dba5ae5c2be14bcccbff207
78bfcb3bf2ebccbf23c7147271a1c9f8a137857ac3a9df7f0edaab09636e889a
79352e30a9fe7e78ee8924721ad55392be75dc93060fd370875da6c66a52f82b
7cfd62a134cdab910bf1fde5f6aee5b28bb00d29b020ddcb53fbd3d437043256
816360b9246cc268283dad1c2dae8f48e40df1cee8b234412201f4a03541e4a2
8173ccfac5e779a6878c865cad048f0eeac20cd305737a72828cce37c981bbfa
81e5d9dfbc0bdc340ba6419809c7d791566d7d64eb41c0fc7edcb36dceea901d
87d049fc6d16da1f81063235c0e3d31a4656800cbbdca8277d6ae56614a52aba
8c9a75774902f13673b3465d48f40aa9ef4ad8a2dff8bb64f359c6a6d85ed45d
8cad72492b8e2e9d10145086fa357469e150267e6cca335e7db37d00ed94738b
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8fcde1c4799400031e5d9621751b553c039e3d68efac89296aed953cd46feaf1
9153821aa69a0b9c127668123bca9687461f8375418f8cb32d74744479920e23
92430dc2fbdad4b6edf798f2490016c5d6b72fd5938eb091f2b868e067e2f1da
92b7d2521a258609fb0fd998b5db42022bc54c9f71faf87511488582ecc4ebdc
98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf
9a45c89da6cfa94009a61215c8921175ec1bf18444adb5bcba07e22e9b12954d
9dad1c0db8f609fc3fa93ed9a02f23f1fde3497445fa1f83c71f0816376f7cd6
9ed275899c38f48387b314c6f16ead78055b6a19ec27302ff057724cbf4824ed
a0db68a93d1f97f0fb1224f0734697114c7abc9fc403c920fb05f88a10b4db79
a10b6071217a8785be6f6bd0019e022991d5409936c1eeb72a6808c96b58bd41
a1fd7c4306f905dd7c185853f3ea95970a8e6e791952279f1d980c3922affa8e
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
afcb95431b4036fd54fe79de411493352c550220beb8328f459663da5bc1b552
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b4d055c00091ad0c418a3719aab82bdff79b5f817223b0cc29286b8f73dcfd2c
b8a778f26aa1bb1a30c122dc60348955a16c5827a1fe82b0f7a546f8691e07b6
bb1d31828eed1b9e8828be0489a1e87ba8fa4f029d4e1b9f6d7f336d315f3624
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb8007225d94a099cddbade7ea904667c0dd0b68d5e30778e5c6257589ab94d1
c1a34670533c5c2e58dc39821dccecb87ad3a2d2a45797a51146a44acd4d36bb
c4832b19dd5406ac0855426096610e532861e94c65819651ada45299002455de
c659d48de243c3ad9f9d07133b5df4acb5a1e9cea5240e9c721b5566263409f2
c72a76026111d8d71ae586c7272b29fe92e33154f545d2f5fa5f8a784bd6c681
ca27601c0d2a15cc23d9038896c3c2a857ce6da0bd24ee51266a1516aae0a4a4
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cb05c32e8ab63eafd9a01d00b47e635edc2d53b0269a0650c4e1818ec2817689
d4d858c8735257088f8afec4218614b0de5de80c4740a1e3d85177d32fcf59f2
d58a239de270c77f029acf34f953155d505bb414b58d9aab5d9d2f3aa315d376
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
d9ea8a8cab935e18796b1a064b1644c0f5db2d967a60e5f7cb8b37066b2399a4
da0183f97db8d8d2af9a74abfdf38270689dec5cc34c7b0ec229ba69e9bcc756
dbfeb010a0c8acddc38dea97e228787f16ac5e30b4af96b764fa2252fe3827e4
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd26d9d88899d0587c9377964b7d1ab478a318b0fdbee7b9d6a084e4aa6425f7
e33a708ad9d04c864fdd86f9ccfdfbbdf24c3b2585bed619367ba4c4747c4e20
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e72a24747991522d9a3efacd06164c7881c3950ccdacb2c8f78008a43e1b06b1
e9b8906a8b7540b8accfd2a491c0821d6bd6d8ccbd4ab53a56da8906ff028423
ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f153110f5d653ddb101c545c539d99648e6a152919b26be74d76078f8a65da41
f220f668e1971fdd97b14c8e30c59714ce190abcb3dae7f3e318ec7f61fd790a
f4d1e641d47b4af1b6cb7936c59626f4dbab3933473009b447406034c34facb5
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52
f899fd2e84404932ca119af28487a7796c151fc9e15d87bd19467f712f26d50c
f8d0aa85467b8c837e3dd6ae9303205f9f6ed7fdb4c956086b7899a3a4e13bbf
fc30e5ac2673ee4b7308fc4f6f574f22653f2a6e85cb93a99101280294454009
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.reversinglabs.com Open in urlscan Pro 199.60.103.31 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

134 Requests

98 %HTTPS

53 %IPv6

39 Domains

56 Subdomains

50 IPs

4 Countries

3897 kBTransfer

9003 kBSize

26 Cookies

31 Outgoing links

Redirected requests

134 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.reversinglabs.com Open in urlscan Pro
199.60.103.31 Public Scan

Screenshot
Live screenshot

Full Image

134
Requests

98 %
HTTPS

53 %
IPv6

39
Domains

56
Subdomains

50
IPs

4
Countries

3897 kB
Transfer

9003 kB
Size

26
Cookies

134 HTTP transactions
1 data transactions