www.guidepointsecurity.com Open in urlscan Pro
141.193.213.20 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/
Submission: On January 20 via api (January 20th 2025, 7:45:06 pm UTC) from IL — Scanned from IL

Summary HTTP 196 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 31 IPs in 3 countries across 28 domains to perform 196 HTTP transactions. The main IP is 141.193.213.20, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare London, LLC, US. The main domain is www.guidepointsecurity.com. The Cisco Umbrella rank of the primary domain is 366944.
TLS certificate: Issued by WE1 on January 20th 2025. Valid for: 3 months.

This is the only time www.guidepointsecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
109	141.193.213.20 141.193.213.20	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare London)
4	142.250.185.74 142.250.185.74	15169 (GOOGLE) (GOOGLE)
5	23.48.23.52 23.48.23.52	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
3	13.107.246.61 13.107.246.61	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	104.17.72.206 104.17.72.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	216.58.212.164 216.58.212.164	15169 (GOOGLE) (GOOGLE)
4	142.250.186.40 142.250.186.40	15169 (GOOGLE) (GOOGLE)
6	142.250.184.227 142.250.184.227	15169 (GOOGLE) (GOOGLE)
1	142.250.186.35 142.250.186.35	15169 (GOOGLE) (GOOGLE)
2	23.197.137.224 23.197.137.224	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.85.65.125 52.85.65.125	16509 (AMAZON-02) (AMAZON-02)
2	184.24.77.11 184.24.77.11	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
2	104.19.148.8 104.19.148.8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	150.171.28.10 150.171.28.10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	143.204.205.185 143.204.205.185	16509 (AMAZON-02) (AMAZON-02)
2	104.22.0.204 104.22.0.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	169.150.247.37 169.150.247.37	60068 (CDN77 Dat...) (CDN77 Datacamp Limited)
1	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1	172.217.18.110 172.217.18.110	15169 (GOOGLE) (GOOGLE)
2	23.22.90.252 23.22.90.252	14618 (AMAZON-AES) (AMAZON-AES)
2	172.217.16.196 172.217.16.196	15169 (GOOGLE) (GOOGLE)
1 1	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
1	142.250.185.163 142.250.185.163	15169 (GOOGLE) (GOOGLE)
1	172.66.0.227 172.66.0.227	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
3	104.18.3.9 104.18.3.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.26.10.16 104.26.10.16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 5	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	104.18.41.41 104.18.41.41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
196	31

109 141.193.213.20 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US)

www.guidepointsecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.74 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.48.23.52 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-48-23-52.deploy.static.akamaitechnologies.com

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.107.246.61 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

truyoproductionuscdn.truyo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.17.72.206 (None, )

ASN13335 (CLOUDFLARENET, US)

go.guidepointsecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.212.164 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.40 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.184.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.197.137.224 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-137-224.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.65.125 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-65-125.muc50.r.cloudfront.net

static.oktopost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.24.77.11 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a184-24-77-11.deploy.static.akamaitechnologies.com

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.148.8 (None, )

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 150.171.28.10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.205.185 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-205-185.fra53.r.cloudfront.net

d10lpsik1i8c69.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.22.0.204 (None, )

ASN13335 (CLOUDFLARENET, US)

acsbapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.acsbapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 169.150.247.37 (Frankfurt am Main, Germany)

ASN60068 (CDN77 Datacamp Limited, GB)
PTR: 169-150-247-37.bunnyinfra.net

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.110 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.22.90.252 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-22-90-252.compute-1.amazonaws.com

okt.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.130 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f3.1e100.net

www.google.co.il	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.66.0.227 (United States)

ASN13335 (CLOUDFLARENET, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

995-mtm-359.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.3.9 (None, )

ASN13335 (CLOUDFLARENET, US)

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
z.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.10.16 (None, )

ASN13335 (CLOUDFLARENET, US)

settings.luckyorange.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.107.42.14 (United States) 2 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.41.41 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
115	guidepointsecurity.com www.guidepointsecurity.com — Cisco Umbrella Rank: 366944 go.guidepointsecurity.com	2 MB
25	omappapi.com a.omappapi.com — Cisco Umbrella Rank: 6839 api.omappapi.com — Cisco Umbrella Rank: 6859 z.omappapi.com — Cisco Umbrella Rank: 15478	103 KB
7	gstatic.com fonts.gstatic.com www.gstatic.com	361 KB
6	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 321 www.linkedin.com — Cisco Umbrella Rank: 662	4 KB
5	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 3	1013 B
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	350 KB
4	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 9888	26 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30	6 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 358	15 KB
3	truyo.com truyoproductionuscdn.truyo.com — Cisco Umbrella Rank: 38048	31 KB
2	okt.to okt.to — Cisco Umbrella Rank: 33785	199 B
2	doubleclick.net 1 redirects td.doubleclick.net — Cisco Umbrella Rank: 167 googleads.g.doubleclick.net — Cisco Umbrella Rank: 45	25 B
2	acsbapp.com acsbapp.com — Cisco Umbrella Rank: 3755 cdn.acsbapp.com — Cisco Umbrella Rank: 4060	144 KB
2	cloudfront.net d10lpsik1i8c69.cloudfront.net	95 KB
2	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 2483	3 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 785	24 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 2912	7 KB
1	luckyorange.net settings.luckyorange.net — Cisco Umbrella Rank: 14900	860 B
1	mktoresp.com 995-mtm-359.mktoresp.com	318 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 1030	394 B
1	t.co t.co — Cisco Umbrella Rank: 943	626 B
1	google.co.il www.google.co.il — Cisco Umbrella Rank: 34784	455 B
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 38
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 88	3 KB
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 14854	627 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1051	16 KB
1	oktopost.com static.oktopost.com — Cisco Umbrella Rank: 39204	4 KB
0	lltrck.com Failed lltrck.com Failed
196	28

	Domain	Requested by
109	www.guidepointsecurity.com	www.guidepointsecurity.com
22	a.omappapi.com	www.googletagmanager.com a.omappapi.com cdn.bizible.com
6	fonts.gstatic.com	fonts.googleapis.com
6	go.guidepointsecurity.com	www.guidepointsecurity.com go.guidepointsecurity.com
5	px.ads.linkedin.com	2 redirects cdn.bizible.com www.guidepointsecurity.com
5	www.google.com	1 redirects www.guidepointsecurity.com www.googletagmanager.com www.gstatic.com
4	www.googletagmanager.com	www.guidepointsecurity.com www.googletagmanager.com
4	cdn.bizible.com	www.guidepointsecurity.com cdn.bizible.com
4	fonts.googleapis.com	www.guidepointsecurity.com a.omappapi.com truyoproductionuscdn.truyo.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.guidepointsecurity.com
3	truyoproductionuscdn.truyo.com	www.guidepointsecurity.com
2	api.omappapi.com	cdn.bizible.com
2	okt.to	static.oktopost.com
2	d10lpsik1i8c69.cloudfront.net	www.guidepointsecurity.com d10lpsik1i8c69.cloudfront.net
2	script.crazyegg.com	www.googletagmanager.com script.crazyegg.com
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	munchkin.marketo.net	www.guidepointsecurity.com munchkin.marketo.net
1	z.omappapi.com	cdn.bizible.com
1	www.linkedin.com	1 redirects
1	settings.luckyorange.net	d10lpsik1i8c69.cloudfront.net
1	995-mtm-359.mktoresp.com	munchkin.marketo.net
1	analytics.twitter.com	www.guidepointsecurity.com
1	t.co	www.guidepointsecurity.com
1	www.google.co.il	www.guidepointsecurity.com
1	googleads.g.doubleclick.net	1 redirects
1	cdn.acsbapp.com	acsbapp.com
1	www.google-analytics.com	www.googletagmanager.com
1	td.doubleclick.net	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	cdn.bizibly.com	www.guidepointsecurity.com
1	acsbapp.com	www.guidepointsecurity.com
1	static.ads-twitter.com	www.googletagmanager.com
1	static.oktopost.com	www.guidepointsecurity.com
1	www.gstatic.com	www.google.com
0	lltrck.com Failed	www.guidepointsecurity.com
196	35

This site contains links to these domains. Also see Links.

Domain
accessibe.com
www.reliaquest.com
x.com
github.com
www.virustotal.com
www.clrn.org
twitter.com
facebook.com
www.linkedin.com
www.facebook.com
www.youtube.com

Subject Issuer	Validity	Valid
www.guidepointsecurity.com WE1	`2025-01-20` - `2025-04-20`	3 months	crt.sh
upload.video.google.com WR2	`2024-12-09` - `2025-03-03`	3 months	crt.sh
cdn.bizible.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-12-11` - `2026-01-11`	a year	crt.sh
*.truyo.com Go Daddy Secure Certificate Authority - G2	`2024-12-11` - `2026-01-12`	a year	crt.sh
go.guidepointsecurity.com E6	`2024-11-23` - `2025-02-21`	3 months	crt.sh
*.google.com WR2	`2024-12-09` - `2025-03-03`	3 months	crt.sh
*.google-analytics.com WR2	`2024-12-09` - `2025-03-03`	3 months	crt.sh
*.gstatic.com WR2	`2024-12-09` - `2025-03-03`	3 months	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2024-10-22` - `2025-10-24`	a year	crt.sh
*.oktopost.com Amazon RSA 2048 M02	`2024-07-29` - `2025-08-28`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2024-12-02` - `2025-12-01`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
script.crazyegg.com E5	`2024-11-27` - `2025-02-25`	3 months	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 08	`2024-12-15` - `2025-06-13`	6 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh
acsbapp.com WE1	`2024-12-14` - `2025-03-14`	3 months	crt.sh
a.omappapi.com R10	`2024-12-19` - `2025-03-19`	3 months	crt.sh
*.googleadservices.com WR2	`2024-12-09` - `2025-03-03`	3 months	crt.sh
*.doubleclick.net WR2	`2024-12-09` - `2025-03-03`	3 months	crt.sh
okt.to R11	`2025-01-06` - `2025-04-06`	3 months	crt.sh
t.co E6	`2024-11-26` - `2025-02-24`	3 months	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-19` - `2025-08-18`	a year	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-15` - `2025-09-15`	a year	crt.sh
omappapi.com WE1	`2024-12-11` - `2025-03-11`	3 months	crt.sh
luckyorange.net WE1	`2025-01-19` - `2025-04-19`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh

This page contains 8 frames:

Primary Page: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/
Frame ID: 3C060C2964679A9B2494962E47A92602
Requests: 200 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/51g0/sw_iframe.html?origin=https%3A%2F%2Fwww.guidepointsecurity.com
Frame ID: 4CEBBD3152385EB50CB1FB3A17DE265E
Requests: 1 HTTP requests in this frame

Frame: https://go.guidepointsecurity.com/index.php/form/XDFrame
Frame ID: A972ECD927B014CA3C7CFFFA7C25CF82
Requests: 2 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/607356108?random=1737402294470&cv=11&fst=1737402294470&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be51g0z8833212316za201zb833212316&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067555~102067808~102081485~102123608&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&label=evMjCOqv_OMBEMyJzqEC&hn=www.googleadservices.com&frm=0&tiba=RansomHub%20Affiliate%20leverages%20Python-based%20backdoor%20%7C%20GuidePoint%20Security&value=0&bttype=purchase&npa=0&pscdl=noapi&auid=1692592522.1737402293&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&ct_cookie_present=0
Frame ID: 83AAAB41CD3805E26561AFF0680CBE44
Requests: 1 HTTP requests in this frame

Frame: https://script.crazyegg.com/pages/data-scripts/0110/3028/site/www.guidepointsecurity.com.json?t=1
Frame ID: 41C5A7B1440250F6BF62956A3C82E9C9
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcxligjAAAAAO_xtJUWEPDjSEGOmpg1U2oZFOxu&co=aHR0cHM6Ly93d3cuZ3VpZGVwb2ludHNlY3VyaXR5LmNvbTo0NDM.&hl=iw&v=1Bq_oiMBd4XPUhKDwr0YL1Js&size=normal&cb=cbc9nvtz8tp
Frame ID: A22BB04EFC9478F12829D745439A5DD1
Requests: 1 HTTP requests in this frame

Frame: https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js?v=e5a2acc
Frame ID: BCCD182C955CD2285279FC3713A1C30D
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=iw&v=1Bq_oiMBd4XPUhKDwr0YL1Js&k=6LcxligjAAAAAO_xtJUWEPDjSEGOmpg1U2oZFOxu
Frame ID: 248F42A05707CD165F7E90A2F8203A11
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

RansomHub Affiliate leverages Python-based backdoor | GuidePoint Security

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Elementor (Landing Page Builders) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href=(?:"|')[^"']*elementor/assets
<link [^>]*href=(?:"|')[^"']*uploads/elementor/css

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

196
Requests

98 %
HTTPS

0 %
IPv6

28
Domains

35
Subdomains

31
IPs

3
Countries

3189 kB
Transfer

8623 kB
Size

29
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://accessibe.com/blog/knowledgebase/screen-reader-guide
Title: Accessibility Screen-Reader Guide, Feedback, and Issue Reporting

Search URL Search Domain Scan URL

URL: https://www.reliaquest.com/blog/new-python-socgholish-infection-chain/
Title: website

Search URL Search Domain Scan URL

URL: https://x.com/drb_ra
Title: @drb_ra

Search URL Search Domain Scan URL

URL: https://github.com/drb-ra/C2IntelFeeds
Title: GitHub – drb-ra/C2IntelFeeds: Automatically created C2 Feeds

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/64d8f12cdcd1dfa7a3c012a36c011a43303dc8357b7899db254a022b187cba03
Title: VirusTotal

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/4a4c43514316c368f57f68b6de9684efb66c37ae620da661d5aa917f5cd564f1/detection
Title: VirusTotal

Search URL Search Domain Scan URL

URL: https://www.clrn.org/how-to-tell-if-code-is-ai-generated/
Title: research online

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet/?url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&text=RansomHub+Affiliate+leverages+Python-based+backdoor&via=GuidePointSec
Title: Share on Twitter

Search URL Search Domain Scan URL

URL: https://facebook.com/sharer.php?u=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F
Title: Share on Facebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&title=RansomHub+Affiliate+leverages+Python-based+backdoor&summary=In+an+incident+response+in+Q4+of+2024%2C+GuidePoint+Security+identified+evidence+of+a+threat+actor+utilizing+a+Python-based+backdoor+%5B%26hellip%3B%5D&source=GuidePoint+Security
Title: Share on LinkedIn

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/guidepointsec
Title: linkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/GuidePointSec
Title: twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/GuidePointSec
Title: facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCkajuS7JqEN3UGy6SXVhnfg
Title: youtube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 162

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/607356108/?random=2100061706&cv=11&fst=1737402294470&bg=ffffff&guid=ON&async=1&gtm=45be51g0z8833212316za201zb833212316&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067555~102067808~102081485~102123608&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&label=evMjCOqv_OMBEMyJzqEC&hn=www.googleadservices.com&frm=0&tiba=RansomHub%20Affiliate%20leverages%20Python-based%20backdoor%20%7C%20GuidePoint%20Security&value=0&npa=0&pscdl=noapi&auid=1692592522.1737402293&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQIIkMmxAgjTxbECCOvMsQJKJ3RyaWdnZXIsIGV2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&eitems=ChEIgIW4vAYQtvfktvHFv_2WARIdAKBwhU6cfcRZFrR9aE6uv9f50gcJHiiH06aIX-g&pscrd=IhMI-fHw9IeFiwMVSuwRCB3QpgcFMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOiNodHRwczovL3d3dy5ndWlkZXBvaW50c2VjdXJpdHkuY29tL0JXQ2hBSWdJVzR2QVlRdnZDbnNfUGVvSkptRWkwQUpPeExzSXI1RmtQZ3V1djFoUXFaNTR4UTFMazlUWUdnRTViTXgwQlkwQWk5RlhfbjVMS0pSM3RtWXFR HTTP 302
https://www.google.com/pagead/1p-conversion/607356108/?random=2100061706&cv=11&fst=1737402294470&bg=ffffff&guid=ON&async=1&gtm=45be51g0z8833212316za201zb833212316&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067555~102067808~102081485~102123608&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&label=evMjCOqv_OMBEMyJzqEC&hn=www.googleadservices.com&frm=0&tiba=RansomHub%20Affiliate%20leverages%20Python-based%20backdoor%20%7C%20GuidePoint%20Security&value=0&npa=0&pscdl=noapi&auid=1692592522.1737402293&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQIIkMmxAgjTxbECCOvMsQJKJ3RyaWdnZXIsIGV2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMI-fHw9IeFiwMVSuwRCB3QpgcFMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOiNodHRwczovL3d3dy5ndWlkZXBvaW50c2VjdXJpdHkuY29tL0JXQ2hBSWdJVzR2QVlRdnZDbnNfUGVvSkptRWkwQUpPeExzSXI1RmtQZ3V1djFoUXFaNTR4UTFMazlUWUdnRTViTXgwQlkwQWk5RlhfbjVMS0pSM3RtWXFR&is_vtc=1&cid=CAQSKQCa7L7dYt67jqqZhkcuugqAfmcD_uHrEQLYjMFf7IguzTAtzNHPlUGB&eitems=ChEIgIW4vAYQtvfktvHFv_2WARIdAKBwhU5wF0X268wMuxV0Z0n9DFjinLbNiESIQE4&random=476701649 HTTP 302
https://www.google.co.il/pagead/1p-conversion/607356108/?random=2100061706&cv=11&fst=1737402294470&bg=ffffff&guid=ON&async=1&gtm=45be51g0z8833212316za201zb833212316&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067555~102067808~102081485~102123608&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&label=evMjCOqv_OMBEMyJzqEC&hn=www.googleadservices.com&frm=0&tiba=RansomHub%20Affiliate%20leverages%20Python-based%20backdoor%20%7C%20GuidePoint%20Security&value=0&npa=0&pscdl=noapi&auid=1692592522.1737402293&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQIIkMmxAgjTxbECCOvMsQJKJ3RyaWdnZXIsIGV2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMI-fHw9IeFiwMVSuwRCB3QpgcFMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOiNodHRwczovL3d3dy5ndWlkZXBvaW50c2VjdXJpdHkuY29tL0JXQ2hBSWdJVzR2QVlRdnZDbnNfUGVvSkptRWkwQUpPeExzSXI1RmtQZ3V1djFoUXFaNTR4UTFMazlUWUdnRTViTXgwQlkwQWk5RlhfbjVMS0pSM3RtWXFR&is_vtc=1&cid=CAQSKQCa7L7dYt67jqqZhkcuugqAfmcD_uHrEQLYjMFf7IguzTAtzNHPlUGB&eitems=ChEIgIW4vAYQtvfktvHFv_2WARIdAKBwhU5wF0X268wMuxV0Z0n9DFjinLbNiESIQE4&random=476701649&ipr=y

Request Chain 174

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2739593&time=1737402299160&li_adsId=5d4a15aa-d2a5-483e-a76e-9ad3221a7880&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2739593&time=1737402299160&li_adsId=5d4a15aa-d2a5-483e-a76e-9ad3221a7880&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2739593%26time%3D1737402299160%26li_adsId%3D5d4a15aa-d2a5-483e-a76e-9ad3221a7880%26url%3Dhttps%253A%252F%252Fwww.guidepointsecurity.com%252Fblog%252Fransomhub-affiliate-leverage-python-based-backdoor%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2739593&time=1737402299160&li_adsId=5d4a15aa-d2a5-483e-a76e-9ad3221a7880&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&cookiesTest=true&liSync=true

196 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/ 993 KB
170 KB 1554ms
1361ms Document
text/html 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

77496d3872ebaf9d05f417126baa8ad7157851163826b68a688a057c8876b9cf

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: https://www.guidepointsecurity.com
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 90518fba3bd67da4-TLV
content-encoding: br
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
content-type: text/html; charset=UTF-8
date: Mon, 20 Jan 2025 19:44:51 GMT
server: cloudflare
strict-transport-security: max-age=31536000;includeSubDomains
vary: Accept-Encoding Accept-Encoding Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-pass-why: custom-path
x-powered-by: WP Engine
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 31 KB
1 KB 475ms
207ms Stylesheet
text/css 142.250.185.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=IBM%20Plex%20Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swap

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f10.1e100.net

Software

ESF /

Resource Hash

62bbbb881de316a0cb5738d032c42a7118e7e504106c96e798a883123dcb9685

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 20 Jan 2025 19:44:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 20 Jan 2025 19:44:51 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Mon, 20 Jan 2025 19:44:51 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 css2
fonts.googleapis.com/ 9 KB
1 KB 407ms
139ms Stylesheet
text/css 142.250.185.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=IBM+Plex+Sans%3Awght%40300%3B400%3B500%3B700&ver=6.7.1&display=swap

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f10.1e100.net

Software

ESF /

Resource Hash

9e1b66848350a0c99c003cb10068caa906a6873f31adc4a2bcf7ac45427d12bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 20 Jan 2025 19:44:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 20 Jan 2025 19:44:51 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Mon, 20 Jan 2025 19:44:51 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 AdobeStock_493881519_2000x675.jpg
www.guidepointsecurity.com/wp-content/uploads/2024/09/ 344 KB
345 KB 246ms
236ms Image
image/jpeg 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/09/AdobeStock_493881519_2000x675.jpg

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb40ed28b30f158ec880cbe71aea9279d00d12f19361db6cb1d008824dcaa4fa

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "66e85221-58e06"
age: 131053
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origSize=364038
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 19:44:51 GMT
content-type: image/jpeg
last-modified: Mon, 16 Sep 2024 15:43:29 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc2de427da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 352366
server: cloudflare

GET
H2 200 frontend.min.css
www.guidepointsecurity.com/wp-content/plugins/elementor/assets/css/ 52 KB
7 KB 238ms
229ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.26.0

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14573f6995f2fddf084162de527781b3db70246b39265cc9d15d4ed9fd8e1191

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6763500f-cfe6"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 19:44:51 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 22:43:27 GMT
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc2de317da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H2 200 post-28977.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 19 KB
2 KB 242ms
234ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28977.css?ver=1737132520

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04eda2793f8381107b514ab491c4ed849d4033300f50209bdeb171e83508b3f3

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89e8-4c59"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 19:44:51 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:40 GMT
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc2de337da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H2 200 main.css
www.guidepointsecurity.com/wp-content/themes/guidepointsecurity/assets/dist/styles/ 257 KB
40 KB 369ms
362ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/themes/guidepointsecurity/assets/dist/styles/main.css?ver=1735597876

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c1d5c070343064274a58ae3fad847cf13dd03f33eb4e6fe06afbc3fa787af69

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"67731f34-403dc"
age: 131129
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 19:44:51 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 30 Dec 2024 22:31:16 GMT
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc2de357da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H2 200 ekiticons.css
www.guidepointsecurity.com/wp-content/plugins/elementskit-lite/modules/elementskit-icon-pack/assets/css/ 122 KB
13 KB 356ms
348ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementskit-lite/modules/elementskit-icon-pack/assets/css/ekiticons.css?ver=3.3.3

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc43d3186a56803c42f5a0072485555d029bde16ab04c68f9b83a13caa2f1870

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"67635678-1e840"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 19:44:51 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 23:10:48 GMT
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc2de377da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H2 200 search-forms.css
www.guidepointsecurity.com/wp-content/plugins/searchwp/assets/css/frontend/ 5 KB
1 KB 357ms
349ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/searchwp/assets/css/frontend/search-forms.css?ver=4.3.17

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

480cbbdaf9ea4afde46d8c47c35a98172d4bdc57232c38fd6c44a514ae1c1a87

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"672008e8-13a4"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 19:44:51 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 28 Oct 2024 21:58:00 GMT
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc2de397da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H2 200 widget-styles.css
www.guidepointsecurity.com/wp-content/plugins/elementskit-lite/widgets/init/assets/css/ 450 KB
51 KB 378ms
373ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementskit-lite/widgets/init/assets/css/widget-styles.css?ver=3.3.3

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5254e28deb757a2e8c3d9c031ce4fc47165bf744c2dfe610818d9ba0bd59053b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"67635678-70664"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 19:44:51 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 23:10:48 GMT
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc2de3c7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H2 200 widget-styles-pro.css
www.guidepointsecurity.com/wp-content/plugins/elementskit/widgets/init/assets/css/ 388 KB
44 KB 360ms
355ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementskit/widgets/init/assets/css/widget-styles-pro.css?ver=3.7.5

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28935d5cef07f490188c10bd7f506972a6b8904c1ca5887e26c74a29bf3bc42c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"674e37dd-611a7"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 19:44:51 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 02 Dec 2024 22:42:37 GMT
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc2de3e7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H2 200 responsive.css
www.guidepointsecurity.com/wp-content/plugins/elementskit-lite/widgets/init/assets/css/ 30 KB
3 KB 353ms
348ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementskit-lite/widgets/init/assets/css/responsive.css?ver=3.3.3

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12c3f7bc60c99d1b6b634d6cd16fbb0e26ae75ddda15d7a6e5106cd5dad83f14

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"67635678-765b"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 19:44:51 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 23:10:48 GMT
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc2de417da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H2 200 jquery.min.js Show response
www.guidepointsecurity.com/wp-includes/js/jquery/ 86 KB
31 KB 353ms
349ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"64ecd5ef-15601"
age: 131129
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 19:44:51 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 28 Aug 2023 17:14:23 GMT
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc2de437da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H2 200 cher-frontend.min.js Show response
www.guidepointsecurity.com/wp-content/plugins/cher/assets/js/ 621 B
449 B 385ms
381ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/cher/assets/js/cher-frontend.min.js?ver=1.0.0

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f0440e8eed47b274a5757b906ef7e8ba5679f84c5ef0a5ebb9b71ee954452df

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"5f903faf-26d"
age: 131129
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 19:44:51 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 21 Oct 2020 14:03:27 GMT
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc35f1c7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H/1.1 200
OK bizible.js Show response
cdn.bizible.com/scripts/ 67 KB
25 KB 563ms
201ms Script
application/x-javascript 23.48.23.52
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/scripts/bizible.js

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.48.23.52 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-48-23-52.deploy.static.akamaitechnologies.com

Software

Resource Hash

b57fb5290108671fa8068f48df452a405078f6932126b47407584a42545d49ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

Strict-Transport-Security: max-age=31536000; includeSub
Cache-Control: max-age=86400
Content-Encoding: gzip
ETag: "94bfcbf968db1:0"
Connection: keep-alive
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 25393
Date: Mon, 20 Jan 2025 19:44:52 GMT
Content-Type: application/x-javascript
Last-Modified: Thu, 16 Jan 2025 11:28:20 GMT
Vary: Accept-Encoding

GET
H2 200 36f9003f53fb3defb80434a63e1c5676.js Show response
truyoproductionuscdn.truyo.com/js/ 21 KB
5 KB 633ms
138ms Script
text/javascript 13.107.246.61
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://truyoproductionuscdn.truyo.com/js/36f9003f53fb3defb80434a63e1c5676.js
Requested by: Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.107.246.61 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: aa28d31362437b5c5183ccc97a0985d498fc52d3cb5e2dca92f3c8c9a3140851

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-ms-blob-type: BlockBlob
x-cache-info: L1_T2
x-azure-ref: 20250120T194452Z-158766dbf87dcknrhC1MRSe6x000000009dg000000000pyh
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
content-encoding: br
x-fd-int-roxy-purgeid: 82478213
x-ms-request-id: 3e55b232-c01e-002d-1963-6969cd000000
access-control-allow-origin: *
x-ms-meta-md5sum: 43783fb36e6a97c641cec6cf86c37050
x-cache: TCP_HIT
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Fri, 03 Nov 2023 15:37:37 GMT

GET
H3 200 Government_Solutions.png
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 5 KB
6 KB 92ms
92ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/Government_Solutions.png

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ae137b0622083ab7b1b10f5357ba13864d9a9c6697d5a629b9ecd224e815e54

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "6604f59d-1865"
age: 131127
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=6245
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:51 GMT
content-type: image/webp
content-disposition: inline; filename="Government_Solutions.webp"
vary: Accept
last-modified: Thu, 28 Mar 2024 04:44:13 GMT
priority: u=2,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc4281b7da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 5630
server: cloudflare

GET
H3 200 GSA_Contract.png
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 2 KB
2 KB 93ms
93ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/GSA_Contract.png

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73a789e2d2eb230e61fcaf348270b875a22cf2f08d81eb21a48b89b34dddec0c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "6604f5a9-83b"
age: 131126
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=2107
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:51 GMT
content-type: image/webp
content-disposition: inline; filename="GSA_Contract.webp"
vary: Accept
last-modified: Thu, 28 Mar 2024 04:44:25 GMT
priority: u=2,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc4281e7da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 1734
server: cloudflare

GET
H3 200 DOD_ESI_Contract.png
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 5 KB
5 KB 126ms
126ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/DOD_ESI_Contract.png

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9d4295c24f746a06967421896dcf7d112c5b2d8dc8b037a23b89763f68a2fab

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "6604f5b6-13b2"
age: 131128
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=5042
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: image/webp
content-disposition: inline; filename="DOD_ESI_Contract.webp"
vary: Accept
last-modified: Thu, 28 Mar 2024 04:44:38 GMT
priority: u=2,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc4c8e47da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 4640
server: cloudflare

GET
H3 200 Premise_Health.png
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 4 KB
4 KB 95ms
94ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/Premise_Health.png

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e90b694c377d73581cb511fa3620b8608721e09aac1cf67cdab00c0d07db0ca

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "6604f15b-116a"
age: 131127
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=4458
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:51 GMT
content-type: image/webp
content-disposition: inline; filename="Premise_Health.webp"
vary: Accept
last-modified: Thu, 28 Mar 2024 04:26:03 GMT
priority: u=2,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc4c8ea7da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 3758
server: cloudflare

GET
H3 200 Nuance.png
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 3 KB
3 KB 100ms
98ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/Nuance.png

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16e1574e68c0a57632bc083b08732821592eae48471414e807ba1f6355c00afe

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "6604f17c-d18"
age: 131128
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=3352
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: image/webp
content-disposition: inline; filename="Nuance.webp"
vary: Accept
last-modified: Thu, 28 Mar 2024 04:26:36 GMT
priority: u=2,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc58a547da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 2684
server: cloudflare

GET
H3 200 KHovnanian_Homes.png
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 5 KB
5 KB 742ms
727ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/KHovnanian_Homes.png

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34335e9b3a98a19a8149e7b34481062eb8cf95626a31bbe3597adae528286c84

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "6604f18a-13e7"
age: 131128
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=5095
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: image/webp
content-disposition: inline; filename="KHovnanian_Homes.webp"
vary: Accept
last-modified: Thu, 28 Mar 2024 04:26:50 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc957da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 4764
server: cloudflare

GET
H3 200 Follett.png
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 3 KB
3 KB 743ms
728ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/Follett.png

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88f5933317943ba930be9ab41ce66120b071e5a83c3ab2386bdf37d16161bd11

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "6604f195-dd0"
age: 131128
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=3536
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: image/webp
content-disposition: inline; filename="Follett.webp"
vary: Accept
last-modified: Thu, 28 Mar 2024 04:27:01 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc967da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 3018
server: cloudflare

GET
H3 200 Intelsat.png
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 3 KB
4 KB 744ms
729ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/Intelsat.png

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7d1f40ef2baa6320abe434fa34a3b5fb1464822d441a5225014fad696e14dc1

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "6604f1a0-f38"
age: 131128
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=3896
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: image/webp
content-disposition: inline; filename="Intelsat.webp"
vary: Accept
last-modified: Thu, 28 Mar 2024 04:27:12 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc987da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 3246
server: cloudflare

GET
H3 200 Sisence.png
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 3 KB
4 KB 745ms
730ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/Sisence.png

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0189cfe39dc4645df5828d34de7a5848a8371222cb36c7aeb76643b8822cfa4c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "6604f1b7-eaa"
age: 131128
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=3754
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: image/webp
content-disposition: inline; filename="Sisence.webp"
vary: Accept
last-modified: Thu, 28 Mar 2024 04:27:35 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc997da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 3254
server: cloudflare

GET
H3 200 GPS_Financial_Logo.svg
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 8 KB
3 KB 746ms
731ms Image
image/svg+xml 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/GPS_Financial_Logo.svg

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

689f946b48a42556a9e86c4a67643c3877d6761a123e3e3651fb6578a7b7034f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6604f1c9-1f7c"
age: 131127
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 28 Mar 2024 04:27:53 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc9a7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 GPSU.png
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 5 KB
6 KB 745ms
731ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/GPSU.png

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3170e302fd0264249ed801569435555244d773739af77ac7a8f2e22ae5bdb60

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "6604f1d4-18f7"
age: 131128
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=6391
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: image/webp
content-disposition: inline; filename="GPSU.webp"
vary: Accept
last-modified: Thu, 28 Mar 2024 04:28:04 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc9c7da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 5578
server: cloudflare

GET
H3 200 GRIT_2.png
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 22 KB
23 KB 746ms
732ms Image
image/png 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/GRIT_2.png

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11dd86442cf00801df4b476f5e79f5a64b7fd6d063515705df0ee12027abc782

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "6604f1e1-60f6"
age: 131128
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origSize=24822, status=webp_bigger
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: image/png
last-modified: Thu, 28 Mar 2024 04:28:17 GMT
vary: Accept-Encoding
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc9d7da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 22930
server: cloudflare

GET
H3 200 GPSEC_Image_400x200.png
www.guidepointsecurity.com/wp-content/uploads/2021/07/ 6 KB
7 KB 761ms
747ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2021/07/GPSEC_Image_400x200.png

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

badbf482b2abccc80d293050961ecdf54d39eb9942f3536776f08b0b9065c7a1

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "667dab7d-1def"
age: 131128
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=7663
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: image/webp
content-disposition: inline; filename="GPSEC_Image_400x200.webp"
vary: Accept
last-modified: Thu, 27 Jun 2024 18:12:13 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc9e7da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 6406
server: cloudflare

GET
H3 200 Blog2_Menu-AdobeStock_270370862_470x432-300x276-1.jpg
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 20 KB
20 KB 762ms
748ms Image
image/jpeg 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/Blog2_Menu-AdobeStock_270370862_470x432-300x276-1.jpg

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41122c258f412f5cded15edbc61fedfc419d3a880a8422c6d53373e700697742

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "66a41402-5069"
age: 131128
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origSize=20585
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: image/jpeg
last-modified: Fri, 26 Jul 2024 21:24:18 GMT
vary: Accept-Encoding
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fca07da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 20022
server: cloudflare

GET
H3 200 iStock-1467937769_Blog-image-menu.jpg
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 24 KB
25 KB 762ms
749ms Image
image/jpeg 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/iStock-1467937769_Blog-image-menu.jpg

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

700299dcc9c16df05bc6cf4147fb0a305f6ec166b44256d102eeef7642f30cc5

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "66a41247-644f"
age: 131127
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origSize=25679
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: image/jpeg
last-modified: Fri, 26 Jul 2024 21:16:55 GMT
vary: Accept-Encoding
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fca17da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 24943
server: cloudflare

GET
H3 200 GRIT_Ransomware_Report_menu_thumbnail.png
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 42 KB
42 KB 763ms
749ms Image
image/png 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/GRIT_Ransomware_Report_menu_thumbnail.png

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6a5e8ac6922f25e9f5d3a8c5bfa8a1974e3b9a1256789cb805f9d7ced30edcb

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "66a25321-bf9c"
age: 131128
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origSize=49052, status=webp_bigger
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: image/png
last-modified: Thu, 25 Jul 2024 13:29:05 GMT
vary: Accept-Encoding
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fca37da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 42559
server: cloudflare

GET
H3 200 The-Brick-House-image_Menu.png
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 10 KB
11 KB 762ms
749ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/The-Brick-House-image_Menu.png

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0925e63cb925e46af8a3e17c20379ceb1f8ce23d1664d79fdc60da04ea413183

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "66a4115b-3508"
age: 131128
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=13576
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: image/webp
content-disposition: inline; filename="The-Brick-House-image_Menu.webp"
vary: Accept
last-modified: Fri, 26 Jul 2024 21:12:59 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fca67da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 10740
server: cloudflare

GET
H3 200 IAM_Whitepaper_05.21.png
www.guidepointsecurity.com/wp-content/uploads/2024/05/ 35 KB
36 KB 762ms
750ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/05/IAM_Whitepaper_05.21.png

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

770fd9e95d6596749547718cdd4b7155aee80d6e3ddf4ad67c21502fbbd49e39

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "664d456c-973b"
age: 131128
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=38715
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: image/webp
content-disposition: inline; filename="IAM_Whitepaper_05.webp"
vary: Accept
last-modified: Wed, 22 May 2024 01:07:56 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fca77da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 36124
server: cloudflare

GET
H3 200 GRIT_Webinar_Menu_Thumbnail.png
www.guidepointsecurity.com/wp-content/uploads/2024/10/ 41 KB
41 KB 762ms
750ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/10/GRIT_Webinar_Menu_Thumbnail.png

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

615921c79bb549a6f9b43cdb865de304c9ee49288a58fcdeb8ce20e7b85c2f60

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "67191a68-c345"
age: 131128
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=49989
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: image/webp
content-disposition: inline; filename="GRIT_Webinar_Menu_Thumbnail.webp"
vary: Accept
last-modified: Wed, 23 Oct 2024 15:46:48 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fca87da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 42018
server: cloudflare

GET
H3 200 grit-blog-tag.png
www.guidepointsecurity.com/wp-content/themes/guidepointsecurity/assets/src/images/ 125 KB
125 KB 762ms
751ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/themes/guidepointsecurity/assets/src/images/grit-blog-tag.png

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05fd0536813f75c4daf7e383b6f40dc617d34e271b4e1968d3aee6ac4f513620

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "67731f34-2e72d"
age: 35356
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=190253
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: image/webp
content-disposition: inline; filename="grit-blog-tag.webp"
vary: Accept
last-modified: Mon, 30 Dec 2024 22:31:16 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fcab7da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 127650
server: cloudflare

GET
H3 200 email-decode.min.js Show response
www.guidepointsecurity.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
835 B 79ms
78ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cache-control: max-age=172800, public
content-encoding: gzip
etag: W/"678a8b9a-4d7"
x-content-type-options: nosniff
cf-ray: 90518fc5ba827da4-TLV
expires: Wed, 22 Jan 2025 19:44:52 GMT
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
last-modified: Fri, 17 Jan 2025 16:55:54 GMT
vary: Accept-Encoding
server: cloudflare
x-frame-options: DENY

GET
H2 200 forms2.min.js Show response
go.guidepointsecurity.com/js/forms2/js/ 199 KB
67 KB 448ms
109ms Script
application/x-javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.guidepointsecurity.com/js/forms2/js/forms2.min.js

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b9d5582ddc08d7f2faba850c9515ded8ff9d331b7b0be51a6f672c308d3843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "8220b-31be0-62bae0fc2ea40"
age: 3270
x-content-type-options: nosniff
cf-ray: 90518fc84987c224-TLV
expires: Mon, 20 Jan 2025 23:44:52 GMT
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/x-javascript
last-modified: Tue, 14 Jan 2025 17:40:49 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 1 KB
989 B 421ms
138ms Script
text/javascript 216.58.212.164
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.164 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f4.1e100.net

Software

ESF /

Resource Hash

7dae9c30172a21cb7a76f8ebc952d0dcd0d9e9a8278abc292bdf9753aec6ae74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

cache-control: private, max-age=300
content-encoding: gzip
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options: nosniff
expires: Mon, 20 Jan 2025 19:44:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Mon, 20 Jan 2025 19:44:52 GMT
x-xss-protection: 0
content-type: text/javascript; charset=utf-8
server: ESF
x-frame-options: SAMEORIGIN

GET
H3 200 widget-image.min.css
www.guidepointsecurity.com/wp-content/plugins/elementor/assets/css/ 254 B
466 B 131ms
130ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementor/assets/css/widget-image.min.css?ver=3.26.0

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a3a5696f506baa9a2c86a915349f162bc3682b4899b97fc7fb21670d0cbf322

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6763500f-fe"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 22:43:27 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc63b007da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 widget-theme-elements.min.css
www.guidepointsecurity.com/wp-content/plugins/elementor-pro/assets/css/ 10 KB
2 KB 276ms
274ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementor-pro/assets/css/widget-theme-elements.min.css?ver=3.24.4

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

080ecd3c9258c476300ae331cc1d363730cae5544ffd6c55bd5eafc0fb5d7281

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6722c4b8-2728"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 30 Oct 2024 23:43:52 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6dba37da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 fontawesome.min.css
www.guidepointsecurity.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 57 KB
13 KB 277ms
274ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fafc4160788beca657ec3e3041976281fb6d54a0e82bb4d22a433f7c6bb8b1d6

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6763500f-e2d7"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 22:43:27 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6dba97da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 solid.min.css
www.guidepointsecurity.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 669 B
665 B 275ms
270ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37bab6cd583982e8eff58501a99d7c5c4d63664c1ca34f9e3b7cf526c5b73ae2

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6763500f-29d"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 22:43:27 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6dbb67da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 castos-player.min.css
www.guidepointsecurity.com/wp-content/plugins/seriously-simple-podcasting/assets/css/ 36 KB
6 KB 172ms
166ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/seriously-simple-podcasting/assets/css/castos-player.min.css?ver=3.7.1

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8014974e36593b25379b0e1c284924b81499b01d01bad10a7ba44b5b71f38d20

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"67635068-91ec"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 22:44:56 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6dbb77da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 subscribe-buttons.css
www.guidepointsecurity.com/wp-content/plugins/seriously-simple-podcasting/assets/css/ 556 B
604 B 276ms
268ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/seriously-simple-podcasting/assets/css/subscribe-buttons.css?ver=3.7.1

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3425023ae9bf6a5b6f6d57c73dba23d8367722cd41d2615aba5e350f02989e1

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"67635068-22c"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 22:44:56 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6dbb97da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-28261.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 12 KB
2 KB 276ms
263ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28261.css?ver=1737132520

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c895863259144e0638e20b89a4237d1eda3ee1a1b94651e55367b14475fb5a02

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89e8-30c3"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:40 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6ebc37da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-28324.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 9 KB
1 KB 276ms
261ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28324.css?ver=1737132520

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8165b3622601d303416fb14c16222eb2fe9b2612abf58f2ea053d1849a547029

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89e8-25a1"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:40 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6ebc67da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-28332.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 12 KB
2 KB 272ms
255ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28332.css?ver=1737132520

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2472b09ab0e112344f5e25ce73a61b17bbfcfb0d28874858131f33689a0caf4

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89e8-2f2d"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:40 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fbc87da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-28348.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 11 KB
2 KB 272ms
252ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28348.css?ver=1737132521

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78862cb74e0c1bbe1e03c94303b60eca4a6d950cdefef921ee475fc07c1292a6

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89e9-2b25"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:41 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fbd27da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-28352.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 11 KB
2 KB 272ms
251ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28352.css?ver=1737132521

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e0598422f34dca372f578da29e2ae51ea2ce58050d83c22688c847ba3e3537b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89e9-2d8f"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:41 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fbd77da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-28359.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 5 KB
1 KB 169ms
147ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28359.css?ver=1737132521

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11377ace2337ea8287ecefb1bedeab3712b6862d7068076a74927d0711e601a7

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89e9-15ef"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:41 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fbdd7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-28366.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 14 KB
1 KB 170ms
148ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28366.css?ver=1737132521

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ea41c68f752d33873ef4818a29c062acbf73b129c90912251e57b7585993374

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89e9-37a5"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:41 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fbe17da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-28373.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 9 KB
1 KB 178ms
156ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28373.css?ver=1737132521

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99cd42c0c58b1ca6718b76cbb9c57a732a722c0d0d3958395fed37e0deaeb4f4

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89e9-257d"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:41 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fbe37da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-28380.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 12 KB
1 KB 178ms
156ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28380.css?ver=1737132521

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0b19e518f0c8d34e9d1be208fbe25b392a005eb08b71312dd37c719ae9626d7

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89e9-2f29"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:41 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fbe87da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-28387.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 14 KB
2 KB 271ms
250ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28387.css?ver=1737132522

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca615091699ae472b5517288ba1f431aa783672a634dff3178c27749a89c0c23

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89e9-36ec"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:41 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fbec7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 fadeIn.min.css
www.guidepointsecurity.com/wp-content/plugins/elementor/assets/lib/animations/styles/ 77 B
406 B 272ms
250ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementor/assets/lib/animations/styles/fadeIn.min.css?ver=3.26.0

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9c370831c74b1850d70f5b1c99453d6cda21e5099428a3f21c43bd96c3acb5d

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6763500f-4d"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 22:43:27 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fbf07da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-28394.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 9 KB
1 KB 272ms
250ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28394.css?ver=1737132522

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3af1518745d0299b258232ff5dba095ffd5e4d9fdfafd2ff6425438d67d1363

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89ea-2590"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:42 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fbf17da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-32493.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 9 KB
1 KB 290ms
268ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-32493.css?ver=1737132522

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbff81b81b3857f00291853dcd19212872dc50a7c97fde595bfa91a04a979b05

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89ea-2439"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:42 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fbf47da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-28901.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 10 KB
1 KB 322ms
301ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28901.css?ver=1737132522

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3ee545a2446dc4f3cb8cb378a1a775918b223dfaeaeab871ad5b1b8084d41e4

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89ea-27d6"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:42 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fbf87da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-28401.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 9 KB
1 KB 324ms
303ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28401.css?ver=1737132522

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c72f215bc646b82d59e36c6c2672dbdc92f8cefd32392b9d2f804e3bc63d6e8a

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89ea-257e"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:42 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fbfb7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-28408.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 7 KB
1 KB 323ms
301ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28408.css?ver=1737132522

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d251b544568bb3ae07cb0ef10965e09c66d530b45b5e9658dcc30c27b8734c5c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89ea-1acb"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:42 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fbfc7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-28415.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 12 KB
1 KB 323ms
302ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28415.css?ver=1737132522

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da7cc5ae3d9bfc73d7f1813d09c8a9ea702222053d89f21892e29afdfb761c4d

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89ea-2f28"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:42 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fbfd7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-28425.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 14 KB
2 KB 596ms
575ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28425.css?ver=1737132522

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

296fd4505f149bafb1d5653687b5dfd21ddc1bcb3e92c89d9be3e34b257f4c95

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89ea-39ce"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:42 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fbff7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-28429.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 24 KB
3 KB 601ms
580ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28429.css?ver=1737132523

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f97e4c007966d79ad2fb3f049eff0bbbed89385ab9671c7891581e9d11f5c696

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89eb-61fa"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:43 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc017da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 swiper.min.css
www.guidepointsecurity.com/wp-content/plugins/elementor/assets/lib/swiper/v8/css/ 16 KB
5 KB 613ms
592ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementor/assets/lib/swiper/v8/css/swiper.min.css?ver=8.4.5

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c57e64fcb72bddafa9c38de574441c3e69ac6c961df96b0cad34da83658bd196

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6763500f-4057"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 22:43:27 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc067da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 e-swiper.min.css
www.guidepointsecurity.com/wp-content/plugins/elementor/assets/css/conditionals/ 5 KB
1 KB 613ms
592ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementor/assets/css/conditionals/e-swiper.min.css?ver=3.26.0

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

196f351ce1a780302b50e7b2404023102d7f555aa518d62ec678829c4b7b1185

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6763500f-156e"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 22:43:27 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc097da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-28433.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 32 KB
3 KB 613ms
593ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28433.css?ver=1737132523

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16205bdc9fa3c56dda510c0eb78ee066d94bdbc514d867a4155869e119e0af68

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89eb-8023"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:43 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc0c7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-28437.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 31 KB
3 KB 653ms
632ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-28437.css?ver=1737132523

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

acbc86b8c84ead040a7b0d830f4e93b8daeab4da1973f7bceaf5791b9cd59844

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89eb-7cf1"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:43 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc0f7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 elementor-icons.min.css
www.guidepointsecurity.com/wp-content/plugins/elementor/assets/lib/eicons/css/ 20 KB
4 KB 653ms
633ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.34.0

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b1bd4f2ad15ca4430bc9f14f4bc77080009742326c61dc7a107b78e27675093

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6763500f-4e5c"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 22:43:27 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc117da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 post-21472.css
www.guidepointsecurity.com/wp-content/uploads/elementor/css/ 2 KB
869 B 653ms
633ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/elementor/css/post-21472.css?ver=1737132524

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67920d915b2009054a26443f27e0c93f4f0708c5ab00bc8be8bbe9fe6e0a9850

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"678a89ec-618"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 17 Jan 2025 16:48:44 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc167da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 frontend.min.css
www.guidepointsecurity.com/wp-content/plugins/elementor-pro/assets/css/ 9 KB
2 KB 654ms
634ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.24.4

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1eeb5a400ad84218b26d8da9fc3053c2896afb6e68ae5b350de7af0d6939f77a

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6722c4b8-2464"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 30 Oct 2024 23:43:52 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc1b7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 style.css
www.guidepointsecurity.com/wp-content/plugins/elementskit/modules/mouse-cursor/assets/css/ 358 B
519 B 654ms
634ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementskit/modules/mouse-cursor/assets/css/style.css?ver=3.7.5

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ae3edf7b02996a91627f49d469aa9877d9d69d6fd061063d0accb13ce3fdd61

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"674e37dc-166"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 02 Dec 2024 22:42:36 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc1f7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 rot13-encode-decode.js Show response
www.guidepointsecurity.com/wp-content/mu-plugins/vital-core/public/rot13-encode-decode/ 633 B
698 B 654ms
634ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/mu-plugins/vital-core/public/rot13-encode-decode/rot13-encode-decode.js?ver=1.0

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

35ad1262c83146129e7b19b7c304932da742fdcebb127d54a6f166981148ae3e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"5f903faf-279"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 21 Oct 2020 14:03:27 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc267da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 underscore.min.js Show response
www.guidepointsecurity.com/wp-includes/js/ 18 KB
8 KB 657ms
637ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-includes/js/underscore.min.js?ver=1.13.7

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5152316fade8c592fbfd38bc491e059464d967d3d31a582b0c885c0961deed30

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"674e384d-49be"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 02 Dec 2024 22:44:29 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc2c7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 wp-util.min.js Show response
www.guidepointsecurity.com/wp-includes/js/ 1 KB
1 KB 657ms
638ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-includes/js/wp-util.min.js?ver=6.7.1

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3bc6467a95cec8fa516c6f5f69e1301e37e16f9bb1046fe7756729249f901b95

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"632938ea-592"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Tue, 20 Sep 2022 03:52:10 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc327da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 ajax-load-more-filter.js Show response
www.guidepointsecurity.com/wp-content/themes/guidepointsecurity/js/ 1 KB
904 B 658ms
638ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/themes/guidepointsecurity/js/ajax-load-more-filter.js

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4650a9b20941396cbfbbfa90820623b37370c0a1a45e6406964a069898b057e0

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"67731f34-49e"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 30 Dec 2024 22:31:16 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc377da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 slick.min.js Show response
www.guidepointsecurity.com/wp-content/themes/guidepointsecurity/assets/lib/slick/ 42 KB
11 KB 659ms
640ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/themes/guidepointsecurity/assets/lib/slick/slick.min.js?ver=1.8.1

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"67731f34-a76f"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 30 Dec 2024 22:31:16 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc3a7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 lottie.min.js Show response
www.guidepointsecurity.com/wp-content/plugins/elementor-pro/assets/lib/lottie/ 247 KB
63 KB 655ms
636ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementor-pro/assets/lib/lottie/lottie.min.js?ver=5.6.6

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0eceb9be92f0ec6a1b69ebafa0bdb6bd72506565259ca6c4574185e7336d0f04

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6722c4b8-3daac"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 30 Oct 2024 23:43:52 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc407da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 in-view.min.js Show response
www.guidepointsecurity.com/wp-content/themes/guidepointsecurity/assets/lib/in-view/ 5 KB
2 KB 663ms
644ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/themes/guidepointsecurity/assets/lib/in-view/in-view.min.js?ver=0.6.1

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba92f31903d0ed43a15811c0506b1c357fa04ff643140a3c0e162dfc66cd37eb

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"67731f34-14be"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 30 Dec 2024 22:31:16 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc447da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 jquery.dcd.doubletaptogo.min.js Show response
www.guidepointsecurity.com/wp-content/themes/guidepointsecurity/assets/lib/doubletaptogo/ 2 KB
1 KB 663ms
645ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/themes/guidepointsecurity/assets/lib/doubletaptogo/jquery.dcd.doubletaptogo.min.js?ver=3.0.2

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

985a329121413ae5b9c3c31c166120e8b61de392e68bdeb61f6f926074044db6

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"67731f34-771"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 30 Dec 2024 22:31:16 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc4a7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 main.js Show response
www.guidepointsecurity.com/wp-content/themes/guidepointsecurity/assets/dist/scripts/ 33 KB
9 KB 665ms
647ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/themes/guidepointsecurity/assets/dist/scripts/main.js?ver=1735597876

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0d3e66407febbe6cfadf4d2a9e3fc67fb57fe3a0f17f771d6e9ba95180bc864

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"67731f34-8345"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 30 Dec 2024 22:31:16 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc4d7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 frontend-script.js Show response
www.guidepointsecurity.com/wp-content/plugins/elementskit-lite/libs/framework/assets/js/ 40 B
368 B 666ms
647ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementskit-lite/libs/framework/assets/js/frontend-script.js?ver=3.3.3

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8166c5475df6a64ab2456e95f64564164ed697d258e8bfed8cebca40efd6fa5

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"67635678-28"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 23:10:48 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc537da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 widget-scripts.js Show response
www.guidepointsecurity.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/ 134 KB
37 KB 666ms
648ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/widget-scripts.js?ver=3.3.3

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25c1ba620b1fd2e9000735c704677c7d618af09c6b82cb206346df3ceffdd495

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"67635678-21945"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 23:10:48 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc577da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 castos-player.min.js Show response
www.guidepointsecurity.com/wp-content/plugins/seriously-simple-podcasting/assets/js/ 6 KB
2 KB 679ms
661ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/seriously-simple-podcasting/assets/js/castos-player.min.js?ver=3.7.1

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8056ca807fde5c5e93c0afb23cb7349bd719cca9bd9f14ed88615061f11bea2d

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"67635068-17d6"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 22:44:56 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc5d7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 webpack-pro.runtime.min.js Show response
www.guidepointsecurity.com/wp-content/plugins/elementor-pro/assets/js/ 6 KB
3 KB 680ms
662ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.24.4

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b1ac8a583e3221087fcdaec02a8f0c75c75a0e8bcc4d68c35552f5be6387ead

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6722c4b8-1845"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 30 Oct 2024 23:43:52 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc627da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 webpack.runtime.min.js Show response
www.guidepointsecurity.com/wp-content/plugins/elementor/assets/js/ 5 KB
3 KB 681ms
663ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.26.0

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

35d718934e324ca5fbf68c3a23621595d881aab5bea834960098b8d16960a96a

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6763500f-14ce"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 22:43:27 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc657da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 frontend-modules.min.js Show response
www.guidepointsecurity.com/wp-content/plugins/elementor/assets/js/ 52 KB
16 KB 693ms
675ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.26.0

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d33d0d006fe28aaf0acaca6e7f2af522287e7d0e331826279ae25647375b7299

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6763500f-ce12"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 22:43:27 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc677da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 hooks.min.js Show response
www.guidepointsecurity.com/wp-includes/js/dist/ 5 KB
2 KB 730ms
712ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-includes/js/dist/hooks.min.js?ver=4d63a3d491d11ffd8ac6

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a1e0d38b691f1d22a92cff65ec0439b428170ac39a4493c7ecb06d5585f56a3

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"674e384d-12a8"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 02 Dec 2024 22:44:29 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc697da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 i18n.min.js Show response
www.guidepointsecurity.com/wp-includes/js/dist/ 9 KB
4 KB 729ms
711ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f313d12ea6124bd28fc4a6b7163d253bb83d5aeab5edce594880c5c3df475cbc

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"65ce417b-23b5"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 15 Feb 2024 16:53:15 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc6c7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 frontend.min.js Show response
www.guidepointsecurity.com/wp-content/plugins/elementor-pro/assets/js/ 24 KB
7 KB 727ms
709ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.24.4

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60b513b033170f791f057c6cd0b4561d76c89d356289b3b134621ea9be2bde38

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6722c4b8-61da"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 30 Oct 2024 23:43:52 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc6d7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 core.min.js Show response
www.guidepointsecurity.com/wp-includes/js/jquery/ui/ 21 KB
7 KB 727ms
710ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.3

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e84c9f8d71bc6eb2dac2fce59a6caea62da51ffa8cf56b41806f59386ab1322

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"66aaeb1a-53d8"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 01 Aug 2024 01:55:38 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc737da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 frontend.min.js Show response
www.guidepointsecurity.com/wp-content/plugins/elementor/assets/js/ 44 KB
14 KB 727ms
710ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.26.0

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f17a033f702ca3ef54d1cf59bb21085721b5888c9b60dd267b3a02e092074f8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6763500f-b174"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 22:43:27 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc767da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 elements-handlers.min.js Show response
www.guidepointsecurity.com/wp-content/plugins/elementor-pro/assets/js/ 42 KB
11 KB 727ms
710ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.24.4

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

667ea9bc219f6385bdbe1372f011deeddb7371ae5faf56421adf858e15cf5dd8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6722c4b8-a727"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 30 Oct 2024 23:43:52 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc787da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 animate-circle.min.js Show response
www.guidepointsecurity.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/ 681 B
787 B 728ms
711ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/animate-circle.min.js?ver=3.3.3

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8642bcd147ba3528345f5bd17f788cd524931e093255b2c1c8344677a1ab505

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"67635678-2a9"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 23:10:48 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc7b7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 elementor.js Show response
www.guidepointsecurity.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/ 18 KB
6 KB 748ms
732ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/elementor.js?ver=3.3.3

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3044ae66be11f026e61aae1190cdf2fd43adb843b841249cc965729b97621791

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"67635678-48e4"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Dec 2024 23:10:48 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc807da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 elementor.js Show response
www.guidepointsecurity.com/wp-content/plugins/elementskit/widgets/init/assets/js/ 39 KB
11 KB 751ms
735ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementskit/widgets/init/assets/js/elementor.js?ver=3.7.5

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02cbd72601fc578296394fe8dc37627367ccd2c65b289f9550a342e0a69a1b0b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"674e37dd-9c68"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 02 Dec 2024 22:42:37 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc847da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 elementskit-sticky-content.js Show response
www.guidepointsecurity.com/wp-content/plugins/elementskit/modules/sticky-content/assets/js/ 7 KB
3 KB 733ms
722ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementskit/modules/sticky-content/assets/js/elementskit-sticky-content.js?ver=3.7.5

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

017e8930e2e7e98567b1dd59fbc0a66b82d353a05d78f305846a1466cc974a5a

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"674e37dd-1c0d"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 02 Dec 2024 22:42:37 GMT
priority: u=3,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc75cad7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 wrapper.js Show response
www.guidepointsecurity.com/wp-content/plugins/elementskit/modules/wrapper-link/assets/js/ 522 B
679 B 751ms
735ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementskit/modules/wrapper-link/assets/js/wrapper.js?ver=3.7.5

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ec7f15bdcfb1a894f051e630429d6e1c5da8ae7c83f51de623933d24461e529

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"674e37dd-20a"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 02 Dec 2024 22:42:37 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc877da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 cotton.min.js Show response
www.guidepointsecurity.com/wp-content/plugins/elementskit/modules/mouse-cursor/assets/js/ 8 KB
3 KB 737ms
721ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementskit/modules/mouse-cursor/assets/js/cotton.min.js?ver=3.7.5

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

988e6f95dfed0cc8e0ab5314b85507fec93722e86e2f7c348a9bf27297f970e3

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"674e37dc-1ed3"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 02 Dec 2024 22:42:36 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc8a7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 mouse-cursor-scripts.js Show response
www.guidepointsecurity.com/wp-content/plugins/elementskit/modules/mouse-cursor/assets/js/ 2 KB
1 KB 738ms
722ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementskit/modules/mouse-cursor/assets/js/mouse-cursor-scripts.js?ver=3.7.5

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7de31269cf085123c192f66ed04c37d8822004c6b104ab4d57050051a754a75b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"674e37dc-6ce"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 02 Dec 2024 22:42:36 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc6fc937da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 lazyload.min.js Show response
www.guidepointsecurity.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/ 9 KB
3 KB 733ms
722ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"674e36bb-22bc"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 02 Dec 2024 22:37:47 GMT
priority: u=3,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc75cae7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 365 KB
120 KB 451ms
153ms Script
application/javascript 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M3WXW77

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

3a52b74d5c49f982c7abd56b2a8ce416348f59e075155140d6868dffad51c2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Mon, 20 Jan 2025 19:44:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 20 Jan 2025 18:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 122033
x-xss-protection: 0
server: Google Tag Manager

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 735dcf947685c35ac62102adcddf48a40e46e84762e742a58f3f40193d278906

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cbec7579d8c2963f13b8ef90847bef861b534371bfd2dab99ebb09ff1528b0e9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 53fcda2005c85df4f1d2c761e174deeb05d0b5cc88e872a05b6ac17742c5b6f3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H3 200 zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2
fonts.gstatic.com/s/ibmplexsans/v19/ 19 KB
19 KB 306ms
145ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v19/zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=IBM%20Plex%20Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

db71f8a28ad8501544fb4e7668e3c6d0b731760b6f20de3525ebaeba597f1922

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.guidepointsecurity.com
Referer: https://fonts.googleapis.com/

Response headers

age: 556751
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 14 Jan 2026 09:05:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 14 Jan 2025 09:05:41 GMT
last-modified: Tue, 02 May 2023 16:04:22 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19156
x-xss-protection: 0
server: sffe

GET
H3 200 zYX9KVElMYYaJe8bpLHnCwDKjSL9AIFsdA.woff2
fonts.gstatic.com/s/ibmplexsans/v19/ 20 KB
20 KB 350ms
190ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjSL9AIFsdA.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

5ef914e59b0047a261844d96acabb60c34d3acab6b85ea24198726ce4781fd37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.guidepointsecurity.com
Referer: https://fonts.googleapis.com/

Response headers

age: 543846
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 14 Jan 2026 12:40:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 14 Jan 2025 12:40:46 GMT
last-modified: Tue, 02 May 2023 15:58:54 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 20064
x-xss-protection: 0
server: sffe

GET
H3 200 elementskit.woff
www.guidepointsecurity.com/wp-content/plugins/elementskit-lite/modules/elementskit-icon-pack/assets/fonts/ 449 KB
449 KB 213ms
212ms Font
font/woff 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementskit-lite/modules/elementskit-icon-pack/assets/fonts/elementskit.woff?y24e1e

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/wp-content/plugins/elementskit-lite/modules/elementskit-icon-pack/assets/css/ekiticons.css?ver=3.3.3

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

edb1e4c879a22b1b413be44cb521a8f20fcc40e9ca1aa50c1c38cd45868de369

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.guidepointsecurity.com
Referer: https://www.guidepointsecurity.com/wp-content/plugins/elementskit-lite/modules/elementskit-icon-pack/assets/css/ekiticons.css?ver=3.3.3

Response headers

cf-cache-status: HIT
etag: "67635678-70328"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: font/woff
last-modified: Wed, 18 Dec 2024 23:10:48 GMT
vary: Accept-Encoding
priority: u=0,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc78cf47da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 459560
server: cloudflare

GET
H3 200 zYX9KVElMYYaJe8bpLHnCwDKjWr7AIFsdA.woff2
fonts.gstatic.com/s/ibmplexsans/v19/ 19 KB
19 KB 304ms
145ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjWr7AIFsdA.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

fff71a83690454ee6ea9014780a6797408918cb90cde1f0f3be65ea28a03c678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.guidepointsecurity.com
Referer: https://fonts.googleapis.com/

Response headers

age: 544695
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 14 Jan 2026 12:26:37 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 14 Jan 2025 12:26:37 GMT
last-modified: Tue, 02 May 2023 16:08:34 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19440
x-xss-protection: 0
server: sffe

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 26ae64ca22c48cea2cff096ccb5fb79e5255aaff58e2449ba48794fdc0e089ab

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b85175c21358b9c4e67033cef7ea98ed3f508ded187fd5a627bf9c77c0f74fb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a71e45f2fdff56b088251774153c0bb0b6237b2a9711795d5f4633d484cdcff3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 285 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2902b7e86b4a656228ad1b646d19cda7720f890f8f5ba3b5eceb2dd23633355d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 323 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bbbe17e6766c1384a2e4499306eb3beeac5a8440bed8e6f861a604a7a13f77b3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 194 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7ef2b53caf99b02f91d8ed9125d4bd86a642677a0427b411f083352cf5d6139

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 298 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c168e252dcd59b98c43fa6c14f3ecd0b29ce6a38f57ea48a162a1a329ad7425d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3 200 footer-background.png
www.guidepointsecurity.com/wp-content/uploads/2020/08/ 56 KB
56 KB 525ms
514ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2020/08/footer-background.png

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca3726a286c0e1e22114dddae9f9ef6a6db64ed5daffb2355031bae1ae107899

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "6452d469-f786"
age: 131130
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=63366
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: image/webp
content-disposition: inline; filename="footer-background.webp"
vary: Accept
last-modified: Wed, 03 May 2023 21:38:49 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fc88e697da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 57376
server: cloudflare

GET
H2 200 getForm Show response
go.guidepointsecurity.com/index.php/form/ 6 KB
2 KB 369ms
358ms Script
application/javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.guidepointsecurity.com/index.php/form/getForm?munchkinId=995-MTM-359&form=3179&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&callback=jQuery37107764715486980087_1737402292884&_=1737402292885
Requested by: Host: go.guidepointsecurity.com
URL: https://go.guidepointsecurity.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b29f57d36658c0e564e6add845dbb3d3f6d32e43132315597346cf603eb508e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

cf-ray: 90518fcb0d65c224-TLV
cached: true
content-encoding: gzip
date: Mon, 20 Jan 2025 19:44:53 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 recaptcha__iw.js Show response
www.gstatic.com/recaptcha/releases/1Bq_oiMBd4XPUhKDwr0YL1Js/ 550 KB
219 KB 656ms
127ms Script
text/javascript 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/1Bq_oiMBd4XPUhKDwr0YL1Js/recaptcha__iw.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

b19fb94caca462aa15623cf2c189b112adf3fa81275a47e72e8e5bc03df32058

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.guidepointsecurity.com
Referer: https://www.guidepointsecurity.com/

Response headers

content-encoding: gzip
age: 544146
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options: nosniff
expires: Wed, 14 Jan 2026 12:35:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 14 Jan 2025 12:35:47 GMT
last-modified: Mon, 13 Jan 2025 19:01:19 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges: bytes
access-control-allow-origin: *
content-length: 223198
x-xss-protection: 0
server: sffe

GET
H3 200 zYX9KVElMYYaJe8bpLHnCwDKjQ76AIFsdA.woff2
fonts.gstatic.com/s/ibmplexsans/v19/ 20 KB
20 KB 139ms
139ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjQ76AIFsdA.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

31535a91ce3f6b8ed3ddedadab1e49957e2220263a640df1a3f14f6fdfe15eb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.guidepointsecurity.com
Referer: https://fonts.googleapis.com/

Response headers

age: 557787
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 14 Jan 2026 08:48:26 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 14 Jan 2025 08:48:26 GMT
last-modified: Tue, 02 May 2023 16:19:23 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 20356
x-xss-protection: 0
server: sffe

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 656ms
225ms Script
application/x-javascript 23.197.137.224
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/wp-content/themes/guidepointsecurity/assets/dist/scripts/main.js?ver=1735597876
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.197.137.224 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-137-224.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 081ad4206bfeb1950c8382b5bc32aac31c4698598563d87080ee67a8fc5318d0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

Content-Encoding: gzip
ETag: "0c131de2a0d8f1ba69eab7f6866c84dd:1736217492.752819"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Date: Mon, 20 Jan 2025 19:44:53 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 07 Jan 2025 02:38:12 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET lt-v2.min.js
lltrck.com/ 0
0

GET
H2 200 oktrk.js Show response
static.oktopost.com/ 9 KB
4 KB 686ms
142ms Script
application/javascript 52.85.65.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.oktopost.com/oktrk.js
Requested by: Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/wp-content/themes/guidepointsecurity/assets/dist/scripts/main.js?ver=1735597876
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.65.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-65-125.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 09016600a13dd4825b72516765a8da53d1ab896f7582c4619d014e8ee147ea84

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

content-encoding: gzip
etag: W/"57315c24d6fec75c4d46a8cc3fa6e0d5"
age: 41582
via: 1.1 7432b1699c051c0940019ac02d9c3902.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: -q1n-YlaD7HQMYm88rACxE-rzd-ThMgQYbIoMmdfEKWLjBGigxdXQw==
date: Mon, 20 Jan 2025 08:11:53 GMT
content-type: application/javascript
last-modified: Mon, 27 Jan 2020 09:47:41 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P6
vary: accept-encoding

POST
H3 200 collect
www.google.com/ccm/ 0
0 137ms
136ms Ping
text/plain 216.58.212.164
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1677422475.1737402293&dt=RansomHub%20Affiliate%20leverages%20Python-based%20backdoor%20%7C%20GuidePoint%20Security&auid=1692592522.1737402293&navt=n&npa=0&gtm=45He51g0v833212316za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067555~102067808~102081485~102123608&tft=1737402293431&tfd=3390&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M3WXW77
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.58.212.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s01-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 415 KB
134 KB 165ms
164ms Script
application/javascript 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QVDYN94XH5&l=dataLayer&cx=c&gtm=45He51g0v833212316za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M3WXW77

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

6b2284c99ea57e0509e3c5250d633125e7b252762f5f9c54821336ed6991e940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 20 Jan 2025 19:44:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 20 Jan 2025 19:44:53 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 137118
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 270 KB
96 KB 146ms
145ms Script
application/javascript 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-607356108&l=dataLayer&cx=c&gtm=45He51g0v833212316za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M3WXW77

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

37a9f55b60f4ead14679819720e8b676fefcd508607c28a134e07a0d9d9dbb96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Mon, 20 Jan 2025 19:44:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 20 Jan 2025 19:44:53 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 20 Jan 2025 18:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 97459
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 25 KB
9 KB 3531ms
193ms Script
application/javascript 184.24.77.11
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M3WXW77

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.77.11 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a184-24-77-11.deploy.static.akamaitechnologies.com

Software

Resource Hash

ea08a73594d8e482583118fd47dd692802fdb8ef42816ff7e7d53eb88242dca9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

cache-control: max-age=8759
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 9404
date: Mon, 20 Jan 2025 19:44:56 GMT
last-modified: Sun, 19 Jan 2025 11:52:09 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 57 KB
16 KB 1427ms
130ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M3WXW77
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

vary: Accept-Encoding,Host
cache-control: no-cache
content-encoding: gzip
etag: "4328e910de583ad53b3a7a76455af005+gzip+gzip"
accept-ranges: bytes
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 15926
date: Mon, 20 Jan 2025 19:44:54 GMT
x-tw-cdn: FT
last-modified: Tue, 29 Oct 2024 20:04:45 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-iad-kcgs7200099-IAD, cache-fra-etou8220054-FRA
x-amz-server-side-encryption: AES256

GET
H3 200 3028.js Show response
script.crazyegg.com/pages/scripts/0110/ 7 KB
3 KB 688ms
587ms Script
text/javascript 104.19.148.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0110/3028.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M3WXW77
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.148.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2d0c5e435dc72c3ba2231df3c5980a39e4f5ff2cefec4eb8f95217c4f9f7403

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

access-control-expose-headers: CE-Version
content-encoding: gzip
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:54 GMT
content-type: text/javascript
last-modified: Mon, 20 Jan 2025 19:44:53 GMT
vary: Accept-Encoding
priority: u=3,i=?0
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 90518fceecd5c22e-TLV
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2480
ce-version: 11.5.340
server: cloudflare

GET
H2 200 bat.js Show response
bat.bing.com/ 50 KB
15 KB 689ms
152ms Script
application/javascript 150.171.28.10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M3WXW77

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

150.171.28.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: gzip
etag: "028e0691d20db1:0"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ABFA925AB0F14C0086B3CA3D570B6978 Ref B: TLV30EDGE0507 Ref C: 2025-01-20T19:44:54Z
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 14570
date: Mon, 20 Jan 2025 19:44:53 GMT
content-type: application/javascript
last-modified: Wed, 16 Oct 2024 22:47:44 GMT
vary: Accept-Encoding

GET
H2 200 w.js Show response
d10lpsik1i8c69.cloudfront.net/ 5 KB
3 KB 3510ms
194ms Script
application/javascript 143.204.205.185
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Requested by: Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.205.185 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-205-185.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6cb6821219dae9fa9a21519d86d7ec7acaf0c4dd61463eb336eb92964feebef3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

vary: accept-encoding
cache-control: max-age=3600
content-encoding: gzip
etag: W/"e31293f40e8a324de552ff593ee76a9b"
age: 1443
via: 1.1 1f5757b46371746e677236d4fc67d364.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: iMdRTbWDJJH_HeYtdYxR0EPw9mFZceYEMNrD69nVg3YlUvdhynACqA==
date: Mon, 20 Jan 2025 19:20:54 GMT
content-type: application/javascript
last-modified: Thu, 25 Jan 2024 18:19:40 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256

GET
H2 200 forms2.css
go.guidepointsecurity.com/js/forms2/css/ 13 KB
3 KB 100ms
92ms Stylesheet
text/css 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.guidepointsecurity.com/js/forms2/css/forms2.css

Requested by

Host: go.guidepointsecurity.com
URL: https://go.guidepointsecurity.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "a18b8-3437-62bae0fc2ea40"
age: 3269
x-content-type-options: nosniff
cf-ray: 90518fcebaa1c224-TLV
expires: Mon, 20 Jan 2025 23:44:53 GMT
accept-ranges: bytes
content-length: 2623
date: Mon, 20 Jan 2025 19:44:53 GMT
content-type: text/css
last-modified: Tue, 14 Jan 2025 17:40:49 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 forms2-theme-simple.css
go.guidepointsecurity.com/js/forms2/css/ 826 B
325 B 109ms
102ms Stylesheet
text/css 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.guidepointsecurity.com/js/forms2/css/forms2-theme-simple.css

Requested by

Host: go.guidepointsecurity.com
URL: https://go.guidepointsecurity.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "a18b7-33a-62bae0fc2ea40"
age: 3269
x-content-type-options: nosniff
cf-ray: 90518fcebaa2c224-TLV
expires: Mon, 20 Jan 2025 23:44:53 GMT
accept-ranges: bytes
content-length: 242
date: Mon, 20 Jan 2025 19:44:53 GMT
content-type: text/css
last-modified: Tue, 14 Jan 2025 17:40:49 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/51g0/ Frame 4CEB 0
0 389ms
130ms Document
text/html 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/51g0/sw_iframe.html?origin=https%3A%2F%2Fwww.guidepointsecurity.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M3WXW77

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 351782
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Jan 2025 18:01:51 GMT
expires: Fri, 16 Jan 2026 18:01:51 GMT
last-modified: Thu, 16 Jan 2025 10:38:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 app.js Show response
acsbapp.com/apps/app/dist/js/ 499 KB
144 KB 671ms
252ms Script
application/javascript 104.22.0.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acsbapp.com/apps/app/dist/js/app.js
Requested by: Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.0.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e89af3cdf73ade65bebf1a31a5ef20a02f666b9e053f86876b68c94b6edb200c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-goog-metageneration: 3
access-control-expose-headers: *
x-goog-hash: crc32c=DyDzMA==, md5=KGSOY2Ru3JQ0ANWGV+Gljg==
cf-cache-status: REVALIDATED
etag: W/"28648e63646edc943400d58657e1a58e"
content-encoding: br
x-goog-stored-content-encoding: identity
expires: Tue, 20 Jan 2026 19:44:54 GMT
x-goog-stored-content-length: 511385
date: Mon, 20 Jan 2025 19:44:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 Jan 2025 14:51:52 GMT
vary: Accept-Encoding
x-guploader-uploadid: AFIdbgQ17kRWzyNE2qIfihYkDEWAwgkhgW08tJqUOFSWsG8gCbdl6iowVCCdHMHtGNobmQ4HrjgX-Ac
cache-control: public, max-age=300, must-revalidate
x-goog-storage-class: STANDARD
cf-ray: 90518fd22ed07da1-TLV
access-control-allow-origin: *
x-goog-generation: 1736175112112185
server: cloudflare

GET
H/1.1 200
OK ipv
cdn.bizible.com/ 43 B
516 B 430ms
125ms Image
image/gif 23.48.23.52
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizible.com/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=d9ecdeab470d4efdbfba354c50d14d2c&_biz_l=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&_biz_t=1737402292945&_biz_i=RansomHub%20Affiliate%20leverages%20Python-based%20backdoor%20%7C%20GuidePoint%20Security&_biz_n=0&rnd=51606&cdn_o=a&_biz_z=1737402293707

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.48.23.52 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-48-23-52.deploy.static.akamaitechnologies.com

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

Strict-Transport-Security: max-age=31536000; includeSub
Cache-Control: no-cache, no-store
Pragma: no-cache
Connection: keep-alive
Expires: Mon, 20 Jan 2025 19:44:54 GMT
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 43
Date: Mon, 20 Jan 2025 19:44:54 GMT
Content-Type: Image/GIF

GET
H/1.1 200
OK u
cdn.bizibly.com/ 43 B
627 B 428ms
133ms Image
image/gif 23.48.23.52
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizibly.com/u?_biz_u=d9ecdeab470d4efdbfba354c50d14d2c&_biz_l=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&_biz_t=1737402293711&_biz_i=RansomHub%20Affiliate%20leverages%20Python-based%20backdoor%20%7C%20GuidePoint%20Security&rnd=198121&cdn_o=a&_biz_z=1737402293711

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.48.23.52 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-48-23-52.deploy.static.akamaitechnologies.com

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

Strict-Transport-Security: max-age=31536000; includeSub
Cache-Control: no-cache, no-store
Pragma: no-cache
Connection: keep-alive
Expires: Mon, 20 Jan 2025 19:44:54 GMT
Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 43
Date: Mon, 20 Jan 2025 19:44:54 GMT
Content-Type: Image/GIF

GET
DATA 200
OK truncated
/ 481 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ed088b2afc95ccc0304edf02bb1b0c074d201e2f21259e3f8dc5e3fb6af1dc41

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 47 KB
17 KB 1521ms
204ms Script
application/javascript 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M3WXW77
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: 12f09ef03cc047ed677e917b825c5fd1f6f484158228ffb1f38a26dce401210e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "67895cfc-bd22"
cdn-fileserver: 862
date: Mon, 20 Jan 2025 19:44:55 GMT
cdn-storageserver: DE-599
last-modified: Thu, 16 Jan 2025 19:24:44 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 01/16/2025 19:24:45
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: e57e409b98b0fda949001f8f26e0f8fe
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 200 XDFrame Show response
go.guidepointsecurity.com/index.php/form/ Frame A972 2 KB
902 B 232ms
232ms Document
text/html 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.guidepointsecurity.com/index.php/form/XDFrame

Requested by

Host: go.guidepointsecurity.com
URL: https://go.guidepointsecurity.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a87e0628d30dbd78780e03c1fb95a4c033c71365633056cc0d173eaf46687cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.guidepointsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 90518fd47ab4c224-TLV
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 20 Jan 2025 19:44:54 GMT
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/607356108/ 6 KB
3 KB 350ms
147ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/607356108/?random=1737402294470&cv=11&fst=1737402294470&bg=ffffff&guid=ON&async=1&gtm=45be51g0z8833212316za201zb833212316&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067555~102067808~102081485~102123608&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&label=evMjCOqv_OMBEMyJzqEC&hn=www.googleadservices.com&frm=0&tiba=RansomHub%20Affiliate%20leverages%20Python-based%20backdoor%20%7C%20GuidePoint%20Security&value=0&bttype=purchase&npa=0&pscdl=noapi&auid=1692592522.1737402293&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-607356108&l=dataLayer&cx=c&gtm=45He51g0v833212316za200

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

5b98d20f4565e665ac12020b09c289760d159a6d44d21a0ed76a9af247f9641f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 2705
date: Mon, 20 Jan 2025 19:44:54 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 607356108
td.doubleclick.net/td/rul/ Frame 83AA 0
0 668ms
153ms Document
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/607356108?random=1737402294470&cv=11&fst=1737402294470&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be51g0z8833212316za201zb833212316&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067555~102067808~102081485~102123608&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&label=evMjCOqv_OMBEMyJzqEC&hn=www.googleadservices.com&frm=0&tiba=RansomHub%20Affiliate%20leverages%20Python-based%20backdoor%20%7C%20GuidePoint%20Security&value=0&bttype=purchase&npa=0&pscdl=noapi&auid=1692592522.1737402293&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&ct_cookie_present=0

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-607356108&l=dataLayer&cx=c&gtm=45He51g0v833212316za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.guidepointsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Jan 2025 19:44:55 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 search-form.b7065999d77832a1b764.bundle.min.js Show response
www.guidepointsecurity.com/wp-content/plugins/elementor-pro/assets/js/ 2 KB
1 KB 94ms
94ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/elementor-pro/assets/js/search-form.b7065999d77832a1b764.bundle.min.js

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.24.4

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93d276b3b6a476394eb4d6bd3c29bc6b41ea7f0339e930eb3703a5d25329e921

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6722c4b8-84c"
age: 131129
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:54 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 30 Oct 2024 23:43:52 GMT
priority: u=3,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fd5ef537da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 xdc.js Show response
cdn.bizible.com/ 116 B
237 B 465ms
465ms Script
text/javascript 23.48.23.52
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/xdc.js?_biz_u=d9ecdeab470d4efdbfba354c50d14d2c&_biz_h=-1906410348&cdn_o=a&jsVer=4.25.01.09

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

QUIC, , AES_256_GCM

Server

23.48.23.52 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-48-23-52.deploy.static.akamaitechnologies.com

Software

Resource Hash

c583eba2fb643f015f1e565bcb8aa5970aeb6b0c4c2166cd53d0eb31ef677a3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: private, must-revalidate, max-age=21600
content-encoding: gzip
etag: 210995ED
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 216
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date: Mon, 20 Jan 2025 19:44:55 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding

GET
H3 200 GPS_Horizontal_White_Text_Reg_Mark_RGB.svg
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 7 KB
3 KB 114ms
112ms Image
image/svg+xml 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/GPS_Horizontal_White_Text_Reg_Mark_RGB.svg

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98e81fc399e93b98319095bb99c47e9565672d3ad9246bec82fd721505ea0a0d

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"66b25968-1c49"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:54 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Tue, 06 Aug 2024 17:12:08 GMT
priority: u=1,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fd739a57da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 Services_Icon.svg
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 2 KB
1 KB 100ms
98ms Image
image/svg+xml 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/Services_Icon.svg

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14aa24e24cf69be04316bee4ee79acb87267ff55709024670663b4dfa1d1a58e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6605221a-766"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:54 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 28 Mar 2024 07:54:02 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fd749ae7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 Application_Security.svg
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 2 KB
1 KB 106ms
104ms Image
image/svg+xml 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/Application_Security.svg

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9227804ae4630ad6de4fa180cadacc9cb37dc6929480c36f06ba142fbf83886

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"66052206-664"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:54 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 28 Mar 2024 07:53:42 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fd749b27da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 Technologies_Gear_Icon.svg
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 2 KB
1 KB 110ms
108ms Image
image/svg+xml 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/Technologies_Gear_Icon.svg

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7fd046815f8ca4629ccd28180fd9c9e998830fdcde3f2835e3c2de883805650

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6604f8b6-99e"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:54 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 28 Mar 2024 04:57:26 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fd749b77da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 Government_Solutions_icon.svg
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 3 KB
1 KB 117ms
115ms Image
image/svg+xml 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/Government_Solutions_icon.svg

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c60d3fb51cd21ec2a8267f58ce645489a831825cddc9b829984425d61107720a

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6604f5cf-db2"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:54 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 28 Mar 2024 04:45:03 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fd749ba7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 Company_Icon.svg
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 701 B
791 B 107ms
105ms Image
image/svg+xml 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/Company_Icon.svg

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9f0e7bb499f6e0c90df6795b07dea522e879b4d89a343a74f78de983354ddcb

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6604f224-2bd"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:54 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 28 Mar 2024 04:29:24 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fd749bd7da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 Wayfinding_Map_60x60-1.svg
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 1 KB
975 B 110ms
108ms Image
image/svg+xml 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/Wayfinding_Map_60x60-1.svg

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf06f79cab72d40d72d9b61f2d9686ab761c9ef09d419954894151d12573eeef

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6604f1f4-42f"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:54 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 28 Mar 2024 04:28:36 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fd749c27da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 Mobile_60x60-1.svg
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 1 KB
940 B 121ms
120ms Image
image/svg+xml 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/Mobile_60x60-1.svg

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47ca130aca9b86d41593fa64743d56f8eb9640d5bb31698f3d468b063492a121

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6604f1fd-45f"
age: 131129
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:54 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 28 Mar 2024 04:28:45 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fd749c37da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

GET
H3 200 Resources_Icon.svg
www.guidepointsecurity.com/wp-content/uploads/2024/03/ 3 KB
2 KB 106ms
104ms Image
image/svg+xml 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2024/03/Resources_Icon.svg

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2940045060905c080d4326b2130ba13dc97e9080bcdc3f8928cd54e32a45564

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6604d8a9-b34"
age: 131130
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:54 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 28 Mar 2024 02:40:41 GMT
priority: u=3,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 90518fd749c67da4-TLV
access-control-allow-origin: https://www.guidepointsecurity.com
server: cloudflare

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 1100ms
135ms Fetch
text/plain 172.217.18.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-QVDYN94XH5&gtm=45je51g0v885028206z8833212316za200zb833212316&_p=1737402292105&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=102067555~102067808~102081485~102123607&cid=2110334747.1737402295&ul=he-il&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1737402294&sct=1&seg=0&dl=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&dt=RansomHub%20Affiliate%20leverages%20Python-based%20backdoor%20%7C%20GuidePoint%20Security&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=4888
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QVDYN94XH5&l=dataLayer&cx=c&gtm=45He51g0v833212316za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s42-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.guidepointsecurity.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 20 Jan 2025 19:44:55 GMT
content-type: text/plain
server: Golfe2

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/164/ 11 KB
5 KB 134ms
133ms Script
application/x-javascript 23.197.137.224
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/164/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.197.137.224 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-137-224.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: dea9df0145848ffeb3c6931228d41e833341b4837c0e713d321c5bfcf6dcd4e6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

Cache-Control: max-age=8640000
Content-Encoding: gzip
ETag: "756f9116836f579d12be8fe786b69d98:1726632111.60799"
Connection: keep-alive
Expires: Wed, 30 Apr 2025 19:44:54 GMT
Accept-Ranges: bytes
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Length: 4843
Date: Mon, 20 Jan 2025 19:44:54 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 18 Sep 2024 04:01:51 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
H2 200 ping Show response
okt.to/ 0
99 B 1180ms
206ms Script
text/javascript 23.22.90.252
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://okt.to/ping?uri=%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&aid=00175Xcc9w9A9fd&ts=1737402294938

Requested by

Host: static.oktopost.com
URL: https://static.oktopost.com/oktrk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.22.90.252 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-22-90-252.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

date: Mon, 20 Jan 2025 19:44:56 GMT
strict-transport-security: max-age=31536000;
content-type: text/javascript;charset=UTF-8

GET
H2 200 ping Show response
okt.to/ 0
100 B 1178ms
205ms Script
text/javascript 23.22.90.252
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://okt.to/ping?uri=%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&aid=00175Xcc9w9A9fd&ts=1737402294939

Requested by

Host: static.oktopost.com
URL: https://static.oktopost.com/oktrk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.22.90.252 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-22-90-252.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

date: Mon, 20 Jan 2025 19:44:56 GMT
strict-transport-security: max-age=31536000;
content-type: text/javascript;charset=UTF-8

GET
H3 200 www.guidepointsecurity.com.json Show response
script.crazyegg.com/pages/data-scripts/0110/3028/site/ Frame 41C5 1 KB
754 B 349ms
269ms XHR
application/json 104.19.148.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0110/3028/site/www.guidepointsecurity.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0110/3028.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.148.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e2616de9f1a89822e4b3a476b6f20e376496bbe3c888e386ebb6832d5ed01f1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-expose-headers: CE-Version
content-encoding: gzip
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:44:55 GMT
content-type: application/json
last-modified: Mon, 20 Jan 2025 19:44:55 GMT
vary: Accept-Encoding
priority: u=1,i
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 90518fd838387d9b-TLV
accept-ranges: bytes
access-control-allow-origin: *
content-length: 477
ce-version: 11.5.340
server: cloudflare

GET
H2 200 forms2.min.js Show response
go.guidepointsecurity.com/js/forms2/js/ Frame A972 199 KB
0 1ms
1ms Script
application/x-javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.guidepointsecurity.com/js/forms2/js/forms2.min.js

Requested by

Host: go.guidepointsecurity.com
URL: https://go.guidepointsecurity.com/index.php/form/XDFrame

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b9d5582ddc08d7f2faba850c9515ded8ff9d331b7b0be51a6f672c308d3843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://go.guidepointsecurity.com/index.php/form/XDFrame

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "8220b-31be0-62bae0fc2ea40"
age: 3270
x-content-type-options: nosniff
cf-ray: 90518fc84987c224-TLV
expires: Mon, 20 Jan 2025 23:44:52 GMT
date: Mon, 20 Jan 2025 19:44:52 GMT
content-type: application/x-javascript
last-modified: Tue, 14 Jan 2025 17:40:49 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 config.json Show response
cdn.acsbapp.com/config/guidepointsecurity.com/ 153 B
700 B 571ms
326ms Fetch
application/json 104.22.0.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.acsbapp.com/config/guidepointsecurity.com/config.json?page=%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F
Requested by: Host: acsbapp.com
URL: https://acsbapp.com/apps/app/dist/js/app.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.0.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 382fc7029a7755df619b8bb722c3a81d0cdc8b3107230e83cf8df858d25d2933

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=QWvhbw==, md5=eXN/yTLD4cRhD5GI5TKQ8g==
cf-cache-status: REVALIDATED
etag: W/"79737fc932c3e1c4610f9188e53290f2"
content-encoding: br
x-goog-stored-content-encoding: identity
expires: Tue, 20 Jan 2026 19:44:59 GMT
x-goog-stored-content-length: 153
date: Mon, 20 Jan 2025 19:44:59 GMT
content-type: application/json
last-modified: Fri, 27 Dec 2024 15:18:52 GMT
vary: Accept-Encoding
x-guploader-uploadid: AFIdbgSOMNWMjAtjflay_DCWGp4WSz6LC9lMQWTlzZnf6TmbKJKNZ7vzsBSsLErSUB3pmrNA
cache-control: public, max-age=300, must-revalidate
x-goog-storage-class: STANDARD
cf-ray: 90518ff10affe16b-MRS
access-control-allow-origin: *
x-goog-generation: 1735312732395141
server: cloudflare

GET
H3 200 anchor
www.google.com/recaptcha/api2/ Frame A22B 0
0 541ms
153ms Document
text/html 172.217.16.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcxligjAAAAAO_xtJUWEPDjSEGOmpg1U2oZFOxu&co=aHR0cHM6Ly93d3cuZ3VpZGVwb2ludHNlY3VyaXR5LmNvbTo0NDM.&hl=iw&v=1Bq_oiMBd4XPUhKDwr0YL1Js&size=normal&cb=cbc9nvtz8tp

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/1Bq_oiMBd4XPUhKDwr0YL1Js/recaptcha__iw.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f4.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-uQbVNFHa1fZZ2Q3MWlS6jA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.guidepointsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-uQbVNFHa1fZZ2Q3MWlS6jA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Mon, 20 Jan 2025 19:44:59 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 148019897.js Show response
bat.bing.com/p/action/ 364 B
421 B 156ms
156ms Script
application/javascript 150.171.28.10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/148019897.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

150.171.28.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

cce2184ec089babc70ded47b8474c543f6a5ff013e4bfd9dbae8689489bb13ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: br
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CBB54CD1F7CF41E3A31B92B0FCCC2F9A Ref B: TLV30EDGE0507 Ref C: 2025-01-20T19:44:58Z
x-cache: CONFIG_NOCACHE
date: Mon, 20 Jan 2025 19:44:58 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding

GET
H2

200

/
www.google.co.il/pagead/1p-conversion/607356108/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/607356108/?random=2100061706&cv=11&fst=1737402294470&bg=ffffff&guid=ON&async=1&gtm=45be51g0z8833212316za201zb833212316&gcd=13l3l3l3l...
https://www.google.com/pagead/1p-conversion/607356108/?random=2100061706&cv=11&fst=1737402294470&bg=ffffff&guid=ON&async=1&gtm=45be51g0z8833212316za201zb833212316&gcd=13l3l3l3l1l1&dma=0&tag_exp=102...
https://www.google.co.il/pagead/1p-conversion/607356108/?random=2100061706&cv=11&fst=1737402294470&bg=ffffff&guid=ON&async=1&gtm=45be51g0z8833212316za201zb833212316&gcd=13l3l3l3l1l1&dma=0&tag_exp=1...

42 B
455 B

430ms
145ms

Image
image/gif

142.250.185.163
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.il/pagead/1p-conversion/607356108/?random=2100061706&cv=11&fst=1737402294470&bg=ffffff&guid=ON&async=1&gtm=45be51g0z8833212316za201zb833212316&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067555~102067808~102081485~102123608&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&label=evMjCOqv_OMBEMyJzqEC&hn=www.googleadservices.com&frm=0&tiba=RansomHub%20Affiliate%20leverages%20Python-based%20backdoor%20%7C%20GuidePoint%20Security&value=0&npa=0&pscdl=noapi&auid=1692592522.1737402293&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQIIkMmxAgjTxbECCOvMsQJKJ3RyaWdnZXIsIGV2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMI-fHw9IeFiwMVSuwRCB3QpgcFMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOiNodHRwczovL3d3dy5ndWlkZXBvaW50c2VjdXJpdHkuY29tL0JXQ2hBSWdJVzR2QVlRdnZDbnNfUGVvSkptRWkwQUpPeExzSXI1RmtQZ3V1djFoUXFaNTR4UTFMazlUWUdnRTViTXgwQlkwQWk5RlhfbjVMS0pSM3RtWXFR&is_vtc=1&cid=CAQSKQCa7L7dYt67jqqZhkcuugqAfmcD_uHrEQLYjMFf7IguzTAtzNHPlUGB&eitems=ChEIgIW4vAYQtvfktvHFv_2WARIdAKBwhU5wF0X268wMuxV0Z0n9DFjinLbNiESIQE4&random=476701649&ipr=y

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Server

142.250.185.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 20 Jan 2025 19:44:59 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
location: https://www.google.co.il/pagead/1p-conversion/607356108/?random=2100061706&cv=11&fst=1737402294470&bg=ffffff&guid=ON&async=1&gtm=45be51g0z8833212316za201zb833212316&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067555~102067808~102081485~102123608&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&label=evMjCOqv_OMBEMyJzqEC&hn=www.googleadservices.com&frm=0&tiba=RansomHub%20Affiliate%20leverages%20Python-based%20backdoor%20%7C%20GuidePoint%20Security&value=0&npa=0&pscdl=noapi&auid=1692592522.1737402293&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQIIkMmxAgjTxbECCOvMsQJKJ3RyaWdnZXIsIGV2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMI-fHw9IeFiwMVSuwRCB3QpgcFMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOiNodHRwczovL3d3dy5ndWlkZXBvaW50c2VjdXJpdHkuY29tL0JXQ2hBSWdJVzR2QVlRdnZDbnNfUGVvSkptRWkwQUpPeExzSXI1RmtQZ3V1djFoUXFaNTR4UTFMazlUWUdnRTViTXgwQlkwQWk5RlhfbjVMS0pSM3RtWXFR&is_vtc=1&cid=CAQSKQCa7L7dYt67jqqZhkcuugqAfmcD_uHrEQLYjMFf7IguzTAtzNHPlUGB&eitems=ChEIgIW4vAYQtvfktvHFv_2WARIdAKBwhU5wF0X268wMuxV0Z0n9DFjinLbNiESIQE4&random=476701649&ipr=y
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 20 Jan 2025 19:44:59 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 adsct
t.co/i/ 43 B
626 B 667ms
362ms Image
image/gif 172.66.0.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&dv=Asia%2FJerusalem%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2610%2624%261600%261200%260%26na&eci=2&event_id=e5d7f702-1e50-4173-85a8-58738e7140f6&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=145b4c19-8bc8-474c-9a5c-0d63a5f0d884&tw_document_href=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o5dds&type=javascript&version=2.3.31

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.227 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

strict-transport-security: max-age=0
x-transaction-id: ef1155464c1f7f82
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 216b761dcf409fd984d6b35302892ab3eb0c8c01d15a7cebb2e3ec03683cbb5c
cf-cache-status: DYNAMIC
cf-ray: 90518ff2294cc222-TLV
x-response-time: 188
content-length: 43
date: Mon, 20 Jan 2025 19:44:59 GMT
content-type: image/gif;charset=utf-8
perf: 7402827104
server: cloudflare tsa_o

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
394 B 559ms
252ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&dv=Asia%2FJerusalem%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2610%2624%261600%261200%260%26na&eci=2&event_id=e5d7f702-1e50-4173-85a8-58738e7140f6&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=145b4c19-8bc8-474c-9a5c-0d63a5f0d884&tw_document_href=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o5dds&type=javascript&version=2.3.31

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

strict-transport-security: max-age=631138519
x-transaction-id: b27c930df8f42fea
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 2dae87ad6d8f1204984cae77b4eaddd4d851fb96e83f19bef1466ba1e16100e6
x-response-time: 114
content-length: 43
date: Mon, 20 Jan 2025 19:44:58 GMT
perf: 7402827104
content-type: image/gif;charset=utf-8
server: tsa_f

POST
H/1.1 200
OK visitWebPage
995-mtm-359.mktoresp.com/webevents/ 2 B
318 B 959ms
213ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://995-mtm-359.mktoresp.com/webevents/visitWebPage?_mchNc=1737402298959&_mchCn=&_mchId=995-MTM-359&_mchTk=_mch-guidepointsecurity.com-59acb8a63076b9a3e6942554de8c39e2&_mchHo=www.guidepointsecurity.com&_mchPo=&_mchRu=%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&_mchPc=https%3A&_mchVr=164&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/164/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

Transfer-Encoding: chunked
X-Request-Id: c9b5698f-e826-4710-92cb-39de2094997e
Content-Encoding: gzip
Connection: keep-alive
Access-Control-Allow-Origin: *
Date: Mon, 20 Jan 2025 19:44:59 GMT
Content-Type: text/plain; charset=UTF-8
Server: nginx/1.20.1

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 10 KB
3 KB 133ms
132ms Stylesheet
text/css 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: e494785858d27c2db6ca77cee55e22711b77ab5b1ac706bb9963cd8954f8e84d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "67895cfe-2644"
cdn-fileserver: 861
date: Mon, 20 Jan 2025 19:44:59 GMT
cdn-storageserver: DE-1024
last-modified: Thu, 16 Jan 2025 19:24:46 GMT
content-type: text/css
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 01/16/2025 20:24:49
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: b89038bd3e45f7461a7a0fbfb8abd752
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1081
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 200 82125 Show response
api.omappapi.com/v2/embed/ 8 KB
3 KB 668ms
395ms XHR
application/json 104.18.3.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/82125?d=guidepointsecurity.com
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.3.9 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee1b7171d5576319ebedfa1bf96f295312ce0c43a6cbcb6d378a7c225a872905

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-optinmonster-account: 92405
x-user-agent: standard--
access-control-expose-headers: X-OptinMonster-Account, X-User-Agent
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"ab6fc21cee45856e9070d0f290c23150"
expires: Mon, 20 Jan 2025 19:44:45 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: daUbQcmOGNcsv9DALC3EWuzjc-91weUmN4zpPPoRiWnG7mrHpeg8mQ==
date: Mon, 20 Jan 2025 19:44:59 GMT
x-cache-config: 0 0
content-type: application/json
vary: Accept-Encoding, User-Agent
last-modified: Thu, 16 Jan 2025 11:37:27 GMT
access-control-allow-headers: X-CSRF-Token
x-cache-status: HIT
cache-control: public, max-age=30, stale-while-revalidate=1800
via: 1.1 b58f4c458263fcafb0c4b2b684d9bc50.cloudfront.net (CloudFront)
cf-ray: 90518ff2b83fdbdf-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P10
server: cloudflare

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 47 KB
0 1ms
1ms Script
application/javascript 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M3WXW77
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: 12f09ef03cc047ed677e917b825c5fd1f6f484158228ffb1f38a26dce401210e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "67895cfc-bd22"
cdn-fileserver: 862
date: Mon, 20 Jan 2025 19:44:55 GMT
cdn-storageserver: DE-599
last-modified: Thu, 16 Jan 2025 19:24:44 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 01/16/2025 19:24:45
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: e57e409b98b0fda949001f8f26e0f8fe
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 200 / Show response
settings.luckyorange.net/ 25 B
860 B 505ms
225ms Fetch
application/json 104.26.10.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://settings.luckyorange.net/?u=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&s=326682

Requested by

Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.10.16 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c7954754ee5cde5d9c8ba7781b4a0f4427ca8fa7c1d54123c3a16320a653aa6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bfDDv7mFRiG2%2B8tX8hZNNdNkoSDoyNzSRBvXKpYfGF6xTVnPKHUXyx4%2Fgffw8ryb51VmOYd8PhbwnHiSdMrpJmkw25MkkwM0hFjS3FUCkiE6ak5%2BzaKvJYCpzqdbzDWJF1267YFelE2IFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, POST, OPTIONS
server-timing: cfL4;desc="?proto=TCP&rtt=56326&min_rtt=56273&rtt_var=11903&sent=7&recv=10&lost=0&retrans=0&sent_bytes=4351&recv_bytes=2278&delivery_rate=68665&cwnd=254&unsent_bytes=0&cid=0a6badea490b3cce&ts=238&x=0"
date: Mon, 20 Jan 2025 19:44:59 GMT
content-type: application/json
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,Keep-Alive,X-Requested-With,If-Modified-Since
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 90518ff2dbdad371-FRA
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 45
server: cloudflare

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 129ms
127ms Script
application/javascript 184.24.77.11
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.77.11 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a184-24-77-11.deploy.static.akamaitechnologies.com

Software

Resource Hash

e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

cache-control: max-age=81978
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14634
date: Mon, 20 Jan 2025 19:44:59 GMT
last-modified: Mon, 02 Dec 2024 19:22:52 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 204 0
bat.bing.com/action/ 0
287 B 156ms
154ms Image
text/plain 150.171.28.10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=148019897&tm=gtm002&Ver=2&mid=90cfe079-7d05-4da1-a1b6-8da5f19fbb47&bo=1&sid=08269670d76711efb8b171b94bcb3980&vid=0826ca20d76711efb90bddb75b338da8&vids=1&msclkid=N&pi=918639831&lg=he-IL&sw=1600&sh=1200&sc=24&tl=RansomHub%20Affiliate%20leverages%20Python-based%20backdoor%20%7C%20GuidePoint%20Security&p=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&r=&lt=3693&evt=pageLoad&sv=1&cdb=AQAQ&rn=11471

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

150.171.28.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5480E9FF6B524FA9ADB494C9411ACE29 Ref B: TLV30EDGE0507 Ref C: 2025-01-20T19:44:59Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Mon, 20 Jan 2025 19:44:58 GMT

GET
H2 404 nfzzoxtovsmgz3i3stqa Show response
api.omappapi.com/v2/embed/82125/ 126 B
330 B 621ms
398ms XHR
application/json 104.18.3.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/82125/nfzzoxtovsmgz3i3stqa
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.3.9 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fb52c6a4691c4c183a50921b788be2bd1b704e18e7603c31ee103106a6c1a190

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-user-agent: standard--
content-encoding: gzip
cf-cache-status: DYNAMIC
expires: Mon, 20 Jan 2025 19:45:29 GMT
x-cache: Error from cloudfront
x-amz-cf-id: Si9HQ_1w-6tLNqfRahMl6OV_nHSXcA1q0wYnB1wYkIZe9MowToUaqA==
date: Mon, 20 Jan 2025 19:44:59 GMT
x-cache-config: 0 0
content-type: application/json
vary: Accept-Encoding, User-Agent
access-control-allow-headers: X-CSRF-Token
cache-control: public, max-age=30, stale-while-revalidate=1800
via: 1.1 172c1df55a41f1a1b144f3711399cfc4.cloudfront.net (CloudFront)
cf-ray: 90518ff2b849dbdf-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P10
server: cloudflare

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
764 B 504ms
290ms XHR
application/json 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=2739593&time=1737402299160&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Referer: https://www.guidepointsecurity.com/

Response headers

x-li-pop: afd-prod-lor1-x
content-encoding: gzip
x-fs-uuid: 00062c287ee4e4a55627d5986fadf403
x-msedge-ref: Ref A: 2F6A7CE55ADF468E8F5F227466C8E11D Ref B: TLV30EDGE0120 Ref C: 2025-01-20T19:44:59Z
x-li-fabric: prod-lor1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYsKH7k5KVWJ9WYb630Aw==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Mon, 20 Jan 2025 19:44:59 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2739593&time=1737402299160&li_adsId=5d4a15aa-d2a5-483e-a76e-9ad3221a7880&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2739593&time=1737402299160&li_adsId=5d4a15aa-d2a5-483e-a76e-9ad3221a7880&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2739593%26time%3D1737402299160%26li_adsId%3D5d4a15aa-d2a5-483e-a76e-9ad3221a7880%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2739593&time=1737402299160&li_adsId=5d4a15aa-d2a5-483e-a76e-9ad3221a7880&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate...

0
383 B

258ms
257ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2739593&time=1737402299160&li_adsId=5d4a15aa-d2a5-483e-a76e-9ad3221a7880&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&cookiesTest=true&liSync=true
Requested by: Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 0B153E3C91784A94B4072178580DBEC2 Ref B: TLV30EDGE0311 Ref C: 2025-01-20T19:45:01Z
x-li-fabric: prod-ltx1
x-li-uuid: AAYsKH7+iiseVNUDDzkaMQ==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Mon, 20 Jan 2025 19:45:00 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
cf-cache-status: DYNAMIC
x-li-fabric: prod-ltx1
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-li-proto: http/2
alt-svc: h3=":443"; ma=86400
date: Mon, 20 Jan 2025 19:45:01 GMT
x-frame-options: sameorigin
strict-transport-security: max-age=31536000
x-li-pop: cf-prod-ltx1-x
content-security-policy: frame-ancestors 'self'
cache-control: no-cache, no-store
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2739593&time=1737402299160&li_adsId=5d4a15aa-d2a5-483e-a76e-9ad3221a7880&url=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&cookiesTest=true&liSync=true
pragma: no-cache
cf-ray: 90518ffbed597d98-TLV
x-li-uuid: AAYsKH76IvWKHi4c6qOFjw==
content-length: 0
server: cloudflare

GET
H2 200 clickstream.js Show response
d10lpsik1i8c69.cloudfront.net/js/ Frame BCCD 287 KB
93 KB 403ms
151ms Script
application/javascript 143.204.205.185
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js?v=e5a2acc
Requested by: Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.205.185 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-205-185.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e865cf013eaa0223f508139bd864e5a3f2b88fc1857c0bc714cc48389a3ea82f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.guidepointsecurity.com
Referer

Response headers

access-control-max-age: 3000
content-encoding: gzip
etag: W/"ba41e1e15fa64ba31fd66b66e19eb16f"
age: 31193832
access-control-allow-methods: GET
x-cache: Hit from cloudfront
x-amz-cf-id: Kaph7dFQXqnzQ2P2UJrETYnr6Z7XB4vxy1_SVqF7CH4DLafBQefaXg==
date: Thu, 25 Jan 2024 18:47:47 GMT
content-type: application/javascript
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Thu, 25 Jan 2024 18:19:40 GMT
cache-control: max-age=31536000
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA53-C1
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 5.af31e2e2.min.js Show response
a.omappapi.com/app/js/ 13 KB
5 KB 153ms
152ms Script
application/javascript 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/5.af31e2e2.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: 558fa2223b3d7ccb53cad00d2e136396f9b1977a3f9926b5ec0cbf8553faf029

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "6fe437583c3fe67f6bdaa2bfba7d4151"
date: Mon, 20 Jan 2025 19:44:59 GMT
last-modified: Thu, 16 Jan 2025 16:46:04 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: ow2g807yJER7XwWMxxgdeSC4Dnj5DaStuK74GaqyDe66e2bVfRjhQGHgHlEnABZwrPHhOPEARkw=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 12a734413e1101ed9ebc3ee3a24a3021
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: CJMS0CG9AS99GAGQ
access-control-allow-origin: *
cdn-cachedat: 01/16/2025 16:46:12
cdn-edgestorageid: 1079
perma-cache: MISS
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 200 4.dc7ea857.min.js Show response
a.omappapi.com/app/js/ 44 KB
13 KB 149ms
149ms Script
application/javascript 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/4.dc7ea857.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: ddbdd98a3edd69b273fe3ba8d4248da4df8055327e3b782819b6169a272b3128

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "efe545b6498f4db71528b75069904446"
date: Mon, 20 Jan 2025 19:45:00 GMT
last-modified: Thu, 16 Jan 2025 16:46:04 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: XD+2K+zxuHfsO9wofYnL1TCv7qYJPYoW3ZANGUThW3ZPvRScEk3cu2iJYfKpTA+F9GTuKeNACbRHBiYb2J9D7A==
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 04c37ed7e2cf97ec81f7791d0bac9b06
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: CJMQV8AVP8YS04BB
access-control-allow-origin: *
cdn-cachedat: 01/16/2025 16:46:12
cdn-edgestorageid: 1082
perma-cache: MISS
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H3 200 u
cdn.bizible.com/ 43 B
63 B 130ms
129ms Image
image/gif 23.48.23.52
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizible.com/u?mapType=mkto&mapValue=id%3A995-MTM-359%26token%3A_mch-guidepointsecurity.com-59acb8a63076b9a3e6942554de8c39e2&_biz_u=d9ecdeab470d4efdbfba354c50d14d2c&_biz_l=https%3A%2F%2Fwww.guidepointsecurity.com%2Fblog%2Fransomhub-affiliate-leverage-python-based-backdoor%2F&_biz_t=1737402300511&_biz_i=RansomHub%20Affiliate%20leverages%20Python-based%20backdoor%20%7C%20GuidePoint%20Security&_biz_n=1&rnd=759486&cdn_o=a&_biz_z=1737402300513

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Protocol

Security

QUIC, , AES_256_GCM

Server

23.48.23.52 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-48-23-52.deploy.static.akamaitechnologies.com

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: no-cache, no-store
pragma: no-cache
quic-version: 0x00000001
expires: Mon, 20 Jan 2025 19:45:00 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-length: 43
date: Mon, 20 Jan 2025 19:45:00 GMT
content-type: Image/GIF

GET
H2 200 13.dbac0e04.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 134ms
134ms Script
application/javascript 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/13.dbac0e04.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: 43140080cccb1e8f1c09221983e56c57d6997c3570b9e2b68a2e4a18cac113cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "2d301b1dfb863e353858ca13d4dc356c"
date: Mon, 20 Jan 2025 19:45:00 GMT
last-modified: Thu, 16 Jan 2025 16:46:04 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: f3Sas76WNV8Up0lG/BzVvk1HGEWb1jQrLp+J/9J+rlaBSNPv/Y+YY/8icWYyjHyTq46sXvO7/B6QF8mx7PE02hyBHfVbHv89KP/00gUwhVQ=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: dbe797ffbd9575434bd69ac74b4c6017
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: 5FP6AHE33GGRKYA4
access-control-allow-origin: *
cdn-cachedat: 01/16/2025 16:46:13
cdn-edgestorageid: 1079
perma-cache: MISS
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 200 25.09508455.min.js Show response
a.omappapi.com/app/js/ 3 KB
2 KB 137ms
137ms Script
application/javascript 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/25.09508455.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: f0a8d2f11b84520dc223bc73b780051f129d3f5a770595c78b732a4d255ad64f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "2dc2d6751eaa4dc612647164904f40f1"
date: Mon, 20 Jan 2025 19:45:00 GMT
last-modified: Thu, 16 Jan 2025 16:46:04 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: R/D/Nt6AB2CH8DLqCLE+83CJx5MSQNeXWBtkNu2e/F0uWnqWi+QqrQ6P81LW3D6Dpr8Et1gMBIM=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 996d186008909ef3b7ebdaf3765236fd
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: 5FPB7NCES5VB4X4T
access-control-allow-origin: *
cdn-cachedat: 01/16/2025 16:46:13
cdn-edgestorageid: 1082
perma-cache: MISS
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H3 200 bframe
www.google.com/recaptcha/api2/ Frame 248F 0
0 166ms
142ms Document
text/html 172.217.16.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=iw&v=1Bq_oiMBd4XPUhKDwr0YL1Js&k=6LcxligjAAAAAO_xtJUWEPDjSEGOmpg1U2oZFOxu

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/1Bq_oiMBd4XPUhKDwr0YL1Js/recaptcha__iw.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f4.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ZZxiIZmtULxPUSVWRHeX4g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.guidepointsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-ZZxiIZmtULxPUSVWRHeX4g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Mon, 20 Jan 2025 19:45:00 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 19.b48053ea.min.js Show response
a.omappapi.com/app/js/ 4 KB
2 KB 131ms
131ms Script
application/javascript 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/19.b48053ea.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: 60b43a3da7b5ba19e8a7d404a572e24b19b7d4c56f0172a5f43bfad64f6a6f10

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "d55f828155fa1733002808c1e2e222d8"
date: Mon, 20 Jan 2025 19:45:00 GMT
last-modified: Thu, 16 Jan 2025 16:46:04 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: w5b2RyhsTTxKBVDhjzr06szGWTjjoHrDY697AqM4mK6m3xJBMGXF/TUyEm3SD3mF/ZkIr3PVvNttKrgPfHjT9LOxSq+3BrpIQ41bWmWQ7E0=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 66f16382de3c71882f26bae0864509c6
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: 5FP7W6HQ620GAVW8
access-control-allow-origin: *
cdn-cachedat: 01/16/2025 16:46:13
cdn-edgestorageid: 1079
perma-cache: MISS
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 200 27.cf895dfc.min.js Show response
a.omappapi.com/app/js/ 6 KB
3 KB 136ms
135ms Script
application/javascript 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/27.cf895dfc.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: 005db543b6ae3779475e5b7ec7c469bd40f363cb3c4916927c99c3bd14bdf76a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "59aed70cc40510374737b6794c749471"
date: Mon, 20 Jan 2025 19:45:00 GMT
last-modified: Thu, 16 Jan 2025 16:46:04 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: 7SMdNxdfK5SIZBMp/bcl5w3XwkLcfZWlqkcermSFca/hOVkacH1eScFTj2wuSlTxjWRM1RPxwsYT6CV0bWqlM2hJTGZlxUbyzglppJR6N44=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: b8e1b567f4aaac22f9345954e9587ef7
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: 5FP2GWHBRWX1PTYC
access-control-allow-origin: *
cdn-cachedat: 01/16/2025 16:46:13
cdn-edgestorageid: 1079
perma-cache: MISS
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 200 33.db83743a.min.js Show response
a.omappapi.com/app/js/ 34 KB
9 KB 144ms
144ms Script
application/javascript 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/33.db83743a.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: eff50ee97749192a01ffbe5c7d7b3b88d11cc53dcbd6d659b22b37e8cc0754d7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "6728ef64-878e"
cdn-fileserver: 587
date: Mon, 20 Jan 2025 19:45:00 GMT
cdn-storageserver: DE-1018
last-modified: Mon, 04 Nov 2024 15:59:32 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 01/18/2025 22:57:31
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 2704e4f514415cf1f808d4fc8826d7b4
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1079
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 200 10.9e2456c6.min.js Show response
a.omappapi.com/app/js/ 31 KB
10 KB 155ms
155ms Script
application/javascript 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/10.9e2456c6.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: 7dc039bc3b37b35011fc69aa92d228561153fa887dc558c7a885dcd4165e201f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "163a58eff04592019eab4c711e20878b"
date: Mon, 20 Jan 2025 19:45:00 GMT
last-modified: Thu, 16 Jan 2025 16:46:04 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: PxZEXwVXeaHty4GlpHgXKyyjDSP9qZ5wY1oF9pIghNWu5MxSaLeRNLP1VGCF5FM0i5kGNpFs5h9nomD5rQTAhKuVE/94eLk/XLKEJLTJaJo=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: d3ac1aa9c2e3b64647e71df59623173c
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: 5FP6Y1MJVBXFK3EF
access-control-allow-origin: *
cdn-cachedat: 01/16/2025 16:46:13
cdn-edgestorageid: 1079
perma-cache: MISS
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 200 0.cef7d96c.min.js Show response
a.omappapi.com/app/js/ 7 KB
3 KB 158ms
158ms Script
application/javascript 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/0.cef7d96c.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: b66cdfb28e728ce6443f300b7e7e87ed3db7b9d17177ac9363d24952f9966299

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "425df6597344426fbd73f036e1b9c6f6"
date: Mon, 20 Jan 2025 19:45:00 GMT
last-modified: Thu, 16 Jan 2025 16:46:04 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: dWwYGBe6kJzuYPhS0HWUx2Ep0daW8jQ8rT6cDTsyD7+Skq4DHhcukxlonNyRxLWIR+RDxnqRofpla3muy8ry4+XjQptazBtL
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 17e34df33a999a05a09b619cfff26369
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: 5FP4SJ737B27T1JS
access-control-allow-origin: *
cdn-cachedat: 01/16/2025 16:46:13
cdn-edgestorageid: 1082
perma-cache: MISS
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 200 9.500b1c77.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 161ms
160ms Script
application/javascript 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/9.500b1c77.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: 0edcd72a22925c6aed87c15cd9af15c65d3699120be0fcb7defd66413f5f85f2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "edb65ca40ac171b7fc029748827cf265"
date: Mon, 20 Jan 2025 19:45:00 GMT
last-modified: Thu, 16 Jan 2025 16:46:04 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: vPLLu//WaAc1gt7ox7WTNCr6VGwqYRCqOfDQgQkM7MGKIJkWc4hG2K+EyqtuepG21AP6EyR8Qd0=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 248c1fd86644ae1600aad43d8f3bb8cd
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: 5FP67R7FJRNP2THP
access-control-allow-origin: *
cdn-cachedat: 01/16/2025 16:46:13
cdn-edgestorageid: 1080
perma-cache: MISS
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 200 11.71e81912.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 162ms
162ms Script
application/javascript 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/11.71e81912.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: dd94201b725f45089c13a1b4d9f7a46e714418c14dd14ec384e71bbba6b70ed3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "5ace284dd2706e97fde5d9efad7c2c7c"
date: Mon, 20 Jan 2025 19:45:00 GMT
last-modified: Thu, 16 Jan 2025 16:46:04 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: 40SD1t51NoIpa317XxaCprTidBixmq46/cPRas187CxmqlaRZCbSQUjRihuEkiYORzo9kMG3/QE=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 6e323cf63c051e96ed4af6d7d8cf4724
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: 5FP7PTARX41WCQVD
access-control-allow-origin: *
cdn-cachedat: 01/16/2025 16:46:13
cdn-edgestorageid: 1080
perma-cache: MISS
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 200 28.4930213a.min.js Show response
a.omappapi.com/app/js/ 3 KB
2 KB 164ms
163ms Script
application/javascript 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/28.4930213a.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: 5dbb629ee92c7bdeb63db3f2a1c57ad3482953c0f0c84e016ac7a65c7056eb90

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "114bd39ce55f6d5751b86838e8f8e4a2"
date: Mon, 20 Jan 2025 19:45:00 GMT
last-modified: Thu, 16 Jan 2025 16:46:04 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: SjLiiYdkYmTBUhoZeIAR4MkK42y4D0/wjvZ08HFPVntugInom3dSGRU1EMMNYI6EqRcWOVAJ9sE=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 0e7ae497b2b1d0f6bd1f845a54821fb9
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: 5FP8MZMA3AYZTMT8
access-control-allow-origin: *
cdn-cachedat: 01/16/2025 16:46:13
cdn-edgestorageid: 1079
perma-cache: MISS
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 200 26.f1b8aaef.min.js Show response
a.omappapi.com/app/js/ 1 KB
1 KB 160ms
159ms Script
application/javascript 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/26.f1b8aaef.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: 1c9dcde10c91b122730e3dfeae365262698b92c178dc25e8584fc18a205c9975

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "c29bc732e6db939c313dd89cbaef9e11"
date: Mon, 20 Jan 2025 19:45:00 GMT
last-modified: Thu, 16 Jan 2025 16:46:04 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: 4ds+HmkSSPYdZeqfstU0PPIqZWLlOq3t+LUwoU8FJruAMUWvg4nISo5V4MsrhR46SvIxy2YPCEslnM7086rRjVhhdg9m6Xq/61bI93q+q8U=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 48d72a45ec82647256cdf149e62d2cde
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: 5FP2FEVJBWK0KQB7
access-control-allow-origin: *
cdn-cachedat: 01/16/2025 16:46:13
cdn-edgestorageid: 1082
perma-cache: MISS
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 200 16.031caf30.min.js Show response
a.omappapi.com/app/js/ 830 B
1 KB 162ms
161ms Script
application/javascript 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/16.031caf30.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: 09e735eda60b22a209a186c47c63ae218065f9408398fb56f6879fd5ad1b27dd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "feda953a5c21ac87df206c47d533f367"
date: Mon, 20 Jan 2025 19:45:00 GMT
last-modified: Thu, 16 Jan 2025 16:46:04 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: 9wqUGS0yevxvRaaY3OXjDMaizBak4C+9Z5HcBRYX2XXtsM4eGNIBK/7gUZXEA53Va8JM2bgoj6w=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: fc9b32c3cd4ac97d2b796869be0bfe68
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: 5FP1EH5BK766BZ4E
access-control-allow-origin: *
cdn-cachedat: 01/16/2025 16:46:13
cdn-edgestorageid: 1081
perma-cache: MISS
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 200 1.6ab34a74.min.js Show response
a.omappapi.com/app/js/ 10 KB
3 KB 196ms
195ms Script
application/javascript 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/1.6ab34a74.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: b531124f69c947648e8b4077cb5486d214042b81ab6f0ffa6e48b56543fa4854

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "a110612a90902146fd59aa1b95ea0ab9"
date: Mon, 20 Jan 2025 19:45:00 GMT
last-modified: Thu, 16 Jan 2025 16:46:04 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: qQvOz6y5dKHlLpfjpf92I56EefC/qaWLyosM0hpYtRa+nRkzvj3YPhZvzWjVCb6iTLUoyl3mg/g=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 2e59261ba1b6fc0804d40c2f582ecca4
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: 5FPCBBNTA3A9BE0R
access-control-allow-origin: *
cdn-cachedat: 01/16/2025 16:46:13
cdn-edgestorageid: 1081
perma-cache: MISS
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 200 21.23037338.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 189ms
188ms Script
application/javascript 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/21.23037338.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: 8a5780b47447cd42b588ff79fa6452113fb577b62af8e24f402f34c6549a9d81

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "ff8503832549aa55f970241cfd8cda2a"
date: Mon, 20 Jan 2025 19:45:00 GMT
last-modified: Thu, 16 Jan 2025 16:46:04 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: 0K7F4l7+rke3kfYir4YV+HCsu1caysixB1NuhaMTIljhyuzWmgmK2mmuZlg83Dj6AaWDWS8UafY=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: acfd61fa751ecb8f117c01a7511497cb
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: 5FP6M9CD8WKNTD0N
access-control-allow-origin: *
cdn-cachedat: 01/16/2025 16:46:13
cdn-edgestorageid: 1080
perma-cache: MISS
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 200 css2
fonts.googleapis.com/ 14 KB
2 KB 135ms
134ms Stylesheet
text/css 142.250.185.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat%3Aital%2Cwght%400%2C400&family=Open+Sans%3Aital%2Cwght%400%2C400%3B0%2C600&display=swap

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/4.dc7ea857.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f10.1e100.net

Software

ESF /

Resource Hash

46fe57bbe860c72e56f221befc7981242362bb757d61a23346dd20b508a0d32a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 20 Jan 2025 19:45:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 20 Jan 2025 19:45:01 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Mon, 20 Jan 2025 19:36:41 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
fonts.gstatic.com/s/montserrat/v29/ 18 KB
18 KB 131ms
131ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat%3Aital%2Cwght%400%2C400&family=Open+Sans%3Aital%2Cwght%400%2C400%3B0%2C600&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

1c9c85d0b73b7321eb8ed22e0b6bcd577478dd5f99d1379a5d4cea10884033ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.guidepointsecurity.com
Referer: https://fonts.googleapis.com/

Response headers

age: 542336
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 14 Jan 2026 13:06:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 14 Jan 2025 13:06:05 GMT
last-modified: Wed, 06 Nov 2024 17:30:39 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18792
x-xss-protection: 0
server: sffe

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
47 KB 138ms
137ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat%3Aital%2Cwght%400%2C400&family=Open+Sans%3Aital%2Cwght%400%2C400%3B0%2C600&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.guidepointsecurity.com
Referer: https://fonts.googleapis.com/

Response headers

age: 557105
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 14 Jan 2026 08:59:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 14 Jan 2025 08:59:56 GMT
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 48236
x-xss-protection: 0
server: sffe

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
203 B 254ms
252ms XHR
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.guidepointsecurity.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 5D78E055B447467581622F4F6E822617 Ref B: TLV30EDGE0311 Ref C: 2025-01-20T19:45:01Z
x-li-fabric: prod-ltx1
access-control-allow-credentials: true
x-li-uuid: AAYsKH8Cdd2f38tEs3DgLg==
x-li-proto: http/2
access-control-allow-origin: https://www.guidepointsecurity.com
x-cache: CONFIG_NOCACHE
date: Mon, 20 Jan 2025 19:45:00 GMT
vary: Origin

GET
H2 200 cookie-plugin.js Show response
truyoproductionuscdn.truyo.com/static/ 81 KB
22 KB 194ms
194ms Script
text/javascript 13.107.246.61
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://truyoproductionuscdn.truyo.com/static/cookie-plugin.js?_=1737402292096
Requested by: Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.107.246.61 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: ab89c16f2ba92e21f2b51faf9839772d73577c33890eac8f7a0a2b03e817d4b6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-ms-blob-type: BlockBlob
x-azure-ref: 20250120T194501Z-158766dbf87dcknrhC1MRSe6x000000009dg000000000q9d
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
content-encoding: br
x-fd-int-roxy-purgeid: 82478213
x-ms-request-id: cd3a84be-a01e-0049-14da-689855000000
x-ms-meta-md5sum: 4e2a0c28274d04a50ddcba1f0482f5b6
x-cache: TCP_HIT
date: Mon, 20 Jan 2025 19:45:01 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Thu, 16 Jan 2025 20:03:40 GMT

GET
H3 200 cropped-GPS_MARK_RGB-32x32.png
www.guidepointsecurity.com/wp-content/uploads/2021/06/ 1 KB
2 KB 94ms
94ms Other
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/uploads/2021/06/cropped-GPS_MARK_RGB-32x32.png

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9acb910cc5b096bba22eabb60932dff77f54a10634dd8916f9796fce1d26c7c8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/

Response headers

cf-bgj: imgq:100,h2pri
etag: "60be15ac-733"
age: 122792
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=1843
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:45:01 GMT
content-type: image/webp
content-disposition: inline; filename="cropped-GPS_MARK_RGB-32x32.webp"
vary: Accept
last-modified: Mon, 07 Jun 2021 12:48:44 GMT
priority: u=1,i
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 9051900069a87da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 1408
server: cloudflare

GET
H2 200 7c4b4be7c4bd4b1d868ca35f02b5d8af-optin.json Show response
a.omappapi.com/app/campaign-views/9d7e390b056e/bwrgoex3iwbuehamxnrx/ 28 KB
5 KB 416ms
145ms XHR
application/json 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/campaign-views/9d7e390b056e/bwrgoex3iwbuehamxnrx/7c4b4be7c4bd4b1d868ca35f02b5d8af-optin.json
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: 6e41999a227cfe23ae71086da7bcc52bdef76c616c78eb8b1e5c95c7cec0d2b8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "7c4b4be7c4bd4b1d868ca35f02b5d8af"
x-amz-meta-title: 7c4b4be7c4bd4b1d868ca35f02b5d8af-optin.json
date: Mon, 20 Jan 2025 19:45:01 GMT
last-modified: Thu, 16 Jan 2025 11:37:22 GMT
content-type: application/json
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: XkV6taCTjcRCm2Y87Kl5mOs7I7NvEwM4jt75AKJTQY99SvdD/x/zW6+siIIrqh2Z+eA9mkgdXG8=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
x-amz-meta-date: 1737027441
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 2116cee61695f97138d0e50c1f01c682
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: ZQZ1FZA3AWC00K9W
access-control-allow-origin: *
x-amz-meta-level: vbp_growth
cdn-cachedat: 01/16/2025 11:39:06
cdn-edgestorageid: 1081
perma-cache: MISS
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 200 cookie-plugin.css
truyoproductionuscdn.truyo.com/static/ 13 KB
4 KB 135ms
135ms Stylesheet
text/css 13.107.246.61
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://truyoproductionuscdn.truyo.com/static/cookie-plugin.css
Requested by: Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.107.246.61 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: c98d8f80a0a5a7d870f1318e258de7e266e2d7ea06fd8fb5dcb1c4e2e9c58381

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

x-ms-blob-type: BlockBlob
x-azure-ref: 20250120T194501Z-158766dbf87dcknrhC1MRSe6x000000009dg000000000q9r
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
content-encoding: br
x-fd-int-roxy-purgeid: 82478213
x-ms-request-id: 2a476316-e01e-0048-1904-69c789000000
access-control-allow-origin: *
x-ms-meta-md5sum: 4204c17fc28f8a4d424e54d02148912d
x-cache: TCP_HIT
date: Mon, 20 Jan 2025 19:45:01 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 16 Jan 2025 20:03:40 GMT

GET
H3 200 css2
fonts.googleapis.com/ 22 KB
2 KB 138ms
137ms Stylesheet
text/css 142.250.185.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500&display=swap

Requested by

Host: truyoproductionuscdn.truyo.com
URL: https://truyoproductionuscdn.truyo.com/static/cookie-plugin.css

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f10.1e100.net

Software

ESF /

Resource Hash

069ce6e635181812d27df60b6a3007fccaad76f3effcc5bffb12ad0a7a601e73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://truyoproductionuscdn.truyo.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 20 Jan 2025 19:45:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 20 Jan 2025 19:45:01 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Mon, 20 Jan 2025 19:44:08 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 200 roboto-400-latin.woff2
www.guidepointsecurity.com/wp-content/plugins/seriously-simple-podcasting/assets/fonts/ 15 KB
16 KB 103ms
103ms Font
font/woff2 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.guidepointsecurity.com/wp-content/plugins/seriously-simple-podcasting/assets/fonts/roboto-400-latin.woff2

Requested by

Host: www.guidepointsecurity.com
URL: https://www.guidepointsecurity.com/wp-content/plugins/seriously-simple-podcasting/assets/css/castos-player.min.css?ver=3.7.1

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.guidepointsecurity.com
Referer: https://www.guidepointsecurity.com/wp-content/plugins/seriously-simple-podcasting/assets/css/castos-player.min.css?ver=3.7.1

Response headers

cf-cache-status: HIT
etag: "67635068-3d78"
age: 131134
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 20 Jan 2025 19:45:02 GMT
content-type: font/woff2
last-modified: Wed, 18 Dec 2024 22:44:56 GMT
vary: Accept-Encoding
priority: u=0,i=?0
strict-transport-security: max-age=31536000;includeSubDomains
content-security-policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
cache-control: public, max-age=31536000
cf-ray: 905190042df37da4-TLV
accept-ranges: bytes
access-control-allow-origin: https://www.guidepointsecurity.com
content-length: 15736
server: cloudflare

GET
H2 200 e7fcf44b24b21736988884-January-GRIT-Report_Desktop_OptinMonster_01162025.png
a.omappapi.com/users/9d7e390b056e/images/ 12 KB
13 KB 141ms
140ms Image
image/webp 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.omappapi.com/users/9d7e390b056e/images/e7fcf44b24b21736988884-January-GRIT-Report_Desktop_OptinMonster_01162025.png?width=320
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: 506d6d88fc7c5b28d4f80eaa8437651f82ac2cf5d09a3bdb5ccf267ce43d7ca4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
etag: "6788e6b1-2fc4"
cdn-fileserver: 750
date: Mon, 20 Jan 2025 19:45:02 GMT
cdn-storageserver: DE-1024
content-type: image/webp
last-modified: Thu, 16 Jan 2025 11:00:01 GMT
cdn-cachedat: 01/16/2025 11:01:05
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 3687b7f310d94c90a068cd4e879e511c
cdn-pullzone: 293267
cdn-proxyver: 1.06
accept-ranges: bytes
access-control-allow-origin: *
content-length: 12228
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 200 e7fcf44b24b21736988884-January-GRIT-Report_Desktop_OptinMonster_01162025.png
a.omappapi.com/users/9d7e390b056e/images/ 12 KB
0 0ms
0ms Image
image/webp 169.150.247.37
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.omappapi.com/users/9d7e390b056e/images/e7fcf44b24b21736988884-January-GRIT-Report_Desktop_OptinMonster_01162025.png?width=320
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: 506d6d88fc7c5b28d4f80eaa8437651f82ac2cf5d09a3bdb5ccf267ce43d7ca4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
etag: "6788e6b1-2fc4"
cdn-fileserver: 750
date: Mon, 20 Jan 2025 19:45:02 GMT
cdn-storageserver: DE-1024
content-type: image/webp
last-modified: Thu, 16 Jan 2025 11:00:01 GMT
cdn-cachedat: 01/16/2025 11:01:05
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 3687b7f310d94c90a068cd4e879e511c
cdn-pullzone: 293267
cdn-proxyver: 1.06
accept-ranges: bytes
access-control-allow-origin: *
content-length: 12228
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: IL

GET
H2 204 i Show response
z.omappapi.com/v3/ 0
138 B 243ms
234ms XHR
text/plain 104.18.3.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://z.omappapi.com/v3/i?aid=82125&cid=bwrgoex3iwbuehamxnrx&sid=5fb58baa2355a&rt=false&dv=desktop&cty=slide&url=blog%2Fransomhub-affiliate-leverage-python-based-backdoor&v=5
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.3.9 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.guidepointsecurity.com/

Response headers

cf-cache-status: DYNAMIC
access-control-allow-credentials: true
cf-ray: 90519005ba70dbdf-FRA
access-control-allow-origin: https://www.guidepointsecurity.com
date: Mon, 20 Jan 2025 19:45:02 GMT
x-kong-response-latency: 17
vary: Origin
server: cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: lltrck.com
URL: https://lltrck.com/lt-v2.min.js

Verdicts & Comments Add Verdict or Comment

124 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

29 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.guidepointsecurity.com/	1970-01-21 02:36:44	Name: __cf_bm Value: mILEK6S12CBsHl7JCu0vRu0Krq9WkbX8r02j5_U3LV0-1737402291-1.0.1.1-oHWI04AY611DToJZv4qp69rr3UnTOraFJ8v09s.bfHyLyjaZ3Sr4TqxasO_rL8CZSuGpwr2tFSJCb5otAxdWhg
.go.guidepointsecurity.com/	1970-01-21 02:36:44	Name: __cf_bm Value: ey2HUYBXtAlwL9l4INRPgtyuIrCE7VdZe0922YPQbK0-1737402292-1.0.1.1-6.WNyhgUyOFmCutsWmYll35rSCeQcn4FjqsEvwR_UVd1vRvm3cCW8ufR7Wk8_zVjl1xyNBfOJJXKpvqb3VpRsw
.guidepointsecurity.com/	1970-01-21 11:22:18	Name: _biz_uid Value: d9ecdeab470d4efdbfba354c50d14d2c
.guidepointsecurity.com/	1970-01-21 04:46:18	Name: _gcl_au Value: 1.1.1692592522.1737402293
.bizible.com/	1970-01-21 11:22:18	Name: _BUID Value: d9ecdeab470d4efdbfba354c50d14d2c
go.guidepointsecurity.com/	1969-12-31 23:59:59	Name: BIGipServerab01web-nginx-app_https Value: !ZONalme53U9k9VjTY1tgvhyyRs2fV71AVaxVNiouSzKt7W6VHIcU39qmgSEj0GZZSjOB7knE1qIZcfk=
.guidepointsecurity.com/	1970-01-21 12:12:42	Name: _ga_QVDYN94XH5 Value: GS1.1.1737402294.1.0.1737402294.0.0.0
.guidepointsecurity.com/	1970-01-21 12:12:42	Name: _ga Value: GA1.1.2110334747.1737402295
.guidepointsecurity.com/	1970-01-21 12:12:42	Name: _mkto_trk Value: id:995-MTM-359&token:_mch-guidepointsecurity.com-59acb8a63076b9a3e6942554de8c39e2
www.guidepointsecurity.com/	1970-01-21 12:12:42	Name: _omappvp Value: iCgdorpmItZoDfp17NKudsbtXXHzmID3FJVCrCYOcxvjoJSiG4YTAfMZ2OLWJUiKv5gdJ57QhTTQI7KyEQXeuiGCVoBpyI4u
.guidepointsecurity.com/	1970-01-21 02:38:08	Name: _uetsid Value: 08269670d76711efb8b171b94bcb3980
.guidepointsecurity.com/	1970-01-21 11:58:18	Name: _uetvid Value: 0826ca20d76711efb90bddb75b338da8
www.guidepointsecurity.com/	1970-01-21 02:36:43	Name: _omappvs Value: 1737402299034
.bing.com/	1970-01-21 11:58:18	Name: MUID Value: 2DE4158C0C9A63AC0F0400F60DE762DB
.doubleclick.net/	1970-01-21 12:12:42	Name: IDE Value: AHWqTUlyxCrwQT2sn0SND3Yt1cxMwc4qVNjkp9baolKvDUeOdN46ioLOH8U399zU
.twitter.com/	1970-01-21 12:12:42	Name: personalization_id Value: "v1_DwI9Bwp77jR66VnNl+t7VA=="
.t.co/	1970-01-21 12:12:42	Name: muc_ads Value: e3340a51-7758-4a8c-90ab-fd8dc48a842f
.t.co/	1970-01-21 02:36:44	Name: __cf_bm Value: zrh8vocxNC1jHAF5L0oaaF7hq3VnVVlrp5ZDABl0pLQ-1737402299-1.0.1.1-mtazTffCWkiqeAuw_bAVB00mWJLeqMI1A21E1kYish1Od0_DUZIh7GCHwRysDiJimb4AMhKehltXkIShroN6tQ
.linkedin.com/	1970-01-21 04:46:18	Name: li_sugr Value: 59c43fd2-6c40-486c-a832-7215699f718f
.linkedin.com/	1970-01-21 11:22:18	Name: bcookie Value: "v=2&66d11744-75a6-4855-8b92-cc7a3c320a27"
.linkedin.com/	1970-01-21 02:38:08	Name: lidc Value: "b=TGST07:s=T:r=T:a=T:p=T:g=3005:u=1:x=1:i=1737402299:t=1737488699:v=2:sig=AQFYD8rLml3cCo-xl69OI161SxAX84EJ"
.linkedin.com/	1970-01-21 03:19:54	Name: UserMatchHistory Value: AQIC9fIPbCiPhwAAAZSFPzVoaCAKY40UvwPKGWkkrYrmkjfPtABLNGeGNK_mlray4j0PceQNp2Kaog
.linkedin.com/	1970-01-21 03:19:54	Name: AnalyticsSyncHistory Value: AQJvrJOjJLWTEAAAAZSFPzVoML0Gz9qeY8Bq_gbKMQuSSaHsDwpByQ92Lah2g-YsPaT5ufB-YpYJnOOjSOfl2w
.guidepointsecurity.com/	1970-01-21 11:22:18	Name: _biz_nA Value: 2
.guidepointsecurity.com/	1970-01-21 11:22:18	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%2C%22Mkto%22%3A%221%22%7D
.guidepointsecurity.com/	1970-01-21 11:22:18	Name: _biz_pendingA Value: %5B%5D
.www.linkedin.com/	1970-01-21 11:22:18	Name: bscookie Value: "v=1&202501201945007262644e-17aa-4d0e-87d3-23b874ead26eAQE_Z4EAFt5q9bYSbPB9Dl00n7DfAQqJ"
.linkedin.com/	1970-01-21 02:36:44	Name: __cf_bm Value: tCv_xJ.agt17BXbG9NBehgm0ckKf21zZxq9FpAdTj8A-1737402301-1.0.1.1-Axt7eryiceWnIlUapKF97wN9jKGvJN9aQhjUBAt4R8T6z4qDr0lSaOKSVBYDVCH5dbvRORMgvnr7VHMGkAHY_w
www.guidepointsecurity.com/	1970-01-21 12:12:42	Name: truyoConsent Value: {}

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://api.omappapi.com/v2/embed/82125/nfzzoxtovsmgz3i3stqa Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

995-mtm-359.mktoresp.com
a.omappapi.com
acsbapp.com
analytics.twitter.com
api.omappapi.com
bat.bing.com
cdn.acsbapp.com
cdn.bizible.com
cdn.bizibly.com
d10lpsik1i8c69.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
go.guidepointsecurity.com
googleads.g.doubleclick.net
lltrck.com
munchkin.marketo.net
okt.to
px.ads.linkedin.com
script.crazyegg.com
settings.luckyorange.net
snap.licdn.com
static.ads-twitter.com
static.oktopost.com
t.co
td.doubleclick.net
truyoproductionuscdn.truyo.com
www.google-analytics.com
www.google.co.il
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.guidepointsecurity.com
www.linkedin.com
z.omappapi.com
lltrck.com
104.17.72.206
104.18.3.9
104.18.41.41
104.19.148.8
104.22.0.204
104.244.42.3
104.26.10.16
13.107.246.61
13.107.42.14
141.193.213.20
142.250.184.227
142.250.185.163
142.250.185.74
142.250.186.130
142.250.186.162
142.250.186.35
142.250.186.40
142.250.186.66
143.204.205.185
146.75.120.157
150.171.28.10
169.150.247.37
172.217.16.196
172.217.18.110
172.66.0.227
184.24.77.11
192.28.144.124
216.58.212.164
23.197.137.224
23.22.90.252
23.48.23.52
52.85.65.125
005db543b6ae3779475e5b7ec7c469bd40f363cb3c4916927c99c3bd14bdf76a
017e8930e2e7e98567b1dd59fbc0a66b82d353a05d78f305846a1466cc974a5a
0189cfe39dc4645df5828d34de7a5848a8371222cb36c7aeb76643b8822cfa4c
02cbd72601fc578296394fe8dc37627367ccd2c65b289f9550a342e0a69a1b0b
04eda2793f8381107b514ab491c4ed849d4033300f50209bdeb171e83508b3f3
05fd0536813f75c4daf7e383b6f40dc617d34e271b4e1968d3aee6ac4f513620
069ce6e635181812d27df60b6a3007fccaad76f3effcc5bffb12ad0a7a601e73
080ecd3c9258c476300ae331cc1d363730cae5544ffd6c55bd5eafc0fb5d7281
081ad4206bfeb1950c8382b5bc32aac31c4698598563d87080ee67a8fc5318d0
09016600a13dd4825b72516765a8da53d1ab896f7582c4619d014e8ee147ea84
0925e63cb925e46af8a3e17c20379ceb1f8ce23d1664d79fdc60da04ea413183
09e735eda60b22a209a186c47c63ae218065f9408398fb56f6879fd5ad1b27dd
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0eceb9be92f0ec6a1b69ebafa0bdb6bd72506565259ca6c4574185e7336d0f04
0edcd72a22925c6aed87c15cd9af15c65d3699120be0fcb7defd66413f5f85f2
11377ace2337ea8287ecefb1bedeab3712b6862d7068076a74927d0711e601a7
11dd86442cf00801df4b476f5e79f5a64b7fd6d063515705df0ee12027abc782
12c3f7bc60c99d1b6b634d6cd16fbb0e26ae75ddda15d7a6e5106cd5dad83f14
12f09ef03cc047ed677e917b825c5fd1f6f484158228ffb1f38a26dce401210e
14573f6995f2fddf084162de527781b3db70246b39265cc9d15d4ed9fd8e1191
14aa24e24cf69be04316bee4ee79acb87267ff55709024670663b4dfa1d1a58e
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
16205bdc9fa3c56dda510c0eb78ee066d94bdbc514d867a4155869e119e0af68
16e1574e68c0a57632bc083b08732821592eae48471414e807ba1f6355c00afe
196f351ce1a780302b50e7b2404023102d7f555aa518d62ec678829c4b7b1185
1c9c85d0b73b7321eb8ed22e0b6bcd577478dd5f99d1379a5d4cea10884033ac
1c9dcde10c91b122730e3dfeae365262698b92c178dc25e8584fc18a205c9975
1eeb5a400ad84218b26d8da9fc3053c2896afb6e68ae5b350de7af0d6939f77a
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
25c1ba620b1fd2e9000735c704677c7d618af09c6b82cb206346df3ceffdd495
26ae64ca22c48cea2cff096ccb5fb79e5255aaff58e2449ba48794fdc0e089ab
28935d5cef07f490188c10bd7f506972a6b8904c1ca5887e26c74a29bf3bc42c
2902b7e86b4a656228ad1b646d19cda7720f890f8f5ba3b5eceb2dd23633355d
296fd4505f149bafb1d5653687b5dfd21ddc1bcb3e92c89d9be3e34b257f4c95
2b1bd4f2ad15ca4430bc9f14f4bc77080009742326c61dc7a107b78e27675093
2b85175c21358b9c4e67033cef7ea98ed3f508ded187fd5a627bf9c77c0f74fb
2b9d5582ddc08d7f2faba850c9515ded8ff9d331b7b0be51a6f672c308d3843d
3044ae66be11f026e61aae1190cdf2fd43adb843b841249cc965729b97621791
31535a91ce3f6b8ed3ddedadab1e49957e2220263a640df1a3f14f6fdfe15eb6
34335e9b3a98a19a8149e7b34481062eb8cf95626a31bbe3597adae528286c84
35ad1262c83146129e7b19b7c304932da742fdcebb127d54a6f166981148ae3e
35d718934e324ca5fbf68c3a23621595d881aab5bea834960098b8d16960a96a
37a9f55b60f4ead14679819720e8b676fefcd508607c28a134e07a0d9d9dbb96
37bab6cd583982e8eff58501a99d7c5c4d63664c1ca34f9e3b7cf526c5b73ae2
382fc7029a7755df619b8bb722c3a81d0cdc8b3107230e83cf8df858d25d2933
3a52b74d5c49f982c7abd56b2a8ce416348f59e075155140d6868dffad51c2c2
3bc6467a95cec8fa516c6f5f69e1301e37e16f9bb1046fe7756729249f901b95
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3e0598422f34dca372f578da29e2ae51ea2ce58050d83c22688c847ba3e3537b
41122c258f412f5cded15edbc61fedfc419d3a880a8422c6d53373e700697742
43140080cccb1e8f1c09221983e56c57d6997c3570b9e2b68a2e4a18cac113cd
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4650a9b20941396cbfbbfa90820623b37370c0a1a45e6406964a069898b057e0
46fe57bbe860c72e56f221befc7981242362bb757d61a23346dd20b508a0d32a
47ca130aca9b86d41593fa64743d56f8eb9640d5bb31698f3d468b063492a121
480cbbdaf9ea4afde46d8c47c35a98172d4bdc57232c38fd6c44a514ae1c1a87
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
4b1ac8a583e3221087fcdaec02a8f0c75c75a0e8bcc4d68c35552f5be6387ead
4c1d5c070343064274a58ae3fad847cf13dd03f33eb4e6fe06afbc3fa787af69
4c7954754ee5cde5d9c8ba7781b4a0f4427ca8fa7c1d54123c3a16320a653aa6
4ea41c68f752d33873ef4818a29c062acbf73b129c90912251e57b7585993374
506d6d88fc7c5b28d4f80eaa8437651f82ac2cf5d09a3bdb5ccf267ce43d7ca4
5152316fade8c592fbfd38bc491e059464d967d3d31a582b0c885c0961deed30
5254e28deb757a2e8c3d9c031ce4fc47165bf744c2dfe610818d9ba0bd59053b
53fcda2005c85df4f1d2c761e174deeb05d0b5cc88e872a05b6ac17742c5b6f3
558fa2223b3d7ccb53cad00d2e136396f9b1977a3f9926b5ec0cbf8553faf029
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5ae3edf7b02996a91627f49d469aa9877d9d69d6fd061063d0accb13ce3fdd61
5b98d20f4565e665ac12020b09c289760d159a6d44d21a0ed76a9af247f9641f
5dbb629ee92c7bdeb63db3f2a1c57ad3482953c0f0c84e016ac7a65c7056eb90
5ef914e59b0047a261844d96acabb60c34d3acab6b85ea24198726ce4781fd37
60b43a3da7b5ba19e8a7d404a572e24b19b7d4c56f0172a5f43bfad64f6a6f10
60b513b033170f791f057c6cd0b4561d76c89d356289b3b134621ea9be2bde38
615921c79bb549a6f9b43cdb865de304c9ee49288a58fcdeb8ce20e7b85c2f60
62bbbb881de316a0cb5738d032c42a7118e7e504106c96e798a883123dcb9685
667ea9bc219f6385bdbe1372f011deeddb7371ae5faf56421adf858e15cf5dd8
67920d915b2009054a26443f27e0c93f4f0708c5ab00bc8be8bbe9fe6e0a9850
689f946b48a42556a9e86c4a67643c3877d6761a123e3e3651fb6578a7b7034f
6ae137b0622083ab7b1b10f5357ba13864d9a9c6697d5a629b9ecd224e815e54
6b2284c99ea57e0509e3c5250d633125e7b252762f5f9c54821336ed6991e940
6b29f57d36658c0e564e6add845dbb3d3f6d32e43132315597346cf603eb508e
6cb6821219dae9fa9a21519d86d7ec7acaf0c4dd61463eb336eb92964feebef3
6e41999a227cfe23ae71086da7bcc52bdef76c616c78eb8b1e5c95c7cec0d2b8
6e90b694c377d73581cb511fa3620b8608721e09aac1cf67cdab00c0d07db0ca
6ec7f15bdcfb1a894f051e630429d6e1c5da8ae7c83f51de623933d24461e529
6f0440e8eed47b274a5757b906ef7e8ba5679f84c5ef0a5ebb9b71ee954452df
6f17a033f702ca3ef54d1cf59bb21085721b5888c9b60dd267b3a02e092074f8
700299dcc9c16df05bc6cf4147fb0a305f6ec166b44256d102eeef7642f30cc5
735dcf947685c35ac62102adcddf48a40e46e84762e742a58f3f40193d278906
73a789e2d2eb230e61fcaf348270b875a22cf2f08d81eb21a48b89b34dddec0c
770fd9e95d6596749547718cdd4b7155aee80d6e3ddf4ad67c21502fbbd49e39
77496d3872ebaf9d05f417126baa8ad7157851163826b68a688a057c8876b9cf
78862cb74e0c1bbe1e03c94303b60eca4a6d950cdefef921ee475fc07c1292a6
7a87e0628d30dbd78780e03c1fb95a4c033c71365633056cc0d173eaf46687cb
7dae9c30172a21cb7a76f8ebc952d0dcd0d9e9a8278abc292bdf9753aec6ae74
7dc039bc3b37b35011fc69aa92d228561153fa887dc558c7a885dcd4165e201f
7de31269cf085123c192f66ed04c37d8822004c6b104ab4d57050051a754a75b
7e84c9f8d71bc6eb2dac2fce59a6caea62da51ffa8cf56b41806f59386ab1322
8014974e36593b25379b0e1c284924b81499b01d01bad10a7ba44b5b71f38d20
8056ca807fde5c5e93c0afb23cb7349bd719cca9bd9f14ed88615061f11bea2d
8165b3622601d303416fb14c16222eb2fe9b2612abf58f2ea053d1849a547029
88f5933317943ba930be9ab41ce66120b071e5a83c3ab2386bdf37d16161bd11
8a3a5696f506baa9a2c86a915349f162bc3682b4899b97fc7fb21670d0cbf322
8a5780b47447cd42b588ff79fa6452113fb577b62af8e24f402f34c6549a9d81
8e2616de9f1a89822e4b3a476b6f20e376496bbe3c888e386ebb6832d5ed01f1
93d276b3b6a476394eb4d6bd3c29bc6b41ea7f0339e930eb3703a5d25329e921
985a329121413ae5b9c3c31c166120e8b61de392e68bdeb61f6f926074044db6
988e6f95dfed0cc8e0ab5314b85507fec93722e86e2f7c348a9bf27297f970e3
98e81fc399e93b98319095bb99c47e9565672d3ad9246bec82fd721505ea0a0d
99cd42c0c58b1ca6718b76cbb9c57a732a722c0d0d3958395fed37e0deaeb4f4
9a1e0d38b691f1d22a92cff65ec0439b428170ac39a4493c7ecb06d5585f56a3
9acb910cc5b096bba22eabb60932dff77f54a10634dd8916f9796fce1d26c7c8
9e1b66848350a0c99c003cb10068caa906a6873f31adc4a2bcf7ac45427d12bb
a0b19e518f0c8d34e9d1be208fbe25b392a005eb08b71312dd37c719ae9626d7
a71e45f2fdff56b088251774153c0bb0b6237b2a9711795d5f4633d484cdcff3
a7d1f40ef2baa6320abe434fa34a3b5fb1464822d441a5225014fad696e14dc1
a7fd046815f8ca4629ccd28180fd9c9e998830fdcde3f2835e3c2de883805650
a8642bcd147ba3528345f5bd17f788cd524931e093255b2c1c8344677a1ab505
a9f0e7bb499f6e0c90df6795b07dea522e879b4d89a343a74f78de983354ddcb
aa28d31362437b5c5183ccc97a0985d498fc52d3cb5e2dca92f3c8c9a3140851
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
ab89c16f2ba92e21f2b51faf9839772d73577c33890eac8f7a0a2b03e817d4b6
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acbc86b8c84ead040a7b0d830f4e93b8daeab4da1973f7bceaf5791b9cd59844
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b19fb94caca462aa15623cf2c189b112adf3fa81275a47e72e8e5bc03df32058
b531124f69c947648e8b4077cb5486d214042b81ab6f0ffa6e48b56543fa4854
b57fb5290108671fa8068f48df452a405078f6932126b47407584a42545d49ba
b66cdfb28e728ce6443f300b7e7e87ed3db7b9d17177ac9363d24952f9966299
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a
b8166c5475df6a64ab2456e95f64564164ed697d258e8bfed8cebca40efd6fa5
b9d4295c24f746a06967421896dcf7d112c5b2d8dc8b037a23b89763f68a2fab
ba92f31903d0ed43a15811c0506b1c357fa04ff643140a3c0e162dfc66cd37eb
badbf482b2abccc80d293050961ecdf54d39eb9942f3536776f08b0b9065c7a1
bbbe17e6766c1384a2e4499306eb3beeac5a8440bed8e6f861a604a7a13f77b3
bf06f79cab72d40d72d9b61f2d9686ab761c9ef09d419954894151d12573eeef
c168e252dcd59b98c43fa6c14f3ecd0b29ce6a38f57ea48a162a1a329ad7425d
c3170e302fd0264249ed801569435555244d773739af77ac7a8f2e22ae5bdb60
c57e64fcb72bddafa9c38de574441c3e69ac6c961df96b0cad34da83658bd196
c583eba2fb643f015f1e565bcb8aa5970aeb6b0c4c2166cd53d0eb31ef677a3e
c60d3fb51cd21ec2a8267f58ce645489a831825cddc9b829984425d61107720a
c72f215bc646b82d59e36c6c2672dbdc92f8cefd32392b9d2f804e3bc63d6e8a
c895863259144e0638e20b89a4237d1eda3ee1a1b94651e55367b14475fb5a02
c98d8f80a0a5a7d870f1318e258de7e266e2d7ea06fd8fb5dcb1c4e2e9c58381
ca3726a286c0e1e22114dddae9f9ef6a6db64ed5daffb2355031bae1ae107899
ca615091699ae472b5517288ba1f431aa783672a634dff3178c27749a89c0c23
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cbec7579d8c2963f13b8ef90847bef861b534371bfd2dab99ebb09ff1528b0e9
cbff81b81b3857f00291853dcd19212872dc50a7c97fde595bfa91a04a979b05
cc43d3186a56803c42f5a0072485555d029bde16ab04c68f9b83a13caa2f1870
cce2184ec089babc70ded47b8474c543f6a5ff013e4bfd9dbae8689489bb13ba
d2472b09ab0e112344f5e25ce73a61b17bbfcfb0d28874858131f33689a0caf4
d251b544568bb3ae07cb0ef10965e09c66d530b45b5e9658dcc30c27b8734c5c
d2940045060905c080d4326b2130ba13dc97e9080bcdc3f8928cd54e32a45564
d33d0d006fe28aaf0acaca6e7f2af522287e7d0e331826279ae25647375b7299
d3af1518745d0299b258232ff5dba095ffd5e4d9fdfafd2ff6425438d67d1363
d3ee545a2446dc4f3cb8cb378a1a775918b223dfaeaeab871ad5b1b8084d41e4
d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60
d7ef2b53caf99b02f91d8ed9125d4bd86a642677a0427b411f083352cf5d6139
d9c370831c74b1850d70f5b1c99453d6cda21e5099428a3f21c43bd96c3acb5d
da7cc5ae3d9bfc73d7f1813d09c8a9ea702222053d89f21892e29afdfb761c4d
db71f8a28ad8501544fb4e7668e3c6d0b731760b6f20de3525ebaeba597f1922
dd94201b725f45089c13a1b4d9f7a46e714418c14dd14ec384e71bbba6b70ed3
ddbdd98a3edd69b273fe3ba8d4248da4df8055327e3b782819b6169a272b3128
dea9df0145848ffeb3c6931228d41e833341b4837c0e713d321c5bfcf6dcd4e6
e0d3e66407febbe6cfadf4d2a9e3fc67fb57fe3a0f17f771d6e9ba95180bc864
e3425023ae9bf6a5b6f6d57c73dba23d8367722cd41d2615aba5e350f02989e1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e494785858d27c2db6ca77cee55e22711b77ab5b1ac706bb9963cd8954f8e84d
e6a5e8ac6922f25e9f5d3a8c5bfa8a1974e3b9a1256789cb805f9d7ced30edcb
e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c
e865cf013eaa0223f508139bd864e5a3f2b88fc1857c0bc714cc48389a3ea82f
e89af3cdf73ade65bebf1a31a5ef20a02f666b9e053f86876b68c94b6edb200c
ea08a73594d8e482583118fd47dd692802fdb8ef42816ff7e7d53eb88242dca9
ed088b2afc95ccc0304edf02bb1b0c074d201e2f21259e3f8dc5e3fb6af1dc41
edb1e4c879a22b1b413be44cb521a8f20fcc40e9ca1aa50c1c38cd45868de369
ee1b7171d5576319ebedfa1bf96f295312ce0c43a6cbcb6d378a7c225a872905
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff50ee97749192a01ffbe5c7d7b3b88d11cc53dcbd6d659b22b37e8cc0754d7
f0a8d2f11b84520dc223bc73b780051f129d3f5a770595c78b732a4d255ad64f
f2d0c5e435dc72c3ba2231df3c5980a39e4f5ff2cefec4eb8f95217c4f9f7403
f313d12ea6124bd28fc4a6b7163d253bb83d5aeab5edce594880c5c3df475cbc
f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a
f9227804ae4630ad6de4fa180cadacc9cb37dc6929480c36f06ba142fbf83886
f97e4c007966d79ad2fb3f049eff0bbbed89385ab9671c7891581e9d11f5c696
fafc4160788beca657ec3e3041976281fb6d54a0e82bb4d22a433f7c6bb8b1d6
fb40ed28b30f158ec880cbe71aea9279d00d12f19361db6cb1d008824dcaa4fa
fb52c6a4691c4c183a50921b788be2bd1b704e18e7603c31ee103106a6c1a190
fff71a83690454ee6ea9014780a6797408918cb90cde1f0f3be65ea28a03c678

www.guidepointsecurity.com Open in urlscan Pro 141.193.213.20 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

196 Requests

98 %HTTPS

0 %IPv6

28 Domains

35 Subdomains

31 IPs

3 Countries

3189 kBTransfer

8623 kBSize

29 Cookies

14 Outgoing links

Redirected requests

196 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.guidepointsecurity.com Open in urlscan Pro
141.193.213.20 Public Scan

Screenshot
Live screenshot

Full Image

196
Requests

98 %
HTTPS

0 %
IPv6

28
Domains

35
Subdomains

31
IPs

3
Countries

3189 kB
Transfer

8623 kB
Size

29
Cookies

196 HTTP transactions
12 data transactions