www.reversinglabs.com Open in urlscan Pro
2606:2c40::c73c:671f Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads
Submission: On December 05 via manual (December 5th 2024, 12:28:31 am UTC) from MY — Scanned from US

Summary HTTP 113 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 36 IPs in 1 countries across 25 domains to perform 113 HTTP transactions. The main IP is 2606:2c40::c73c:671f, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare London, LLC, US. The main domain is www.reversinglabs.com.
TLS certificate: Issued by WE1 on November 7th 2024. Valid for: 3 months.

This is the only time www.reversinglabs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
20	2606:2c40::c7... 2606:2c40::c73c:671f	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare London)
3	2607:f8b0:400... 2607:f8b0:4006:81e::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700:440... 2606:4700:4400::ac40:9284	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:593e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:297c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.129.181 151.101.129.181	54113 (FASTLY) (FASTLY)
1	2606:4700:303... 2606:4700:3031::ac43:992e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	52.85.61.101 52.85.61.101	16509 (AMAZON-02) (AMAZON-02)
5	2607:f8b0:400... 2607:f8b0:4006:820::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:762b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:a0a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:440... 2606:4700:4400::ac40:9310	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8a11	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4e8e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:df98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:6efe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	54.82.9.148 54.82.9.148	14618 (AMAZON-AES) (AMAZON-AES)
6	2607:f8b0:400... 2607:f8b0:4006:824::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:f06c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:50cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2607:f8b0:400... 2607:f8b0:4006:81c::2004	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:81e::2002	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:823::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80b::200e	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c17::9d	15169 (GOOGLE) (GOOGLE)
3	34.234.192.74 34.234.192.74	14618 (AMAZON-AES) (AMAZON-AES)
2	23.209.72.209 23.209.72.209	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
2	2600:141b:1c0... 2600:141b:1c00:6::17df:d12e	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
4 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:141b:1c0... 2600:141b:1c00:2e::17d1:48c5	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
7	23.219.82.42 23.219.82.42	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
113	36

20 2606:2c40::c73c:671f (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US)

www.reversinglabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81e::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::ac40:9284 (United States)

ASN13335 (CLOUDFLARENET, US)

3375217.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:593e (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:297c (United States)

ASN13335 (CLOUDFLARENET, US)

7052064.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.181 (San Francisco, United States)

ASN54113 (FASTLY, US)

play.vidyard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::ac43:992e (United States)

ASN13335 (CLOUDFLARENET, US)

cookieinfoscript.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 52.85.61.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-101.ewr53.r.cloudfront.net

cdn-app.pathfactory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:820::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:762b (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a0a8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::ac40:9310 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8a11 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4e8e (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:df98 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6efe (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 54.82.9.148 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-82-9-148.compute-1.amazonaws.com

jukebox.pathfactory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:824::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f06c (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:50cc (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81c::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81e::2002 (United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:823::2002 (United States)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80b::200e (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c17::9d (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.234.192.74 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-234-192-74.compute-1.amazonaws.com

spcollector.pathfactory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.209.72.209 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-209-72-209.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:141b:1c00:6::17df:d12e (Secaucus, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:1c00:2e::17d1:48c5 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 23.219.82.42 (New York, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-219-82-42.deploy.static.akamaitechnologies.com

b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	pathfactory.com cdn-app.pathfactory.com — Cisco Umbrella Rank: 43398 jukebox.pathfactory.com — Cisco Umbrella Rank: 37094 spcollector.pathfactory.com — Cisco Umbrella Rank: 43545	241 KB
20	reversinglabs.com www.reversinglabs.com	168 KB
10	6sc.co j.6sc.co — Cisco Umbrella Rank: 5557 c.6sc.co — Cisco Umbrella Rank: 6739 ipv6.6sc.co — Cisco Umbrella Rank: 5633 b.6sc.co — Cisco Umbrella Rank: 3603	21 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 333 www.linkedin.com — Cisco Umbrella Rank: 676 px4.ads.linkedin.com — Cisco Umbrella Rank: 7032	4 KB
6	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 td.doubleclick.net — Cisco Umbrella Rank: 182 stats.g.doubleclick.net — Cisco Umbrella Rank: 135	5 KB
6	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	644 KB
5	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 5921 js.hubspot.com — Cisco Umbrella Rank: 3653 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 3677 track.hubspot.com — Cisco Umbrella Rank: 2477 forms.hubspot.com — Cisco Umbrella Rank: 6196	29 KB
5	gstatic.com fonts.gstatic.com	134 KB
5	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 225	51 KB
4	google.com www.google.com — Cisco Umbrella Rank: 3 analytics.google.com — Cisco Umbrella Rank: 142	128 B
3	hubspotusercontent-na1.net 3375217.fs1.hubspotusercontent-na1.net 7052064.fs1.hubspotusercontent-na1.net — Cisco Umbrella Rank: 20850	15 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	3 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 831	15 KB
2	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4839 perf-na1.hsforms.com — Cisco Umbrella Rank: 3819	2 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4811 forms.hscollectedforms.net — Cisco Umbrella Rank: 4960	25 KB
2	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2343	26 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3690	802 B
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3341	3 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 5194	27 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5955	92 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2358	25 KB
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4514	2 KB
1	cookieinfoscript.com cookieinfoscript.com — Cisco Umbrella Rank: 129185	4 KB
1	vidyard.com play.vidyard.com — Cisco Umbrella Rank: 7681	23 KB
1	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 10169	2 KB
113	25

	Domain	Requested by
20	www.reversinglabs.com	www.reversinglabs.com js.usemessages.com
14	cdn-app.pathfactory.com	www.reversinglabs.com cdn-app.pathfactory.com
10	jukebox.pathfactory.com	cdn-app.pathfactory.com
7	b.6sc.co
6	www.googletagmanager.com	www.reversinglabs.com js.hsadspixel.net www.googletagmanager.com
5	fonts.gstatic.com	fonts.googleapis.com
5	cdnjs.cloudflare.com	www.reversinglabs.com
4	px.ads.linkedin.com	3 redirects snap.licdn.com
3	spcollector.pathfactory.com	cdn-app.pathfactory.com
3	td.doubleclick.net	www.googletagmanager.com
3	www.google.com	www.googletagmanager.com www.reversinglabs.com
3	fonts.googleapis.com	www.reversinglabs.com
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	js.hs-banner.com	www.reversinglabs.com js.hs-banner.com
2	3375217.fs1.hubspotusercontent-na1.net	www.reversinglabs.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	forms.hubspot.com	js.hsleadflows.net
1	j.6sc.co	www.reversinglabs.com
1	track.hubspot.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	perf-na1.hsforms.com	www.reversinglabs.com
1	forms.hsforms.com	www.reversinglabs.com
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	api.hubapi.com	js.hsadspixel.net
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	js.hubspot.com	www.reversinglabs.com
1	js.hscollectedforms.net	www.reversinglabs.com
1	js.hsadspixel.net	www.reversinglabs.com
1	js.usemessages.com	www.reversinglabs.com
1	js.hsleadflows.net	www.reversinglabs.com
1	js.hs-analytics.net	www.reversinglabs.com
1	app.hubspot.com	www.reversinglabs.com
1	ws.zoominfo.com	www.reversinglabs.com
1	cookieinfoscript.com	www.reversinglabs.com
1	play.vidyard.com	www.reversinglabs.com
1	7052064.fs1.hubspotusercontent-na1.net	www.reversinglabs.com
1	cdn2.hubspot.net	www.reversinglabs.com
113	42

This site contains links to these domains. Also see Links.

Domain
support.reversinglabs.com
register.reversinglabs.com
rli.reversinglabs.com
www.secure.software
twitter.com
www.linkedin.com
www.facebook.com
www.instagram.com
www.youtube.com
blog.reversinglabs.com
cookieinfoscript.com

Subject Issuer	Validity	Valid
www.reversinglabs.com WE1	`2024-11-07` - `2025-02-05`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
hubspotusercontent-na1.net WE1	`2024-10-27` - `2025-01-26`	3 months	crt.sh
hubspot.net WE1	`2024-11-30` - `2025-03-01`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-11-26` - `2025-02-24`	3 months	crt.sh
*.vidyard.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-04-03` - `2025-05-05`	a year	crt.sh
cookieinfoscript.com WE1	`2024-11-26` - `2025-02-24`	3 months	crt.sh
*.pathfactory.com Amazon RSA 2048 M02	`2024-05-11` - `2025-06-08`	a year	crt.sh
*.gstatic.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
zoominfo.com E6	`2024-11-12` - `2025-02-10`	3 months	crt.sh
hubspot.com WE1	`2024-12-01` - `2025-03-01`	3 months	crt.sh
hs-analytics.net WE1	`2024-10-07` - `2025-01-05`	3 months	crt.sh
hs-banner.com WE1	`2024-11-22` - `2025-02-20`	3 months	crt.sh
hsleadflows.net WE1	`2024-11-27` - `2025-02-25`	3 months	crt.sh
usemessages.com WE1	`2024-12-04` - `2025-03-04`	3 months	crt.sh
hsadspixel.net WE1	`2024-10-10` - `2025-01-08`	3 months	crt.sh
hscollectedforms.net WE1	`2024-11-20` - `2025-02-18`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
hubapi.com WE1	`2024-11-07` - `2025-02-05`	3 months	crt.sh
hsforms.com WE1	`2024-10-10` - `2025-01-08`	3 months	crt.sh
*.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.doubleclick.net WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
6sc.co R10	`2024-09-23` - `2024-12-22`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2024-12-02` - `2025-12-01`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads
Frame ID: F1A3D332C2EDCCBE26DC092BE5A0F639
Requests: 104 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/970567826?random=1733358506738&cv=11&fst=1733358506738&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4c30v867824530z8856083864za200zb856083864&gcd=13r3r3r3r5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&hn=www.googleadservices.com&frm=0&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=2009702333.1733358507&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: C9C87F1BF780860013076A8307735299
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-JVM9Z1XQPL&gacid=818400528.1733358507&gtm=45be4c30v867824530z8856083864za200zb856083864&dma=0&gcs=G111&gcd=13r3r3r3r5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485&z=349256755
Frame ID: C5B60F1BCB962443E6FE94862E0A8AE7
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4c30/sw_iframe.html?origin=https%3A%2F%2Fwww.reversinglabs.com
Frame ID: 91B409D22F32E008733E81E2FB9AB672
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/970567826?random=1733358507292&cv=11&fst=1733358507292&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4c30v867824530z8856083864za201zb856083864&gcd=13r3r3r3r5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&hn=www.googleadservices.com&frm=0&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=2009702333.1733358507&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: 78AA4C4D644099A6A394514F2863796B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Lightbox (JavaScript Libraries) Expand

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

113
Requests

99 %
HTTPS

80 %
IPv6

25
Domains

42
Subdomains

36
IPs

1
Countries

1560 kB
Transfer

4691 kB
Size

28
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://support.reversinglabs.com/hc/en-us?_gl=1
Title: Documentation

Search URL Search Domain Scan URL

URL: https://register.reversinglabs.com/demo
Title: Request a Demo

Search URL Search Domain Scan URL

URL: https://support.reversinglabs.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://rli.reversinglabs.com/accounts/login/
Title: Login

Search URL Search Domain Scan URL

URL: https://www.secure.software/
Title: Developer Portal

Search URL Search Domain Scan URL

URL: https://twitter.com/reversinglabs

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/reversinglabs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/reversinglabs

Search URL Search Domain Scan URL

URL: https://www.instagram.com/reversinglabs

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/reversinglabs

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/blog/rss.xml

Search URL Search Domain Scan URL

URL: https://cookieinfoscript.com/
Title: cookie script

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 103

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1733358507433&li_adsId=0c082f82-db96-4774-9cf8-ce758c715cfc&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1733358507433&li_adsId=0c082f82-db96-4774-9cf8-ce758c715cfc&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D976924%26time%3D1733358507433%26li_adsId%3D0c082f82-db96-4774-9cf8-ce758c715cfc%26url%3Dhttps%253A%252F%252Fwww.reversinglabs.com%252Fblog%252Fmalware-found-in-solana-npm-library-with-50m-downloads%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1733358507433&li_adsId=0c082f82-db96-4774-9cf8-ce758c715cfc&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1733358507433&li_adsId=0c082f82-db96-4774-9cf8-ce758c715cfc&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLvnzUpNltfUAAAAZOUN9fkEZ14k2FEaq3LdGh1FmFozH-bg8Xw0Suglzo9Z5sOl-J-RyM4lwk

113 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 404 Primary Request malware-found-in-solana-npm-library-with-50m-downloads Show response
www.reversinglabs.com/blog/ 51 KB
11 KB 512ms
343ms Document
text/html 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c76335772ae09c1a16f3880e071182927c17675b8c840ded7bf28b143173c5d

Security Headers

Name	Value
Content-Security-Policy	Content-Security-Policy: frame-ancestors 'self' http://reversinglabs.lookbookhq.com https://reversinglabs.lookbookhq.com http://reversinglabs.pathfactory.com https://reversinglabs.pathfactory.com http://content.reversinglabs.com https://content.reversinglabs.com; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=5,max-age=5
cf-cache-status: EXPIRED
cf-ray: 8ecfea82ca6b4cae-PHL
content-encoding: br
content-security-policy: Content-Security-Policy: frame-ancestors 'self' http://reversinglabs.lookbookhq.com https://reversinglabs.lookbookhq.com http://reversinglabs.pathfactory.com https://reversinglabs.pathfactory.com http://content.reversinglabs.com https://content.reversinglabs.com; upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Thu, 05 Dec 2024 00:28:25 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a1FXyWjFHeCfoaSpfSzaFJ0eRVmNE8Hc2G5G%2FUhlh2E758lTuedTYy0KwIAR56awuryLRcgrKmeFlyZV7glkmhKT4Nh9zNt3jOJuSbu4tEKb%2FjIH7fi0n0G5LNKUEvR9sgy%2FLw70I6gavxwB9Dcw2HMA9g%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfExtPri
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 191
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-10-19-td/envoy-proxy-55cf57c567-wjc9l
x-evy-trace-virtual-host: all
x-hs-reason: No view mapper found to handle request
x-hubspot-correlation-id: e4bcb6c6-0a40-47cf-a013-a82820c7a863
x-hubspot-notfound: true
x-request-id: e4bcb6c6-0a40-47cf-a013-a82820c7a863
x-xss-protection: 1

GET
H3 200 header-transition.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/144306795402/1733240600017/Redesign_2023/css/globals/ 24 KB
9 KB 104ms
101ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/144306795402/1733240600017/Redesign_2023/css/globals/header-transition.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4148e3a63ce465febc1d0846c430bf4e2f823693545e1c515fe7d346aa28b94e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Response headers

x-request-id: b04af520-2927-4ccf-bcb5-18e83d266a79
content-encoding: gzip
cf-cache-status: HIT
etag: W/"a70d7ddeb50566c1dbeb0c1f7facbdc5"
x-amz-version-id: QIFjcIAKioshn6sO4qs8uMrCQMtuM7Lq
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q1rGepOVoysfc%2FZYs5PQr5%2B3irhlazriqazDpOVDEFD4NfmHDireluhjBFXXVIwkaCv7%2BmTHkHPUj2zMTiWDkAaQoZbrAIPXxBASJoRtJ3YLDxIc35K%2FEflQCHoeLkkccrxgMbvE2X5eHNEKG2zhl6IAQA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: A_o3mQi20wZexfj8dIgMarFthkCOovLOJiapzQTf7AVB6PaMvHxy3A==
x-hubspot-correlation-id: b04af520-2927-4ccf-bcb5-18e83d266a79
content-type: text/css
last-modified: Tue, 03 Dec 2024 15:43:21 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-8vr2s
x-envoy-upstream-service-time: 166
x-amz-request-id: XY86Z3KE2GXC9BH7
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 05 Dec 2024 00:28:25 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 9fmpziDuWhTXnmBTmOX7VWRxbuLpPymTD037HsNH5VnDmamOVi4M/x72Zlg85vR8QRrstu6W445+PLknXw4szA==
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.reversinglabs.com
access-control-allow-credentials: false
via: 1.1 0fbab52df0695e2a561cd26eb7f9484c.cloudfront.net (CloudFront)
cf-ray: 8ecfea850cbb4cae-PHL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1733240600918

GET
H3 200 site-search.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11736913415/1717496357776/Archive/2020/css/ 612 B
2 KB 85ms
80ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11736913415/1717496357776/Archive/2020/css/site-search.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Response headers

x-request-id: 7ac6ee7b-0b3b-4e89-8715-1dd5e5a3985c
content-encoding: br
cf-cache-status: HIT
etag: W/"c708989561e0cdbfcf996d1b7f47482c"
x-amz-version-id: zyYzH8xB8TW25O.kcSTSJ6A4A2aTLiOq
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lJ4T5iejoG0LDO1CVXds3lg2%2FlRESWPazPbbjluFocMKqJlM5WGRAhDzgJDSQzPJeTiFQrsiJkYvHFcbKvbVpEM%2BAnsPb3OukJMCqPYZucZ8SeRYa9V9Tc58I421w3RVjMV91xKxtMROpWKsvkDRoj3GYw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: JSTGZ0vd6XKKi5gV7wGJw5yvwU1yygUD8flwd98RDQcx3N6yzkib5g==
x-hubspot-correlation-id: 7ac6ee7b-0b3b-4e89-8715-1dd5e5a3985c
content-type: text/css
last-modified: Tue, 04 Jun 2024 10:19:19 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-ttbmk
x-envoy-upstream-service-time: 187
x-amz-request-id: CP2S56JN51BTHE0N
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 05 Dec 2024 00:28:25 GMT
vary: origin, Accept-Encoding
x-amz-id-2: vL+E59vuVLMJ5w9Ec0pz4oVErOddKSNW2kMnJ3WvXeQ3iEyAK1mDR3k7YnzHP0kyJ9OMy1z6cCM=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.reversinglabs.com
access-control-allow-credentials: false
via: 1.1 5e6930ff15cb9ece8bd1c3b20d8103c0.cloudfront.net (CloudFront)
cf-ray: 8ecfea850cc34cae-PHL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1717496358500

GET
H2 200 css2
fonts.googleapis.com/ 16 KB
1 KB 145ms
50ms Stylesheet
text/css 2607:f8b0:4006:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,300&display=swap

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b16a4679121aaed1af82b388c054e2c03a705e1eba9b40707b6b3887feb90ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 05 Dec 2024 00:28:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 00:28:25 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 05 Dec 2024 00:28:25 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
930 B 143ms
49ms Stylesheet
text/css 2607:f8b0:4006:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=DM+Sans:opsz,wght@9..40,100;9..40,200;9..40,300;9..40,400;9..40,500;9..40,600&display=swap

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

af932008050c207bc5048971cbcc232b43aadb8c5238e86edd51d5dda25c3e57

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 05 Dec 2024 00:28:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 00:28:25 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 05 Dec 2024 00:28:25 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 rl-icons.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/raw_assets/public/Redesign_2023/icons/fonts/ 7 KB
8 KB 238ms
149ms Font
font/woff 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/raw_assets/public/Redesign_2023/icons/fonts/rl-icons.woff
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c1bc4f3b69fe1af636fd63624fc839f41d97e85a960466659d63eea0e2b9fc65

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.reversinglabs.com
Referer: https://www.reversinglabs.com/

Response headers

x-robots-tag: none
cf-cache-status: HIT
etag: "fda83b9225a888bfe8462805d4e80a77"
x-amz-version-id: VmyvSxdY_U9njqeyJPnVWpmYqG_QYcNc
cache-tag: F-139510540199,FD-139508672619,P-3375217,FLS-ALL
x-cache: Miss from cloudfront
x-amz-cf-id: Byt9Tm3BEyZKi1ZSkbg7EFlOvcKKFgPTcF785hDnJ1LHGwDItxrGPA==
content-type: font/woff
last-modified: Wed, 27 Nov 2024 16:52:30 GMT
x-amz-meta-index-tag: none
x-amz-replication-status: COMPLETED
edge-cache-tag: F-139510540199,FD-139508672619,P-3375217,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: ENXW8AQWW7BZKDT8
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-139510540199,FD-139508672619,P-3375217,FLS-ALL
content-length: 7520
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 05 Dec 2024 00:28:25 GMT
vary: Accept-Encoding
x-amz-id-2: Z5U+Oh0LDq5NYudOXj9dZyn52GR2c1U1jYn1Yfz6fXgMWeXjBe9EHiz3ht/lGthOhl8pmOXFNQeIZxggaaAUhRXWATsdui9jEeEcbsx2v6o=
x-amz-meta-access-tag: public-not-indexable
timing-allow-origin: 3375217.fs1.hubspotusercontent-na1.net
via: 1.1 df10d763492b2272b777b93e70e1f4a4.cloudfront.net (CloudFront)
cf-ray: 8ecfea8599c64cb1-PHL
access-control-allow-origin: *
x-amz-cf-pop: JFK52-P1
x-amz-meta-created-unix-time-millis: 1696946198131

GET
H3 200 main.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/137900387987/1733242425898/Redesign_2023/css/globals/ 69 KB
20 KB 60ms
56ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/137900387987/1733242425898/Redesign_2023/css/globals/main.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55f69d474ed06ec6f964fd3a64f5ad272c3fcf8b1e11f7a43ebd1064470aa7ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Response headers

x-request-id: 823039c0-5e29-41fb-a692-a64efddb4867
content-encoding: gzip
cf-cache-status: HIT
etag: W/"c209d35d4630f48e520a541ddb81dad7"
age: 1034
x-amz-version-id: 3oUI2S3AqB43nwIctTXOINiEifgUrGaq
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0REKzQgqy0rR6JiUXF9Ru6wuxHCalBLgre1JjctCmOPS8psbvYrbmR%2BUCOWnuM3am7i33MBiXI1HsKADboTfHdR%2Fa6cZcHyL6imrjFhI43en7NtujbP6%2B0zcIt2xHWc3QPJ3Qpb1mNPmKjnajYGLVq%2Bnwg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: -yxs80mwbPI6NdW3W2WS6RidOU1u4CQV_Pd3F6iW3_fERKlo5w0G2w==
x-hubspot-correlation-id: 823039c0-5e29-41fb-a692-a64efddb4867
content-type: text/css
last-modified: Tue, 03 Dec 2024 16:13:48 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: PENDING
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-24cm9
x-envoy-upstream-service-time: 159
x-amz-request-id: Z23RF7V2KVJ5BQY6
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 05 Dec 2024 00:28:25 GMT
vary: origin, Accept-Encoding
x-amz-id-2: zP/VoXlryR9KUJ4U3uuzugZjXP8ik0K2E6Q9hRK+7EbJUKRAGEecN6mvthaTF5X/YU41npoRY6DtlVV3+bTZS1GoUvuQTcBmcOLxBTjWDZY=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.reversinglabs.com
access-control-allow-credentials: false
via: 1.1 85fc1201a1918facbeb30836e7391660.cloudfront.net (CloudFront)
cf-ray: 8ecfea850cc74cae-PHL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1733242427187

GET
H3 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1727366005552/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 169ms
91ms Stylesheet
text/css 2606:4700::6812:593e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1727366005552/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:593e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

x-request-id: d0f2129e-1562-4d0b-b7a6-3148465e7262
content-encoding: gzip
cf-cache-status: HIT
etag: W/"fda5882b24ca5a84d04d090722dc713b"
age: 807267
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UtihDvBUtE7h1wBlm2DFPBS7mBwMB%2FlKRo1Ol%2F%2BAyC322R2swC1KGv97ASZgCrDvq4N%2BkOyCamzqHtA05Vzf59Vivb%2FOs67OG02v4f000xYiWrwwQAAoQ%2FD9XNGk72VqunwR2%2FmJdKH%2Fb1sc01M%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
x-hubspot-correlation-id: d0f2129e-1562-4d0b-b7a6-3148465e7262
content-type: text/css
last-modified: Thu, 26 Sep 2024 15:53:27 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-7dc48645dd-6l8pf
x-envoy-upstream-service-time: 202
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 05 Dec 2024 00:28:25 GMT
vary: Accept-Encoding
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: cdn2.hubspot.net
cf-ray: 8ecfea8589aa72ab-EWR
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1727366006285

GET
H2 200 layout.min.css
7052064.fs1.hubspotusercontent-na1.net/hub/7052064/hub_generated/template_assets/1733307831279/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 166ms
76ms Stylesheet
text/css 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://7052064.fs1.hubspotusercontent-na1.net/hub/7052064/hub_generated/template_assets/1733307831279/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-request-id: 8f810156-4d68-482c-a0f7-c78a02c578e1
content-encoding: gzip
cf-cache-status: HIT
etag: W/"fda5882b24ca5a84d04d090722dc713b"
age: 50594
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
x-evy-trace-listener: listener_https
date: Thu, 05 Dec 2024 00:28:25 GMT
x-hubspot-correlation-id: 8f810156-4d68-482c-a0f7-c78a02c578e1
content-type: text/css
last-modified: Wed, 04 Dec 2024 10:23:52 GMT
vary: Accept-Encoding
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: 7052064.fs1.hubspotusercontent-na1.net
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-7b656c968b-sxtr7
x-envoy-upstream-service-time: 220
cf-ray: 8ecfea85a87543ff-EWR
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-meta-created-unix-time-millis: 1733307831919
x-amz-server-side-encryption: AES256

GET
H3 200 Reversing_Labs_November2018-style.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1720439957194/Reversing_Labs_November2018_Theme/Coded_Files/ 143 KB
32 KB 83ms
81ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1720439957194/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9dc9cd171f55799b87446295332a09a0a9718bd4989060e506356cfb71faa03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Response headers

x-request-id: 1dfda64f-7a66-4c8f-9fab-bb843a4f6d89
content-encoding: gzip
cf-cache-status: HIT
etag: W/"2b0cefb13a2b9a3fc6af23c7f5ffa05c"
x-amz-version-id: RuWj.HzUYwjARLmHf0SKuP7dpNAETZQ5
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=urVxsV4KPeugXkXedNzOD%2B0QAa%2BPDyAcUR74hLL%2Fix4FGCNYa69zUYAyMVegD6Piu%2BxkWodDPq4FWG2pUOFVpvLhLnrOq6qcU19u14QfrlOc%2FcvuZscbXOkXSczssLKN5wKUgb99zzvZtQJEFmmHkdaQtA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: c9P4PGv0Xyd1owiKaXgyumkMDHlaGH41eBf_TAT6rV_05wUIZHnW6A==
x-hubspot-correlation-id: 1dfda64f-7a66-4c8f-9fab-bb843a4f6d89
content-type: text/css
last-modified: Mon, 08 Jul 2024 11:59:19 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-rwc79
x-envoy-upstream-service-time: 185
x-amz-request-id: BBMY4PD98K17VNQD
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 05 Dec 2024 00:28:25 GMT
vary: origin, Accept-Encoding
x-amz-id-2: MpN4WXE8G01lEKFvqxC2C8HGjJiG6pUGFImK+TMe3/tC2YrF+4ztpIg72sTAlDnLNiqC2hMTyFI=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.reversinglabs.com
access-control-allow-credentials: false
via: 1.1 c6b0d1d85b2590c57ac754bf9e61944e.cloudfront.net (CloudFront)
cf-ray: 8ecfea850cca4cae-PHL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1720439958528

GET
H3 200 RL-custom.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/5951651806/1720439988722/Reversinglabs_July2018_Theme/Coded_Files/ 12 KB
5 KB 103ms
101ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/5951651806/1720439988722/Reversinglabs_July2018_Theme/Coded_Files/RL-custom.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1fd7c4306f905dd7c185853f3ea95970a8e6e791952279f1d980c3922affa8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Response headers

x-request-id: 35f79a31-eef5-4b9d-9a0d-9e9e06be1072
content-encoding: gzip
cf-cache-status: HIT
etag: W/"16c6a97700df7b888edb18522202f043"
age: 1034
x-amz-version-id: LjWGXd0x2gLJ08dvsNrgNDd1NPvIu16M
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tX2TJ5Sidq5iX%2Fe7Zr%2BlSkMbDV3YgswiQAHJzxZf9ZriBCdJsWhjUmqSexfVp8ik%2F19FARE32bdVMGFxrZqQEhXe3VfkN%2BkVIz9HSqXjjdRIg36yKiRVlGBew9khiBOThzg3x7dqZ3ml8YeO8dme1VcgxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: fq16Wtjz54oxVkrcl3CFds1akcyM0rpJwpfwrGDr9GKK9M50Y_VeLQ==
x-hubspot-correlation-id: 35f79a31-eef5-4b9d-9a0d-9e9e06be1072
content-type: text/css
last-modified: Mon, 08 Jul 2024 11:59:50 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-knhs5
x-envoy-upstream-service-time: 156
x-amz-request-id: C3YNQTM40T2QW8NP
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 05 Dec 2024 00:28:25 GMT
vary: origin, Accept-Encoding
x-amz-id-2: luwqSINv9WbZDc7Ahv1ZDR55+MES3m7TpIPGYPsY7PYprCSRRWgW5m5DcEhQUt/Tpx50HuWRJs+PZ3WaDEYm9sgOJUnEzjTGOSCKMdjBgeY=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.reversinglabs.com
access-control-allow-credentials: false
via: 1.1 936f33bed45438343f0ef2adff442814.cloudfront.net (CloudFront)
cf-ray: 8ecfea850ccb4cae-PHL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1720439989427

GET
H3 200 site-redesign-june-2019.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/10528761402/1701700496840/Redesign_june_2019/Coded_Files/CSS/Modules/ 11 KB
4 KB 111ms
109ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/10528761402/1701700496840/Redesign_june_2019/Coded_Files/CSS/Modules/site-redesign-june-2019.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c63c167d6ff0aa2edead131abb184ea39ee633ccbdedb7e7605d79c2d647e24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Response headers

x-request-id: fd19659a-d751-4e7e-bce2-8c9d7a411e95
content-encoding: gzip
cf-cache-status: HIT
etag: W/"777e1cde1d0165b336ee5949a47e8313"
x-amz-version-id: nD_lp_FOzyoW1gKwwjzFFL7o2rznxKLX
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oIUAm0iG204ORNjXMZ%2BD9BS65GbfK2fmtXRRetwTHRyGF46jc0IxIcJjheLtqBBoCbz1E2zwrfm8UtHagj5Ts7OjZRAtAM1bxNuGb3O%2FRgQP7OSYlr0som9q9F0Pk442tysFCagjZNvVZ23kttp%2B8%2F%2Fg5w%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: UiyKFliLVmzvzQnITVn3rWWCu--SR5V4LRxboN19lZulZ9js-OMuIw==
x-hubspot-correlation-id: fd19659a-d751-4e7e-bce2-8c9d7a411e95
content-type: text/css
last-modified: Mon, 04 Dec 2023 14:34:58 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-fqbkq
x-envoy-upstream-service-time: 188
x-amz-request-id: MSBDA7DJ2X0FKMYG
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 05 Dec 2024 00:28:25 GMT
vary: origin, Accept-Encoding
x-amz-id-2: BeJYIemUC2L/8r34FYDsBfdpKyRgdo3JzQxqdB9zlCmm6ltV+VQ371Hw1adSQXy6Wt/mmZaX5ns=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.reversinglabs.com
access-control-allow-credentials: false
via: 1.1 824fe21e467658628899bdd8725649ee.cloudfront.net (CloudFront)
cf-ray: 8ecfea850ccc4cae-PHL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1701700497561

GET
H3 200 search-results.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11396855611/1702550151439/Redesign_june_2019/Coded_Files/CSS/Components/ 2 KB
2 KB 111ms
110ms Stylesheet
text/css 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11396855611/1702550151439/Redesign_june_2019/Coded_Files/CSS/Components/search-results.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

517ac414b146f5dbd04e71c0dc75310abf622120581b49401b58e99feadd7f53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Response headers

x-request-id: 22360cad-6c32-4a12-a04a-3993b4d3ef00
content-encoding: gzip
cf-cache-status: HIT
etag: W/"82c62f1f739bc28ba7fb31992783e3d3"
x-amz-version-id: qqR6N4HLJQw_7v6G4SMrKHv6SqlGTebV
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CtR7QOsqiNCYsvkywGKLvCSgwoX3%2F2V0NDQkFRl%2BKiL%2BqYIcJ4koCjR1yZbCukfpDeO48T6alf8BqwkTyPDAdkcJO6apCyCy45kZfoCzBYTjpX5YcvqNmWzOC%2FFxbHK4tB2rdyBeKBKbI0%2FCQPh9200ngw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: fE3rEQccT-91JqL3Feh--PM5T-gqO_BYyteKEYF-L8MqfqEz9Ltsow==
x-hubspot-correlation-id: 22360cad-6c32-4a12-a04a-3993b4d3ef00
content-type: text/css
last-modified: Thu, 14 Dec 2023 10:35:53 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-f9qvg
x-envoy-upstream-service-time: 270
x-amz-request-id: P21B1NQAXYM41S27
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 05 Dec 2024 00:28:25 GMT
vary: origin, Accept-Encoding
x-amz-id-2: KkYe9ucTjmRLuIBQBygRmBEaeM8rR55vIybVtfKlYtgcHkGmsPQcYkkCQsorcmdfksXOdIYBtIiRQqaWc7IgY3A1KyaMha60
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.reversinglabs.com
access-control-allow-credentials: false
via: 1.1 85fc1201a1918facbeb30836e7391660.cloudfront.net (CloudFront)
cf-ray: 8ecfea850ccd4cae-PHL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1702550152090

GET
H3 200 rl-logo-long.svg
www.reversinglabs.com/hubfs/RL%20Logo/ 6 KB
4 KB 117ms
115ms Image
image/svg+xml 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hubfs/RL%20Logo/rl-logo-long.svg

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da0183f97db8d8d2af9a74abfdf38270689dec5cc34c7b0ec229ba69e9bcc756

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"d4a2965692559440f150bd2f13f6e019"
age: 630814
cache-tag: F-141442306568,FD-6244989567,P-3375217,FLS-ALL
x-amz-version-id: Ny5kNhA6D3ymMFZxy2PPRX0g0w0iXW.D
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VBJXhL1AJ3s7eJ9mwFclXh4Mgim%2FoZMRBbxmPkWvm4JwC6GbYG2YA%2BTXvYSNh%2FUnKf%2FthNSlUvDpUbtgGJLpFbOEqMNSUY4xBPDG%2BeNsSrp498XdxoR%2Fcj4R672t3jpjkOzH4XmLhnRmkjyNhWnr3YBkCA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: iXbkcDy-pYEwoNI4dzOnuuvw0BQBS5e7M7gbiY_r9HCMDbe3mdgcIA==
content-type: image/svg+xml
last-modified: Sun, 22 Oct 2023 14:14:23 GMT
priority: u=2,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-141442306568,FD-6244989567,P-3375217,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 8KJQHT4A8G25SF4D
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-141442306568,FD-6244989567,P-3375217,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 05 Dec 2024 00:28:25 GMT
vary: Accept-Encoding
x-amz-id-2: MJHlAEEtyE8Rv8R26ZCjCJS0AwXCA8uXg+w9WlYwZAUtcR3s6+RviUkdgb0gjl3RS02/V3DcQW3cmGC496c3fzIeoM+lssVd
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 03888d3d53e55b618e81bb9295a091be.cloudfront.net (CloudFront)
cf-ray: 8ecfea850cce4cae-PHL
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1697983483504

GET
H3 200 404.png
www.reversinglabs.com/hs-fs/hubfs/Reversing_Labs_November%202018/Images/ 51 KB
51 KB 516ms
515ms Image
image/webp 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.reversinglabs.com/hs-fs/hubfs/Reversing_Labs_November%202018/Images/404.png?width=637&name=404.png

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d87a464ca9e78b053f9618e14a9fb98eff1221d10d99d33b91f7982eaac301d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Response headers

cf-cache-status: MISS
etag: "cfZ-LGVAHa8FfxJQddOmmsz5Nn8gWKEHIV84C_qgMjDQ:5e6ce6cc74c2e0c42b59bbd1a0f05d40"
cache-tag: F-6588006392,FD-6517800709,P-3375217,FLS-ALL
cf-resized: internal=ok/m q=0 n=257+166 c=4+162 v=2024.10.6 l=51806 f=false
cf-bgj: imgq:100,h2pri
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MTztZPDdWlAhEPPIq7Za5GqKEIntGCy%2BnpX8U9h9n7qJNxpK7gpo2xixsoXLZsyjvx%2FtWrep70gomZKtRVAL3pr4eVBhiK%2FEGDMH%2FZhHes%2FS9GtlWzIRVI8LDwY5j%2Fo%2FYUfJ6KrC8iC2soQd8LXZv4E0LA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 05 Dec 2024 00:28:26 GMT
content-type: image/webp
last-modified: Thu, 22 Nov 2018 12:29:14 GMT
vary: Accept, Accept-Encoding
priority: u=2,i
strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 6d137176634825df2648120ac1bcc782.cloudfront.net (CloudFront)
cf-ray: 8ecfea850cd04cae-PHL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 51806
server: cloudflare

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.7.0/ 85 KB
27 KB 121ms
41ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.0/jquery.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.reversinglabs.com
Referer

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "659afac8-6b2d"
age: 646758
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XLuC57Gf1jB81O0pEoLVsve0UX4Fway4iEUNTTzHHk12J%2B9UV8JkYELpJM2D4fahuciSdC9%2BWM3co0W1rtWYtIGMvfpw5EmjgNXPxClZmOp8pelkyaN%2BvbhoYDiOdvY0t6WQlJKEzX0HTQsfewrbqYhQ"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 25 Nov 2025 00:28:25 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 05 Dec 2024 00:28:25 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 07 Jan 2024 20:26:00 GMT
vary: Accept-Encoding
priority: u=1,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8ecfea863fdc426d-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27437
server: cloudflare

GET
H3 200 js.cookie.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-cookie/3.0.5/ 2 KB
1 KB 172ms
93ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-cookie/3.0.5/js.cookie.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

582cc085dd8fea044917d1efde838e77e845262fd025bbfe0339f808607c81f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.reversinglabs.com
Referer

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "659a4380-2e4"
age: 496837
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pVoR4SStIcmkae2XVUKzRP2I3BAnN2iVtTSKeXzXAvnqfXcRgDmygePxQowCzO1q%2BaXtsOpsfebF68zCiqQaoVNl9wv1l7kIeanEmvKmvGB3hDqpIS6caKRvQLWsBwz6vA%2B7tugxSSFu5Ngs40LDeWFA"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 25 Nov 2025 00:28:25 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 05 Dec 2024 00:28:25 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 07 Jan 2024 07:24:00 GMT
vary: Accept-Encoding
priority: u=2,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8ecfea863fd7426d-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 740
server: cloudflare

GET
H3 200 tiny-slider.js Show response
cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.4/min/ 31 KB
12 KB 174ms
95ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.4/min/tiny-slider.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46c40fb973de87b70f9c738df7e9dc501f85fda35e5aac8aead035ee6957a625

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.reversinglabs.com
Referer

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "61787428-2cb5"
age: 628098
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=unCemm21WknNEyo3n5M4iRAiblaBzOazK7%2BUMTbfztjuYAOe1jGe1iwP2So4WTAl6b%2FQCrwJJmjjOlUmC0Zc%2BPNXg0iEU18VdWNaEGx8KTrShzYnmchygIEnG4dkZXkDEpYGZrJFsQZDJlWi6KgyeJVZ"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 25 Nov 2025 00:28:25 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 05 Dec 2024 00:28:25 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 26 Oct 2021 21:33:28 GMT
vary: Accept-Encoding
priority: u=2,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8ecfea863fda426d-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 11445
server: cloudflare

GET
H3 200 simple-lightbox.jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/simplelightbox/2.14.2/ 48 KB
9 KB 141ms
62ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/simplelightbox/2.14.2/simple-lightbox.jquery.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1039d8c6d5ca0ae27a058e460a3496ac932a0ed7b21496e3a7be5063c605ac5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.reversinglabs.com
Referer

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "64f0ff8a-20e6"
age: 798649
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NluEBYTVwwXinPYqS7jOdwnEfZMLYSWZ2pejpdcYQRS4qJDUwsX%2Bc9e55oScJBNxrVSgwDBaevwLiQ3XC2UA8pkr3Vh7xzjIpVPpYIBNLIB24UJkBH4BhxfG56P6bWjwquPtvqsoS7oqGjdLDSM54W0s"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 25 Nov 2025 00:28:25 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 05 Dec 2024 00:28:25 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 31 Aug 2023 21:00:58 GMT
vary: Accept-Encoding
priority: u=2,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8ecfea863fcf426d-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 8422
server: cloudflare

GET
H3 200 simple-lightbox.min.css
cdnjs.cloudflare.com/ajax/libs/simplelightbox/2.14.2/ 4 KB
1 KB 169ms
90ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/simplelightbox/2.14.2/simple-lightbox.min.css

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afcb95431b4036fd54fe79de411493352c550220beb8328f459663da5bc1b552

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.reversinglabs.com
Referer

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "64f0ff8a-347"
age: 17590145
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UY8hoFH6QA75HaL%2F3Fvu6SpHoNA1toSzimZWv4I2It5Y0Yn3sCibw7xpw%2BMosd%2Bjrn%2Fp1hfolUSJpU0CCsB91vzc6qi3KC0RF7crUdiFfxsk75yBemaubK4vrqOmaVD4qbk1FbM0l%2BHCu7wq9tptvfxA"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 25 Nov 2025 00:28:25 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 05 Dec 2024 00:28:25 GMT
content-type: text/css; charset=utf-8
last-modified: Thu, 31 Aug 2023 21:00:58 GMT
vary: Accept-Encoding
priority: u=2,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8ecfea863fd2426d-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 839
server: cloudflare

GET
H2 200 v4.js Show response
play.vidyard.com/embed/ 70 KB
23 KB 122ms
29ms Script
application/javascript 151.101.129.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/embed/v4.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.181 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

170d7b2dda1cde0aad9938ebc0e3f7f1e08b01221eead69e14784fdb089543b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

content-encoding: gzip
etag: "ce0d570084d38bcc12da3fb96d2c4cba"
age: 666180
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-cache: HIT
date: Thu, 05 Dec 2024 00:28:25 GMT
last-modified: Mon, 27 May 2024 17:23:30 GMT
vary: X-China, accept-language, Accept-Encoding
x-served-by: cache-ewr-kewr1740065-EWR
content-type: application/javascript
x-cache-hits: 35880
strict-transport-security: max-age=31557600
cache-control: no-cache, no-store, must-revalidate
x-china: 0
via: 1.1 varnish
accept-ranges: bytes
content-length: 23041
x-amz-server-side-encryption: AES256

GET
H3 200 functions.min.js Show response
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/139051314810/1729069607377/Redesign_2023/js/ 16 KB
7 KB 65ms
58ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/139051314810/1729069607377/Redesign_2023/js/functions.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9fd0b426d23efe54c710842ea63121ca54723479b4a2b2df6277feac5c65a6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Response headers

x-request-id: 41073b4c-f830-408d-86e6-d2ba068bc4e2
content-encoding: br
cf-cache-status: HIT
etag: W/"7487008ca9302443e6906f31982148d2"
age: 1034
x-amz-version-id: IY1gP_AoK9ARtjPQtnApuxPMzW.wo9Zy
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hvD80xyD3LETRcTgFnL6sCRCqBV1TrgCmC08L1ucg1SHuXtqC6M5x1S1GRzm17B%2FYyxSM8proMEabiiVuEmxKPadBi%2FuniGQ14S7vfIU7%2Bd3x2Y4w%2F6tHCyuQZ9FYyfQq3jHLUH9sFfeTVaRa6BlxEzGug%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: d9idO97O42tBxW8-RplnC2E72g0wrgUNSoQWHbD5s1FfxkdJSmN3XQ==
x-hubspot-correlation-id: 41073b4c-f830-408d-86e6-d2ba068bc4e2
content-type: application/javascript; charset=utf-8
last-modified: Wed, 16 Oct 2024 09:06:48 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-hqclp
x-envoy-upstream-service-time: 177
x-amz-request-id: PHB6N4C45B3WY6MH
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 05 Dec 2024 00:28:25 GMT
vary: origin, Accept-Encoding
x-amz-id-2: Xwesa1X9mybVFhTQbIQ83VVCBcDt3gSuwZfbiBXMUn+MDC7nLryx/WytzYuz3YT/NWOINyw1vtShnd9zgFgvEkoQyVqHHCX6BBq/qo+OJAM=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.reversinglabs.com
access-control-allow-credentials: false
via: 1.1 f2c051917a765f1d1a1cd2ce1622adb8.cloudfront.net (CloudFront)
cf-ray: 8ecfea85bd8d4cae-PHL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1729069607662

GET
H3 200 embed.js Show response
www.reversinglabs.com/hs/hsstatic/content-cwv-embed/static-1.1293/ 13 KB
5 KB 83ms
78ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs/hsstatic/content-cwv-embed/static-1.1293/embed.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb5224674e43d02db0037517f4aa29ba5ce9ddd0672e513cc7289714ba657522

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"f667e53d5752ee2e5759f3dfaf20d330"
age: 999330
x-amz-version-id: AFGFBaAC1397GFbOapH2DRIkjQ_NaZzY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A4XHanBuAuS9RS1dfEFcvKT%2BX6xkA1%2B4ql2AaVyHer5jvyXuNNgiMzE%2BqZbLJbgPLLVj6yFzBHWSjTwL5KFGQF5YDhajoqlrwu98v%2F%2BK%2BsbV%2FRGQz6BUbbXYBoLCApt%2BOhLDyDJHY3%2BBSCuXmPo2eMVDeA%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Fri, 05 Dec 2025 00:28:25 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: 8G5ENvwzL6-Ecg7YLM2gt5P-38uisRTBQwHrfi3Wrt1AIcZxQDsq8g==
date: Thu, 05 Dec 2024 00:28:25 GMT
content-type: application/javascript
last-modified: Mon, 23 Sep 2024 19:59:06 GMT
vary: accept-encoding
priority: u=3,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 f9888c133790a1a06da4b6c91375bb9c.cloudfront.net (CloudFront)
cf-ray: 8ecfea85bd924cae-PHL
x-amz-cf-pop: BOS50-P4
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 rd-2019-main.min.js Show response
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11190015046/1719919326047/Redesign_june_2019/Coded_Files/JS/ 2 KB
2 KB 82ms
76ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11190015046/1719919326047/Redesign_june_2019/Coded_Files/JS/rd-2019-main.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78c615d62a4697a86ca5242c12f0dad29a2e8ed9b48fe381455f4d85754732d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Response headers

x-request-id: 551bc348-56fd-4843-a74a-1d79facd4c9e
content-encoding: br
cf-cache-status: HIT
etag: W/"95faab298ebf6441449a46afc6745cfe"
x-amz-version-id: 5wo6b8yFk2qwFOUNuxVX41mFRBaCp0jF
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aRd%2F2zWYzeS88Hdpnzb7QPR9ZP08T8%2FBtiYcZzdBpl%2F0JcfsShLRXRg8%2Ba7BC%2Flg5htJTiWbtVfgAsuJ8jAHL5WcbD5Ek4DrPOuCk5P92y9yUWSZm8ug0bv2LbE5u7RhXYql5AuYbyZ9E424ffG%2FHFk45A%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: baZ8Gg8aovdwtOdF9TRi9IKPDgDdIE94TLsFZ1_DkbPNOeW88zRyGg==
x-hubspot-correlation-id: 551bc348-56fd-4843-a74a-1d79facd4c9e
content-type: application/javascript; charset=utf-8
last-modified: Tue, 02 Jul 2024 11:22:07 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-679cd85c5c-bhmwl
x-envoy-upstream-service-time: 176
x-amz-request-id: QVAPYT8SXN5BA23W
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 05 Dec 2024 00:28:25 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 0VzB+K2E2JCcE34bZ7sL/51IrKfqQx+PNnoyDBjOJ14eU5H7iuIK308/qOa50ig/7eu48a693JcaZO2uTM5XPLoQRhQdi9BG
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.reversinglabs.com
access-control-allow-credentials: false
via: 1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
cf-ray: 8ecfea85bd8e4cae-PHL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1719919326210

GET
H3 200 project.js Show response
www.reversinglabs.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 70ms
63ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"61ca66de658cab9587e4636894680d5d"
age: 1014565
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2fhbD9rF1gGe9DrsTrvuKtZ%2Bvxg3Hi4%2FgPdfa9u3RmO7wNqB7L6spE2mqU4vN%2Fi2mJNgzSxhEyyZrv6v6oYFjs6nxTG5jxTggIJ9IELlEry3V5wnQfoCcGlft7QLXo7KFVQu3%2FYImsaFt7O76vgraUI9ww%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Fri, 05 Dec 2025 00:28:25 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: swBlsAxSpaoNdkwazW-3QHMWeq2aa7Thh9AUg-HKT5ou5g0Ehnd1QQ==
date: Thu, 05 Dec 2024 00:28:25 GMT
content-type: application/javascript
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
vary: accept-encoding
priority: u=2,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 6fde4eba6716c9f80db3b63d251f248c.cloudfront.net (CloudFront)
cf-ray: 8ecfea85bd904cae-PHL
x-amz-cf-pop: JFK50-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 module_11396855715_Site_Search_Input_-_Page_-_Custom_-_p4.min.js Show response
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/11396855715/1718029117524/ 3 KB
3 KB 65ms
59ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/11396855715/1718029117524/module_11396855715_Site_Search_Input_-_Page_-_Custom_-_p4.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e887f9689786e61459f690a63080939da231993f9c51c8c958f58fe764844b3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Response headers

x-request-id: 0f7bf5d6-98f6-44ee-be39-87ce5e5d6a4e
content-encoding: br
cf-cache-status: HIT
etag: W/"0a4d5d2df3b56b7636f87df1753a7446"
x-amz-version-id: T4Mo4C7p_IDclEE.8wX5pCcJHRlCf6IH
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t9cFoe0Ciz2kx%2B%2FhchFe2adn89Aox32EndfKtqggKJ3O1m241Xob6p9a%2By9%2BP6Cr1y%2B8ZobmAZTH%2BqW7fogxH7zP5U3sWgAA4%2FaARv%2BS9qC9KU8LfpwfyxynQp0fYuAL3huTaB2TD%2FYtywF1NPPUR2Hbtg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: P9OVCAOevZFCDCGxZdwBUVnLlmawip7tBanxWRxBlkVLym3FDqyQbA==
x-hubspot-correlation-id: 0f7bf5d6-98f6-44ee-be39-87ce5e5d6a4e
content-type: application/javascript; charset=utf-8
last-modified: Mon, 10 Jun 2024 14:18:38 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-8sfnt
x-envoy-upstream-service-time: 176
x-amz-request-id: CP2N2984P5GEWSFT
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 05 Dec 2024 00:28:25 GMT
vary: origin, Accept-Encoding
x-amz-id-2: PCq+N5G9zMj9Cchbbc6TO3vmPzMEPKlv3YpsdLx7MFh1V7xqNebycwRQHcnwEzoOdnI+iIwV6hY=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.reversinglabs.com
access-control-allow-credentials: false
via: 1.1 2c36186b512068f67b05531ba050ed00.cloudfront.net (CloudFront)
cf-ray: 8ecfea85bd914cae-PHL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1718029117524

GET
H3 200 3375217.js Show response
www.reversinglabs.com/hs/scriptloader/ 3 KB
1 KB 81ms
76ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs/scriptloader/3375217.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55b1006b347eb7807658bdfc559d2c34e5795f4df66ac0d3cbd3f77dda439332

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Ngxlz6WM8MMiH8HetPgKmivuJ28zURQ421CCg6ri2a%2BS0wx39ROodwWR0i4UH%2B5gitKI3idA%2B%2B3iM6cb1l1Chr%2FILTsBAm39%2BeVFsAmfl%2BBG1SK0PeSAuqTssZmAekXxLw43W7DOsWTRxlKyTDgCjTWjw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 05 Dec 2024 00:29:55 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 05 Dec 2024 00:28:25 GMT
x-hubspot-correlation-id: f6647927-01c7-4072-985f-4008b3c0cdfa
content-type: application/javascript;charset=utf-8
last-modified: Thu, 05 Dec 2024 00:27:25 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=90
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8ecfea85bd944cae-PHL
accept-ranges: bytes
access-control-allow-origin: https://www.reversinglabs.com
content-length: 736
server: cloudflare

GET
H3 200 index.js Show response
www.reversinglabs.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/ 12 KB
5 KB 59ms
54ms Script
application/javascript 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"3ef0deda0631561665e95645daf500a2"
age: 1185154
x-amz-version-id: O3iI8Pl3bd7LIBbSsE98q3XHW8vfw5hp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VAxpXTWrvGcvYocYR5CQZzHHIlbPZov1Bw130OUJgaosvlXOdcAbCsewGTljQcjh8ShKHGXWGNTo0liAO8FKaMMXYtCYMAjSSvpDgUExV3ivVAMqu1xNFNxRd1Gm%2FJ6BK8mOHrg0wMYSkNMUNXjxZwMmZw%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Fri, 05 Dec 2025 00:28:25 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: g-q3vPrbHrvpcCpHOFE_DOV6dD5HP7uIa3uBNT666HHW9oTXWbWeRg==
date: Thu, 05 Dec 2024 00:28:25 GMT
content-type: application/javascript
last-modified: Wed, 21 Aug 2024 20:24:20 GMT
vary: accept-encoding
priority: u=3,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 1bb882f081498a19fb2b991e6c0046aa.cloudfront.net (CloudFront)
cf-ray: 8ecfea85bd954cae-PHL
x-amz-cf-pop: ATL59-P7
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 cookieinfo.min.js Show response
cookieinfoscript.com/js/ 7 KB
4 KB 191ms
39ms Script
application/x-javascript 2606:4700:3031::ac43:992e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookieinfoscript.com/js/cookieinfo.min.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:992e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ab31a97c236988bb6e415187b2197cdbf689664173015dffd6da8eb96b1626f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

content-encoding: zstd
cf-cache-status: HIT
etag: W/"d15d93068c1121f63008407d339bd819"
age: 5745
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m5H3FHf%2Bg8u3qW9%2BfTD%2FvIgh6f5plkvI0TLT2UgLhfC9QOuPAw2CPnAi3Y0ZxFolUuKvY5qL9aai%2FAsAXZdpOxK8O%2BiSa1LxOKBiQXTvZgXESXr3Sy6z1ZQYF3Xl6KzNUGtTb9%2BRcrc77uYMlXGz%2Fy8kVg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-meta-cb-modifiedtime: Mon, 03 Jul 2023 14:52:01 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=25784&min_rtt=25607&rtt_var=9729&sent=10&recv=7&lost=0&retrans=0&sent_bytes=4112&recv_bytes=4186&delivery_rate=109282&cwnd=12000&unsent_bytes=0&cid=f5c8bd6fbae73fef&ts=51&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 05 Dec 2024 00:28:26 GMT
content-type: application/x-javascript
last-modified: Wed, 05 Jul 2023 10:39:27 GMT
vary: Accept-Encoding
priority: u=3,i=?0
x-amz-id-2: VXVzswaJSOqGt7SFWP+j30xQy3yFqJOdWQahPx88KGsDKuK0/PYbf/kOaR00Wza2ncbOZzcWs/XzBhgskfZjVZ7EZdPNvYij9ACiglq+PBo=
cache-control: max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 8B8J1P32DW3ESZEA
cf-ray: 8ecfea86ab058c8a-EWR
server: cloudflare

GET
H2 200 jukebox.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 65 KB
20 KB 124ms
32ms Script
application/javascript 52.85.61.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-101.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5592f69f775f04be1351b0173de00d70f3cd85fdaf326bdd015f50276d262f09

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

vary: accept-encoding
content-encoding: gzip
etag: W/"3204befeccab7250bb6692f905474c66"
x-amz-version-id: null
age: 80905
via: 1.1 3f65d34f6010e326e59d2f311de6e202.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: 1pAtKig-NwcuN8gfSMxlQ7kqr3L8U1UATvL_6YydI5ymhWE63gd3eQ==
date: Wed, 04 Dec 2024 02:00:01 GMT
content-type: application/javascript
last-modified: Wed, 04 Dec 2024 01:59:53 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
x-amz-server-side-encryption: AES256

GET
H2 200 css
fonts.googleapis.com/ 16 KB
1 KB 51ms
49ms Stylesheet
text/css 2607:f8b0:4006:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1720439957194/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b16a4679121aaed1af82b388c054e2c03a705e1eba9b40707b6b3887feb90ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 05 Dec 2024 00:28:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 00:28:25 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 05 Dec 2024 00:28:25 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ 18 KB
18 KB 108ms
31ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,300&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.reversinglabs.com
Referer: https://fonts.googleapis.com/

Response headers

age: 534757
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 28 Nov 2025 19:55:49 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 19:55:49 GMT
last-modified: Thu, 01 Aug 2024 20:41:21 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18596
x-xss-protection: 0
server: sffe

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ 18 KB
18 KB 132ms
57ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,300&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.reversinglabs.com
Referer: https://fonts.googleapis.com/

Response headers

age: 476661
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 29 Nov 2025 12:04:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 29 Nov 2024 12:04:05 GMT
last-modified: Thu, 01 Aug 2024 20:41:24 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18588
x-xss-protection: 0
server: sffe

GET
H2 200 rl-icons.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversing_Labs_November%202018/Font/ 4 KB
5 KB 60ms
56ms Font
application/font-woff 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversing_Labs_November%202018/Font/rl-icons.woff
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1720439957194/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9103cd19fa0db417520474c8682d15529708804e7d5dcee981c8a19a7c083875

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.reversinglabs.com
Referer: https://www.reversinglabs.com/

Response headers

x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
content-encoding: br
cf-cache-status: HIT
etag: W/"97ca286c0b94878b6b2adf44559b6265"
x-amz-version-id: 7Fg3.Df2IKZXcjymNQNOrpeZRI7DlXZ.
cache-tag: F-6528836102,FD-6528836052,P-3375217,FLS-ALL
access-control-allow-methods: GET
x-cache: RefreshHit from cloudfront
x-amz-cf-id: WFiar1Ak6uU_k_4IY3G9Cv7ZJMBOD9JIFfOJQQhGTrjIm9JX5cnD8Q==
date: Thu, 05 Dec 2024 00:28:26 GMT
content-type: application/font-woff
last-modified: Fri, 24 Apr 2020 14:40:36 GMT
vary: Accept-Encoding
x-amz-id-2: gRS948BTzK7QSj0nYyjqjgCHsxeuISKf6Il7jcZLhsU8UED/f8/BJ55CbmUpiZPZw2xYoUPDQt4=
edge-cache-tag: F-6528836102,FD-6528836052,P-3375217,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: 3375217.fs1.hubspotusercontent-na1.net
via: 1.1 66ea06c52ae44609b3bf6f6054c081b6.cloudfront.net (CloudFront)
cf-ray: 8ecfea86cafe4cb1-PHL
x-amz-request-id: 6KRYBBFW25K965NM
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-amz-meta-cache-tag: F-6528836102,FD-6528836052,P-3375217,FLS-ALL
x-amz-cf-pop: JFK52-P1
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 rP2Hp2ywxg089UriCZOIHQ.woff2
fonts.gstatic.com/s/dmsans/v15/ 61 KB
61 KB 123ms
47ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/dmsans/v15/rP2Hp2ywxg089UriCZOIHQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=DM+Sans:opsz,wght@9..40,100;9..40,200;9..40,300;9..40,400;9..40,500;9..40,600&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

177628e7287755e9c42cb9adcee0d7b59183e2c1c9480a047005b39d806089c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.reversinglabs.com
Referer: https://fonts.googleapis.com/

Response headers

age: 561578
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 28 Nov 2025 12:28:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 12:28:48 GMT
last-modified: Thu, 21 Mar 2024 23:58:50 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 62792
x-xss-protection: 0
server: sffe

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ 18 KB
18 KB 116ms
41ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,300&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4dbd328e347e890a801d51f9a5f8d38a3efd51ec34c0aa22cc83d0a95d6d9d71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.reversinglabs.com
Referer: https://fonts.googleapis.com/

Response headers

age: 535504
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 28 Nov 2025 19:43:22 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 19:43:22 GMT
last-modified: Thu, 01 Aug 2024 20:41:19 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18492
x-xss-protection: 0
server: sffe

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/ 18 KB
18 KB 97ms
23ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,300&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.reversinglabs.com
Referer: https://fonts.googleapis.com/

Response headers

age: 487892
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 29 Nov 2025 08:56:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 29 Nov 2024 08:56:54 GMT
last-modified: Thu, 01 Aug 2024 20:41:24 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18536
x-xss-protection: 0
server: sffe

GET
H2 200 677.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 8 KB
3 KB 34ms
33ms Script
application/javascript 52.85.61.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/677.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-101.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d93b78eaaa39dc1ea560737996475a00e2f693a09076a297ff90c82077eec076

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

vary: accept-encoding
content-encoding: gzip
etag: W/"f2d9c1caebc4c978e9fbbfb96d22bdf7"
x-amz-version-id: null
age: 80906
via: 1.1 3f65d34f6010e326e59d2f311de6e202.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: QdF5riW-rit00VQxhgATF-27u9WSefJ-8Aon8_bVueTZdi7bHcXCTg==
date: Wed, 04 Dec 2024 02:00:01 GMT
content-type: application/javascript
last-modified: Wed, 04 Dec 2024 01:59:53 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
x-amz-server-side-encryption: AES256

GET
H3 200 JrRu3vUM8j33QSR7Bwxw Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 206ms
133ms Script
text/javascript 2606:4700::6810:762b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/JrRu3vUM8j33QSR7Bwxw

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:762b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

1e4124ac3ba8566fdb48882303b3dc79550e1fe2ab1a6109d78382ccdac38964

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 05 Dec 2024 00:28:26 GMT
content-type: text/javascript
vary: Accept-Encoding
priority: u=3,i=?0
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 8ecfea876c0a3308-EWR
access-control-allow-origin: *
x-powered-by: Express
server: cloudflare

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
1 KB 288ms
196ms XHR
text/plain 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=3375217

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

x-request-id: ba67f562-710a-4a0e-9cbc-47d6f33059e5
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-methods: GET
x-content-type-options: no-sniff
x-evy-trace-listener: listener_https
date: Thu, 05 Dec 2024 00:28:26 GMT
x-hubspot-correlation-id: ba67f562-710a-4a0e-9cbc-47d6f33059e5
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8ecfea879e2d4308&resource=unknown"
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-vd947
x-envoy-upstream-service-time: 3
access-control-allow-credentials: true
cf-ray: 8ecfea879e2d4308-EWR
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/gif

GET
H2 200 3375217.js Show response
js.hs-analytics.net/analytics/1733358300000/ 69 KB
25 KB 232ms
138ms Script
text/javascript 2606:4700::6810:a0a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1733358300000/3375217.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a0a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5701331866f8f8c1d44131f470563c752684d58bacfd307e4b6c7425ba75d6d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

x-amz-server-side-encryption: AES256
x-request-id: a58f2577-433c-402c-8493-da0146cd2cdc
content-encoding: gzip
cf-cache-status: MISS
etag: W/"fb5656b4041a155d171cd561b5054f7e"
x-amz-version-id: null
expires: Thu, 05 Dec 2024 00:33:26 GMT
x-evy-trace-listener: listener_https
date: Thu, 05 Dec 2024 00:28:26 GMT
x-hubspot-correlation-id: a58f2577-433c-402c-8493-da0146cd2cdc
content-type: text/javascript
last-modified: Tue, 22 Oct 2024 20:41:05 GMT
vary: origin, Accept-Encoding
x-amz-id-2: dIEGV+limaHXW3UYXcSnOSO+0UXxZ77MHpOCpgzdxk3En7IOmNNbtXFf1LzQT0m4UB2qtmcC/tM=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-2bzl2
x-envoy-upstream-service-time: 38
access-control-allow-credentials: false
x-amz-request-id: 4S4K7J4E8VKJRRPD
cf-ray: 8ecfea87ba238c7b-EWR
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/3375217/ 71 KB
26 KB 175ms
95ms Script
text/javascript 2606:4700:4400::ac40:9310
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/3375217/banner.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9310 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3285bcb9d2cceb230fbf86b24a634642c64def207ba5dac3a45e047083cdbeeb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: c4e43671-0b0d-444d-902d-ecb0b799bb3d
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"d331bcd65bc6526fecf728c9241a5f88"
x-amz-version-id: 4KQPp.M1PihMUf1ZbElFynPd2bBNR_hn
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Thu, 05 Dec 2024 00:33:26 GMT
x-evy-trace-listener: listener_https
date: Thu, 05 Dec 2024 00:28:26 GMT
x-hubspot-correlation-id: c4e43671-0b0d-444d-902d-ecb0b799bb3d
content-type: text/javascript; charset=UTF-8
last-modified: Wed, 02 Oct 2024 13:39:59 GMT
vary: origin, Accept-Encoding
x-amz-id-2: odEPGTBDpOcMALITXn25iXY2cP6Ci4RRLqX+OvCIgBnvu2QBtGorp+7iAJaATBculUnjxZAKrWmks1hZ1A3C0t7HEVxag2rT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-dc4x5
x-envoy-upstream-service-time: 71
access-control-allow-credentials: true
x-amz-request-id: DQFPF7C6K8NN8J40
cf-ray: 8ecfea879ac44cb2-PHL
access-control-allow-origin: https://content.reversinglabs.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 550 KB
92 KB 116ms
31ms Script
application/javascript 2606:4700::6812:8a11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8a11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.reversinglabs.com
Referer: https://www.reversinglabs.com/

Response headers

x-request-id: 1adb3733-c04d-4c4f-aaa4-2200926eac71
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: 1P48dmUoAxkQ57N6qBxgDzS3oBmZAXBF
etag: W/"ce26171eff05376a1b746efbb809f7f6"
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
age: 41491
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: KBl7Un5wNBCmzcXd0pdIJKHOeiUz_1Ris7k4ml3ChLN8K6sDT9KCAA==
x-hubspot-correlation-id: 1adb3733-c04d-4c4f-aaa4-2200926eac71
content-type: application/javascript; charset=utf-8
last-modified: Thu, 21 Nov 2024 16:54:39 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=86400, max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-gvkv8
x-envoy-upstream-service-time: 10
x-hs-target-asset: lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Thu, 05 Dec 2024 00:28:26 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js&cfRay=8e67d632acca1403-MIA
via: 1.1 be1c65ef44cd2c4cae9eeabb07ce35a4.cloudfront.net (CloudFront)
cf-ray: 8ecfea879bf3efa3-EWR
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD55-P7

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 93 KB
27 KB 147ms
45ms Script
application/javascript 2606:4700::6810:4e8e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4e8e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

efa4aed518b4728e6d4b4bdd1c5fe289c63a0d071a4edf329f560171f6e7b472

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

x-evy-trace-virtual-host: all
x-request-id: cbace7ec-7b93-42f6-a10b-a1140341a680
content-encoding: gzip
cf-cache-status: HIT
etag: W/"f5e6ced71ecd77db318b3b7bdbcea12d"
x-amz-version-id: WSFuba_L2anScNSxi1bmQJTKzwhQ1N0F
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
age: 518
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: MISS
x-amz-cf-id: TeGdQqt_JJV5wsjBmX1s2HwzY0CynnG8rJktm3e1tLOqoZ_xaZfIgw==
date: Thu, 05 Dec 2024 00:28:26 GMT
x-hubspot-correlation-id: cbace7ec-7b93-42f6-a10b-a1140341a680
content-type: application/javascript; charset=utf-8
last-modified: Tue, 26 Nov 2024 17:11:20 UTC
vary: accept-encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-fndvb
x-envoy-upstream-service-time: 9
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.18938/bundles/project.js&cfRay=8ebb14c2ece8d6cd-IAD
via: 1.1 76e55a2361219fb19722e949475d1844.cloudfront.net (CloudFront)
cf-ray: 8ecfea87cb7d8ce2-EWR
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: conversations-embed/static-1.18938/bundles/project.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 147ms
57ms Script
application/javascript 2606:4700::6811:df98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:df98 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5a102aed533390e53f0c3da4a28fd5a0c882afb2d67abd36ae78e418f2d9e5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

x-evy-trace-virtual-host: all
x-request-id: 4d37b86b-0221-4b99-a89c-c8aa1da43672
content-encoding: gzip
cf-cache-status: HIT
etag: W/"55c50075baa1fb358695bac6a8ac3254"
x-amz-version-id: kgaFlO84ZW6ILlAzIV38LNI2_mvTYgv6
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
age: 518
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: HIT
x-amz-cf-id: MqQwxDrJbznKxX6zvQanv7OeKcnGulcoCMcB4Ve6rc-RaQM8TDfmaA==
date: Thu, 05 Dec 2024 00:28:26 GMT
x-hubspot-correlation-id: 4d37b86b-0221-4b99-a89c-c8aa1da43672
content-type: application/javascript; charset=utf-8
last-modified: Wed, 27 Nov 2024 18:45:45 UTC
vary: accept-encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-fndvb
x-envoy-upstream-service-time: 0
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.833/bundles/pixels-release.js&cfRay=8ebb1170bb3dc56f-IAD
via: 1.1 872e43fac89d80c9557000efb9c31650.cloudfront.net (CloudFront)
cf-ray: 8ecfea87ade68c5d-EWR
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: adsscriptloaderstatic/static-1.833/bundles/pixels-release.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 139ms
46ms Script
application/javascript 2606:4700::6810:6efe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6efe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca9ead1a878c5a474808166462389da9859bbe06ee7c5e4365029c8062709121

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.reversinglabs.com
Referer: https://www.reversinglabs.com/

Response headers

x-request-id: 28b8e0a3-94be-4f6a-9d33-00239793f273
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: _vUoUmuymk3IT7Uikz585Nn8PzBEJUsn
etag: W/"216a00fb66fa9b149d5f8b5557f0f563"
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: d24bNS--jk8hFO6eMNJAfFGYdskBVXVYMTQNPkOunk1nLHSrN_Bu_g==
x-hubspot-correlation-id: 28b8e0a3-94be-4f6a-9d33-00239793f273
content-type: application/javascript; charset=utf-8
last-modified: Thu, 21 Nov 2024 17:09:02 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-cd6cv
x-envoy-upstream-service-time: 9
x-hs-target-asset: collected-forms-embed-js/static-1.885/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Thu, 05 Dec 2024 00:28:26 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.885/bundles/project.js&cfRay=8e688fcfd9f84392-IAD
via: 1.1 d2cb7631fe0377fd030ab6f92237ce72.cloudfront.net (CloudFront)
cf-ray: 8ecfea87aaa418d0-EWR
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD55-P7

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 84 KB
25 KB 196ms
107ms Script
application/javascript 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6f514ddc18e496f04ad9fad4afcec13d365dfa49efa5dac94d6fff64b95a623

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.reversinglabs.com
Referer: https://www.reversinglabs.com/

Response headers

x-request-id: 9203d82b-1902-489e-bb7c-7ae3f0e05b35
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: mNXUuIIWhVdVPzPqyp_sjRXwZmR0sDd4
etag: W/"224467cc4ce3a08f302186b8a1ce03c9"
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ArLvWhlO58T%2FQzWWXslYkxHeWd1n8u1Y6LOGOnIyUSQ5Fzf3OV%2B5oHKdAJb%2F8B2K6kXvfn9wm1BcEPirfMnl6BZBM7zz89OLx6UIUOpDP%2BJs8rUdiGpP4k6HtIvWtElqXDVLyjd8nRb8EY2D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: oLSdyGKuIWrEt0DeWPzLUSH9DPlLoDtF6Ddz2pR0SOxHRIs2u81G2g==
x-hubspot-correlation-id: 9203d82b-1902-489e-bb7c-7ae3f0e05b35
content-type: application/javascript; charset=utf-8
last-modified: Mon, 02 Dec 2024 10:47:31 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-xqtv6
x-envoy-upstream-service-time: 37
x-hs-target-asset: web-interactives-embed/static-2.1869/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Thu, 05 Dec 2024 00:28:26 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1869/bundles/project.js&cfRay=8ebb22fb997aaaeb-ORD
via: 1.1 c3d335addde48969fafe25d4064cee80.cloudfront.net (CloudFront)
cf-ray: 8ecfea87ac2443cd-EWR
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 447.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 476 B
848 B 23ms
22ms Script
application/javascript 52.85.61.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/447.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-101.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4efd6ac6efe7860c8db3d414ff2302db7c424675da9d6664631a307ce3d171a7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

x-amz-version-id: null
etag: "99bc8d7aff9625869f9ac3f6fd84c8a7"
age: 80905
via: 1.1 3f65d34f6010e326e59d2f311de6e202.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 476
x-amz-cf-id: dGp6eWm0ejQ8il2tOyn-zTVbZFP2xmh_vL5nhwVEEM1IyoXOi-0QJw==
date: Wed, 04 Dec 2024 02:00:02 GMT
content-type: application/javascript
last-modified: Wed, 04 Dec 2024 01:59:53 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
x-amz-server-side-encryption: AES256

GET
H2 200 init Show response
jukebox.pathfactory.com/api/public/v1/ 8 KB
3 KB 445ms
113ms XHR
application/json 54.82.9.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/init?clientId=LB-316DB6E2-11084&image=&title=&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.82.9.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-82-9-148.compute-1.amazonaws.com

Software

Resource Hash

39208800407b87513c1267bee9045561798686b1da74098d0db23c6d078ee528

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 7200
x-request-id: beb960ce-5cbd-4907-9580-174ff5745441
access-control-expose-headers
content-encoding: gzip
etag: W/"39208800407b87513c1267bee9045561"
x-content-type-options: nosniff
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
date: Thu, 05 Dec 2024 00:28:26 GMT
content-type: application/json; charset=utf-8
vary: Accept, Origin, Accept-Encoding
x-runtime: 0.070707
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
referrer-policy: no-referrer-when-downgrade
access-control-allow-origin: https://www.reversinglabs.com

OPTIONS
H2 200 init
jukebox.pathfactory.com/api/public/v1/ Frame 0
0 151ms
57ms Preflight 54.82.9.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/init?clientId=LB-316DB6E2-11084&image=&title=&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.9.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-9-148.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.reversinglabs.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://www.reversinglabs.com
access-control-expose-headers
access-control-max-age: 7200
date: Thu, 05 Dec 2024 00:28:26 GMT

GET
H2 200 font-awesome.min.css
cdn-app.pathfactory.com/web-fonts/font-awesome/ 28 KB
7 KB 31ms
30ms Stylesheet
text/css 52.85.61.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/web-fonts/font-awesome/font-awesome.min.css
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/447.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-101.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 14b6cfd9b2a41bf5ee498086b1fbe2e8a31b1f99d5e040d55bdbe2d95702b6ac

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

vary: accept-encoding
content-encoding: gzip
etag: W/"d96f1330ac4b04ce0b20d2206236e62c"
x-amz-version-id: null
age: 76531
via: 1.1 3f65d34f6010e326e59d2f311de6e202.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: bxL4WYqEAviNi7gyos3bdBf2V0N-8J_LzbQ1TLc4UWDBkkXq3gbtNg==
date: Wed, 04 Dec 2024 03:12:56 GMT
content-type: text/css
last-modified: Mon, 27 Mar 2023 14:54:50 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
x-amz-server-side-encryption: AES256

GET
H2 200 roboto_lato.css
cdn-app.pathfactory.com/web-fonts/roboto_lato/ 5 KB
1 KB 86ms
86ms Stylesheet
text/css 52.85.61.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/web-fonts/roboto_lato/roboto_lato.css
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/447.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-101.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a3e647bd139028a8b14cd0c42545d61fe316a4a42436a5602b44df99d8d416f3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

vary: accept-encoding
content-encoding: gzip
etag: W/"6339b6205ef670ae453a1fa9e8740fd8"
x-amz-version-id: null
age: 76531
via: 1.1 3f65d34f6010e326e59d2f311de6e202.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: Xca3jHnNsuzMKbabhjumHkuQ5FuR6nIV-jIG7-hLO4WFGzDIkVPx9Q==
date: Wed, 04 Dec 2024 03:12:56 GMT
content-type: text/css
last-modified: Mon, 27 Mar 2023 14:55:14 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
x-amz-server-side-encryption: AES256

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
cdn-app.pathfactory.com/web-fonts/roboto_lato/ 11 KB
11 KB 128ms
39ms Font
binary/octet-stream 52.85.61.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/web-fonts/roboto_lato/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/web-fonts/roboto_lato/roboto_lato.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-101.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.reversinglabs.com
Referer: https://cdn-app.pathfactory.com/web-fonts/roboto_lato/roboto_lato.css

Response headers

access-control-max-age: 3000
etag: "5e22a46c04d947a36ea0cad07afcc9e1"
x-amz-version-id: null
age: 37579
access-control-allow-methods: GET, PUT, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: AqU2THkTmTZSXJdrPFAn00RcIr7-gA0s0nWJ1V1tbJkbGxYfYI23IA==
date: Wed, 04 Dec 2024 14:02:08 GMT
content-type: binary/octet-stream
vary: Origin
last-modified: Mon, 27 Mar 2023 14:55:12 GMT
via: 1.1 11140291d542e546b40770525cf1e1b4.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 11040
x-amz-cf-pop: EWR53-P1
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H3 200 widget Show response
www.reversinglabs.com/_hcms/livechat/ 323 B
1 KB 123ms
122ms XHR
application/json 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/_hcms/livechat/widget?portalId=3375217&conversations-embed=static-1.18938&mobile=false&messagesUtk=aaca12f70c8346ce9c39ade8a333358c&traceId=aaca12f70c8346ce9c39ade8a333358c

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

518f0947e029f5b0809a292555f7f2da0ec3a796347592fe03e39c58bc0dcdf0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
X-HubSpot-Messages-Uri: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads
Referer: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Response headers

cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s%2BaOMYimC%2FBMz7Op4XRwgP7E6B9HifliX1LZtjjDRgBv8%2B7%2BvpQj%2FeFea6kviB3XkE6JlStpveC6bK5QYLPJBDdk95%2BWV7zlhFfswc7pqnSAawLaaHoNs8vm6bnxoYzdq2ZLZOgijXA8UY8EuBh%2BngFxtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 05 Dec 2024 00:28:26 GMT
x-hubspot-correlation-id: d7dd8732-3fdc-4f47-a140-27f147859d8a
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
priority: u=1,i
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 8ecfea88784b4cae-PHL
server: cloudflare

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 133 B
434 B 67ms
61ms XHR
application/json 2606:4700::6810:6efe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=3375217&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6efe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9dad1c0db8f609fc3fa93ed9a02f23f1fde3497445fa1f83c71f0816376f7cd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.reversinglabs.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: c69fc5cd-d486-4bde-8e77-381d11871a11
content-encoding: br
cf-cache-status: DYNAMIC
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Thu, 05 Dec 2024 00:28:26 GMT
x-hubspot-correlation-id: c69fc5cd-d486-4bde-8e77-381d11871a11
content-type: application/json;charset=utf-8
vary: Accept-Encoding
access-control-allow-headers: *
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-vd947
x-envoy-upstream-service-time: 11
cf-ray: 8ecfea887b7318d0-EWR
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 cf-location Show response
js.hs-banner.com/v2/ 5 B
148 B 173ms
87ms Fetch
text/plain 2606:4700:4400::ac40:9310
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/cf-location
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/3375217/banner.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9310 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21152971983ab0f08638f7bc1619a54efd4d9f3115ffdef92c151b9b9d1a109d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

cache-control: private, max-age=1500
cf-ray: 8ecfea891e3b4408-EWR
access-control-allow-origin: *
content-length: 5
date: Thu, 05 Dec 2024 00:28:26 GMT
content-type: text/plain;charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 327 KB
111 KB 152ms
69ms Script
application/javascript 2607:f8b0:4006:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

58168bfbf38fc188d5ef3acd789e8a539011bfb9d2069bc5bd6849befb279982

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Thu, 05 Dec 2024 00:28:26 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 00:28:26 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 05 Dec 2024 00:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 112432
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 115 B
802 B 216ms
128ms XHR
application/json 2606:4700::6812:f06c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=3375217

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f06c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

816360b9246cc268283dad1c2dae8f48e40df1cee8b234412201f4a03541e4a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

access-control-max-age: 180
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aPwf4XSQrIGTNGTlJYLcO1KGmh0cgf2qVdqluO0K9HND8SN0HSRXWWq%2FtY5nFg%2FHz0oGLJZezC2PPmDgYIdMoDR2WV%2Ff%2F1DINenFsStqmurZJneWGOJn2pIbb%2B9EFwvIOa5jAqb1WEeYwXRC"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 00:28:26 GMT
x-hubspot-correlation-id: d9c21934-c7d6-4814-ac92-61e157b457df
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 8ecfea891a05236a-EWR
access-control-allow-origin: https://www.reversinglabs.com
server: cloudflare

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 61 B
1020 B 72ms
65ms Fetch
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=3375217&currentUrl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&contentId=null

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: f227cfae-f4af-4116-91c5-2e4f0a442c53
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xeTwIYLka%2BTgbB1OUG35fSmnbLiSrm0WkJAIFcGcGjJxV6T6AiVvM0uvXUQcOKyO6KSq4b7Ul80z2JLVa%2B90eiAEHZ9J6r0juAFnjn6%2BG8V2a97EoHF8QWZgefBCC7oVjAYGnZWEA146Vmshk%2Bu%2Bu%2F94oo0oYHIvJw8%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
x-evy-trace-listener: listener_https
date: Thu, 05 Dec 2024 00:28:26 GMT
x-hubspot-correlation-id: f227cfae-f4af-4116-91c5-2e4f0a442c53
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-lnptw
x-envoy-upstream-service-time: 8
access-control-allow-credentials: true
cf-ray: 8ecfea88ad9d43cd-EWR
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
916 B 127ms
60ms Image
image/gif 2606:4700::6812:50cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:50cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

x-robots-tag: none
x-request-id: 5f3e1f9b-4655-4038-904b-f300cb236cdb
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Thu, 05 Dec 2024 00:28:26 GMT
x-hubspot-correlation-id: 5f3e1f9b-4655-4038-904b-f300cb236cdb
content-type: image/gif
vary: origin
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-4jlrw
x-envoy-upstream-service-time: 4
access-control-allow-credentials: false
cf-ray: 8ecfea894aeb7cb2-EWR
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
924 B 138ms
56ms Image
image/gif 2606:4700::6812:50cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:50cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

x-robots-tag: none
x-request-id: 14a56295-75b3-4968-9fb8-2b853ab673a9
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Thu, 05 Dec 2024 00:28:26 GMT
x-hubspot-correlation-id: 14a56295-75b3-4968-9fb8-2b853ab673a9
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Thu, 05 Dec 2024 00:28:26 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-pb78j
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8ecfea899b5d7cb2-EWR
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 420 KB
134 KB 67ms
66ms Script
application/javascript 2607:f8b0:4006:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-970567826

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6f838aeb596a308dda6f23d48356a84bf857f18fc5045c91b6e90b78cdda17fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 05 Dec 2024 00:28:26 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 00:28:26 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 136511
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 420 KB
133 KB 64ms
64ms Script
application/javascript 2607:f8b0:4006:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c&gtm=45He4c30v856083864za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f47aa969619f178b67d4389394ec57831c62a4e4c927c492b8a5d42958926afc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 05 Dec 2024 00:28:26 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 00:28:26 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 136416
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 420 KB
133 KB 89ms
88ms Script
application/javascript 2607:f8b0:4006:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-970567826&l=dataLayer&cx=c&gtm=45He4c30v856083864za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

96cdc75cd018c0937835edcaa7cf6e1048f02ccabfdeeb8641fced7969a4d36e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 05 Dec 2024 00:28:26 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 00:28:26 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 136420
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 242.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 173 KB
59 KB 45ms
40ms Script
application/javascript 52.85.61.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/242.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-101.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9928340ab66ea3b57ea2649c3ebb0d6f28fcc0ccc2adf47a623316bdedf12250

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

vary: accept-encoding
content-encoding: gzip
etag: W/"d78cd4c537a84ec760ac1d3bbef22ffd"
x-amz-version-id: null
age: 80902
via: 1.1 3f65d34f6010e326e59d2f311de6e202.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: LI8rGrA2EG9sgIAbkgp8rD7DzGr3jLDUhVM5eoDcETAPRNxcdrE0nA==
date: Wed, 04 Dec 2024 02:00:05 GMT
content-type: application/javascript
last-modified: Wed, 04 Dec 2024 01:59:53 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
x-amz-server-side-encryption: AES256

GET
H2 200 689.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 16 KB
6 KB 102ms
97ms Script
application/javascript 52.85.61.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/689.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-101.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 05ff91703fa482062b851d83b00e7663ef9d2001e01eaa126430e417d8e28aaa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

vary: accept-encoding
content-encoding: gzip
etag: W/"c08943f25f0d30cb139fc315b9b5d615"
x-amz-version-id: null
age: 80903
via: 1.1 3f65d34f6010e326e59d2f311de6e202.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: 6u1XHKYr0-3OhScfRVkCMFxIaH9AJ4mih7QsCfv0WEFoQI60KMaS6g==
date: Wed, 04 Dec 2024 02:00:04 GMT
content-type: application/javascript
last-modified: Wed, 04 Dec 2024 01:59:53 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
x-amz-server-side-encryption: AES256

GET
H2 200 426.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 144 KB
49 KB 112ms
108ms Script
application/javascript 52.85.61.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/426.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-101.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e9a502929c5dd3ddd472b4124271a27e6342ee3f71099482a29d1da9b0c23d4b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

vary: accept-encoding
content-encoding: gzip
etag: W/"7937b5bb1bbb94f5d0b634d9b9cc8fc7"
x-amz-version-id: null
age: 80903
via: 1.1 3f65d34f6010e326e59d2f311de6e202.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: QSEsR0LAcrvLY7by5vIlC9Z3QUHgfAGXBlgo1TKP5UgtOpQ8dyVPWQ==
date: Wed, 04 Dec 2024 02:00:04 GMT
content-type: application/javascript
last-modified: Wed, 04 Dec 2024 01:59:53 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
x-amz-server-side-encryption: AES256

GET
H2 200 793.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 73 KB
17 KB 148ms
144ms Script
application/javascript 52.85.61.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/793.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-101.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f830fc725604d44e7c515aa21901c2273aefbf5e1bd3ab4e43b61cf9b82b8f5b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

vary: accept-encoding
content-encoding: gzip
etag: W/"85bcf93376afe16ae07a417a464c6a50"
x-amz-version-id: null
age: 80903
via: 1.1 3f65d34f6010e326e59d2f311de6e202.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: plyGAnynutfJEkzCvis04iTpz7zU0n6gRWbldLO3jZwOePLOkI6Mxg==
date: Wed, 04 Dec 2024 02:00:04 GMT
content-type: application/javascript
last-modified: Wed, 04 Dec 2024 01:59:53 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
x-amz-server-side-encryption: AES256

GET
H2 200 796.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 117 KB
27 KB 157ms
154ms Script
application/javascript 52.85.61.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/796.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-101.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6689a9d869a10995049ca05b9538b925c78b3ba6bc6acf6a1fa873b1c89cdab2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

vary: accept-encoding
content-encoding: gzip
etag: W/"99c0b28c542c3baec51fd724d976237a"
x-amz-version-id: null
age: 80902
via: 1.1 3f65d34f6010e326e59d2f311de6e202.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: KBnepe5h7-EbRTa6v7pWiEYsoUvJ6s9PusqIM8KU9uFVKDiF8UWc9w==
date: Wed, 04 Dec 2024 02:00:05 GMT
content-type: application/javascript
last-modified: Wed, 04 Dec 2024 01:59:53 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
x-amz-server-side-encryption: AES256

GET
H2 200 98.js Show response
cdn-app.pathfactory.com/production/jukebox-lite/current/ 52 KB
14 KB 167ms
165ms Script
application/javascript 52.85.61.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/98.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-101.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6bd793e9209770810c1b30d46570a35840ba2dd5a4b36fc272dbbe6f12cfdf70

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

vary: accept-encoding
content-encoding: gzip
etag: W/"1ebd56e7910d84400cfa2e0c057353e4"
x-amz-version-id: null
age: 80903
via: 1.1 3f65d34f6010e326e59d2f311de6e202.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: GAasYJwB1z_66xoEsepSzjz5X7pT3ZCrIzFrUFzCPEI4zUCDb2X1LQ==
date: Wed, 04 Dec 2024 02:00:04 GMT
content-type: application/javascript
last-modified: Wed, 04 Dec 2024 01:59:53 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
x-amz-server-side-encryption: AES256

GET
H2 204 website_forms Show response
jukebox.pathfactory.com/api/public/v1/ 0
413 B 47ms
42ms XHR
text/plain 54.82.9.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v1/website_forms?clientId=LB-316DB6E2-11084&pfVisitorUuid=&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.82.9.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-82-9-148.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 7200
x-request-id: 6bd663e7-ea58-4eb0-b37d-37e06c697d7c
access-control-expose-headers
cache-control: no-cache
access-control-allow-credentials: true
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://www.reversinglabs.com
date: Thu, 05 Dec 2024 00:28:26 GMT
vary: Origin
x-runtime: 0.015226

OPTIONS
H2 200 website_forms
jukebox.pathfactory.com/api/public/v1/ Frame 0
0 28ms
26ms Preflight 54.82.9.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v1/website_forms?clientId=LB-316DB6E2-11084&pfVisitorUuid=&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.9.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-9-148.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.reversinglabs.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://www.reversinglabs.com
access-control-expose-headers
access-control-max-age: 7200
date: Thu, 05 Dec 2024 00:28:26 GMT

POST
H3 200 collect
www.google.com/ccm/ 0
0 137ms
42ms Ping
text/plain 2607:f8b0:4006:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&scrsrc=www.googletagmanager.com&frm=0&rnd=481271222.1733358507&auid=2009702333.1733358507&npa=0&did=dZTQ1Zm&gdid=dZTQ1Zm&gtm=45be4c30v867824530z8856083864za200zb856083864&gcs=G111&gcd=13r3r3r3r5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&tft=1733358506746&tfd=1524&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-970567826
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81c::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/970567826/ 5 KB
2 KB 143ms
53ms Script
text/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/970567826/?random=1733358506738&cv=11&fst=1733358506738&bg=ffffff&guid=ON&async=1&gtm=45be4c30v867824530z8856083864za200zb856083864&gcd=13r3r3r3r5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&hn=www.googleadservices.com&frm=0&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=2009702333.1733358507&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-970567826

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b9c76c626ca0867c2ff3ccbc3e5c947b616e1903cb33ca9f983e57d7b8bb6357

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2357
date: Thu, 05 Dec 2024 00:28:26 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 970567826
td.doubleclick.net/td/rul/ Frame C9C8 0
0 140ms
61ms Document
text/html 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/970567826?random=1733358506738&cv=11&fst=1733358506738&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4c30v867824530z8856083864za200zb856083864&gcd=13r3r3r3r5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&hn=www.googleadservices.com&frm=0&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=2009702333.1733358507&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-970567826

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reversinglabs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 2289
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Dec 2024 00:28:26 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
analytics.google.com/g/ 0
0 157ms
71ms Fetch
text/plain 2607:f8b0:4006:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-JVM9Z1XQPL&gtm=45be4c30v867824530z8856083864za200zb856083864&_p=1733358506315&_gaz=1&gcs=G111&gcd=13r3r3r3r5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485&gdid=dZTQ1Zm&cid=818400528.1733358507&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1733358506&sct=1&seg=0&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1556
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-970567826
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80b::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.reversinglabs.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 00:28:26 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
558 B 140ms
46ms Ping
text/plain 2607:f8b0:4004:c17::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-JVM9Z1XQPL&cid=818400528.1733358507&gtm=45be4c30v867824530z8856083864za200zb856083864&aip=1&dma=0&gcs=G111&gcd=13r3r3r3r5l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102081485
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-970567826
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c17::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.reversinglabs.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 00:28:26 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame C5B6 0
0 123ms
59ms Document
text/html 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-JVM9Z1XQPL&gacid=818400528.1733358507&gtm=45be4c30v867824530z8856083864za200zb856083864&dma=0&gcs=G111&gcd=13r3r3r3r5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485&z=349256755

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-970567826

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reversinglabs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Dec 2024 00:28:26 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4c30/ Frame 91B4 0
0 101ms
29ms Document
text/html 2607:f8b0:4006:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4c30/sw_iframe.html?origin=https%3A%2F%2Fwww.reversinglabs.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-970567826

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 113151
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Tue, 03 Dec 2024 17:02:35 GMT
expires: Wed, 03 Dec 2025 17:02:35 GMT
last-modified: Tue, 03 Dec 2024 10:18:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H/1.1 200
OK tp2
spcollector.pathfactory.com/com.snowplowanalytics.snowplow/ 0
0 158ms
27ms Fetch
image/gif 34.234.192.74
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://spcollector.pathfactory.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.234.192.74 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-234-192-74.compute-1.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Content-Length: 43
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date: Thu, 05 Dec 2024 00:28:27 GMT
Content-Type: image/gif
Server: akka-http/10.0.9

GET
H3 200 /
www.google.com/pagead/1p-user-list/970567826/ 42 B
64 B 54ms
53ms Image
image/gif 2607:f8b0:4006:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/970567826/?random=1733358506738&cv=11&fst=1733356800000&bg=ffffff&guid=ON&async=1&gtm=45be4c30v867824530z8856083864za200zb856083864&gcd=13r3r3r3r5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&hn=www.googleadservices.com&frm=0&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=2009702333.1733358507&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7d8YpbOf7S2kYIG0HRBrlILolka_bIoQ&random=2224199169&rmt_tld=0&ipr=y

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Thu, 05 Dec 2024 00:28:27 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
611 B 83ms
70ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=3375217&ct=standard-page&ccu=https%3A%2F%2Fwww.reversinglabs.com%2F404&pu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&cts=1733358507077&vi=cec89e0f9fe244135fb70acece8b8bad&nc=true&u=60854195.cec89e0f9fe244135fb70acece8b8bad.1733358507072.1733358507072.1733358507072.1&b=60854195.1.1733358507072&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

x-robots-tag: none
x-request-id: 4b246f04-d2c1-4428-be12-736dafb165cd
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UQ%2B%2F2ZIfmC55LVwLahNgWg0rHUgB90GE1BUOLi2o4u1rVje0j6S50pmVakoCMQ63t5EOZBQipovbFPUBJ4AXJZXUVA%2F7ff8hlP2X3g6zMfevIXDwe1eO16kyzQ%2BG9ALO7EEErdwRSt0SDJ9xKxxk"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Thu, 05 Dec 2024 00:28:27 GMT
x-hubspot-correlation-id: 4b246f04-d2c1-4428-be12-736dafb165cd
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-nc9kd
x-envoy-upstream-service-time: 4
access-control-allow-credentials: false
cf-ray: 8ecfea8d6d174308-EWR
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 402ms
211ms Script
application/javascript 23.209.72.209
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.209.72.209 Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-209-72-209.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

d5ecf2f6d5b7937dd1aa50165b89193436347d55cb130951d41e028b1f09d3af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

cache-control: private, proxy-revalidate, max-age=10800
content-encoding: gzip
etag: "66fb91ae-111bb"
x-content-type-options: nosniff
expires: Thu, 05 Dec 2024 03:28:27 GMT
accept-ranges: bytes
content-length: 18819
date: Thu, 05 Dec 2024 00:28:27 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
last-modified: Tue, 01 Oct 2024 06:07:42 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 2 KB
1006 B 174ms
64ms Script
application/javascript 2600:141b:1c00:6::17df:d12e
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:6::17df:d12e Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

c57865ec6a6956797b18dc7d23a3ade16e7ced5271f4dc0796b2ed0a10f934dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

cache-control: max-age=51374
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 796
date: Thu, 05 Dec 2024 00:28:27 GMT
last-modified: Mon, 02 Dec 2024 19:27:08 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 420 KB
133 KB 69ms
69ms Script
application/javascript 2607:f8b0:4006:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-970567826&l=dataLayer&cx=c&gtm=45He4c30v856083864za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4ba0b3e91e7afb982fa05b7b66105a034da389a10053de446df0dc28aa13cab2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Thu, 05 Dec 2024 00:28:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 00:28:27 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 136446
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 favicon.ico
www.reversinglabs.com/hubfs/favicons/ 1 KB
1 KB 67ms
66ms Other
image/vnd.microsoft.icon 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hubfs/favicons/favicon.ico?v=XBJLaGAQax

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0db68a93d1f97f0fb1224f0734697114c7abc9fc403c920fb05f88a10b4db79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"65232b94b8bed83757bff14ed51e92b5"
age: 630815
cache-tag: F-10257692869,FD-10257700017,P-3375217,FLS-ALL
x-amz-version-id: Z.0e2dNlpNVLjiXXR6ElKaqWvTbbFyc_
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RbgXfqJAS23GGfW6zX61d9xwFHVYQuiaB5M94L1gy8IiI0GOnRTkWNjO4yIaWnTTR%2FPimGW2OsGvpROhw%2FFD42jIua9lXBKfvZwAhFO9A6VqFLDA0JJojkHSXBM2%2B0SWK8fY9FY0t55e3WQO%2Fttv1ujghQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: pGImQaalWi6dGtfoKG7nom5kWDv6FH4b-vn1nXUb0IKpuOAG1263Iw==
content-type: image/vnd.microsoft.icon
last-modified: Thu, 06 Jun 2019 14:09:52 GMT
priority: u=1,i
server-timing: cfExtPri
edge-cache-tag: F-10257692869,FD-10257700017,P-3375217,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: D62Z57KVSTF40F30
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-10257692869,FD-10257700017,P-3375217,FLS-ALL
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
access-control-allow-methods: GET
date: Thu, 05 Dec 2024 00:28:27 GMT
vary: Accept-Encoding
x-amz-id-2: QSZapofjxZ75YYCL20YDGLaxNdRIv8ajA1andgrsceVnWqncndE3NX+Cv1V1QNJy0hnmxVyZZm8=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 5a8470558db8c5018d387c481b2df76a.cloudfront.net (CloudFront)
cf-ray: 8ecfea8d6dbf4cae-PHL
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
1 KB 107ms
95ms XHR
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=3375217&utk=cec89e0f9fe244135fb70acece8b8bad&__hstc=60854195.cec89e0f9fe244135fb70acece8b8bad.1733358507072.1733358507072.1733358507072.1&__hssc=60854195.1.1733358507072&contentId=null&currentUrl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55f6354d2bebf24313bda79afb55b17dbdc31407ccee03891102157df10c28b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 34f4ff19-e13e-48ef-84c5-f06686ee0d0b
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ejpsd%2Bk4dZPsOJ%2BUcbdc5pQZsObpP8Wp3Jn4dMjo1wXA7oHckQy6Ub6Jef%2BS2%2BVt2w9C0T5BxcK2%2FIJCU2zqEbSUoZUU0ybBOpQ476RDpwjxsDS%2B51avkWrSrGi6KUnR%2B%2FejTWOZzBfiKBL%2B%2BsvV"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener: listener_https
date: Thu, 05 Dec 2024 00:28:27 GMT
x-hubspot-correlation-id: 34f4ff19-e13e-48ef-84c5-f06686ee0d0b
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-6xdg5
x-envoy-upstream-service-time: 21
access-control-allow-credentials: false
cf-ray: 8ecfea8dbd2943cd-EWR
access-control-allow-origin: https://www.reversinglabs.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 sp.lite.js Show response
cdn-app.pathfactory.com/libraries/tracker/3.19.0/ 43 KB
15 KB 27ms
27ms Script
application/javascript 52.85.61.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/libraries/tracker/3.19.0/sp.lite.js
Requested by: Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-101.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 25462e537585513efd706d55cf4cd890b30f382ab96c0f6df75c41c1095d58ed

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

vary: accept-encoding
content-encoding: gzip
etag: W/"1aed05295e6c59943103b6fa7150f848"
x-amz-version-id: null
age: 76536
via: 1.1 3f65d34f6010e326e59d2f311de6e202.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: QB7glBFXNcoemr57WPLU_iq7CsKsCQA9CaajwmMZS9dhQENCSj67tQ==
date: Wed, 04 Dec 2024 03:12:52 GMT
content-type: application/javascript
last-modified: Wed, 03 Jan 2024 16:25:31 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
x-amz-server-side-encryption: AES256

GET
H3 200 RL.svg
www.reversinglabs.com/hubfs/favicons/ 1 KB
2 KB 76ms
75ms Other
image/svg+xml 2606:2c40::c73c:671f
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reversinglabs.com/hubfs/favicons/RL.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4d858c8735257088f8afec4218614b0de5de80c4740a1e3d85177d32fcf59f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"f5495c5973bd36c9aef68e8932961a19"
age: 521362
cache-tag: F-145184489380,FD-10257700017,P-3375217,FLS-ALL
x-amz-version-id: CF4go1_hFRfTbqIKmg2EpHi6K6Q8eeO.
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iyoDRsiOQ%2BLjGCwFs6b%2FR3H33F2G5st7CElcHDke86P5JKIuPxkP%2BbEAM01xh6n3rictcAsYk%2FnyQtveVDHz0yrIzXz46rVv0iWJH4ul7YIRRt4ot6GkqCrAoX0RMoLioIcLlCIUpThC6dtCs0jx6i1xiw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: cWDwZGDcws9qwZ5rz6fLtv8lpvHWfIgDxUncTu7igKMhgmkAqV58VA==
content-type: image/svg+xml
last-modified: Sun, 12 Nov 2023 11:35:03 GMT
priority: u=1,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-145184489380,FD-10257700017,P-3375217,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: TCT9DDY63P1NCM3Q
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-145184489380,FD-10257700017,P-3375217,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 05 Dec 2024 00:28:27 GMT
vary: Accept-Encoding
x-amz-id-2: U5GrcsJYtmqYVkosWk/g1x3/ia+jL+5Z5Zt5uncAy1Bg33HxMANWChmINHQQbch7H1/XOjUfx00=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 5d80a787e1ebac16d38abe8be03294f8.cloudfront.net (CloudFront)
cf-ray: 8ecfea8dde744cae-PHL
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1699788902625

OPTIONS
H2 200 recommendations
jukebox.pathfactory.com/api/public/v3/ Frame 0
0 26ms
25ms Preflight 54.82.9.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v3/recommendations?clientId=LB-316DB6E2-11084&sourceType=2&pfVisitorUuid=076aae4b-3510-4be5-b4b8-6f5607e988da&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&contentPoolId=0694675c-11a7-452f-b7fe-a1ad365b3e1e&contentDisplayedType=collection&collectionRuleId=&appearanceId=18729&recommendationType=trending&sessionId=6a5af75c-f626-4dad-b931-5f3088a10451&webcontextId=dd6c2451-e5c6-4aae-8734-0cd86ef75c4f&noPosts=5
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.9.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-9-148.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.reversinglabs.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://www.reversinglabs.com
access-control-expose-headers
access-control-max-age: 7200
date: Thu, 05 Dec 2024 00:28:27 GMT

OPTIONS
H2 200 recommendations
jukebox.pathfactory.com/api/public/v3/ Frame 0
0 39ms
39ms Preflight 54.82.9.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/api/public/v3/recommendations?clientId=LB-316DB6E2-11084&sourceType=2&pfVisitorUuid=076aae4b-3510-4be5-b4b8-6f5607e988da&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&contentPoolId=0694675c-11a7-452f-b7fe-a1ad365b3e1e&contentDisplayedType=collection&collectionRuleId=&appearanceId=18729&recommendationType=yml&sessionId=6a5af75c-f626-4dad-b931-5f3088a10451&webcontextId=dd6c2451-e5c6-4aae-8734-0cd86ef75c4f&noPosts=5
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.9.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-9-148.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.reversinglabs.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://www.reversinglabs.com
access-control-expose-headers
access-control-max-age: 7200
date: Thu, 05 Dec 2024 00:28:27 GMT

GET
H2 200 link-click.js Show response
cdn-app.pathfactory.com/libraries/tracker/3.19.0/plugin/ 6 KB
3 KB 22ms
22ms Script
application/javascript 52.85.61.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-app.pathfactory.com/libraries/tracker/3.19.0/plugin/link-click.js
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/libraries/tracker/3.19.0/sp.lite.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-101.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0927046a7f82a1f6e6e48d1115be04d8e053922775f03d0fdecef3b60e92f8cb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

vary: accept-encoding
content-encoding: gzip
etag: W/"312554e163da7d1fad8823ce4ad2d17c"
x-amz-version-id: null
age: 76535
via: 1.1 3f65d34f6010e326e59d2f311de6e202.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: -jQhTWYj9fREHkvuNOt1PMfhyyBpTDD1kXSrlgRmrMLG3yglhuLrXw==
date: Wed, 04 Dec 2024 03:12:53 GMT
content-type: application/javascript
last-modified: Wed, 03 Jan 2024 16:25:40 GMT
server: AmazonS3
x-amz-cf-pop: EWR53-P1
x-amz-server-side-encryption: AES256

GET
H2 200 recommendations Show response
jukebox.pathfactory.com/api/public/v3/ 4 KB
2 KB 154ms
153ms XHR
application/json 54.82.9.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v3/recommendations?clientId=LB-316DB6E2-11084&sourceType=2&pfVisitorUuid=076aae4b-3510-4be5-b4b8-6f5607e988da&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&contentPoolId=0694675c-11a7-452f-b7fe-a1ad365b3e1e&contentDisplayedType=collection&collectionRuleId=&appearanceId=18729&recommendationType=trending&sessionId=6a5af75c-f626-4dad-b931-5f3088a10451&webcontextId=dd6c2451-e5c6-4aae-8734-0cd86ef75c4f&noPosts=5

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.82.9.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-82-9-148.compute-1.amazonaws.com

Software

Resource Hash

0dfb8a4f0e66f0abb9e8239cbe358c97529d922c53d4c2eb5fa6eb1e67e96495

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 7200
x-request-id: d8cafd8a-1ed2-447d-90d6-635f140d0dfb
access-control-expose-headers
content-encoding: gzip
etag: W/"0dfb8a4f0e66f0abb9e8239cbe358c97"
x-content-type-options: nosniff
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
date: Thu, 05 Dec 2024 00:28:27 GMT
content-type: application/json; charset=utf-8
vary: Accept, Origin, Accept-Encoding
x-runtime: 0.123848
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
referrer-policy: no-referrer-when-downgrade
access-control-allow-origin: https://www.reversinglabs.com

GET
H2 200 recommendations Show response
jukebox.pathfactory.com/api/public/v3/ 4 KB
2 KB 449ms
448ms XHR
application/json 54.82.9.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/api/public/v3/recommendations?clientId=LB-316DB6E2-11084&sourceType=2&pfVisitorUuid=076aae4b-3510-4be5-b4b8-6f5607e988da&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&contentPoolId=0694675c-11a7-452f-b7fe-a1ad365b3e1e&contentDisplayedType=collection&collectionRuleId=&appearanceId=18729&recommendationType=yml&sessionId=6a5af75c-f626-4dad-b931-5f3088a10451&webcontextId=dd6c2451-e5c6-4aae-8734-0cd86ef75c4f&noPosts=5

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/production/jukebox-lite/current/jukebox.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.82.9.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-82-9-148.compute-1.amazonaws.com

Software

Resource Hash

5ed9a7c5b8fd6895571a9ae07845a7859ae126e8742ab1773522ea818a94f53b

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reversinglabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

access-control-max-age: 7200
x-request-id: 858a41df-148a-4dcf-91a7-32f2d788168f
access-control-expose-headers
content-encoding: gzip
etag: W/"5ed9a7c5b8fd6895571a9ae07845a785"
x-content-type-options: nosniff
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
date: Thu, 05 Dec 2024 00:28:27 GMT
content-type: application/json; charset=utf-8
vary: Accept, Origin, Accept-Encoding
x-runtime: 0.377031
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
referrer-policy: no-referrer-when-downgrade
access-control-allow-origin: https://www.reversinglabs.com

OPTIONS
H/1.1 200
OK tp2
spcollector.pathfactory.com/com.snowplowanalytics.snowplow/ Frame 0
0 24ms
23ms Preflight 34.234.192.74
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://spcollector.pathfactory.com/com.snowplowanalytics.snowplow/tp2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.234.192.74 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-234-192-74.compute-1.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.reversinglabs.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://www.reversinglabs.com
Access-Control-Max-Age: 5
Connection: keep-alive
Content-Length: 0
Date: Thu, 05 Dec 2024 00:28:27 GMT
Server: akka-http/10.0.9

OPTIONS
H2 200 tp2
jukebox.pathfactory.com/com.snowplowanalytics.snowplow/ Frame 0
0 62ms
62ms Preflight 54.82.9.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jukebox.pathfactory.com/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.9.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-9-148.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.reversinglabs.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin: https://www.reversinglabs.com
access-control-expose-headers
access-control-max-age: 7200
date: Thu, 05 Dec 2024 00:28:27 GMT

POST
H/1.1 200
OK tp2
spcollector.pathfactory.com/com.snowplowanalytics.snowplow/ 2 B
466 B 187ms
78ms Ping
text/plain 34.234.192.74
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://spcollector.pathfactory.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/libraries/tracker/3.19.0/sp.lite.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.234.192.74 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-234-192-74.compute-1.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.reversinglabs.com/

Response headers

Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.reversinglabs.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Content-Length: 2
Date: Thu, 05 Dec 2024 00:28:27 GMT
Content-Type: text/plain; charset=UTF-8
Server: akka-http/10.0.9

POST
H2 200 tp2
jukebox.pathfactory.com/com.snowplowanalytics.snowplow/ 0
514 B 56ms
54ms Ping
text/html 54.82.9.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://jukebox.pathfactory.com/com.snowplowanalytics.snowplow/tp2

Requested by

Host: cdn-app.pathfactory.com
URL: https://cdn-app.pathfactory.com/libraries/tracker/3.19.0/sp.lite.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.82.9.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-82-9-148.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.reversinglabs.com/

Response headers

access-control-max-age: 7200
content-security-policy
access-control-expose-headers
cache-control: no-cache
content-encoding: gzip
x-request-id: dd6db8f0-57e1-4ac8-a50f-f849da9aeee4
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-methods: GET, PUT, POST, PATCH, OPTIONS
referrer-policy: no-referrer-when-downgrade
access-control-allow-origin: https://www.reversinglabs.com
date: Thu, 05 Dec 2024 00:28:27 GMT
content-type: text/html
vary: Origin, Accept-Encoding
x-runtime: 0.015122

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/970567826/ 5 KB
2 KB 57ms
56ms Script
text/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/970567826/?random=1733358507292&cv=11&fst=1733358507292&bg=ffffff&guid=ON&async=1&gtm=45be4c30v867824530z8856083864za201zb856083864&gcd=13r3r3r3r5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&hn=www.googleadservices.com&frm=0&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=2009702333.1733358507&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-970567826&l=dataLayer&cx=c&gtm=45He4c30v856083864za200

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9774e106f301110cb4a082fc13cde2ce4534f87a0ad3553d1231605ad902e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2359
date: Thu, 05 Dec 2024 00:28:27 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 970567826
td.doubleclick.net/td/rul/ Frame 78AA 0
0 49ms
49ms Document
text/html 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/970567826?random=1733358507292&cv=11&fst=1733358507292&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4c30v867824530z8856083864za201zb856083864&gcd=13r3r3r3r5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&hn=www.googleadservices.com&frm=0&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=2009702333.1733358507&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-970567826&l=dataLayer&cx=c&gtm=45He4c30v856083864za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reversinglabs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 2304
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Dec 2024 00:28:27 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 30ms
27ms Script
application/javascript 2600:141b:1c00:6::17df:d12e
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:6::17df:d12e Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

cache-control: max-age=51511
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14634
date: Thu, 05 Dec 2024 00:28:27 GMT
last-modified: Mon, 02 Dec 2024 19:22:52 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H3 200 /
www.google.com/pagead/1p-user-list/970567826/ 42 B
64 B 47ms
47ms Image
image/gif 2607:f8b0:4006:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/970567826/?random=1733358507292&cv=11&fst=1733356800000&bg=ffffff&guid=ON&async=1&gtm=45be4c30v867824530z8856083864za201zb856083864&gcd=13r3r3r3r5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&hn=www.googleadservices.com&frm=0&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=2009702333.1733358507&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQCa7L7dFgeFw11awzomCAbVB_XSY5U8fBAvw84HzCBiIxn_tlhGrrSG&random=459235459&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Thu, 05 Dec 2024 00:28:27 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
763 B 236ms
125ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=976924&time=1733358507433&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&tm=gtmv2
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Referer: https://www.reversinglabs.com/

Response headers

x-li-pop: afd-prod-lor1-x
content-encoding: gzip
x-fs-uuid: 0006287afa1d323f62961f30678553f3
x-msedge-ref: Ref A: 14A16FBCD3C449C5AB9C9C1CC3BBE566 Ref B: PHL30EDGE0114 Ref C: 2024-12-05T00:28:27Z
x-li-fabric: prod-lor1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYoevodMj9ilh8wZ4VT8w==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Thu, 05 Dec 2024 00:28:27 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1733358507433&li_adsId=0c082f82-db96-4774-9cf8-ce758c715cfc&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-n...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1733358507433&li_adsId=0c082f82-db96-4774-9cf8-ce758c715cfc&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-n...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D976924%26time%3D1733358507433%26li_adsId%3D0c082f82-db96-4774-9cf8-ce758c715cfc%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1733358507433&li_adsId=0c082f82-db96-4774-9cf8-ce758c715cfc&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-n...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1733358507433&li_adsId=0c082f82-db96-4774-9cf8-ce758c715cfc&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-...

0
487 B

215ms
119ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1733358507433&li_adsId=0c082f82-db96-4774-9cf8-ce758c715cfc&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLvnzUpNltfUAAAAZOUN9fkEZ14k2FEaq3LdGh1FmFozH-bg8Xw0Suglzo9Z5sOl-J-RyM4lwk
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: DDFBBFC17F9746E7ABACFF6EDB29283A Ref B: PHL30EDGE0219 Ref C: 2024-12-05T00:28:28Z
x-li-fabric: prod-lor1
x-li-uuid: AAYoevomeWrSj2sdS1KA5Q==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Thu, 05 Dec 2024 00:28:27 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1733358507433&li_adsId=0c082f82-db96-4774-9cf8-ce758c715cfc&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLvnzUpNltfUAAAAZOUN9fkEZ14k2FEaq3LdGh1FmFozH-bg8Xw0Suglzo9Z5sOl-J-RyM4lwk
x-msedge-ref: Ref A: 1F7CD95FB5D34AB2A4DAD823BF47D74F Ref B: PHL30EDGE0106 Ref C: 2024-12-05T00:28:27Z
x-li-fabric: prod-lor1
x-li-uuid: AAYoevojLKQHQOSBAYwzMg==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Thu, 05 Dec 2024 00:28:27 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
197 B 65ms
34ms XHR
text/html 23.209.72.209
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.209.72.209 Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a23-209-72-209.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.reversinglabs.com
content-length: 7
date: Thu, 05 Dec 2024 00:28:27 GMT
content-type: text/html
access-control-allow-headers: *

GET
H2 200 / Show response
ipv6.6sc.co/ 22 B
318 B 215ms
63ms XHR
text/html 2600:141b:1c00:2e::17d1:48c5
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:2e::17d1:48c5 Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: /
Resource Hash: 47b58bf0775945413f0f4c88b1f9372c5e00a425d7709fa21628d0773e3078aa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: 2600:803:a88:3254::254
expires: Thu, 05 Dec 2024 00:28:27 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1733358507664_399550021_150355446_14_558_8_30_219";dur=1
access-control-allow-origin: https://www.reversinglabs.com
content-length: 22
date: Thu, 05 Dec 2024 00:28:27 GMT
content-type: text/html
vary: Origin

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 224ms
61ms Image
image/gif 23.219.82.42
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=a627422c-97bb-4814-8122-39a1990a5f9c&session=a69645bd-3dcb-4e98-8950-3223a591096a&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2005%20Dec%202024%2000%3A28%3A27%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&pageViewId=9fdde313-1cf6-416f-8be4-4d4b45093095&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.219.82.42 New York, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-219-82-42.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f02dad-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 05 Dec 2024 00:28:27 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 05 Dec 2024 00:28:27 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 223ms
60ms Image
image/gif 23.219.82.42
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=a627422c-97bb-4814-8122-39a1990a5f9c&session=a69645bd-3dcb-4e98-8950-3223a591096a&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2005%20Dec%202024%2000%3A28%3A27%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22125cf4892bae30e8b53458235ef53f8d%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2005%20Dec%202024%2000%3A28%3A27%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2005%20Dec%202024%2000%3A28%3A27%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&pageViewId=9fdde313-1cf6-416f-8be4-4d4b45093095&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.219.82.42 New York, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-219-82-42.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 05 Dec 2024 00:28:27 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 05 Dec 2024 00:28:27 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 33ms
32ms Image
image/gif 23.219.82.42
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=a627422c-97bb-4814-8122-39a1990a5f9c&session=a69645bd-3dcb-4e98-8950-3223a591096a&event=ipv6&q=%7B%22address%22%3A%222600%3A803%3Aa88%3A3254%3A%3A254%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&pageViewId=9fdde313-1cf6-416f-8be4-4d4b45093095&ipv6=2600%3A803%3Aa88%3A3254%3A%3A254&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.219.82.42 New York, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-219-82-42.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 05 Dec 2024 00:28:27 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 05 Dec 2024 00:28:27 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 48ms
48ms Image
image/gif 23.219.82.42
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=a627422c-97bb-4814-8122-39a1990a5f9c&session=a69645bd-3dcb-4e98-8950-3223a591096a&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2005%20Dec%202024%2000%3A28%3A28%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2005%20Dec%202024%2000%3A28%3A27%20GMT%22%2C%22timeSpent%22%3A%221009%22%2C%22totalTimeSpent%22%3A%221009%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&pageViewId=9fdde313-1cf6-416f-8be4-4d4b45093095&ipv6=2600%3A803%3Aa88%3A3254%3A%3A254&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.219.82.42 New York, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-219-82-42.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f020a0-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 05 Dec 2024 00:28:28 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 05 Dec 2024 00:28:28 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 49ms
49ms Image
image/gif 23.219.82.42
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=a627422c-97bb-4814-8122-39a1990a5f9c&session=a69645bd-3dcb-4e98-8950-3223a591096a&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2005%20Dec%202024%2000%3A28%3A29%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2005%20Dec%202024%2000%3A28%3A28%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222010%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&pageViewId=9fdde313-1cf6-416f-8be4-4d4b45093095&ipv6=2600%3A803%3Aa88%3A3254%3A%3A254&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.219.82.42 New York, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-219-82-42.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 05 Dec 2024 00:28:29 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 05 Dec 2024 00:28:29 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 74ms
73ms Image
image/gif 23.219.82.42
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=a627422c-97bb-4814-8122-39a1990a5f9c&session=a69645bd-3dcb-4e98-8950-3223a591096a&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2005%20Dec%202024%2000%3A28%3A30%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2005%20Dec%202024%2000%3A28%3A29%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223010%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&pageViewId=9fdde313-1cf6-416f-8be4-4d4b45093095&ipv6=2600%3A803%3Aa88%3A3254%3A%3A254&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.219.82.42 New York, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-219-82-42.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 05 Dec 2024 00:28:30 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 05 Dec 2024 00:28:30 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 65ms
65ms Image
image/gif 23.219.82.42
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=a627422c-97bb-4814-8122-39a1990a5f9c&session=a69645bd-3dcb-4e98-8950-3223a591096a&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2005%20Dec%202024%2000%3A28%3A31%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2005%20Dec%202024%2000%3A28%3A30%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224011%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fmalware-found-in-solana-npm-library-with-50m-downloads&pageViewId=9fdde313-1cf6-416f-8be4-4d4b45093095&ipv6=2600%3A803%3Aa88%3A3254%3A%3A254&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.219.82.42 New York, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-219-82-42.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.reversinglabs.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 05 Dec 2024 00:28:31 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 05 Dec 2024 00:28:31 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

Verdicts & Comments Add Verdict or Comment

93 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

28 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.reversinglabs.com/	1970-01-21 01:29:20	Name: __cf_bm Value: hW3_REypNfiGp4C0dO1gE0QqSnYKw7jDBytQXrrZG2w-1733358505-1.0.1.1-Z_T4ZjKJewjGYwIyx5RBfeNqI8vQK9Qg_ph4Bv0cjaEDc4L3_7K_WyvCTylWAjj77fkyUwjVD3.9MnjDajdFrQ
.www.reversinglabs.com/	1969-12-31 23:59:59	Name: _cfuvid Value: dFuaKZNJB77McVMRqALtS4lZ2.OpAh6lsdx7UuXOOt8-1733358505723-0.0.1.1-604800000
.ws.zoominfo.com/	1970-01-21 10:14:54	Name: visitorId Value: bec92ac427ea88c05b533fe2361d3b2206a66e0916046d4821a261a2128a9f15
.zoominfo.com/	1970-01-21 01:29:20	Name: __cf_bm Value: NqAtJEqja8spH.BY6RZSP5b3hIR2kOPFmHTqgCu9ETI-1733358506-1.0.1.1-KjJtB.D9Iibs_DNFEK052xyLRIca6HFP22kJd13avxCxJ6sU9Liszn2Eb0VhfxQZSzn4q43JkFn3Lif8lKwUUQ
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: WXr8.J5EmwVdf7MFvZZXcBmyalRfbOJdJ0MNYoWRkyE-1733358506250-0.0.1.1-604800000
.hubspot.com/	1970-01-21 01:29:20	Name: __cf_bm Value: G_qXwHTh.Es.iY5xCzKqKtIeNlC9mQUSG1S9zvdlyVs-1733358506-1.0.1.1-_PGt8z2Ygo1NIPPeSKeutcPmYH5UgPDHq9oazxLHzD2Xl.JeHiROHqsQ_Rs6723e.cv4nBYm5yyNzuO25e4jUw
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: UqXuPgzo2hsvVlatj2Juj_L3sAMN_L6nff2WtLw9CcY-1733358506340-0.0.1.1-604800000
.hsforms.com/	1970-01-21 01:29:20	Name: __cf_bm Value: O1f4DmI0hn.4BbK3o1mxeAuD1p3nqUTBY2fq4_k5D6k-1733358506-1.0.1.1-nSTqlsos3kUhftkJoZjo9J0PhsjbPv8c.CnrT6rM6jK9fRwS.YwmbytjnE35kzi8Im_DjRWtmP545W_5C5U4Dg
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: XQLjaLT8RYEv9Au3HtbbX_DBBo2Q.kprPAHLEuyrNHw-1733358506526-0.0.1.1-604800000
.reversinglabs.com/	1970-01-21 03:38:54	Name: _gcl_au Value: 1.1.2009702333.1733358507
.reversinglabs.com/	1970-01-21 11:05:18	Name: _ga_JVM9Z1XQPL Value: GS1.1.1733358506.1.0.1733358506.60.0.0
.reversinglabs.com/	1970-01-21 11:05:18	Name: _ga Value: GA1.1.818400528.1733358507
.reversinglabs.com/	1970-01-21 05:48:30	Name: __hstc Value: 60854195.cec89e0f9fe244135fb70acece8b8bad.1733358507072.1733358507072.1733358507072.1
.reversinglabs.com/	1970-01-21 05:48:30	Name: hubspotutk Value: cec89e0f9fe244135fb70acece8b8bad
.reversinglabs.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.reversinglabs.com/	1970-01-21 01:29:20	Name: __hssc Value: 60854195.1.1733358507072
.reversinglabs.com/	1970-01-21 11:05:18	Name: vid Value: 076aae4b-3510-4be5-b4b8-6f5607e988da
.reversinglabs.com/	1970-01-21 01:29:20	Name: _pf_ses.a398 Value: *
.reversinglabs.com/	1970-01-21 11:05:18	Name: _pf_id.a398 Value: 076aae4b-3510-4be5-b4b8-6f5607e988da.1733358507.1.1733358507..6a5af75c-f626-4dad-b931-5f3088a10451..b6fad98d-fbb5-4f2d-89d7-74332613a615.1733358507206.2
.doubleclick.net/	1970-01-21 11:05:18	Name: IDE Value: AHWqTUl2MMU28ZA6Ec4w3320E4fVKW5VwBKmOZ3hPVIGe66f06TimWJ6fyZILh0t
www.reversinglabs.com/	1970-01-21 11:05:18	Name: _gd_visitor Value: a627422c-97bb-4814-8122-39a1990a5f9c
www.reversinglabs.com/	1970-01-21 01:29:32	Name: _gd_session Value: a69645bd-3dcb-4e98-8950-3223a591096a
.linkedin.com/	1970-01-21 03:38:54	Name: li_sugr Value: 7edfe9c8-0604-4220-8b81-09e1917f0bef
.linkedin.com/	1970-01-21 10:14:54	Name: bcookie Value: "v=2&f4785c7e-523d-4949-8c82-d7f2110b9e10"
.linkedin.com/	1970-01-21 01:30:44	Name: lidc Value: "b=OGST02:s=O:r=O:a=O:p=O:g=3420:u=1:x=1:i=1733358507:t=1733444907:v=2:sig=AQFSeHOHnEUGDo7Ht8azTUr632HCZjka"
.linkedin.com/	1970-01-21 02:12:30	Name: UserMatchHistory Value: AQIgZasxgscjSAAAAZOUN9bhIy_7v0auAEDovy1zLzovKO-O70jzm7NwXgsM_m-U35xLEGafazJYHA
.linkedin.com/	1970-01-21 02:12:30	Name: AnalyticsSyncHistory Value: AQLgEzD5wdfkbgAAAZOUN9bheKcFC9LL34EMEGYz_RPtg7tGUFrqKUuya7sgxB9WzjEnhg7wCm-nKm8R86mI0A
.www.linkedin.com/	1970-01-21 10:14:54	Name: bscookie Value: "v=1&202412050028270fba22bd-e735-4bf7-8e91-fb72e7cb374cAQG9Zi5QD7Xc_UxEvcBrW50aJ_IDjWbi"

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://js.hscollectedforms.net/collectedforms.js(Line 1) Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://js.hscollectedforms.net/collectedforms.js(Line 1) Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=AW-970567826(Line 254) Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=AW-970567826(Line 254) Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=AW-970567826(Line 254) Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=AW-970567826(Line 254) Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=AW-970567826(Line 576) Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://www.googletagmanager.com/gtag/destination?id=AW-970567826&l=dataLayer&cx=c&gtm=45He4c30v856083864za200(Line 254) Message: The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	Content-Security-Policy: frame-ancestors 'self' http://reversinglabs.lookbookhq.com https://reversinglabs.lookbookhq.com http://reversinglabs.pathfactory.com https://reversinglabs.pathfactory.com http://content.reversinglabs.com https://content.reversinglabs.com; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3375217.fs1.hubspotusercontent-na1.net
7052064.fs1.hubspotusercontent-na1.net
analytics.google.com
api.hubapi.com
app.hubspot.com
b.6sc.co
c.6sc.co
cdn-app.pathfactory.com
cdn2.hubspot.net
cdnjs.cloudflare.com
cookieinfoscript.com
cta-service-cms2.hubspot.com
fonts.googleapis.com
fonts.gstatic.com
forms.hscollectedforms.net
forms.hsforms.com
forms.hubspot.com
googleads.g.doubleclick.net
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
js.hubspot.com
js.usemessages.com
jukebox.pathfactory.com
perf-na1.hsforms.com
play.vidyard.com
px.ads.linkedin.com
px4.ads.linkedin.com
snap.licdn.com
spcollector.pathfactory.com
stats.g.doubleclick.net
td.doubleclick.net
track.hubspot.com
ws.zoominfo.com
www.google.com
www.googletagmanager.com
www.linkedin.com
www.reversinglabs.com
13.107.42.14
151.101.129.181
23.209.72.209
23.219.82.42
2600:141b:1c00:2e::17d1:48c5
2600:141b:1c00:6::17df:d12e
2606:2c40::c73c:671f
2606:4700:3031::ac43:992e
2606:4700:4400::6812:297c
2606:4700:4400::ac40:9284
2606:4700:4400::ac40:9310
2606:4700::6810:4e8e
2606:4700::6810:6efe
2606:4700::6810:7574
2606:4700::6810:762b
2606:4700::6810:7674
2606:4700::6810:a0a8
2606:4700::6811:180e
2606:4700::6811:df98
2606:4700::6812:50cc
2606:4700::6812:593e
2606:4700::6812:8a11
2606:4700::6812:f06c
2607:f8b0:4004:c17::9d
2607:f8b0:4006:80b::200e
2607:f8b0:4006:81c::2004
2607:f8b0:4006:81e::2002
2607:f8b0:4006:81e::200a
2607:f8b0:4006:820::2003
2607:f8b0:4006:823::2002
2607:f8b0:4006:824::2008
2620:1ec:21::14
34.234.192.74
52.85.61.101
54.82.9.148
027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f
05ff91703fa482062b851d83b00e7663ef9d2001e01eaa126430e417d8e28aaa
0927046a7f82a1f6e6e48d1115be04d8e053922775f03d0fdecef3b60e92f8cb
0ab31a97c236988bb6e415187b2197cdbf689664173015dffd6da8eb96b1626f
0dfb8a4f0e66f0abb9e8239cbe358c97529d922c53d4c2eb5fa6eb1e67e96495
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44
1039d8c6d5ca0ae27a058e460a3496ac932a0ed7b21496e3a7be5063c605ac5a
14b6cfd9b2a41bf5ee498086b1fbe2e8a31b1f99d5e040d55bdbe2d95702b6ac
170d7b2dda1cde0aad9938ebc0e3f7f1e08b01221eead69e14784fdb089543b6
177628e7287755e9c42cb9adcee0d7b59183e2c1c9480a047005b39d806089c2
1e4124ac3ba8566fdb48882303b3dc79550e1fe2ab1a6109d78382ccdac38964
21152971983ab0f08638f7bc1619a54efd4d9f3115ffdef92c151b9b9d1a109d
25462e537585513efd706d55cf4cd890b30f382ab96c0f6df75c41c1095d58ed
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2c76335772ae09c1a16f3880e071182927c17675b8c840ded7bf28b143173c5d
3285bcb9d2cceb230fbf86b24a634642c64def207ba5dac3a45e047083cdbeeb
356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1
39208800407b87513c1267bee9045561798686b1da74098d0db23c6d078ee528
401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56
4148e3a63ce465febc1d0846c430bf4e2f823693545e1c515fe7d346aa28b94e
42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
46c40fb973de87b70f9c738df7e9dc501f85fda35e5aac8aead035ee6957a625
47b58bf0775945413f0f4c88b1f9372c5e00a425d7709fa21628d0773e3078aa
4ba0b3e91e7afb982fa05b7b66105a034da389a10053de446df0dc28aa13cab2
4dbd328e347e890a801d51f9a5f8d38a3efd51ec34c0aa22cc83d0a95d6d9d71
4efd6ac6efe7860c8db3d414ff2302db7c424675da9d6664631a307ce3d171a7
517ac414b146f5dbd04e71c0dc75310abf622120581b49401b58e99feadd7f53
518f0947e029f5b0809a292555f7f2da0ec3a796347592fe03e39c58bc0dcdf0
5592f69f775f04be1351b0173de00d70f3cd85fdaf326bdd015f50276d262f09
55b1006b347eb7807658bdfc559d2c34e5795f4df66ac0d3cbd3f77dda439332
55f6354d2bebf24313bda79afb55b17dbdc31407ccee03891102157df10c28b9
55f69d474ed06ec6f964fd3a64f5ad272c3fcf8b1e11f7a43ebd1064470aa7ed
58168bfbf38fc188d5ef3acd789e8a539011bfb9d2069bc5bd6849befb279982
582cc085dd8fea044917d1efde838e77e845262fd025bbfe0339f808607c81f6
5ed9a7c5b8fd6895571a9ae07845a7859ae126e8742ab1773522ea818a94f53b
6689a9d869a10995049ca05b9538b925c78b3ba6bc6acf6a1fa873b1c89cdab2
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6bd793e9209770810c1b30d46570a35840ba2dd5a4b36fc272dbbe6f12cfdf70
6f838aeb596a308dda6f23d48356a84bf857f18fc5045c91b6e90b78cdda17fa
78c615d62a4697a86ca5242c12f0dad29a2e8ed9b48fe381455f4d85754732d5
7d87a464ca9e78b053f9618e14a9fb98eff1221d10d99d33b91f7982eaac301d
816360b9246cc268283dad1c2dae8f48e40df1cee8b234412201f4a03541e4a2
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
9103cd19fa0db417520474c8682d15529708804e7d5dcee981c8a19a7c083875
96cdc75cd018c0937835edcaa7cf6e1048f02ccabfdeeb8641fced7969a4d36e
9928340ab66ea3b57ea2649c3ebb0d6f28fcc0ccc2adf47a623316bdedf12250
9a9774e106f301110cb4a082fc13cde2ce4534f87a0ad3553d1231605ad902e6
9c63c167d6ff0aa2edead131abb184ea39ee633ccbdedb7e7605d79c2d647e24
9dad1c0db8f609fc3fa93ed9a02f23f1fde3497445fa1f83c71f0816376f7cd6
a0db68a93d1f97f0fb1224f0734697114c7abc9fc403c920fb05f88a10b4db79
a1fd7c4306f905dd7c185853f3ea95970a8e6e791952279f1d980c3922affa8e
a3e647bd139028a8b14cd0c42545d61fe316a4a42436a5602b44df99d8d416f3
a9dc9cd171f55799b87446295332a09a0a9718bd4989060e506356cfb71faa03
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
af932008050c207bc5048971cbcc232b43aadb8c5238e86edd51d5dda25c3e57
afcb95431b4036fd54fe79de411493352c550220beb8328f459663da5bc1b552
b16a4679121aaed1af82b388c054e2c03a705e1eba9b40707b6b3887feb90ac5
b5701331866f8f8c1d44131f470563c752684d58bacfd307e4b6c7425ba75d6d
b5a102aed533390e53f0c3da4a28fd5a0c882afb2d67abd36ae78e418f2d9e5d
b9c76c626ca0867c2ff3ccbc3e5c947b616e1903cb33ca9f983e57d7b8bb6357
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c1bc4f3b69fe1af636fd63624fc839f41d97e85a960466659d63eea0e2b9fc65
c57865ec6a6956797b18dc7d23a3ade16e7ced5271f4dc0796b2ed0a10f934dc
c9fd0b426d23efe54c710842ea63121ca54723479b4a2b2df6277feac5c65a6a
ca9ead1a878c5a474808166462389da9859bbe06ee7c5e4365029c8062709121
cb5224674e43d02db0037517f4aa29ba5ce9ddd0672e513cc7289714ba657522
d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99
d4d858c8735257088f8afec4218614b0de5de80c4740a1e3d85177d32fcf59f2
d5ecf2f6d5b7937dd1aa50165b89193436347d55cb130951d41e028b1f09d3af
d6f514ddc18e496f04ad9fad4afcec13d365dfa49efa5dac94d6fff64b95a623
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
d93b78eaaa39dc1ea560737996475a00e2f693a09076a297ff90c82077eec076
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
da0183f97db8d8d2af9a74abfdf38270689dec5cc34c7b0ec229ba69e9bcc756
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c
e887f9689786e61459f690a63080939da231993f9c51c8c958f58fe764844b3d
e9a502929c5dd3ddd472b4124271a27e6342ee3f71099482a29d1da9b0c23d4b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efa4aed518b4728e6d4b4bdd1c5fe289c63a0d071a4edf329f560171f6e7b472
f47aa969619f178b67d4389394ec57831c62a4e4c927c492b8a5d42958926afc
f830fc725604d44e7c515aa21901c2273aefbf5e1bd3ab4e43b61cf9b82b8f5b
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.reversinglabs.com Open in urlscan Pro 2606:2c40::c73c:671f Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

113 Requests

99 %HTTPS

80 %IPv6

25 Domains

42 Subdomains

36 IPs

1 Countries

1560 kBTransfer

4691 kBSize

28 Cookies

12 Outgoing links

Redirected requests

113 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.reversinglabs.com Open in urlscan Pro
2606:2c40::c73c:671f Public Scan

Screenshot
Live screenshot

Full Image

113
Requests

99 %
HTTPS

80 %
IPv6

25
Domains

42
Subdomains

36
IPs

1
Countries

1560 kB
Transfer

4691 kB
Size

28
Cookies

113 HTTP transactions
1 data transactions