cofense.com Open in urlscan Pro
67.22.136.24 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends
Submission: On November 01 via api (November 1st 2024, 2:11:54 am UTC) from TR — Scanned from CA

Summary HTTP 105 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 32 IPs in 3 countries across 24 domains to perform 105 HTTP transactions. The main IP is 67.22.136.24, located in Canada and belongs to DATABANK-DFW, US. The main domain is cofense.com. The Cisco Umbrella rank of the primary domain is 625562.
TLS certificate: Issued by Thawte TLS RSA CA G1 on August 13th 2024. Valid for: a year.

This is the only time cofense.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
33	67.22.136.24 67.22.136.24	13767 (DATABANK-DFW) (DATABANK-DFW)
8	151.101.1.229 151.101.1.229	54113 (FASTLY) (FASTLY)
2	142.250.80.74 142.250.80.74	15169 (GOOGLE) (GOOGLE)
1	104.17.74.206 104.17.74.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.18.17.5 104.18.17.5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.251.40.195 142.251.40.195	15169 (GOOGLE) (GOOGLE)
3	142.250.65.168 142.250.65.168	15169 (GOOGLE) (GOOGLE)
2	23.204.6.193 23.204.6.193	16625 (AKAMAI-AS) (AKAMAI-AS)
1	142.250.72.100 142.250.72.100	15169 (GOOGLE) (GOOGLE)
3	23.34.59.26 23.34.59.26	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	23.200.3.33 23.200.3.33	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	150.171.28.10 150.171.28.10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	3.229.80.91 3.229.80.91	14618 (AMAZON-AES) (AMAZON-AES)
1	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.173.219.88 18.173.219.88	16509 (AMAZON-02) (AMAZON-02)
1	104.18.19.71 104.18.19.71	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	13.107.253.40 13.107.253.40	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	151.101.66.109 151.101.66.109	54113 (FASTLY) (FASTLY)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
2	216.239.32.181 216.239.32.181	15169 (GOOGLE) (GOOGLE)
1	172.253.122.156 172.253.122.156	15169 (GOOGLE) (GOOGLE)
1	142.250.72.98 142.250.72.98	15169 (GOOGLE) (GOOGLE)
1	142.251.40.99 142.251.40.99	15169 (GOOGLE) (GOOGLE)
1	68.67.160.117 68.67.160.117	29990 (ASN-APPNEX) (ASN-APPNEX)
14	23.200.88.81 23.200.88.81	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	34.200.97.200 34.200.97.200	14618 (AMAZON-AES) (AMAZON-AES)
2	99.83.231.3 99.83.231.3	16509 (AMAZON-02) (AMAZON-02)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	23.96.124.68 23.96.124.68	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	18.173.219.118 18.173.219.118	16509 (AMAZON-02) (AMAZON-02)
3 6	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
105	32

33 67.22.136.24 (Canada)

ASN13767 (DATABANK-DFW, US)
PTR: unknown.dal.cologlobal.com

cofense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.1.229 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.80.74 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.74.206 (None, )

ASN13335 (CLOUDFLARENET, US)

get.cofense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.17.5 (None, )

ASN13335 (CLOUDFLARENET, US)

js.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.40.195 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s38-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.65.168 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s71-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.204.6.193 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-204-6-193.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.72.100 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.34.59.26 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-34-59-26.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.200.3.33 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-200-3-33.deploy.static.akamaitechnologies.com

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 150.171.28.10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.229.80.91 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-229-80-91.compute-1.amazonaws.com

lltrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.173.219.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-219-88.jfk52.r.cloudfront.net

static.oktopost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.19.71 (None, )

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.107.253.40 (Redmond, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.109 (San Francisco, United States)

ASN54113 (FASTLY, US)

extend.vimeocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

404-jhu-612.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.239.32.181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.122.156 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f156.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.72.98 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f2.1e100.net

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.40.99 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f3.1e100.net

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.160.117 (Colonia, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 23.200.88.81 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-200-88-81.deploy.static.akamaitechnologies.com

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.200.97.200 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-97-200.compute-1.amazonaws.com

okt.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.83.231.3 (United States)

ASN16509 (AMAZON-02, US)
PTR: afe865822f884bb48.awsglobalaccelerator.com

eps.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.96.124.68 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

s.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.173.219.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-219-118.jfk52.r.cloudfront.net

v.eps.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.107.42.14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	cofense.com cofense.com — Cisco Umbrella Rank: 625562 get.cofense.com	3 MB
22	6sc.co j.6sc.co — Cisco Umbrella Rank: 5626 c.6sc.co — Cisco Umbrella Rank: 6951 ipv6.6sc.co — Cisco Umbrella Rank: 5794 eps.6sc.co — Cisco Umbrella Rank: 11869 b.6sc.co — Cisco Umbrella Rank: 3611 v.eps.6sc.co — Cisco Umbrella Rank: 16729	24 KB
8	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 311	165 KB
6	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 321 www.linkedin.com — Cisco Umbrella Rank: 646	4 KB
4	clarity.ms www.clarity.ms — Cisco Umbrella Rank: 634 s.clarity.ms — Cisco Umbrella Rank: 7093	29 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 25487 ibc-flow.techtarget.com — Cisco Umbrella Rank: 23670	2 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 348	15 KB
3	google.com www.google.com — Cisco Umbrella Rank: 3 analytics.google.com — Cisco Umbrella Rank: 147
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	266 KB
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 136 td.doubleclick.net — Cisco Umbrella Rank: 192	551 B
2	lltrck.com lltrck.com — Cisco Umbrella Rank: 57756	7 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3657	6 KB
2	gstatic.com fonts.gstatic.com	61 KB
2	qualified.com js.qualified.com — Cisco Umbrella Rank: 16970 app.qualified.com	244 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30	2 KB
1	okt.to okt.to — Cisco Umbrella Rank: 32566	100 B
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 479	698 B
1	google.ca www.google.ca — Cisco Umbrella Rank: 12143	63 B
1	mktoresp.com 404-jhu-612.mktoresp.com	318 B
1	vimeocdn.com extend.vimeocdn.com — Cisco Umbrella Rank: 11454	6 KB
1	oktopost.com static.oktopost.com — Cisco Umbrella Rank: 37857	4 KB
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4482	2 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 784	14 KB
0	google-analytics.com Failed www.google-analytics.com Failed
105	24

	Domain	Requested by
33	cofense.com	cofense.com
12	b.6sc.co	cofense.com
8	cdn.jsdelivr.net	cofense.com cdn.jsdelivr.net js.qualified.com
5	px.ads.linkedin.com	2 redirects snap.licdn.com cofense.com
3	v.eps.6sc.co	j.6sc.co
3	bat.bing.com	www.googletagmanager.com bat.bing.com cofense.com
3	www.googletagmanager.com	cofense.com www.googletagmanager.com
2	s.clarity.ms	www.clarity.ms
2	ibc-flow.techtarget.com	trk.techtarget.com
2	eps.6sc.co	j.6sc.co
2	ipv6.6sc.co	j.6sc.co
2	c.6sc.co	j.6sc.co
2	analytics.google.com	www.googletagmanager.com
2	www.clarity.ms	cofense.com www.clarity.ms
2	lltrck.com	cofense.com
2	munchkin.marketo.net	cofense.com munchkin.marketo.net
2	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	cofense.com js.qualified.com
1	app.qualified.com	js.qualified.com
1	www.linkedin.com	1 redirects
1	okt.to	static.oktopost.com
1	secure.adnxs.com	j.6sc.co
1	www.google.ca	cofense.com
1	td.doubleclick.net	www.googletagmanager.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	404-jhu-612.mktoresp.com	munchkin.marketo.net
1	extend.vimeocdn.com	www.googletagmanager.com
1	trk.techtarget.com	cofense.com
1	static.oktopost.com	cofense.com
1	ws.zoominfo.com	cofense.com
1	snap.licdn.com	www.googletagmanager.com
1	j.6sc.co	cofense.com
1	www.google.com	www.googletagmanager.com
1	js.qualified.com	cofense.com
1	get.cofense.com	cofense.com
0	www.google-analytics.com Failed	www.googletagmanager.com
105	36

This site contains links to these domains. Also see Links.

Domain
support.cofense.com
www.linkedin.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
*.cofense.com Thawte TLS RSA CA G1	`2024-08-13` - `2025-09-13`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
upload.video.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
get.cofense.com WE1	`2024-10-24` - `2025-01-22`	3 months	crt.sh
qualified.com WE1	`2024-09-04` - `2024-12-03`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-12-11`	a year	crt.sh
*.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
6sc.co R10	`2024-09-23` - `2024-12-22`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 03	`2024-09-16` - `2025-03-15`	6 months	crt.sh
lltrck.com Amazon RSA 2048 M03	`2024-06-25` - `2025-07-24`	a year	crt.sh
zoominfo.com E5	`2024-10-12` - `2025-01-10`	3 months	crt.sh
*.oktopost.com Amazon RSA 2048 M02	`2024-07-29` - `2025-08-28`	a year	crt.sh
trk.techtarget.com WE1	`2024-09-20` - `2024-12-19`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2024-09-04` - `2025-09-04`	a year	crt.sh
*.vimeocdn.com GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-09-24` - `2025-10-26`	a year	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-15` - `2025-09-15`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.google.ca WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
okt.to R10	`2024-08-27` - `2024-11-25`	3 months	crt.sh
eps.6sc.co Amazon RSA 2048 M03	`2024-08-27` - `2025-09-25`	a year	crt.sh
ibc-flow.techtarget.com WR3	`2024-10-24` - `2025-01-22`	3 months	crt.sh
a.clarity.ms Microsoft Azure RSA TLS Issuing CA 08	`2024-06-23` - `2025-06-18`	a year	crt.sh
v.eps.6sc.co Amazon RSA 2048 M03	`2024-09-06` - `2025-10-05`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh

This page contains 4 frames:

Primary Page: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends
Frame ID: 454546BB4B97BFDB104F70F25EBF487D
Requests: 100 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fcofense.com
Frame ID: ED860893AD6320A995A057B09004DF21
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-3G76T4W3LR&gacid=1803488111.1730427106&gtm=45je4au0v874289719z8811887192za200zb811887192&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101533422~101823848~101878899~101878944~101925629&z=1627315008
Frame ID: C261A68B322F00B950C388D598FFF77D
Requests: 1 HTTP requests in this frame

Frame: https://app.qualified.com/w/1/H3wWDXLUxD4irieG/messenger?uuid=fe20d3d2-8f91-4edd-a3e0-a45778c3eeb4
Frame ID: F3303D5046E835D35F11565C4A9FD5C1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PythonRatLoader: The Proprietor of XWorm and Friends

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Select2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

select2(?:\.min|\.full)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

105
Requests

97 %
HTTPS

0 %
IPv6

24
Domains

36
Subdomains

32
IPs

3
Countries

4218 kB
Transfer

7089 kB
Size

34
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://support.cofense.com/
Title: Customer Resource Center

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/11500065/

Search URL Search Domain Scan URL

URL: https://twitter.com/cofense

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCbvJmFk-Pwf85UbGI9-EGxw

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 89

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1730427108941&li_adsId=8c9ca756-7a2b-4299-a3f5-55829e04a282&url=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1730427108941&li_adsId=8c9ca756-7a2b-4299-a3f5-55829e04a282&url=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D300721%26time%3D1730427108941%26li_adsId%3D8c9ca756-7a2b-4299-a3f5-55829e04a282%26url%3Dhttps%253A%252F%252Fcofense.com%252Fblog%252Fpythonratloader-the-proprietor-of-xworm-and-friends%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1730427108941&li_adsId=8c9ca756-7a2b-4299-a3f5-55829e04a282&url=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&tm=gtmv2&cookiesTest=true&liSync=true

105 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request pythonratloader-the-proprietor-of-xworm-and-friends Show response
cofense.com/blog/ 110 KB
31 KB 228ms
107ms Document
text/html 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to

Full URL

https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

507ab97bf0c87898d2797d9ad246846da71a627c0099a9837367b3181b8f8f6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 01 Nov 2024 02:11:44 GMT
pragma: no-cache
server: Microsoft-IIS/10.0
strict-transport-security: max-age=31536000; preload
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 overrides.css
cofense.com/getmedia/9b3be26a-9ccd-4a9d-b828-5eba96a847b2/ 4 KB
1 KB 64ms
60ms Stylesheet
text/css 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to

Full URL

https://cofense.com/getmedia/9b3be26a-9ccd-4a9d-b828-5eba96a847b2/overrides.css

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

436e32b44d51d29567288837a6de81a759a8ce7149f860054cfde98439947d36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
content-encoding: gzip
etag: "638654460966475318"
expires: Fri, 01 Nov 2024 02:11:44 GMT
accept-ranges: bytes
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/css
vary: Accept-Encoding
server: Microsoft-IIS/10.0
content-disposition: attachment; filename=overrides.css

GET
H2 200 select2.min.css
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/ 16 KB
3 KB 72ms
19ms Stylesheet
text/css 151.101.1.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

cda4a81c187015d95ed2c71f1841540b08203cdec5fa2a7d5d1825a3c2166f8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"3f88-kT+fe5U1rseQyjzp1uNaz682mZM"
age: 2560238
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/css; charset=utf-8
x-served-by: cache-fra-etou8220046-FRA, cache-yyz4522-YYZ
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2487
x-jsd-version: 4.1.0-rc.0

GET
H2 200 select2-bootstrap-5-theme.min.css
cdn.jsdelivr.net/npm/select2-bootstrap-5-theme@1.3.0/dist/ 30 KB
3 KB 74ms
22ms Stylesheet
text/css 151.101.1.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/select2-bootstrap-5-theme@1.3.0/dist/select2-bootstrap-5-theme.min.css

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5cb35411fccf18705e4ad112d836cb514459ddeefddc169b970cc99588fa5b64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"79f7-5G/TiAQCk54xQncw6tfE2aCNj/M"
age: 1349518
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/css; charset=utf-8
x-served-by: cache-fra-etou8220119-FRA, cache-yyz4522-YYZ
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2941
x-jsd-version: 1.3.0

GET
H2 200 style-v7bPClf9.css
cofense.com/dist/ 229 B
304 B 60ms
58ms Stylesheet
text/css 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/dist/style-v7bPClf9.css
Requested by: Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),
Reverse DNS: unknown.dal.cologlobal.com
Software: Microsoft-IIS/10.0 /
Resource Hash: febc71a3f819d7821523fc782da8983bf0352f78b2992a728803b72242330eeb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

cache-control: public,max-age=604800
content-encoding: gzip
etag: "1dafa40b7d6a765"
age: 505
accept-ranges: bytes
content-length: 166
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/css
last-modified: Thu, 29 Aug 2024 18:24:43 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0

GET
H2 200 main-wDmBen1L.js Show response
cofense.com/dist/ 1 KB
748 B 60ms
58ms Script
text/javascript 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/dist/main-wDmBen1L.js
Requested by: Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),
Reverse DNS: unknown.dal.cologlobal.com
Software: Microsoft-IIS/10.0 /
Resource Hash: ec5b074bf1baebbd939e090cef41f6b68d6e463f76d08d0d821b8708f151da78

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cofense.com
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

cache-control: public,max-age=604800
content-encoding: gzip
etag: "1dafa40b73e15b0"
age: 505
accept-ranges: bytes
content-length: 632
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/javascript
last-modified: Thu, 29 Aug 2024 18:24:42 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
1 KB 133ms
57ms Stylesheet
text/css 142.250.80.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Mulish:ital,wght@0,200..1000;1,200..1000&display=swap

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.74 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f10.1e100.net

Software

ESF /

Resource Hash

0629ffe9dd35cc0a4e1591a1cb8e147eb51417711bfd027d83a3d7a51df5a8ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 02:11:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Fri, 01 Nov 2024 01:05:20 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 bootstrap-icons.min.css
cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/ 84 KB
13 KB 72ms
21ms Stylesheet
text/css 151.101.1.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f643d6fe7e679f9de3e16311600c5ef5cd6b098f7a3a8828fcc29255d2b33e62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"14f73-BDozLk9VXMC/015FG+lVtLk5ZqA"
age: 1357637
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/css; charset=utf-8
x-served-by: cache-fra-eddf8230079-FRA, cache-yyz4522-YYZ
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 13300
x-jsd-version: 1.11.3

GET
H2 200 style.css
cofense.com/getmedia/d400b250-5d70-459f-a900-fce1ede7dbcc/ 430 KB
98 KB 61ms
60ms Stylesheet
text/css 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to

Full URL

https://cofense.com/getmedia/d400b250-5d70-459f-a900-fce1ede7dbcc/style.css

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

4f37e3f0d90faba16ef163709a7e9f712dff278eafa2655dafb7bf67b7bd39f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
content-encoding: gzip
etag: "638592261697543622"
expires: Fri, 01 Nov 2024 02:11:44 GMT
accept-ranges: bytes
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/css
vary: Accept-Encoding
server: Microsoft-IIS/10.0
content-disposition: attachment; filename=style.css

GET
H2 200 loggerv2.js Show response
cofense.com/kentico.resource/activities/kenticoactivitylogger/ 1 KB
681 B 164ms
158ms Script
application/javascript 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to

Full URL

https://cofense.com/kentico.resource/activities/kenticoactivitylogger/loggerv2.js?webPageIdentifier=b0f5ecf5-6e93-4eb5-85c6-686138a58280&languageName=en&logPageVisit=True&logCustomActivity=True&functionName=kxt

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

8f7ff12960d3bd521a6bbde1fe643cf4a96332daa014e8e66db9b332b77fe348

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
content-encoding: gzip
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: application/javascript
vary: Accept-Encoding
server: Microsoft-IIS/10.0

GET
H2 200 pwp.js Show response
cofense.com/_content/XperienceCommunity.PartialWidgetPage/ 656 B
547 B 62ms
60ms Script
text/javascript 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/_content/XperienceCommunity.PartialWidgetPage/pwp.js
Requested by: Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),
Reverse DNS: unknown.dal.cologlobal.com
Software: Microsoft-IIS/10.0 /
Resource Hash: cd2a9fbd67c38c06607ba066756d27656048a703432d3359b53aa6c0d4ab3424

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cofense.com
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

cache-control: public,max-age=604800
content-encoding: gzip
etag: "1db1a45f438f010"
age: 505
accept-ranges: bytes
content-length: 443
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/javascript
last-modified: Wed, 09 Oct 2024 12:22:49 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0

GET
H2 200 forms2.min.js Show response
get.cofense.com/js/forms2/js/ 199 KB
67 KB 189ms
65ms Script
application/x-javascript 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://get.cofense.com/js/forms2/js/forms2.min.js

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f144e3bc13095ce7d1b638b1b2cc50b52cd12312cba1323706f6e71e8ded1e2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "2561065-31b91-625a94adf43bc"
x-content-type-options: nosniff
cf-ray: 8db85b1d9c8dab4c-YYZ
expires: Fri, 01 Nov 2024 06:11:44 GMT
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: application/x-javascript
last-modified: Wed, 30 Oct 2024 03:28:16 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 qualified.js Show response
js.qualified.com/ 1 MB
244 KB 145ms
81ms Script
text/javascript 104.18.17.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.qualified.com/qualified.js?token=H3wWDXLUxD4irieG

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.17.5 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc1d85ff2d8c2574595030f8e70c00cf11616984c87893dfb4a47f45965f276d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

x-request-id: 8eeddd34-1ff3-4999-8a50-8726819a488e
content-encoding: gzip
cf-cache-status: HIT
etag: W/"ba1f3e0543846b1a09a6565751b8d4c2"
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
x-cache: miss
date: Fri, 01 Nov 2024 02:11:45 GMT
content-type: text/javascript; charset=utf-8
vary: Accept,Accept-Encoding
x-runtime: 0.027747
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains
cache-control: max-age=60, public, stale-while-revalidate=60, stale-if-error=300, s-maxage=86400
x-envoy-upstream-service-time: 54
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8db85b1edf60ab45-YYZ
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 Picture1.png
cofense.com/getmedia/136b519c-49a9-472f-b256-ebeda75e8635/ 474 KB
475 KB 102ms
101ms Image
image/png 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cofense.com/getmedia/136b519c-49a9-472f-b256-ebeda75e8635/Picture1.png

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

2904e4f687acd0e43536d45462f316ece5824a214f3f260fde65811d9fdc6f8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
etag: "638657941677519100"
expires: Fri, 01 Nov 2024 02:11:44 GMT
accept-ranges: bytes
content-length: 485528
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: image/png
content-disposition: inline; filename=Picture1.png
server: Microsoft-IIS/10.0

GET
H2 200 Picture2.png
cofense.com/getmedia/06d6f055-761d-4ab9-ad6d-f11f54b2bee9/ 91 KB
91 KB 216ms
214ms Image
image/png 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cofense.com/getmedia/06d6f055-761d-4ab9-ad6d-f11f54b2bee9/Picture2.png

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

242551eae20bd945d7baf8cc13356de51ce6ddd50d569965d46980ae5a68bcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
etag: "638657941679296009"
expires: Fri, 01 Nov 2024 02:11:44 GMT
accept-ranges: bytes
content-length: 93329
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: image/png
content-disposition: inline; filename=Picture2.png
server: Microsoft-IIS/10.0

GET
H2 200 Picture3.png
cofense.com/getmedia/d45ecaaa-e1af-4e36-ae12-16ba0d52d539/ 17 KB
17 KB 66ms
58ms Image
image/png 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cofense.com/getmedia/d45ecaaa-e1af-4e36-ae12-16ba0d52d539/Picture3.png

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

5bad8f5fa70dff2094672e0c47dfc03581e4117035a6af98f37f100354adc9c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
etag: "638657941679231810"
expires: Fri, 01 Nov 2024 02:11:45 GMT
accept-ranges: bytes
content-length: 17658
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: image/png
content-disposition: inline; filename=Picture3.png
server: Microsoft-IIS/10.0

GET
H2 200 Picture4.png
cofense.com/getmedia/8d50de55-45c1-401b-8071-c32ec2047fc6/ 141 KB
141 KB 68ms
61ms Image
image/png 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cofense.com/getmedia/8d50de55-45c1-401b-8071-c32ec2047fc6/Picture4.png

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

799630203686c1213463bab06da52871aa85c0bd0d514681306f67e345ec5e6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
etag: "638657941679172472"
expires: Fri, 01 Nov 2024 02:11:45 GMT
accept-ranges: bytes
content-length: 144688
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: image/png
content-disposition: inline; filename=Picture4.png
server: Microsoft-IIS/10.0

GET
H2 200 Picture5.png
cofense.com/getmedia/9e9a202e-0c01-41a1-8fca-235e04e671f8/ 115 KB
115 KB 138ms
131ms Image
image/png 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cofense.com/getmedia/9e9a202e-0c01-41a1-8fca-235e04e671f8/Picture5.png

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

b330f6980aa961223121ea9b45749e576319215b2c58e97f06b9498d8b77393d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
etag: "638657941679116344"
expires: Fri, 01 Nov 2024 02:11:45 GMT
accept-ranges: bytes
content-length: 117389
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: image/png
content-disposition: inline; filename=Picture5.png
server: Microsoft-IIS/10.0

GET
H2 200 Picture6.png
cofense.com/getmedia/bf2363fc-3b52-4d5c-aa52-61bf9e9e9ff9/ 58 KB
58 KB 164ms
158ms Image
image/png 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cofense.com/getmedia/bf2363fc-3b52-4d5c-aa52-61bf9e9e9ff9/Picture6.png

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

d2a1cc05a4d35deb300898446bded41ec2bf63e0b3a540acc84a98a62a897781

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
etag: "638657941679058487"
expires: Fri, 01 Nov 2024 02:11:45 GMT
accept-ranges: bytes
content-length: 59458
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: image/png
content-disposition: inline; filename=Picture6.png
server: Microsoft-IIS/10.0

GET
H2 200 Picture7.png
cofense.com/getmedia/cd4db322-758a-4d8b-bc67-19a00857561e/ 692 KB
692 KB 165ms
160ms Image
image/png 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cofense.com/getmedia/cd4db322-758a-4d8b-bc67-19a00857561e/Picture7.png

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

9aedf78127e583840b5239eb17807f0388b96879f9a7b7295710a3b7a57aef37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
etag: "638657941679000733"
expires: Fri, 01 Nov 2024 02:11:45 GMT
accept-ranges: bytes
content-length: 708262
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: image/png
content-disposition: inline; filename=Picture7.png
server: Microsoft-IIS/10.0

GET
H2 200 Picture8.png
cofense.com/getmedia/35aeb806-8aca-48b9-85d6-fcb8b2344701/ 65 KB
65 KB 220ms
216ms Image
image/png 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cofense.com/getmedia/35aeb806-8aca-48b9-85d6-fcb8b2344701/Picture8.png

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

fd22442dcc43608fde0fcc6bdff703d4208ad751cdb474d36a4072c17835262a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
etag: "638657941678938374"
expires: Fri, 01 Nov 2024 02:11:45 GMT
accept-ranges: bytes
content-length: 66428
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: image/png
content-disposition: inline; filename=Picture8.png
server: Microsoft-IIS/10.0

GET
H2 200 Picture9.png
cofense.com/getmedia/e2c7447f-0c5f-4d93-9854-4c64f3fab34b/ 262 KB
263 KB 219ms
215ms Image
image/png 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cofense.com/getmedia/e2c7447f-0c5f-4d93-9854-4c64f3fab34b/Picture9.png

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

377a5b48b21d2d2d4f499c56d23c40e9477ff8deadbbcf6f531f838ad844958d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
etag: "638657941678875947"
expires: Fri, 01 Nov 2024 02:11:45 GMT
accept-ranges: bytes
content-length: 268718
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: image/png
content-disposition: inline; filename=Picture9.png
server: Microsoft-IIS/10.0

GET
H2 200 Picture10.png
cofense.com/getmedia/a1599fb9-8327-4839-b30c-72819083e843/ 192 KB
192 KB 222ms
217ms Image
image/png 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cofense.com/getmedia/a1599fb9-8327-4839-b30c-72819083e843/Picture10.png

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

74d49e38c73633eb87d6960d89d2729e33595ef656afb2d36f51f037ad7ff748

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
etag: "638657941678815242"
expires: Fri, 01 Nov 2024 02:11:45 GMT
accept-ranges: bytes
content-length: 196853
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: image/png
content-disposition: inline; filename=Picture10.png
server: Microsoft-IIS/10.0

GET
H2 200 Picture11.png
cofense.com/getmedia/15118efd-030e-42c3-8a0c-725f7f3bdead/ 114 KB
114 KB 223ms
219ms Image
image/png 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cofense.com/getmedia/15118efd-030e-42c3-8a0c-725f7f3bdead/Picture11.png

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

9a996c7eee4608006128780012bd9e00bcd11f621b6bf1621f241132dd2ac5f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
etag: "638657941678754883"
expires: Fri, 01 Nov 2024 02:11:45 GMT
accept-ranges: bytes
content-length: 116433
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: image/png
content-disposition: inline; filename=Picture11.png
server: Microsoft-IIS/10.0

GET
H2 200 Picture12.png
cofense.com/getmedia/cbec54f5-2757-4462-b8c3-edd9b8a38914/ 175 KB
175 KB 298ms
294ms Image
image/png 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cofense.com/getmedia/cbec54f5-2757-4462-b8c3-edd9b8a38914/Picture12.png

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

e6be50c6ecb457eb94f871ac1c43a38454e8f08a813a05e938b68c0d4557f835

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
etag: "638657941678668540"
expires: Fri, 01 Nov 2024 02:11:45 GMT
accept-ranges: bytes
content-length: 178834
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: image/png
content-disposition: inline; filename=Picture12.png
server: Microsoft-IIS/10.0

GET
H2 200 Picture13.png
cofense.com/getmedia/2e3daea7-e98e-4050-b5ef-a18bfe163619/ 164 KB
164 KB 299ms
295ms Image
image/png 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cofense.com/getmedia/2e3daea7-e98e-4050-b5ef-a18bfe163619/Picture13.png

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

9f3f5acfd67619e7a756c19f79f3b76d67755dbacd3283c933c3459417daad96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
etag: "638657941678605575"
expires: Fri, 01 Nov 2024 02:11:45 GMT
accept-ranges: bytes
content-length: 167665
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: image/png
content-disposition: inline; filename=Picture13.png
server: Microsoft-IIS/10.0

GET
H2 200 Picture14.png
cofense.com/getmedia/be52b63d-137d-4f9c-9bbf-1e6eb4bea257/ 55 KB
56 KB 300ms
296ms Image
image/png 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cofense.com/getmedia/be52b63d-137d-4f9c-9bbf-1e6eb4bea257/Picture14.png

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

cf12ec462fae2f1a4e9fc0ef76722de03135ad53b14282f16e1a4ea7908379d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
etag: "638657941678549497"
expires: Fri, 01 Nov 2024 02:11:45 GMT
accept-ranges: bytes
content-length: 56745
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: image/png
content-disposition: inline; filename=Picture14.png
server: Microsoft-IIS/10.0

GET
H2 200 Picture15.png
cofense.com/getmedia/6bf9d27e-397b-44aa-914d-99ffd60189b8/ 65 KB
66 KB 301ms
298ms Image
image/png 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cofense.com/getmedia/6bf9d27e-397b-44aa-914d-99ffd60189b8/Picture15.png

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

38922718b61ac650256a6e7d8fa1c7f5f471273ce2bed1a5a5d006f6123c336b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
etag: "638657941678498153"
expires: Fri, 01 Nov 2024 02:11:45 GMT
accept-ranges: bytes
content-length: 66951
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: image/png
content-disposition: inline; filename=Picture15.png
server: Microsoft-IIS/10.0

GET
H2 200 Picture16.png
cofense.com/getmedia/c9e27527-a668-4213-82ce-4c10abcdeac3/ 228 KB
228 KB 303ms
299ms Image
image/png 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cofense.com/getmedia/c9e27527-a668-4213-82ce-4c10abcdeac3/Picture16.png

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

36f86fa8588bbc19a88c19d1caba1e2cec6f08c1caa8c0553884cfa4271e2689

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
etag: "638657941678437254"
expires: Fri, 01 Nov 2024 02:11:45 GMT
accept-ranges: bytes
content-length: 233602
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: image/png
content-disposition: inline; filename=Picture16.png
server: Microsoft-IIS/10.0

GET
H2 200 Picture17.png
cofense.com/getmedia/c4e27911-fc16-4424-a199-a403c682feec/ 33 KB
33 KB 304ms
300ms Image
image/png 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cofense.com/getmedia/c4e27911-fc16-4424-a199-a403c682feec/Picture17.png

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

1012b34cfdb996cfe5313ff1588fe54d1f7ea2f3c6b64e243da2202ae727ce3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
etag: "638657941678344528"
expires: Fri, 01 Nov 2024 02:11:45 GMT
accept-ranges: bytes
content-length: 33527
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: image/png
content-disposition: inline; filename=Picture17.png
server: Microsoft-IIS/10.0

GET
H2 200 jquery-3.5.1.min.js Show response
cofense.com/vendor/js/ 87 KB
34 KB 70ms
63ms Script
text/javascript 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/vendor/js/jquery-3.5.1.min.js?v=82hEkGrSMJh3quMSG4f7FbngmAPLTDM63H4eNayS4Us
Requested by: Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),
Reverse DNS: unknown.dal.cologlobal.com
Software: Microsoft-IIS/10.0 /
Resource Hash: f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

cache-control: public,max-age=604800
content-encoding: gzip
etag: "1da6116f8aa1b06"
age: 505
accept-ranges: bytes
content-length: 34816
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/javascript
last-modified: Fri, 16 Feb 2024 20:30:25 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0

GET
H2 200 jquery.validate.min.js Show response
cofense.com/vendor/js/ 24 KB
9 KB 71ms
64ms Script
text/javascript 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/vendor/js/jquery.validate.min.js?v=oX9rjMAZJpHLojty9o8KRwrIPsEZrbUw-usnyNIorHY
Requested by: Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),
Reverse DNS: unknown.dal.cologlobal.com
Software: Microsoft-IIS/10.0 /
Resource Hash: e927b7ce60ab91eb2e3b1801e06709845a8de2157340e742fa838587fc24b57d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

cache-control: public,max-age=604800
content-encoding: gzip
etag: "1da7ac9b5532671"
age: 505
accept-ranges: bytes
content-length: 9045
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/javascript
last-modified: Wed, 20 Mar 2024 13:22:51 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0

GET
H2 200 jquery.validate.unobtrusive.min.js Show response
cofense.com/vendor/js/ 6 KB
2 KB 70ms
63ms Script
text/javascript 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/vendor/js/jquery.validate.unobtrusive.min.js?v=-uXubq9i-1a58rzKHjBRVmE09lCFcrRHfGCCqy1KYos
Requested by: Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),
Reverse DNS: unknown.dal.cologlobal.com
Software: Microsoft-IIS/10.0 /
Resource Hash: ce4545c430810342be165e906434690f41be190f937ee1afef15e420033af61f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

cache-control: public,max-age=604800
content-encoding: gzip
etag: "1da7ac967d6cc07"
age: 505
accept-ranges: bytes
content-length: 2309
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/javascript
last-modified: Wed, 20 Mar 2024 13:20:41 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0

GET
H2 200 htmx.min.js Show response
cofense.com/vendor/js/ 43 KB
16 KB 136ms
129ms Script
text/javascript 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/vendor/js/htmx.min.js?v=XIivRAE99i_eil5P31JNihaDSiix0V40rgmUrCfNTH4
Requested by: Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),
Reverse DNS: unknown.dal.cologlobal.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 5c88af44013df62fde8a5e4fdf524d8a16834a28b1d15e34ae0994ac27cd4c7e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

cache-control: public,max-age=604800
content-encoding: gzip
etag: "1dabe92a98d7113"
age: 505
accept-ranges: bytes
content-length: 16451
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/javascript
last-modified: Fri, 14 Jun 2024 19:40:08 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0

GET
H2 200 app.js Show response
cofense.com/getmedia/625e52d2-8a41-4766-94e5-de8ec75aca60/ 486 KB
138 KB 223ms
218ms Script
application/x-javascript 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to

Full URL

https://cofense.com/getmedia/625e52d2-8a41-4766-94e5-de8ec75aca60/app.js

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

0f1878e935dafa34840aa969287e1919899383565f8b35cf94188cc520144997

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cofense.com
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
cache-control: public, must-revalidate
content-encoding: gzip
etag: "638590660398725101"
expires: Fri, 01 Nov 2024 02:11:44 GMT
accept-ranges: bytes
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: application/x-javascript
vary: Accept-Encoding
server: Microsoft-IIS/10.0
content-disposition: attachment; filename=app.js

GET
H2 200 main.js Show response
cofense.com/PageBuilder/Public/Slider/ 2 KB
884 B 164ms
158ms Script
text/javascript 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/PageBuilder/Public/Slider/main.js
Requested by: Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),
Reverse DNS: unknown.dal.cologlobal.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 6fc7af585145f6e31849f0d8d2750990852cab4eefb6efd2fdffe10137179a52

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

cache-control: public,max-age=604800
content-encoding: gzip
etag: "1da771f00163561"
age: 505
accept-ranges: bytes
content-length: 780
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/javascript
last-modified: Fri, 15 Mar 2024 21:23:19 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0

GET
H2 200 systemFormComponents.min.js Show response
cofense.com/_content/Kentico.Content.Web.Rcl/Content/Bundles/Public/ 58 KB
22 KB 162ms
155ms Script
text/javascript 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/_content/Kentico.Content.Web.Rcl/Content/Bundles/Public/systemFormComponents.min.js
Requested by: Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),
Reverse DNS: unknown.dal.cologlobal.com
Software: Microsoft-IIS/10.0 /
Resource Hash: adc945f45d505cd3051090f3d95485c9396803b8d32a5d3970217444bb378a10

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

cache-control: public,max-age=604800
content-encoding: gzip
etag: "1db1a45f4d16e13"
age: 505
accept-ranges: bytes
content-length: 22058
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/javascript
last-modified: Wed, 09 Oct 2024 12:22:50 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0

GET
H2 200 select2.min.js Show response
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/ 71 KB
18 KB 26ms
20ms Script
application/javascript 151.101.1.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"11dcb-beEOdKmS/KFegD2RDRMPgmYxy4Y"
age: 32602
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Fri, 01 Nov 2024 02:11:45 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-etou8220129-FRA, cache-yyz4522-YYZ
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18460
x-jsd-version: 4.1.0-rc.0

GET
H2 200 ktc-tagmanager.js Show response
cofense.com/_content/Kentico.Xperience.TagManager/js/ 1 KB
757 B 229ms
225ms Script
text/javascript 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/_content/Kentico.Xperience.TagManager/js/ktc-tagmanager.js?v=TtMOjnP7C3BlwtJokJNEQ6vzf8k5yEol-AKk2EPFSpU
Requested by: Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),
Reverse DNS: unknown.dal.cologlobal.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 4ed30e8e73fb0b7065c2d26890934443abf37fc939c84a25f802a4d843c54a95

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cofense.com
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

cache-control: public,max-age=604800
content-encoding: gzip
etag: "1daf9823c162162"
age: 505
accept-ranges: bytes
content-length: 653
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/javascript
last-modified: Wed, 28 Aug 2024 19:41:11 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0

GET
H3 200 1Ptvg83HX_SGhgqk3wot.woff2
fonts.gstatic.com/s/mulish/v13/ 29 KB
29 KB 82ms
38ms Font
font/woff2 142.251.40.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/mulish/v13/1Ptvg83HX_SGhgqk3wot.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Mulish:ital,wght@0,200..1000;1,200..1000&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.195 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f3.1e100.net

Software

sffe /

Resource Hash

7f0f781820c8de56bd6699ac9570ff90634de4eb5cca7ef4b573bb90619e5a5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cofense.com
Referer: https://fonts.googleapis.com/

Response headers

age: 22737
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 31 Oct 2025 19:52:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 31 Oct 2024 19:52:48 GMT
last-modified: Wed, 13 Sep 2023 23:18:56 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 30096
x-xss-protection: 0
server: sffe

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 418 KB
132 KB 158ms
74ms Script
application/javascript 142.250.65.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.168 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

b885ee5925326a970cfaad98c6cb79c968da72b5d19369d0615dd4a7c368e2fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Fri, 01 Nov 2024 02:11:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 01 Nov 2024 02:11:45 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Fri, 01 Nov 2024 00:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 134630
x-xss-protection: 0
server: Google Tag Manager

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 137ms
51ms Script
application/x-javascript 23.204.6.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.6.193 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-204-6-193.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 57d030752d740552eb7759a0dd8e487e96ca86b03c0aa53a7e2b1c213ae74f5f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

Content-Encoding: gzip
ETag: "49bb20382072bfb6b798a6f4c6ab8354:1730261707.305765"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 746
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Date: Fri, 01 Nov 2024 02:11:45 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 30 Oct 2024 04:15:07 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ 334 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4cafbbf77c72c312b01ee150ea8d7cdd9b4e380105159fdcef7b623e09b1a787

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H3 200 bootstrap-icons.woff2
cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/fonts/ 127 KB
128 KB 45ms
23ms Font
font/woff2 151.101.1.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/fonts/bootstrap-icons.woff2?dd67030699838ea613ee6dbda90effa6

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css

Protocol

Security

QUIC, , AES_256_GCM

Server

151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

476adf42b40325098fcfa8b36ab3e769186bb4f6ce6a249753e2e1a9c22bf99e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cofense.com
Referer: https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css

Response headers

access-control-expose-headers: *
etag: W/"1fd5c-Agw8b5KAoxXoQl1/kuFbzQzdobI"
age: 1385699
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Fri, 01 Nov 2024 02:11:45 GMT
content-type: font/woff2
x-served-by: cache-fra-etou8220055-FRA, cache-yyz4562-YYZ
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 130396
x-jsd-version: 1.11.3

GET
H3 200 1Pttg83HX_SGhgqk2jovaqQ.woff2
fonts.gstatic.com/s/mulish/v13/ 32 KB
32 KB 36ms
35ms Font
font/woff2 142.251.40.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/mulish/v13/1Pttg83HX_SGhgqk2jovaqQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Mulish:ital,wght@0,200..1000;1,200..1000&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.195 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f3.1e100.net

Software

sffe /

Resource Hash

8b479610778cef415158ef2deef872c0bdc85bd63f339ecdc1382fabef4da407

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cofense.com
Referer: https://fonts.googleapis.com/

Response headers

age: 21017
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 31 Oct 2025 20:21:28 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 31 Oct 2024 20:21:28 GMT
last-modified: Wed, 13 Sep 2023 23:20:31 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 32492
x-xss-protection: 0
server: sffe

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 232ms
230ms Script
application/x-javascript 23.204.6.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.6.193 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-204-6-193.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

Cache-Control: max-age=8640000
Content-Encoding: gzip
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Connection: keep-alive
Expires: Sun, 09 Feb 2025 02:11:45 GMT
Accept-Ranges: bytes
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Length: 4741
Date: Fri, 01 Nov 2024 02:11:45 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

POST
H2 200 log Show response
cofense.com/kentico.activities/kenticoactivitylogger/ 0
251 B 217ms
215ms XHR
text/plain 67.22.136.24
DATABANK-DFW

General

Check archive.org

Show headers Download Go to

Full URL

https://cofense.com/kentico.activities/kenticoactivitylogger/log

Requested by

Host: cofense.com
URL: https://cofense.com/kentico.resource/activities/kenticoactivitylogger/loggerv2.js?webPageIdentifier=b0f5ecf5-6e93-4eb5-85c6-686138a58280&languageName=en&logPageVisit=True&logCustomActivity=True&functionName=kxt

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.22.136.24 , Canada, ASN13767 (DATABANK-DFW, US),

Reverse DNS

unknown.dal.cologlobal.com

Software

Microsoft-IIS/10.0 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Response headers

strict-transport-security: max-age=31536000; preload
content-encoding: gzip
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/plain
vary: Accept-Encoding
server: Microsoft-IIS/10.0

POST
H3 200 collect
www.google.com/ccm/ 0
0 422ms
59ms Ping
text/plain 142.250.72.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&scrsrc=www.googletagmanager.com&frm=0&rnd=2118480304.1730427105&auid=318411710.1730427105&npa=0&gtm=45He4au0v811887192za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&tft=1730427105438&tfd=920&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.72.100 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s32-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 426 KB
134 KB 304ms
303ms Script
application/javascript 142.250.65.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3G76T4W3LR&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.168 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

abdcb7e5a7a33c005b5b3ef9a4d968f1a0e3f241a7fa74e84f021c7f09cdff83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 01 Nov 2024 02:11:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 01 Nov 2024 02:11:45 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 136493
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 421ms
37ms Script
application/javascript 23.34.59.26
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.34.59.26 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-34-59-26.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

56df5bf2317bc2156b954c3fd2913afcce23eb4947c47f3ac401017dc4a0151d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: private, proxy-revalidate, max-age=10800
content-encoding: gzip
etag: "66fb91ae-111d7"
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 05:11:45 GMT
accept-ranges: bytes
content-length: 18830
date: Fri, 01 Nov 2024 02:11:45 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
last-modified: Tue, 01 Oct 2024 06:07:42 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 3478ms
72ms Script
application/javascript 23.200.3.33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.3.33 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-3-33.deploy.static.akamaitechnologies.com

Software

Resource Hash

4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: max-age=76583
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Fri, 01 Nov 2024 02:11:48 GMT
last-modified: Thu, 22 Aug 2024 11:06:54 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 bat.js Show response
bat.bing.com/ 50 KB
15 KB 427ms
47ms Script
application/javascript 150.171.28.10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

150.171.28.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: gzip
etag: "028e0691d20db1:0"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3F4080BB14224D88A37F5A796D8350CD Ref B: YTO01EDGE0518 Ref C: 2024-11-01T02:11:45Z
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 14570
date: Fri, 01 Nov 2024 02:11:45 GMT
content-type: application/javascript
last-modified: Wed, 16 Oct 2024 22:47:44 GMT
vary: Accept-Encoding

GET
H2 200 lt-v3.js Show response
lltrck.com/scripts/ 7 KB
7 KB 3531ms
119ms Script
text/javascript 3.229.80.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://lltrck.com/scripts/lt-v3.js?llid=19612

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.229.80.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-229-80-91.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

fca3f274c4c588ed55e7f5ca5aba49f8fdf075fa59f2775902433f2d990f4c65

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

strict-transport-security: max-age=2592000
cache-control: public, max-age=172800
content-length: 6848
date: Fri, 01 Nov 2024 02:11:48 GMT
content-type: text/javascript
server: Kestrel

GET
H3 200 2Uq3HoQoVZEHgHXXf288 Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 817ms
451ms Script
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/2Uq3HoQoVZEHgHXXf288

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

7c9b1ee8658217f4e0126028874839eddbe9fd6454d1fd50d449a504229be3f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
x-content-type-options: nosniff
via: 1.1 google
cf-ray: 8db85b2378a9aaf7-YYZ
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 02:11:46 GMT
content-type: text/javascript
vary: Accept-Encoding
x-powered-by: Express
server: cloudflare
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url

GET
H2 200 oktrk.js Show response
static.oktopost.com/ 9 KB
4 KB 468ms
87ms Script
application/javascript 18.173.219.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.oktopost.com/oktrk.js
Requested by: Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.219.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-219-88.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 09016600a13dd4825b72516765a8da53d1ab896f7582c4619d014e8ee147ea84

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

content-encoding: gzip
etag: W/"57315c24d6fec75c4d46a8cc3fa6e0d5"
age: 46024
via: 1.1 a41c564554b07cc8611f5945b432513a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: oONHm186eujmUP-sHM_L5fQAfWg6z4WsqQiVOZoZ1kGGWUjXh8ivjw==
date: Thu, 31 Oct 2024 13:24:42 GMT
content-type: application/javascript
last-modified: Mon, 27 Jan 2020 09:47:41 GMT
server: AmazonS3
x-amz-cf-pop: JFK52-P1
vary: accept-encoding

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 1321ms
77ms Script
text/javascript 104.18.19.71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk.techtarget.com/tracking.js

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.19.71 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

strict-transport-security: max-age=0; includeSubDomains; preload
cache-control: public, max-age=1200
content-encoding: br
cf-bgj: minify
cf-cache-status: HIT
age: 26126
via: 1.1 google
cf-ray: 8db85b292b64ac57-YYZ
expires: Fri, 01 Nov 2024 02:31:46 GMT
date: Fri, 01 Nov 2024 02:11:46 GMT
content-type: text/javascript
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 ed9ggbnvvo Show response
www.clarity.ms/tag/ 689 B
1 KB 1326ms
70ms Script
application/x-javascript 13.107.253.40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/ed9ggbnvvo
Requested by: Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.107.253.40 Redmond, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: b9e9fba74b6a97f0f26905de8b63c3ccc5a854bca3640f40e39f779c90ee04ad

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: no-cache, no-store
request-context: appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8
expires: -1
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 689
date: Fri, 01 Nov 2024 02:11:46 GMT
content-type: application/x-javascript
x-azure-ref: 20241101T021146Z-15b59964897jvt4vrx584ey7k000000008kg0000000007x2

GET
H2 200 9017396.js Show response
extend.vimeocdn.com/ga/ 17 KB
6 KB 1216ms
22ms Script
text/javascript 151.101.66.109
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://extend.vimeocdn.com/ga/9017396.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.109 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 6c649cc3d4aee7683250622541a6045ad4ac3beb93df1fcdd3ec1f7f12a1ff44

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

content-encoding: gzip
etag: "421e-62366cea7be40-gzip"
age: 2645716
expires: Fri, 29 Sep 2034 11:16:30 GMT
x-cache: HIT
date: Fri, 01 Nov 2024 02:11:46 GMT
last-modified: Tue, 01 Oct 2024 09:18:41 GMT
x-bapp-server: assets-5964bbccb4-rl7pv
x-cache-hits: 54527
content-type: text/javascript; charset=utf-8
x-served-by: cache-yyz4568-YYZ
vary: Accept-Encoding
x-vimeo-dc: ge
cache-control: max-age=86400
timing-allow-origin: *
x-timer: S1730427107.731888,VS0,VE0
via: 1.1 varnish
accept-ranges: bytes
content-length: 5579
server: Apache

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4al0/ Frame ED86 0
0 303ms
32ms Document
text/html 142.250.65.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fcofense.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.168 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f8.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 22776
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/analytics-container-tag-serving
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Oct 2024 19:52:09 GMT
expires: Fri, 31 Oct 2025 19:52:09 GMT
last-modified: Mon, 21 Oct 2024 16:58:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET analytics.js
www.google-analytics.com/ 0
0

POST
H/1.1 200
OK visitWebPage
404-jhu-612.mktoresp.com/webevents/ 2 B
318 B 166ms
45ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://404-jhu-612.mktoresp.com/webevents/visitWebPage?_mchNc=1730427105603&_mchCn=&_mchId=404-JHU-612&_mchTk=_mch-cofense.com-1730427105601-76624&_mchHo=cofense.com&_mchPo=&_mchRu=%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

Transfer-Encoding: chunked
X-Request-Id: f1bc9b3f-b5bc-4b14-bcc0-4c25b8cb5e6a
Content-Encoding: gzip
Connection: keep-alive
Access-Control-Allow-Origin: *
Date: Fri, 01 Nov 2024 02:11:46 GMT
Content-Type: text/plain; charset=UTF-8
Server: nginx/1.20.1

POST
H2 204 collect
analytics.google.com/g/ 0
0 387ms
44ms Fetch
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-3G76T4W3LR&gtm=45je4au0v874289719z8811887192za200zb811887192&_p=1730427105012&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&cid=1803488111.1730427106&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1730427105&sct=1&seg=0&dl=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&dt=PythonRatLoader%3A%20The%20Proprietor%20of%20XWorm%20and%20Friends&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1455
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3G76T4W3LR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cofense.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 01 Nov 2024 02:11:46 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
551 B 392ms
47ms Ping
text/plain 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-3G76T4W3LR&cid=1803488111.1730427106&gtm=45je4au0v874289719z8811887192za200zb811887192&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101533422~101823848~101878899~101878944~101925629
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3G76T4W3LR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.253.122.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bh-in-f156.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cofense.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 01 Nov 2024 02:11:46 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame C261 0
0 1149ms
55ms Document
text/html 142.250.72.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-3G76T4W3LR&gacid=1803488111.1730427106&gtm=45je4au0v874289719z8811887192za200zb811887192&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101533422~101823848~101878899~101878944~101925629&z=1627315008

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3G76T4W3LR&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.72.98 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cofense.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Nov 2024 02:11:47 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 204ms
96ms Image
image/gif 142.251.40.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-3G76T4W3LR&cid=1803488111.1730427106&gtm=45je4au0v874289719z8811887192za200zb811887192&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101533422~101823848~101878899~101878944~101925629&tag_exp=101533422~101823848~101878899~101878944~101925629&z=737877266

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.99 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 01 Nov 2024 02:11:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
698 B 1135ms
44ms XHR
application/json 68.67.160.117
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.117 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 149.88.16.239; 149.88.16.239; 676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://cofense.com
an-x-request-uuid: dfc7e1b2-b006-4133-ba86-ce078c5572c6
content-length: 11
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Fri, 01 Nov 2024 02:11:47 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
server: nginx/1.23.4

GET
H2 200 / Show response
c.6sc.co/ 7 B
190 B 39ms
37ms XHR
text/html 23.34.59.26
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.26 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-26.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-origin: https://cofense.com
content-length: 7
date: Fri, 01 Nov 2024 02:11:46 GMT
content-type: text/html
access-control-allow-headers: *

GET
H2 200 / Show response
ipv6.6sc.co/ 4 B
277 B 122ms
37ms XHR
text/html 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-200-88-81.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: null
expires: Fri, 01 Nov 2024 02:11:46 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1730427106138_399006151_3664794_35_966_31_48_219";dur=1
access-control-allow-origin: https://cofense.com
content-length: 4
date: Fri, 01 Nov 2024 02:11:46 GMT
content-type: text/html
vary: Origin

GET
H2 200 / Show response
c.6sc.co/ 7 B
190 B 72ms
34ms XHR
text/html 23.34.59.26
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.26 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-26.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-origin: https://cofense.com
content-length: 7
date: Fri, 01 Nov 2024 02:11:46 GMT
content-type: text/html
access-control-allow-headers: *

GET
H2 200 / Show response
ipv6.6sc.co/ 4 B
276 B 157ms
37ms XHR
text/html 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-200-88-81.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: null
expires: Fri, 01 Nov 2024 02:11:46 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1730427106223_399006151_3664818_27_1232_31_0_219";dur=1
access-control-allow-origin: https://cofense.com
content-length: 4
date: Fri, 01 Nov 2024 02:11:46 GMT
content-type: text/html
vary: Origin

GET
H2 200 ping Show response
okt.to/ 0
100 B 679ms
48ms Script
text/javascript 34.200.97.200
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://okt.to/ping?uri=%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&aid=001shx33p56dsdg&ts=1730427106090

Requested by

Host: static.oktopost.com
URL: https://static.oktopost.com/oktrk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.200.97.200 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-200-97-200.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

date: Fri, 01 Nov 2024 02:11:46 GMT
strict-transport-security: max-age=31536000;
content-type: text/javascript;charset=UTF-8

GET
H2 200 187125267.js Show response
bat.bing.com/p/action/ 363 B
421 B 49ms
48ms Script
application/javascript 150.171.28.10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/187125267.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

150.171.28.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

4922a8859b315c354c23ad278e35483c6cf29aebf1c509c2c928c1f41634fe43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: br
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7A7D8FE27D184012988D249040D5A67A Ref B: YTO01EDGE0518 Ref C: 2024-11-01T02:11:46Z
x-cache: CONFIG_NOCACHE
date: Fri, 01 Nov 2024 02:11:45 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding

GET
H2 204 0
bat.bing.com/action/ 0
361 B 51ms
51ms Image
text/plain 150.171.28.10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=187125267&tm=gtm002&Ver=2&mid=f30c9bbe-1f8f-44b6-87a8-fc38abdb1f23&bo=1&sid=a53c04d097f611efbb7e118adc79a84c&vid=a53c27d097f611ef92dbb5923a7a9ced&vids=1&msclkid=N&gtm_tag_source=1&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=PythonRatLoader%3A%20The%20Proprietor%20of%20XWorm%20and%20Friends&p=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&r=&lt=816&evt=pageLoad&sv=1&cdb=AQAQ&rn=465301

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

150.171.28.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6728415DC92D4EAA8791CEAF13DE8A9E Ref B: YTO01EDGE0518 Ref C: 2024-11-01T02:11:46Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Fri, 01 Nov 2024 02:11:45 GMT

GET
H2 200 details Show response
eps.6sc.co/v3/company/ 770 B
658 B 142ms
74ms XHR
application/json 99.83.231.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eps.6sc.co/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.231.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afe865822f884bb48.awsglobalaccelerator.com
Software: /
Resource Hash: 8816bf019bc7944bc83a7a8bb53b181b18c59f65070274ebe384b4e44c648910

Request headers

Authorization: Token a9e769d7d96a596f969b9dc5023033e21a69bf40
X-6s-CustomID: WebTag1.0 b253130e4accad98012a3abe3f4b4c7a
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-expose-headers: X-6si-Region
timing-allow-origin: https://6sense.com
content-encoding: gzip
x-6si-region
access-control-allow-credentials: true
access-control-allow-origin: https://cofense.com
content-length: 402
date: Fri, 01 Nov 2024 02:11:47 GMT
content-type: application/json
vary: Origin, Accept-Encoding

OPTIONS
H2 200 details
eps.6sc.co/v3/company/ Frame 0
0 1436ms
42ms Preflight 99.83.231.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eps.6sc.co/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.231.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afe865822f884bb48.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://cofense.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://cofense.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
content-length: 0
date: Fri, 01 Nov 2024 02:11:47 GMT
timing-allow-origin: https://6sense.com
x-6si-region

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 608ms
199ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=101367c2-e985-4e4c-8acb-5cbc5a25b047&session=d8bf979d-101a-464d-8f6d-1bad5e63ff68&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2001%20Nov%202024%2002%3A11%3A46%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22PythonRatLoader%3A%20The%20Proprietor%20of%20XWorm%20and%20Friends%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&pageViewId=58c87622-9713-41be-8b63-1e8c4d8d3a13&v=1.1.29

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f02dad-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 02:11:46 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 02:11:46 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 695ms
287ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=101367c2-e985-4e4c-8acb-5cbc5a25b047&session=d8bf979d-101a-464d-8f6d-1bad5e63ff68&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2002%3A11%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22b253130e4accad98012a3abe3f4b4c7a%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2002%3A11%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2002%3A11%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2002%3A11%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2002%3A11%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22b253130e4accad98012a3abe3f4b4c7a%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2002%3A11%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2002%3A11%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22a9e769d7d96a596f969b9dc5023033e21a69bf40%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2002%3A11%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2002%3A11%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22PythonRatLoader%3A%20The%20Proprietor%20of%20XWorm%20and%20Friends%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&pageViewId=58c87622-9713-41be-8b63-1e8c4d8d3a13&v=1.1.29

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 02:11:46 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 02:11:46 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
440 B 323ms
321ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17654763&r=1730427106789&ref=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
ibc_rate_tier: 17654763
Referer: https://cofense.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-encoding: identity
expires: Fri, 01 Nov 2024 03:11:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 43
date: Fri, 01 Nov 2024 02:11:48 GMT
content-type: image/gif
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
vary: Origin
x-guploader-uploadid: AHmUCY00VWlhSDFaf2h8a6sg_-_kRuZrUN9vq_FnZeLHJd2r6kh8suFnW6VsDLF4cipmxqoDbsk
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
cache-control: public, max-age=3600
x-goog-storage-class: STANDARD
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1670534369365034
content-length: 43
server: nginx/1.20.2

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 1125ms
52ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17654763&r=1730427106789&ref=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://cofense.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 01 Nov 2024 02:11:47 GMT
expires: Fri, 01 Nov 2024 02:11:47 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: AHmUCY1g6BWfWYVgg_JSqPXfl_7nDV_jPELQ2EwTZhLK_07gwoc4Gu_EMGoPqbwwKiFvAvBJp_Y

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.49/ 64 KB
27 KB 68ms
67ms Script
application/javascript 13.107.253.40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.49/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/ed9ggbnvvo
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.107.253.40 Redmond, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 09fa04e84d7038cc32f19bedcba454b9e637a35f4de496e8ec9148c47550f0fc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

x-azure-ref: 20241101T021146Z-15b59964897jvt4vrx584ey7k000000008kg0000000007x5
cache-control: public, max-age=86400
x-ms-version: 2018-03-28
content-encoding: br
etag: W/"0x8DCF3CA14C9A428"
x-fd-int-roxy-purgeid: 51562430
x-ms-request-id: 6bd93a27-901e-007b-354c-286c47000000
access-control-allow-origin: *
x-cache: TCP_HIT
date: Fri, 01 Nov 2024 02:11:46 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 24 Oct 2024 01:20:43 GMT

POST
H/1.1 204
No Content collect Show response
s.clarity.ms/ 0
275 B 417ms
77ms XHR
text/plain 23.96.124.68
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.49/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.96.124.68 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://cofense.com/

Response headers

Request-Context: appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8
Access-Control-Allow-Origin: https://cofense.com
Date: Fri, 01 Nov 2024 02:11:47 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 94ms
93ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=101367c2-e985-4e4c-8acb-5cbc5a25b047&session=d8bf979d-101a-464d-8f6d-1bad5e63ff68&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2001%20Nov%202024%2002%3A11%3A47%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2001%20Nov%202024%2002%3A11%3A46%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22PythonRatLoader%3A%20The%20Proprietor%20of%20XWorm%20and%20Friends%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&pageViewId=58c87622-9713-41be-8b63-1e8c4d8d3a13&v=1.1.29

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 02:11:47 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 02:11:47 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

POST
H2 200 v Show response
v.eps.6sc.co/ 12 B
518 B 118ms
117ms XHR
application/json 18.173.219.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://v.eps.6sc.co/v
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.219.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-219-118.jfk52.r.cloudfront.net
Software: /
Resource Hash: 512a4f403d30a587ad5ab0b9fa7b2fd4f078249ee03f9c23c445332838f6a436

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type: application/json
Referer: https://cofense.com/

Response headers

x-amz-apigw-id: Ai3TwGP1IAMENFg=
x-amzn-trace-id: Root=1-672438e4-75054eb432fc62e642fa2401;Parent=1f929c892e6265a7;Sampled=0;Lineage=1:56167173:0
access-control-allow-methods: OPTIONS,POST
x-amzn-requestid: 098a6064-9e3f-4219-becc-f87b165be13a
via: 1.1 66ea06c52ae44609b3bf6f6054c081b6.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Miss from cloudfront
content-length: 12
x-amz-cf-id: cExgUliE4JKawkbQRT113lK2gLbZmuHvrXsedbrV1n7z2exUZzVr8g==
date: Fri, 01 Nov 2024 02:11:48 GMT
content-type: application/json
x-amz-cf-pop: JFK52-P1
access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 58ms
55ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=6sense-temp-analytics&svisitor=null&visitor=101367c2-e985-4e4c-8acb-5cbc5a25b047&session=d8bf979d-101a-464d-8f6d-1bad5e63ff68&event=https%3A%2F%2Feps.6sc.co&q=%7B%22name%22%3A%22https%3A%2F%2Feps.6sc.co%2Fv3%2Fcompany%2Fdetails%22%2C%22entryType%22%3A%22resource%22%2C%22startTime%22%3A1723.0999994277954%2C%22duration%22%3A1580.3000001907349%2C%22initiatorType%22%3A%22xmlhttprequest%22%2C%22deliveryType%22%3A%22%22%2C%22nextHopProtocol%22%3A%22%22%2C%22renderBlockingStatus%22%3A%22non-blocking%22%2C%22workerStart%22%3A0%2C%22redirectStart%22%3A0%2C%22redirectEnd%22%3A0%2C%22fetchStart%22%3A1723.0999994277954%2C%22domainLookupStart%22%3A0%2C%22domainLookupEnd%22%3A0%2C%22connectStart%22%3A0%2C%22secureConnectionStart%22%3A0%2C%22connectEnd%22%3A0%2C%22requestStart%22%3A0%2C%22responseStart%22%3A0%2C%22firstInterimResponseStart%22%3A0%2C%22responseEnd%22%3A3303.3999996185303%2C%22transferSize%22%3A0%2C%22encodedBodySize%22%3A0%2C%22decodedBodySize%22%3A0%2C%22responseStatus%22%3A200%2C%22serverTiming%22%3A%5B%5D%2C%22metadata%22%3A%7B%22region%22%3A%22header-blocked%22%7D%7D&isIframe=false&m=%7B%22endpoint%22%3A%22epsilon.6sense.com%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&pageViewId=&d=1&v=1.1.29

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 02:11:47 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 02:11:47 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

OPTIONS
H2 200 v
v.eps.6sc.co/ Frame 0
0 527ms
137ms Preflight
application/json 18.173.219.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://v.eps.6sc.co/v
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.219.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-219-118.jfk52.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://cofense.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: *
content-length: 0
content-type: application/json
date: Fri, 01 Nov 2024 02:11:48 GMT
via: 1.1 66ea06c52ae44609b3bf6f6054c081b6.cloudfront.net (CloudFront)
x-amz-apigw-id: Ai3TuGiZoAMEcuQ=
x-amz-cf-id: o6UGWD65GiZiEcRkTnRiJfb7ipy3Bfu5VzckKm1dk6S2KICA4EMZhA==
x-amz-cf-pop: JFK52-P1
x-amzn-requestid: f1006b3d-ff29-4889-a415-22d7d6908e13
x-cache: Miss from cloudfront

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 44ms
43ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=101367c2-e985-4e4c-8acb-5cbc5a25b047&session=d8bf979d-101a-464d-8f6d-1bad5e63ff68&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2001%20Nov%202024%2002%3A11%3A48%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2001%20Nov%202024%2002%3A11%3A47%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22PythonRatLoader%3A%20The%20Proprietor%20of%20XWorm%20and%20Friends%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&pageViewId=58c87622-9713-41be-8b63-1e8c4d8d3a13&an_uid=0&v=1.1.29

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 02:11:48 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 02:11:48 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

GET
BLOB 200
OK 0fbf8a6f-6d98-4cb5-b9c8-34b94cee174c
https://cofense.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://cofense.com/0fbf8a6f-6d98-4cb5-b9c8-34b94cee174c
Requested by: Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/gif
Content-Length: 43

POST
H/1.1 204
No Content collect Show response
s.clarity.ms/ 0
275 B 38ms
36ms XHR
text/plain 23.96.124.68
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.49/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.96.124.68 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://cofense.com/

Response headers

Request-Context: appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8
Access-Control-Allow-Origin: https://cofense.com
Date: Fri, 01 Nov 2024 02:11:48 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
481 B 227ms
139ms XHR
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 0F3CD0B2F8BF4D508E5DFB9567DC273C Ref B: YTO01EDGE0508 Ref C: 2024-11-01T02:11:49Z
x-li-fabric: prod-lor1
access-control-allow-credentials: true
x-li-uuid: AAYl0HUlYeKAh8NLBqZBCA==
x-li-proto: http/2
access-control-allow-origin: https://cofense.com
x-cache: CONFIG_NOCACHE
date: Fri, 01 Nov 2024 02:11:48 GMT
vary: Origin

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
762 B 417ms
83ms XHR
application/json 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=300721&time=1730427108941&url=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&tm=gtmv2
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: *
Referer: https://cofense.com/

Response headers

x-li-pop: afd-prod-ltx1-x
content-encoding: gzip
x-fs-uuid: 000625d07528f0a704b0a6f588ac3c56
x-msedge-ref: Ref A: A9693BBD5D994599996044FBE6A81182 Ref B: YTO01EDGE0815 Ref C: 2024-11-01T02:11:49Z
x-li-fabric: prod-ltx1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYl0HUo8KcEsKb1iKw8Vg==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Fri, 01 Nov 2024 02:11:48 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1730427108941&li_adsId=8c9ca756-7a2b-4299-a3f5-55829e04a282&url=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-x...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1730427108941&li_adsId=8c9ca756-7a2b-4299-a3f5-55829e04a282&url=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-x...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D300721%26time%3D1730427108941%26li_adsId%3D8c9ca756-7a2b-4299-a3f5-55829e04a282%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1730427108941&li_adsId=8c9ca756-7a2b-4299-a3f5-55829e04a282&url=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-x...

0
397 B

114ms
114ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1730427108941&li_adsId=8c9ca756-7a2b-4299-a3f5-55829e04a282&url=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&tm=gtmv2&cookiesTest=true&liSync=true
Requested by: Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: D9771E7966AC4106B223CC8FFF0080C9 Ref B: YTO01EDGE0508 Ref C: 2024-11-01T02:11:49Z
x-li-fabric: prod-lor1
x-li-uuid: AAYl0HUuMhcEjtO+S/5Jtw==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Fri, 01 Nov 2024 02:11:49 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-fabric: prod-lor1
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
date: Fri, 01 Nov 2024 02:11:49 GMT
x-frame-options: sameorigin
strict-transport-security: max-age=31536000
x-li-pop: afd-prod-lor1-x
content-security-policy: frame-ancestors 'self'
cache-control: no-cache, no-store
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1730427108941&li_adsId=8c9ca756-7a2b-4299-a3f5-55829e04a282&url=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&tm=gtmv2&cookiesTest=true&liSync=true
pragma: no-cache
x-msedge-ref: Ref A: 5904498692E4451F9F7E085B80496940 Ref B: YTO01EDGE0508 Ref C: 2024-11-01T02:11:49Z
x-li-uuid: AAYl0HUsVJAI6zUcwQUy5A==
content-length: 0

GET
H2 200 tracking
lltrck.com/api/ 43 B
248 B 55ms
54ms Image
image/gif 3.229.80.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lltrck.com/api/tracking?_llid=19612&_fd=bIS1dIN7Mz%3Akc3%5BmcoOmMnOwcT%3AjcH%3AoM4C6eHiwcoKieHywZXSmdj21bHVudIKwdIKq%5BYSwdj2w%5Bj25e3%3AzcT2icnRu%5BoKq%5BX6ldx%3E%3E&_llreferer=&_lluuid=ls164f8d-acc4-47bc-a685-cd2e72972e12&_cl=0&_v=3

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.229.80.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-229-80-91.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

strict-transport-security: max-age=2592000
content-length: 43
date: Fri, 01 Nov 2024 02:11:49 GMT
content-type: image/gif
server: Kestrel

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 46ms
45ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=101367c2-e985-4e4c-8acb-5cbc5a25b047&session=d8bf979d-101a-464d-8f6d-1bad5e63ff68&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2001%20Nov%202024%2002%3A11%3A49%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2001%20Nov%202024%2002%3A11%3A48%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223003%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22PythonRatLoader%3A%20The%20Proprietor%20of%20XWorm%20and%20Friends%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&pageViewId=58c87622-9713-41be-8b63-1e8c4d8d3a13&an_uid=0&v=1.1.29

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 02:11:49 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 02:11:49 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 53ms
52ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=101367c2-e985-4e4c-8acb-5cbc5a25b047&session=d8bf979d-101a-464d-8f6d-1bad5e63ff68&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2001%20Nov%202024%2002%3A11%3A50%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2001%20Nov%202024%2002%3A11%3A49%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224004%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22PythonRatLoader%3A%20The%20Proprietor%20of%20XWorm%20and%20Friends%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&pageViewId=58c87622-9713-41be-8b63-1e8c4d8d3a13&an_uid=0&v=1.1.29

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 02:11:50 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 02:11:50 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

POST
H2 204 collect
analytics.google.com/g/ 0
0 50ms
48ms Fetch
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-3G76T4W3LR&gtm=45je4au0v874289719z8811887192za200zb811887192&_p=1730427105012&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&cid=1803488111.1730427106&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&sid=1730427105&sct=1&seg=0&dl=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&dt=PythonRatLoader%3A%20The%20Proprietor%20of%20XWorm%20and%20Friends&_s=2&tfd=6538
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3G76T4W3LR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://cofense.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cofense.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 01 Nov 2024 02:11:51 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 58ms
57ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=101367c2-e985-4e4c-8acb-5cbc5a25b047&session=d8bf979d-101a-464d-8f6d-1bad5e63ff68&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2001%20Nov%202024%2002%3A11%3A51%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2001%20Nov%202024%2002%3A11%3A50%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225004%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22PythonRatLoader%3A%20The%20Proprietor%20of%20XWorm%20and%20Friends%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&pageViewId=58c87622-9713-41be-8b63-1e8c4d8d3a13&an_uid=0&v=1.1.29

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f02dad-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 02:11:51 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 02:11:51 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 962ms
960ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=101367c2-e985-4e4c-8acb-5cbc5a25b047&session=d8bf979d-101a-464d-8f6d-1bad5e63ff68&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2001%20Nov%202024%2002%3A11%3A52%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2001%20Nov%202024%2002%3A11%3A51%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226005%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22PythonRatLoader%3A%20The%20Proprietor%20of%20XWorm%20and%20Friends%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&pageViewId=58c87622-9713-41be-8b63-1e8c4d8d3a13&an_uid=0&v=1.1.29

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 02:11:52 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 02:11:52 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 282ms
282ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=6sense-temp-analytics&svisitor=null&visitor=101367c2-e985-4e4c-8acb-5cbc5a25b047&session=d8bf979d-101a-464d-8f6d-1bad5e63ff68&event=https%3A%2F%2Feps.6sc.co&q=%7B%22name%22%3A%22https%3A%2F%2Feps.6sc.co%2Fv3%2Fcompany%2Fdetails%22%2C%22entryType%22%3A%22resource%22%2C%22startTime%22%3A1723.0999994277954%2C%22duration%22%3A1580.3000001907349%2C%22initiatorType%22%3A%22xmlhttprequest%22%2C%22deliveryType%22%3A%22%22%2C%22nextHopProtocol%22%3A%22%22%2C%22renderBlockingStatus%22%3A%22non-blocking%22%2C%22workerStart%22%3A0%2C%22redirectStart%22%3A0%2C%22redirectEnd%22%3A0%2C%22fetchStart%22%3A1723.0999994277954%2C%22domainLookupStart%22%3A0%2C%22domainLookupEnd%22%3A0%2C%22connectStart%22%3A0%2C%22secureConnectionStart%22%3A0%2C%22connectEnd%22%3A0%2C%22requestStart%22%3A0%2C%22responseStart%22%3A0%2C%22firstInterimResponseStart%22%3A0%2C%22responseEnd%22%3A3303.3999996185303%2C%22transferSize%22%3A0%2C%22encodedBodySize%22%3A0%2C%22decodedBodySize%22%3A0%2C%22responseStatus%22%3A200%2C%22serverTiming%22%3A%5B%5D%2C%22metadata%22%3A%7B%7D%7D&isIframe=false&m=%7B%22endpoint%22%3A%22epsilon.6sense.com%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&pageViewId=&d=1&v=1.1.29

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f020a0-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 02:11:53 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 02:11:53 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)

POST
H2 200 v Show response
v.eps.6sc.co/ 12 B
519 B 126ms
125ms XHR
application/json 18.173.219.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://v.eps.6sc.co/v
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.219.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-219-118.jfk52.r.cloudfront.net
Software: /
Resource Hash: 512a4f403d30a587ad5ab0b9fa7b2fd4f078249ee03f9c23c445332838f6a436

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type: application/json
Referer: https://cofense.com/

Response headers

x-amz-apigw-id: Ai3UcEkxIAMEpqg=
x-amzn-trace-id: Root=1-672438e8-0d12b9d85be5244f40e8785d;Parent=0210a0c15604fe27;Sampled=0;Lineage=1:56167173:0
access-control-allow-methods: OPTIONS,POST
x-amzn-requestid: 77df8e14-bf5f-41c4-93df-ef80f9c012ce
via: 1.1 66ea06c52ae44609b3bf6f6054c081b6.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Miss from cloudfront
content-length: 12
x-amz-cf-id: MD2wl-26p5CtBE1CzLVyeLOCZSSa2Xb79yXu3dUnoD7CXWiQ3_nLfA==
date: Fri, 01 Nov 2024 02:11:52 GMT
content-type: application/json
x-amz-cf-pop: JFK52-P1
access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 99ms
99ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=101367c2-e985-4e4c-8acb-5cbc5a25b047&session=d8bf979d-101a-464d-8f6d-1bad5e63ff68&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2001%20Nov%202024%2002%3A11%3A53%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2001%20Nov%202024%2002%3A11%3A52%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%227005%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22PythonRatLoader%3A%20The%20Proprietor%20of%20XWorm%20and%20Friends%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&pageViewId=58c87622-9713-41be-8b63-1e8c4d8d3a13&an_uid=0&v=1.1.29

Requested by

Host: cofense.com
URL: https://cofense.com/blog/pythonratloader-the-proprietor-of-xworm-and-friends

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 02:11:53 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 02:11:53 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 select2.min.css
cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/ 16 KB
0 1ms
1ms Stylesheet
text/css 151.101.1.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=H3wWDXLUxD4irieG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

cda4a81c187015d95ed2c71f1841540b08203cdec5fa2a7d5d1825a3c2166f8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cofense.com
Referer: https://cofense.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"3f88-kT+fe5U1rseQyjzp1uNaz682mZM"
age: 2560238
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/css; charset=utf-8
x-served-by: cache-fra-etou8220046-FRA, cache-yyz4522-YYZ
vary: Accept-Encoding
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2487
x-jsd-version: 4.1.0-rc.0

GET
H2 200 select2-bootstrap-5-theme.min.css
cdn.jsdelivr.net/npm/select2-bootstrap-5-theme@1.3.0/dist/ 30 KB
0 2ms
2ms Stylesheet
text/css 151.101.1.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/select2-bootstrap-5-theme@1.3.0/dist/select2-bootstrap-5-theme.min.css

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=H3wWDXLUxD4irieG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5cb35411fccf18705e4ad112d836cb514459ddeefddc169b970cc99588fa5b64

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cofense.com
Referer: https://cofense.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"79f7-5G/TiAQCk54xQncw6tfE2aCNj/M"
age: 1349518
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/css; charset=utf-8
x-served-by: cache-fra-etou8220119-FRA, cache-yyz4522-YYZ
vary: Accept-Encoding
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2941
x-jsd-version: 1.3.0

GET
H3 200 css2
fonts.googleapis.com/ 4 KB
642 B 126ms
52ms Stylesheet
text/css 142.250.80.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Mulish:ital,wght@0,200..1000;1,200..1000&display=swap

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=H3wWDXLUxD4irieG

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.74 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f10.1e100.net

Software

ESF /

Resource Hash

0629ffe9dd35cc0a4e1591a1cb8e147eb51417711bfd027d83a3d7a51df5a8ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cofense.com
Referer: https://cofense.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 02:11:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 01 Nov 2024 02:11:53 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Fri, 01 Nov 2024 00:29:43 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 bootstrap-icons.min.css
cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/ 84 KB
0 2ms
2ms Stylesheet
text/css 151.101.1.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=H3wWDXLUxD4irieG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f643d6fe7e679f9de3e16311600c5ef5cd6b098f7a3a8828fcc29255d2b33e62

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://cofense.com
Referer: https://cofense.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"14f73-BDozLk9VXMC/015FG+lVtLk5ZqA"
age: 1357637
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Fri, 01 Nov 2024 02:11:44 GMT
content-type: text/css; charset=utf-8
x-served-by: cache-fra-eddf8230079-FRA, cache-yyz4522-YYZ
vary: Accept-Encoding
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 13300
x-jsd-version: 1.11.3

GET
H2 200 messenger
app.qualified.com/w/1/H3wWDXLUxD4irieG/ Frame F330 0
0 134ms
75ms Document
text/html 104.18.17.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.qualified.com/w/1/H3wWDXLUxD4irieG/messenger?uuid=fe20d3d2-8f91-4edd-a3e0-a45778c3eeb4

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=H3wWDXLUxD4irieG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.17.5 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cofense.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: max-age=0, private, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8db85b549f69aaca-YYZ
content-encoding: gzip
content-security-policy
content-type: text/html; charset=utf-8
date: Fri, 01 Nov 2024 02:11:53 GMT
link: <https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css>; rel=preload; as=style; nopush,<https://assets.qualified.com/packs/css/widget/sandboxed/messenger-ea37ea0f.chunk.css>; rel=preload; as=style; nopush
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
server-timing: cfCacheStatus;desc="DYNAMIC"
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept-Encoding
x-cache: miss
x-content-type-options: nosniff
x-download-options: noopen
x-envoy-upstream-service-time: 20
x-permitted-cross-domain-policies: none
x-request-id: 2ef7c768-854f-47eb-aa40-923a3a97f370
x-runtime: 0.017836
x-xss-protection: 1; mode=block

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 68ms
68ms Image
image/gif 23.200.88.81
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=101367c2-e985-4e4c-8acb-5cbc5a25b047&session=d8bf979d-101a-464d-8f6d-1bad5e63ff68&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2001%20Nov%202024%2002%3A11%3A54%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2001%20Nov%202024%2002%3A11%3A53%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%228006%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22PythonRatLoader%3A%20The%20Proprietor%20of%20XWorm%20and%20Friends%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends&pageViewId=58c87622-9713-41be-8b63-1e8c4d8d3a13&an_uid=0&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.88.81 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-88-81.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cofense.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 02:11:54 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 02:11:54 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Verdicts & Comments Add Verdict or Comment

61 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

34 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
cofense.com/	1970-01-21 10:16:27	Name: CurrentContact Value: 4b005415-cea4-419b-bf05-f267c1b50851%7Csecure
cofense.com/	1969-12-31 23:59:59	Name: .AspNetCore.Antiforgery.3MSA3VhcGkU Value: CfDJ8NfsjyAPJhhKp8mqNlCNEXG4MSKaKQYmwke2n0Pnvj-k3TrTJ-AD2gyRCju8Kx9fk8lmwyn-0FfBuGb2tONz_rPuKu3IXuYj_YbiZZ3rSaEhkACRHdoAuv60q6yW0lPJmUldTIoIMSxtpM6LmmwWC3s
.get.cofense.com/	1970-01-21 00:40:28	Name: __cf_bm Value: NM.Fq2.6rnLjEcvXhioNnBnwvU6l8S31trmDbmhabYc-1730427104-1.0.1.1-VX2sNcXOWUILIIa8xD2hFSyRFyWdx2EGXDRWt5g_jbhbATKcxHA4PvfC.uRchrS8Rc7pA8WCL8TbkuHT1AIyDg
.cofense.com/	1970-01-21 02:50:03	Name: _gcl_au Value: 1.1.318411710.1730427105
.cofense.com/	1970-01-21 10:16:27	Name: attr_first Value: %7B%22source%22%3A%22(direct)%22%2C%22medium%22%3A%22(none)%22%2C%22campaign%22%3A%22(not%20set)%22%2C%22term%22%3A%22(not%20provided)%22%2C%22content%22%3A%22(not%20set)%22%2C%22lp%22%3A%22cofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends%22%2C%22date%22%3A%222024-10-31%22%2C%22timestamp%22%3A1730427105458%7D
.cofense.com/	1970-01-21 00:40:28	Name: attr_last Value: %7B%22source%22%3A%22(direct)%22%2C%22medium%22%3A%22(none)%22%2C%22campaign%22%3A%22(not%20set)%22%2C%22term%22%3A%22(not%20provided)%22%2C%22content%22%3A%22(not%20set)%22%2C%22lp%22%3A%22cofense.com%2Fblog%2Fpythonratloader-the-proprietor-of-xworm-and-friends%22%2C%22date%22%3A%222024-10-31%22%2C%22timestamp%22%3A1730427105458%7D
cofense.com/	1970-01-21 00:40:28	Name: CMSLandingPageLoaded Value: True
.cofense.com/	1970-01-21 10:16:27	Name: __q_state_H3wWDXLUxD4irieG Value: eyJ1dWlkIjoiZmUyMGQzZDItOGY5MS00ZWRkLWEzZTAtYTQ1Nzc4YzNlZWI0IiwiY29va2llRG9tYWluIjoiY29mZW5zZS5jb20ifQ==
.cofense.com/	1970-01-21 10:16:27	Name: _mkto_trk Value: id:404-JHU-612&token:_mch-cofense.com-1730427105601-76624
.cofense.com/	1970-01-21 10:16:27	Name: _ga Value: GA1.1.1803488111.1730427106
.cofense.com/	1970-01-21 00:41:53	Name: _uetsid Value: a53c04d097f611efbb7e118adc79a84c
.cofense.com/	1970-01-21 10:02:03	Name: _uetvid Value: a53c27d097f611ef92dbb5923a7a9ced
.bing.com/	1970-01-21 10:02:03	Name: MUID Value: 3D20BAC6B20E616F1CCCAFECB3A4600A
.bat.bing.com/	1970-01-21 00:50:31	Name: MR Value: 0
.ws.zoominfo.com/	1970-01-21 09:26:03	Name: visitorId Value: 7d7a4d9efe749a1797436ab4ed4064948c105cfa3c6371f4f6937cfc3814b17c
.zoominfo.com/	1970-01-21 00:40:28	Name: __cf_bm Value: zmyJCMrUDqMnZ8C8y6V81UvYcwfXMAhBNWsoSuQ_I2A-1730427106-1.0.1.1-QfrIK8Xx60tKs5_oyHwlIpUt61DlrWowORGw7yTQClFH9mC0_ENo3rTQnvKi7vQEUgDjHmDdirkaTxCJtq_Xhg
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 1xrZq8UkM5xPpoPVM96nKT.SDzSCMyjYFvYqM1ezqR4-1730427106267-0.0.1.1-604800000
cofense.com/	1970-01-21 10:16:27	Name: _gd_visitor Value: 101367c2-e985-4e4c-8acb-5cbc5a25b047
cofense.com/	1970-01-21 00:40:41	Name: _gd_session Value: d8bf979d-101a-464d-8f6d-1bad5e63ff68
.techtarget.com/	1970-01-21 00:40:28	Name: __cf_bm Value: P6dmAhRNiRV_1HQEjZ.4l0qtp_twH6fVZSRegPVAp7I-1730427106-1.0.1.1-MUmZdlraJ.Me_thUzLh0zWQwHsDPQFkuQPBrpXVST_nf7WCGkZ2ubBL6PlU9EOSBSlHm8D8wCHz1ii_L0.X53g
www.clarity.ms/	1970-01-21 09:26:03	Name: CLID Value: e25e6a4c4f2e4ac6aaf5486b539bccb2.20241101.20251101
.cofense.com/	1970-01-21 09:26:03	Name: _clck Value: 1b5i0ze%7C2%7Cfqi%7C0%7C1766
.adnxs.com/	1970-01-21 10:16:27	Name: receive-cookie-deprecation Value: 1
cofense.com/	1970-01-21 00:50:31	Name: _an_uid Value: 0
.doubleclick.net/	1970-01-21 00:40:28	Name: test_cookie Value: CheckForPermission
.cofense.com/	1970-01-21 00:41:53	Name: _clsk Value: zfr94j%7C1730427107405%7C1%7C1%7Cs.clarity.ms%2Fcollect
.cofense.com/	1970-01-21 10:16:27	Name: _ga_3G76T4W3LR Value: GS1.1.1730427105.1.0.1730427107.58.0.0
lltrck.com/	1970-01-21 09:26:03	Name: trackalyzer Value: ls164f8d-acc4-47bc-a685-cd2e72972e12
.linkedin.com/	1970-01-21 02:50:03	Name: li_sugr Value: 6e906759-0c7c-429b-a25d-c39f7418ef98
.linkedin.com/	1970-01-21 00:41:53	Name: lidc Value: "b=OGST09:s=O:r=O:a=O:p=O:g=2970:u=1:x=1:i=1730427109:t=1730513509:v=2:sig=AQHr6AR-NastRlD5Pm8sAXFBFijTlw8T"
.linkedin.com/	1970-01-21 01:23:39	Name: UserMatchHistory Value: AQJ1-7OFd1YlRAAAAZLlfj8nxnvyGL2amugHynlEOqJsvauElpbU6Vwe7L9k72_J1iZGYCq94SIcEQ
.linkedin.com/	1970-01-21 01:23:39	Name: AnalyticsSyncHistory Value: AQKfbg-VP2aCHQAAAZLlfj8nPo-kehid0G2F0VnLXlWaQT4Rm7uHMPmNlWHAOPcYHa-kdVGgoZ_WQmFqnnmeBg
.linkedin.com/	1970-01-21 09:26:03	Name: bcookie Value: "v=2&ea3d7cb9-1c73-4353-8001-fd30c27f4b9f"
.www.linkedin.com/	1970-01-21 09:26:03	Name: bscookie Value: "v=1&202411010211492a374d20-cd91-46fb-8a7b-e000fe13e7a9AQHqRPEcVZb1-L0i-EdaGWPIPvjqtwhY"

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; preload
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

404-jhu-612.mktoresp.com
analytics.google.com
app.qualified.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn.jsdelivr.net
cofense.com
eps.6sc.co
extend.vimeocdn.com
fonts.googleapis.com
fonts.gstatic.com
get.cofense.com
ibc-flow.techtarget.com
ipv6.6sc.co
j.6sc.co
js.qualified.com
lltrck.com
munchkin.marketo.net
okt.to
px.ads.linkedin.com
s.clarity.ms
secure.adnxs.com
snap.licdn.com
static.oktopost.com
stats.g.doubleclick.net
td.doubleclick.net
trk.techtarget.com
v.eps.6sc.co
ws.zoominfo.com
www.clarity.ms
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.linkedin.com
www.google-analytics.com
104.16.117.43
104.17.74.206
104.18.17.5
104.18.19.71
13.107.253.40
13.107.42.14
142.250.65.168
142.250.72.100
142.250.72.98
142.250.80.74
142.251.40.195
142.251.40.99
150.171.28.10
151.101.1.229
151.101.66.109
172.253.122.156
18.173.219.118
18.173.219.88
192.28.144.124
216.239.32.181
23.200.3.33
23.200.88.81
23.204.6.193
23.34.59.26
23.96.124.68
3.229.80.91
34.111.208.231
34.200.97.200
67.22.136.24
68.67.160.117
99.83.231.3
0629ffe9dd35cc0a4e1591a1cb8e147eb51417711bfd027d83a3d7a51df5a8ab
09016600a13dd4825b72516765a8da53d1ab896f7582c4619d014e8ee147ea84
09fa04e84d7038cc32f19bedcba454b9e637a35f4de496e8ec9148c47550f0fc
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0f1878e935dafa34840aa969287e1919899383565f8b35cf94188cc520144997
1012b34cfdb996cfe5313ff1588fe54d1f7ea2f3c6b64e243da2202ae727ce3b
242551eae20bd945d7baf8cc13356de51ce6ddd50d569965d46980ae5a68bcc8
2904e4f687acd0e43536d45462f316ece5824a214f3f260fde65811d9fdc6f8b
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
36f86fa8588bbc19a88c19d1caba1e2cec6f08c1caa8c0553884cfa4271e2689
377a5b48b21d2d2d4f499c56d23c40e9477ff8deadbbcf6f531f838ad844958d
38922718b61ac650256a6e7d8fa1c7f5f471273ce2bed1a5a5d006f6123c336b
436e32b44d51d29567288837a6de81a759a8ce7149f860054cfde98439947d36
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
476adf42b40325098fcfa8b36ab3e769186bb4f6ce6a249753e2e1a9c22bf99e
4922a8859b315c354c23ad278e35483c6cf29aebf1c509c2c928c1f41634fe43
4cafbbf77c72c312b01ee150ea8d7cdd9b4e380105159fdcef7b623e09b1a787
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
4ed30e8e73fb0b7065c2d26890934443abf37fc939c84a25f802a4d843c54a95
4f37e3f0d90faba16ef163709a7e9f712dff278eafa2655dafb7bf67b7bd39f6
507ab97bf0c87898d2797d9ad246846da71a627c0099a9837367b3181b8f8f6c
512a4f403d30a587ad5ab0b9fa7b2fd4f078249ee03f9c23c445332838f6a436
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56df5bf2317bc2156b954c3fd2913afcce23eb4947c47f3ac401017dc4a0151d
57d030752d740552eb7759a0dd8e487e96ca86b03c0aa53a7e2b1c213ae74f5f
5bad8f5fa70dff2094672e0c47dfc03581e4117035a6af98f37f100354adc9c6
5c88af44013df62fde8a5e4fdf524d8a16834a28b1d15e34ae0994ac27cd4c7e
5cb35411fccf18705e4ad112d836cb514459ddeefddc169b970cc99588fa5b64
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6c649cc3d4aee7683250622541a6045ad4ac3beb93df1fcdd3ec1f7f12a1ff44
6fc7af585145f6e31849f0d8d2750990852cab4eefb6efd2fdffe10137179a52
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
74d49e38c73633eb87d6960d89d2729e33595ef656afb2d36f51f037ad7ff748
799630203686c1213463bab06da52871aa85c0bd0d514681306f67e345ec5e6b
7c9b1ee8658217f4e0126028874839eddbe9fd6454d1fd50d449a504229be3f9
7f0f781820c8de56bd6699ac9570ff90634de4eb5cca7ef4b573bb90619e5a5d
8816bf019bc7944bc83a7a8bb53b181b18c59f65070274ebe384b4e44c648910
8b479610778cef415158ef2deef872c0bdc85bd63f339ecdc1382fabef4da407
8f7ff12960d3bd521a6bbde1fe643cf4a96332daa014e8e66db9b332b77fe348
9a996c7eee4608006128780012bd9e00bcd11f621b6bf1621f241132dd2ac5f4
9aedf78127e583840b5239eb17807f0388b96879f9a7b7295710a3b7a57aef37
9f3f5acfd67619e7a756c19f79f3b76d67755dbacd3283c933c3459417daad96
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
abdcb7e5a7a33c005b5b3ef9a4d968f1a0e3f241a7fa74e84f021c7f09cdff83
adc945f45d505cd3051090f3d95485c9396803b8d32a5d3970217444bb378a10
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b330f6980aa961223121ea9b45749e576319215b2c58e97f06b9498d8b77393d
b885ee5925326a970cfaad98c6cb79c968da72b5d19369d0615dd4a7c368e2fe
b9e9fba74b6a97f0f26905de8b63c3ccc5a854bca3640f40e39f779c90ee04ad
cd2a9fbd67c38c06607ba066756d27656048a703432d3359b53aa6c0d4ab3424
cda4a81c187015d95ed2c71f1841540b08203cdec5fa2a7d5d1825a3c2166f8c
ce4545c430810342be165e906434690f41be190f937ee1afef15e420033af61f
cf12ec462fae2f1a4e9fc0ef76722de03135ad53b14282f16e1a4ea7908379d6
d2a1cc05a4d35deb300898446bded41ec2bf63e0b3a540acc84a98a62a897781
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6be50c6ecb457eb94f871ac1c43a38454e8f08a813a05e938b68c0d4557f835
e927b7ce60ab91eb2e3b1801e06709845a8de2157340e742fa838587fc24b57d
ec5b074bf1baebbd939e090cef41f6b68d6e463f76d08d0d821b8708f151da78
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f144e3bc13095ce7d1b638b1b2cc50b52cd12312cba1323706f6e71e8ded1e2c
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b
f643d6fe7e679f9de3e16311600c5ef5cd6b098f7a3a8828fcc29255d2b33e62
f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0
fc1d85ff2d8c2574595030f8e70c00cf11616984c87893dfb4a47f45965f276d
fca3f274c4c588ed55e7f5ca5aba49f8fdf075fa59f2775902433f2d990f4c65
fd22442dcc43608fde0fcc6bdff703d4208ad751cdb474d36a4072c17835262a
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
febc71a3f819d7821523fc782da8983bf0352f78b2992a728803b72242330eeb

cofense.com Open in urlscan Pro 67.22.136.24 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

105 Requests

97 %HTTPS

0 %IPv6

24 Domains

36 Subdomains

32 IPs

3 Countries

4218 kBTransfer

7089 kBSize

34 Cookies

4 Outgoing links

Redirected requests

105 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

cofense.com Open in urlscan Pro
67.22.136.24 Public Scan

Screenshot
Live screenshot

Full Image

105
Requests

97 %
HTTPS

0 %
IPv6

24
Domains

36
Subdomains

32
IPs

3
Countries

4218 kB
Transfer

7089 kB
Size

34
Cookies

105 HTTP transactions
1 data transactions