www.hfrance.fr Open in urlscan Pro
2a06:98c1:3120::3  Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
8 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html Show response www.hfrance.fr/	177 KB 60 KB	188ms 107ms	Document text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.33 Resource Hash 369d758165c778e7df7128675f8f14d8725f7a24c80b6949167f844369384d55 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control max-age=0 cf-cache-status DYNAMIC cf-ray 8158a8db6d992a14-CDG content-encoding br content-type text/html; charset=UTF-8 date Fri, 13 Oct 2023 15:36:41 GMT expires Fri, 13 Oct 2023 15:36:41 GMT last-modified Fri, 13 Oct 2023 09:16:50 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TkBVnhQDFQ53ieSzBiGbUvU%2B8uE%2FV8%2BSaZL6dTpjvVbAroIA0JeUSH0%2FRKZ7%2Bv4uVic0n72b1Sezmzi6b767dB2dPwhBcyGGieWmvPv28S%2FGaDGp8%2BlqyCbp%2FjapGltJfRzG6zATqqAlLt3qwA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/7.4.33
GET H2	200	style.css www.hfrance.fr/wp-content/cache/min/1/wp-content/plugins/affimax/css/	15 KB 4 KB	35ms 33ms	Stylesheet text/css	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.hfrance.fr/wp-content/cache/min/1/wp-content/plugins/affimax/css/style.css?ver=1686124786 Requested by Host: www.hfrance.fr URL: https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c239819947f68fe87cb857fbe4e16b277175ee167b919f32b1829b787f40afd5 Request headers accept-language fr-FR,fr;q=0.9 Referer https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Fri, 13 Oct 2023 15:36:41 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 7267053 cf-polished origSize=15506 alt-svc h3=":443"; ma=86400 cf-bgj minify last-modified Wed, 07 Jun 2023 07:59:46 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OU5p7uKA91ugJy5Pmc50e1XS4i%2FaZ%2FNnB5eV6OpMr8G9e4s1%2F0QrLBHWJ49ajdJsCEvSMIPSWItBrCyFACDD79Ex9YN%2B6Wt6T85CMMmzGDwW7DedKKroFfC3lzlKLedrKmXsn7ep4xhgZP30vQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 cache-control public, max-age=31536000 cf-ray 8158a8dc3f212a14-CDG expires Sat, 20 Jul 2024 12:59:08 GMT
GET H2	200	enlighterjs.min.js Show response www.hfrance.fr/wp-content/plugins/enlighter/cache/	62 KB 18 KB	34ms 34ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.hfrance.fr/wp-content/plugins/enlighter/cache/enlighterjs.min.js?ver=yKA15bNG20rze4a Requested by Host: www.hfrance.fr URL: https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b2d31599822dae1353d655633c6dbd9454ef2138d172798f4a91119eedd6d89d Request headers accept-language fr-FR,fr;q=0.9 Referer https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Fri, 13 Oct 2023 15:36:41 GMT content-encoding br cf-cache-status HIT last-modified Tue, 24 Jan 2023 10:07:13 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 1183468 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uj3ZUuzfwWEglG5m93T%2F6SIAM0X4QMxP2F7Y9fvxGkf%2FLolN5fPPuHNOdjoufeH2zNa6KuneqjHWGgdeI%2FelAda%2B2qj%2BSuq4fDphRiVoRSA7yX50Fd9ogiLLa6IYW5ozQQXRx2GbX%2FFzHpEdzA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 cache-control public, max-age=31536000 cf-ray 8158a8dc3f262a14-CDG alt-svc h3=":443"; ma=86400 expires Sat, 28 Sep 2024 22:52:12 GMT
GET H2	200	e-202341.js Show response stats.wp.com/	7 KB 3 KB	65ms 18ms	Script application/javascript	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://stats.wp.com/e-202341.js Requested by Host: www.hfrance.fr URL: https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258 Request headers accept-language fr-FR,fr;q=0.9 Referer https://www.hfrance.fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers x-minify-cache hit x-nc HIT cdg date Fri, 13 Oct 2023 15:36:41 GMT content-encoding br server nginx x-minify t etag W/13576-1684460848292.3706 vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 expires Mon, 07 Oct 2024 16:31:28 GMT
GET H3	200	lazyload.min.js Show response www.hfrance.fr/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/	9 KB 4 KB	29ms 29ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.hfrance.fr/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js Requested by Host: www.hfrance.fr URL: https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a Request headers accept-language fr-FR,fr;q=0.9 Referer https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Fri, 13 Oct 2023 15:36:41 GMT content-encoding br cf-cache-status HIT last-modified Wed, 07 Jun 2023 08:14:55 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 11085286 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E5SJ6m2pEE8zCOe6qlnmeoRG2cwdC0N3N4izUENphhgIrjX9tRQFJNslFVt5MD5%2B88jaLX%2BRiXraGF1y4hV%2FdSi%2Fd1TVrnlT2dyQoQhrM2nRad3kd9NCMUCuOvWMcuqmF3hQ4I1X2Buh4H%2FFBA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 cache-control public, max-age=31536000 cf-ray 8158a8dc692b02e2-CDG alt-svc h3=":443"; ma=86400 expires Thu, 06 Jun 2024 08:21:55 GMT
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash aaf69f969c85107828b863ad90f70534c60fc64cbb1a7f3e28d78692d8854db5 Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	69 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash f85ac79c895138d22ae66533fae937f77438690723cf1a260903f2dcbf44f68c Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash e11240631050a29ab96772c758eddff38c67a94e1c90293e1964bbcc9c4a98e2 Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7b3a7dfc2ed2fb879ef65f552399100ede22f776a5b19e449ee40029db1272d4 Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	68 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 3a48ba6d11055a2a6f840befa14e603650d8ca3d752e16daccd828d3869fb791 Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	67 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 34b745b4d633f5cd19bd6b88f50e16356436aa225dc91520517975813a19362f Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	SDK.js Show response cdn.pushmaster-cdn.xyz/scripts/publishers/61a8c9966b4a7b00095f1d9b/	16 KB 6 KB	78ms 29ms	Script application/javascript	2606:4700:20::681a:f50 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.pushmaster-cdn.xyz/scripts/publishers/61a8c9966b4a7b00095f1d9b/SDK.js Requested by Host: www.hfrance.fr URL: https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:f50 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 54e4c4c5ed4aa45b4520240cd9da9bc3ad26c7a139b67fcb72bdc29680f8ea32 Request headers accept-language fr-FR,fr;q=0.9 Referer https://www.hfrance.fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Fri, 13 Oct 2023 15:36:41 GMT x-amz-version-id iJvcuRkzcdQcDo3XsZODuxs_xR8jP3Vo content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-request-id SXW7QJKWSJ9GM66J age 1837 x-amz-id-2 1AumHs9RW97l1xSpsGxZECr4waplTwak6kxyvwy1yfzMOTIY75qgx0Xi7P7BCAtj6JLMxZRihPo= last-modified Thu, 07 Jul 2022 18:16:51 GMT server cloudflare etag W/"e239a1a8fb10138990c101e3957c013d" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nCkoNxZQvPn9M%2FjlDEaIfHbpo%2FO76Q25qyLRvCGTSfpf75cNyo2nO%2FB5X5ofFbC3i8Kh2%2BKO9aOZyHaFZDMHSvm1daY9IMeErfUY%2B1TiLxCeQoGaCMkrB2MIdPIZKiixd4tj57GgUkWbDc0Zh3MX%2FKW0NVE%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 8158a8dcc9bb0082-CDG
GET H3	200	inactive.svg www.hfrance.fr/wp-content/plugins/kk-star-ratings/src/core/public/svg/	238 B 680 B	32ms 31ms	Image image/svg+xml	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.hfrance.fr/wp-content/plugins/kk-star-ratings/src/core/public/svg/inactive.svg Requested by Host: www.hfrance.fr URL: https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2c0c291bc0981ba13c0fab388914b31ab2729ab42036ef251081077a196403f6 Request headers accept-language fr-FR,fr;q=0.9 Referer https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Fri, 13 Oct 2023 15:36:41 GMT content-encoding br cf-cache-status HIT last-modified Wed, 05 Jul 2023 19:51:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2912 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wVDYuXzfbiySxNY6bGp%2Bu163NiiCZ5IKkduiabk5a%2FmMv0Kkj3CCgCzUzWsJ1BiKE%2BAKnS%2FyiCKydZXARLfk0Dto0i2N9EChhiLlgilhAf4WBt%2F9s72y2C8KH3oMwOxLH8WwZ93vlSxEY2OFnA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=10368000 cf-ray 8158a8dc793b02e2-CDG alt-svc h3=":443"; ma=86400 expires Sat, 10 Feb 2024 14:48:08 GMT
GET H3	200	active.svg www.hfrance.fr/wp-content/plugins/kk-star-ratings/src/core/public/svg/	246 B 689 B	34ms 34ms	Image image/svg+xml	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.hfrance.fr/wp-content/plugins/kk-star-ratings/src/core/public/svg/active.svg Requested by Host: www.hfrance.fr URL: https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bed6cef3a2a83b0bfc42310907aa856549a86c15b7f3103d936c3d436bdd0655 Request headers accept-language fr-FR,fr;q=0.9 Referer https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Fri, 13 Oct 2023 15:36:41 GMT content-encoding br cf-cache-status HIT last-modified Wed, 05 Jul 2023 19:51:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2912 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B1VHnRjsBXz9%2FdkauK0VkUQ4g3kU6cj2PeTB3zBsRFfo1Zs%2B%2Bl0HHh3Tkm5SorOyV7%2BSpysf%2BwgFwenqwO3m%2F1FQH%2Fyhhbl3iR9Na0qWw%2BAI6ar79qjQtgvT%2FgaFhJdnBc8r3IgqiLu9p7grVw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=10368000 cf-ray 8158a8dc793f02e2-CDG alt-svc h3=":443"; ma=86400 expires Sat, 10 Feb 2024 14:48:08 GMT
GET DATA	200 OK	truncated /	31 KB 31 KB		Font application/x-font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash bc9c387b513b4d43675910f780fa03e92b9a4b58432b402a8f0a801a0d5ae855 Request headers Referer Origin https://www.hfrance.fr accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Content-Type application/x-font-woff;charset=utf-8
GET H3	200	data-theft-1200x675.jpeg.webp www.hfrance.fr/wp-content/uploads/2023/06/	55 KB 55 KB	27ms 27ms	Image image/webp	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.hfrance.fr/wp-content/uploads/2023/06/data-theft-1200x675.jpeg.webp Requested by Host: www.hfrance.fr URL: https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8ddc3fbc6eb30166a5e58481821cffc973d0b914a88356b58e44c21173341df5 Request headers accept-language fr-FR,fr;q=0.9 Referer https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Fri, 13 Oct 2023 15:36:41 GMT cf-cache-status HIT last-modified Mon, 19 Jun 2023 07:06:12 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 7 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u07bkukb5NF%2BCTy9nZjAxil6ewC1k1lrCUolFvatI8aH3%2BesV%2F82cTSQJz86PU3iMRUXMXhZKlUi9ywu0S5HnrLP%2F6VJsW%2FbpBEH0TenltSiOy%2Bvw3EYh9XApsQKJ2K27lFyOI1gy2%2FngQ3pzw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp cache-control max-age=10368000 accept-ranges bytes cf-ray 8158a8dcc9d302e2-CDG alt-svc h3=":443"; ma=86400 content-length 55956 expires Sat, 10 Feb 2024 15:36:33 GMT
GET H3	200	data-theft.jpeg.webp www.hfrance.fr/wp-content/uploads/2023/06/	99 KB 100 KB	72ms 72ms	Image image/webp	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.hfrance.fr/wp-content/uploads/2023/06/data-theft.jpeg.webp Requested by Host: www.hfrance.fr URL: https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 32dd17c10c5a44d747542b0ba0439d13b7ab10e37030659cc3afddbc171c2467 Request headers accept-language fr-FR,fr;q=0.9 Referer https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Fri, 13 Oct 2023 15:36:41 GMT cf-cache-status HIT last-modified Mon, 19 Jun 2023 07:06:20 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 7 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fu0jvXlABS0gxtLkHCYDUQzpAdcY4Lg0xa%2BqccPg2NIcRMpbcyBaDz2pU1kuX3h1mux5vAiJPKYb81eQNSRyo2oaYhvHG%2BUCTMImyZWkEBRkB44t6ZnpeA1xi6cGqDVK1RuYOZajEGNs0ZHA7A%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp cache-control max-age=10368000 accept-ranges bytes cf-ray 8158a8dcc9d402e2-CDG alt-svc h3=":443"; ma=86400 content-length 101562 expires Sat, 10 Feb 2024 15:36:33 GMT
GET H3	200	cropped-logo-hfrance-1.png.webp www.hfrance.fr/wp-content/uploads/2022/06/	8 KB 9 KB	98ms 97ms	Image image/webp	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.hfrance.fr/wp-content/uploads/2022/06/cropped-logo-hfrance-1.png.webp Requested by Host: www.hfrance.fr URL: https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3d4da50e79c757402b2fe75e7b975451eb9cc5714773cd91865a37c3d0d16cec Request headers accept-language fr-FR,fr;q=0.9 Referer https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Fri, 13 Oct 2023 15:36:41 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} display staticcontent_sol age 18859804 x-ezoic-cdn Hit ds;ds;dd784fdc7989d02bb42a23a87d6b6314;2-223952-34;e7f1a7ce-add4-414a-5c7e-54bc6d2eb6af x-middleton-display staticcontent_sol x-middleton-response 200 alt-svc h3=":443"; ma=86400 x-ezoic-excludewebp false response 200 last-modified Mon, 06 Mar 2023 23:45:17 GMT server cloudflare x-origin-cache-control vary Accept-Encoding,X-Ezoic-Excludewebp,User-Agent,Origin report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2BosKXqu1NfIVESp5iqLlEc5oekbvZzc2%2FTceDjFXysRPMjf2dG2xEEUMh%2F%2Fex6k2zXq6LsEmiKU%2F7jGiDwvBv3iI4nwKRJ0n2m%2F%2BBVnanedBSJnx1tJD1qMAmENane5bvTpcDvqaGEnICXI6A%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp cache-control public, max-age=31536000 cf-ray 8158a8dcc9d602e2-CDG
GET H2	200	g.gif pixel.wp.com/	50 B 153 B	24ms 18ms	Image image/gif	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.wp.com/g.gif?v=ext&blog=184208117&post=11144&tz=2&srv=www.hfrance.fr&j=1%3A12.7&host=www.hfrance.fr&ref=&fcp=285&rand=0.5474758370257771 Requested by Host: www.hfrance.fr URL: https://www.hfrance.fr/les-paquets-malveillants-solana-et-kucoin-infectent-les-developpeurs-nuget-avec-le-rat-seroxen.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1 Request headers accept-language fr-FR,fr;q=0.9 Referer https://www.hfrance.fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers access-control-allow-origin * date Fri, 13 Oct 2023 15:36:41 GMT cache-control no-cache server nginx content-length 50 content-type image/gif
GET H2	200	overlay_v2.min.js Show response cdn.pushmaster-cdn.xyz/scripts/templates/	26 KB 10 KB	28ms 28ms	Script application/javascript	2606:4700:20::681a:f50 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.pushmaster-cdn.xyz/scripts/templates/overlay_v2.min.js Requested by Host: cdn.pushmaster-cdn.xyz URL: https://cdn.pushmaster-cdn.xyz/scripts/publishers/61a8c9966b4a7b00095f1d9b/SDK.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:f50 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4d6448dc3f0cfa9d5bad25179f1ac12ef09c52ec91fe275d0481b8c8ca7a4d52 Request headers accept-language fr-FR,fr;q=0.9 Referer https://www.hfrance.fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Fri, 13 Oct 2023 15:36:41 GMT x-amz-version-id CY2dzRG1dZMWU0Fhi4ZfvzdQ3wavGS3q content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-request-id V5EXV3N2HQ4YYTM0 age 2101 x-amz-id-2 aFfqgw3eMtPGp0+46PQGlxTvtXF3+/QpWcWX24FX+d0jHBw8idc/gfWl20Y3Jqmr8icDAuGv5AA= last-modified Fri, 14 Jul 2023 13:57:16 GMT server cloudflare etag W/"fe004d84d70e4ec66893c89f4af7d2a1" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8SX4lxkZKKVIR%2F7iaC6DF0KiyRafJpr1vEmo16docf3Q8nOw0N7E1iLI2I%2FvjRzrSIQOrufymMAJNg2kJlYQiXQFz5PzV7Pi9zs88p%2BNEqj8DfJJ63HLBATIxiN2q5CPJWJRnqJm8wKnFT6WTdbxpYsDGaI%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=86400 cf-ray 8158a8ddbb5c0082-CDG
POST H2	204	prompt in.pushmaster-in.xyz/	0 0	56ms 55ms	Fetch	13.53.225.40 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://in.pushmaster-in.xyz/prompt Requested by Host: cdn.pushmaster-cdn.xyz URL: https://cdn.pushmaster-cdn.xyz/scripts/publishers/61a8c9966b4a7b00095f1d9b/SDK.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.53.225.40 Stockholm, Sweden, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-53-225-40.eu-north-1.compute.amazonaws.com Software nginx/1.20.0 / Express Resource Hash Request headers Referer https://www.hfrance.fr/ accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 content-type application/json Response headers access-control-allow-origin * date Fri, 13 Oct 2023 15:36:42 GMT server nginx/1.20.0 x-powered-by Express
OPTIONS H2	204	prompt in.pushmaster-in.xyz/	0 0	193ms 74ms	Preflight	13.53.225.40 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://in.pushmaster-in.xyz/prompt Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.53.225.40 Stockholm, Sweden, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-53-225-40.eu-north-1.compute.amazonaws.com Software nginx/1.20.0 / Express Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://www.hfrance.fr Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers access-control-allow-headers content-type access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-origin * date Fri, 13 Oct 2023 15:36:42 GMT server nginx/1.20.0 vary Access-Control-Request-Headers x-powered-by Express
GET H2	200	css2 fonts.googleapis.com/	2 KB 902 B	103ms 37ms	Stylesheet text/css	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Poppins:wght@400;600&display=swap Requested by Host: client URL: about:client Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 188d321da52decd5b8a5c92b29c10badb5c8ded9b9f45f802ee6b64bd8d6a564 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language fr-FR,fr;q=0.9 Referer https://www.hfrance.fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Fri, 13 Oct 2023 15:36:41 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 13 Oct 2023 15:22:32 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 13 Oct 2023 15:36:41 GMT
GET DATA	200 OK	truncated /	3 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash e7baf1585094a4579df355d767b6ba9203f8463f5af4ce4b306c8e0f1a14e1a7 Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 fonts.gstatic.com/s/poppins/v20/	8 KB 8 KB	96ms 27ms	Font font/woff2	2a00:1450:4001:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;600&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.hfrance.fr accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Sun, 08 Oct 2023 00:14:41 GMT x-content-type-options nosniff age 487321 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 8000 x-xss-protection 0 last-modified Wed, 27 Apr 2022 16:59:07 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Mon, 07 Oct 2024 00:14:41 GMT
GET H2	200	pxiEyp8kv8JHgFVrJJfecg.woff2 fonts.gstatic.com/s/poppins/v20/	8 KB 8 KB	98ms 30ms	Font font/woff2	2a00:1450:4001:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;600&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.hfrance.fr accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36 Response headers date Fri, 06 Oct 2023 19:33:17 GMT x-content-type-options nosniff age 590605 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 7884 x-xss-protection 0 last-modified Wed, 27 Apr 2022 17:03:52 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 05 Oct 2024 19:33:17 GMT

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| href object| php_vars object| pushmasterTag object| firstScriptTag object| pushMST_config object| param object| kk_star_ratings object| tocplus object| RocketPreloadLinksConfig object| _stq object| lazyLoadOptions function| lazyLoadThumb function| lazyLoadYoutubeIframe object| EnlighterJS function| LazyLoad function| st_go function| linktracker_init object| wpcom object| images boolean| is_image object| iframes boolean| is_iframe object| rocket_lazy function| promptEventTrack function| addOverlay function| removeOverlay function| isFirefox function| isDevicePushCompatible function| urlBase64ToUint8Array function| notificationServerSync function| pushFlow object| pushmaster function| manualCloseOverlay function| triggerOverlayPushMST function| isMobile object| pushMST_overlay

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.pushmaster-cdn.xyz
fonts.googleapis.com
fonts.gstatic.com
in.pushmaster-in.xyz
pixel.wp.com
stats.wp.com
www.hfrance.fr
13.53.225.40
192.0.76.3
2606:4700:20::681a:f50
2a00:1450:4001:80f::2003
2a00:1450:4001:828::200a
2a06:98c1:3120::3
188d321da52decd5b8a5c92b29c10badb5c8ded9b9f45f802ee6b64bd8d6a564
2c0c291bc0981ba13c0fab388914b31ab2729ab42036ef251081077a196403f6
32dd17c10c5a44d747542b0ba0439d13b7ab10e37030659cc3afddbc171c2467
34b745b4d633f5cd19bd6b88f50e16356436aa225dc91520517975813a19362f
369d758165c778e7df7128675f8f14d8725f7a24c80b6949167f844369384d55
3a48ba6d11055a2a6f840befa14e603650d8ca3d752e16daccd828d3869fb791
3d4da50e79c757402b2fe75e7b975451eb9cc5714773cd91865a37c3d0d16cec
4d6448dc3f0cfa9d5bad25179f1ac12ef09c52ec91fe275d0481b8c8ca7a4d52
54e4c4c5ed4aa45b4520240cd9da9bc3ad26c7a139b67fcb72bdc29680f8ea32
7b3a7dfc2ed2fb879ef65f552399100ede22f776a5b19e449ee40029db1272d4
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
8ddc3fbc6eb30166a5e58481821cffc973d0b914a88356b58e44c21173341df5
aaf69f969c85107828b863ad90f70534c60fc64cbb1a7f3e28d78692d8854db5
b2d31599822dae1353d655633c6dbd9454ef2138d172798f4a91119eedd6d89d
bc9c387b513b4d43675910f780fa03e92b9a4b58432b402a8f0a801a0d5ae855
bed6cef3a2a83b0bfc42310907aa856549a86c15b7f3103d936c3d436bdd0655
c239819947f68fe87cb857fbe4e16b277175ee167b919f32b1829b787f40afd5
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258
e11240631050a29ab96772c758eddff38c67a94e1c90293e1964bbcc9c4a98e2
e7baf1585094a4579df355d767b6ba9203f8463f5af4ce4b306c8e0f1a14e1a7
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f85ac79c895138d22ae66533fae937f77438690723cf1a260903f2dcbf44f68c