blog.sonatype.com Open in urlscan Pro
2606:2c40::c73c:671c Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Submission: On January 24 via api (January 24th 2023, 4:36:18 pm UTC) from SA — Scanned from DE

Summary HTTP 157 Redirects Links 121 Behaviour Indicators

Summary

This website contacted 51 IPs in 6 countries across 41 domains to perform 157 HTTP transactions. The main IP is 2606:2c40::c73c:671c, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.sonatype.com. The Cisco Umbrella rank of the primary domain is 962423.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 20th 2022. Valid for: a year.

This is the only time blog.sonatype.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
45	2606:2c40::c7... 2606:2c40::c73c:671c	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
2	2a02:26f0:350... 2a02:26f0:3500:18::1724:a29d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
4	152.195.15.58 152.195.15.58	15133 (EDGECAST) (EDGECAST)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:14a0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2606:4700::68... 2606:4700::6811:f3cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.66.112.55 18.66.112.55	16509 (AMAZON-02) (AMAZON-02)
1	2606:2c40::c7... 2606:2c40::c73c:67e4	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
3	2606:4700:440... 2606:4700:4400::6812:2128	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:887::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a00:1450:400... 2a00:1450:400d:80d::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:350... 2a02:26f0:3500:16::215:149b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
4	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a04:4e42:400... 2a04:4e42:400::396	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6812:d9f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:206... 2600:9000:206f:ce00:3:902:8a80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:148b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:9000:21a... 2600:9000:21a1:4c00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400c:c04::9a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
3	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
3	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1	151.101.1.140 151.101.1.140	54113 (FASTLY) (FASTLY)
10	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a02:26f0:11a... 2a02:26f0:11a::217:9a58	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	34.235.206.112 34.235.206.112	14618 (AMAZON-AES) (AMAZON-AES)
1	13.32.27.65 13.32.27.65	16509 (AMAZON-02) (AMAZON-02)
2	93.184.220.66 93.184.220.66	15133 (EDGECAST) (EDGECAST)
2	2600:9000:225... 2600:9000:2250:6a00:c:8c1e:5700:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:c8cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:21ab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:73b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:45b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	52.211.150.89 52.211.150.89	16509 (AMAZON-02) (AMAZON-02)
1 2	52.222.214.56 52.222.214.56	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	65.9.95.89 65.9.95.89	16509 (AMAZON-02) (AMAZON-02)
4	2606:4700::68... 2606:4700::6810:5905	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
9	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:c9cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
157	51

45 2606:2c40::c73c:671c (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

blog.sonatype.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

use.fonticons.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:18::1724:a29d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

consent.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 152.195.15.58 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:14a0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:f3cc (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.55 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-55.fra56.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2c40::c73c:67e4 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.sonatype.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::6812:2128 (United States)

ASN13335 (CLOUDFLARENET, US)

1958393.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:887::f09 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

consentcdn.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:80d::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:d9f (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:ce00:3:902:8a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

client.lunio.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:148b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21a1:4c00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400c:c04::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:11a::217:9a58 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.235.206.112 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-235-206-112.compute-1.amazonaws.com

t.sf14g.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-65.fra56.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 93.184.220.66 (London, United Kingdom)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2250:6a00:c:8c1e:5700:93a1 (United States)

ASN16509 (AMAZON-02, US)

click.prod.mplat-ppcprotect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:c8cc (United States)

ASN13335 (CLOUDFLARENET, US)

api-na1.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:21ab (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:73b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:45b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.211.150.89 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-150-89.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.222.214.56 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-56.fra56.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.95.89 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-89.prg50.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:5905 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:c9cc (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	sonatype.com blog.sonatype.com — Cisco Umbrella Rank: 962423 www.sonatype.com — Cisco Umbrella Rank: 617677	2 MB
14	gstatic.com www.gstatic.com fonts.gstatic.com	609 KB
13	google.com region1.analytics.google.com — Cisco Umbrella Rank: 4562 www.google.com — Cisco Umbrella Rank: 2	87 KB
6	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 618 platform.twitter.com — Cisco Umbrella Rank: 727 syndication.twitter.com — Cisco Umbrella Rank: 1011	134 KB
5	google.de www.google.de — Cisco Umbrella Rank: 5983	932 B
5	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 stats.g.doubleclick.net — Cisco Umbrella Rank: 75	2 KB
5	linkedin.com 3 redirects platform.linkedin.com — Cisco Umbrella Rank: 3110 px.ads.linkedin.com — Cisco Umbrella Rank: 373 www.linkedin.com — Cisco Umbrella Rank: 592 px4.ads.linkedin.com — Cisco Umbrella Rank: 6336	163 KB
4	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 3863 forms-na1.hsforms.com — Cisco Umbrella Rank: 6115	1 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 153	223 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 22	20 KB
4	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 7325	44 KB
3	company-target.com 1 redirects segments.company-target.com — Cisco Umbrella Rank: 1257 api.company-target.com — Cisco Umbrella Rank: 3284	2 KB
3	t.co t.co — Cisco Umbrella Rank: 542	564 B
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 14658 ibc-flow.techtarget.com — Cisco Umbrella Rank: 18915	2 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 352	12 KB
3	hubspotusercontent-na1.net 1958393.fs1.hubspotusercontent-na1.net	74 KB
3	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 7272	33 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 41	214 KB
3	cookiebot.com consent.cookiebot.com — Cisco Umbrella Rank: 4201 consentcdn.cookiebot.com — Cisco Umbrella Rank: 4739	33 KB
2	bidr.io 2 redirects match.prod.bidr.io — Cisco Umbrella Rank: 480	1 KB
2	hubapi.com api-na1.hubapi.com — Cisco Umbrella Rank: 20750 api.hubapi.com — Cisco Umbrella Rank: 3202	2 KB
2	mplat-ppcprotect.com click.prod.mplat-ppcprotect.com — Cisco Umbrella Rank: 45367	380 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 114	235 B
2	typekit.net p.typekit.net — Cisco Umbrella Rank: 557 use.typekit.net — Cisco Umbrella Rank: 415	19 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 675	10 KB
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 593	98 B
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 1973	21 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 2977	3 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 1985	63 KB
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 10777	203 B
1	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 5334	749 B
1	demandbase.com tag.demandbase.com — Cisco Umbrella Rank: 4638	21 KB
1	sf14g.com t.sf14g.com — Cisco Umbrella Rank: 58038
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1539	157 B
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 820	379 B
1	lunio.ai client.lunio.ai — Cisco Umbrella Rank: 82621	30 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1403	8 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 621	15 KB
1	driftt.com js.driftt.com — Cisco Umbrella Rank: 5034	60 KB
1	fonticons.com use.fonticons.com — Cisco Umbrella Rank: 90141	936 B
0	netdna-ssl.com Failed fonticons-free-fonticons.netdna-ssl.com Failed
157	41

	Domain	Requested by
45	blog.sonatype.com	blog.sonatype.com
10	www.google.com	blog.sonatype.com www.gstatic.com www.google.com
9	www.gstatic.com	www.google.com www.gstatic.com
5	fonts.gstatic.com	www.google.com blog.sonatype.com
5	www.google.de	blog.sonatype.com
4	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com cdn.bizible.com
4	connect.facebook.net	blog.sonatype.com connect.facebook.net
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
4	cdn2.hubspot.net	blog.sonatype.com 1958393.fs1.hubspotusercontent-na1.net
3	analytics.twitter.com	blog.sonatype.com
3	t.co	blog.sonatype.com
3	region1.analytics.google.com	www.googletagmanager.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com blog.sonatype.com
3	1958393.fs1.hubspotusercontent-na1.net	blog.sonatype.com 1958393.fs1.hubspotusercontent-na1.net
3	cdn.bizible.com	blog.sonatype.com cdn.bizible.com
3	www.googletagmanager.com	blog.sonatype.com www.googletagmanager.com
2	forms-na1.hsforms.com	blog.sonatype.com
2	forms.hsforms.com	blog.sonatype.com
2	segments.company-target.com	1 redirects blog.sonatype.com
2	match.prod.bidr.io	2 redirects
2	click.prod.mplat-ppcprotect.com	client.lunio.ai
2	platform.twitter.com	blog.sonatype.com platform.twitter.com
2	ibc-flow.techtarget.com	trk.techtarget.com
2	www.facebook.com	blog.sonatype.com
2	px.ads.linkedin.com	2 redirects
2	snap.licdn.com	www.googletagmanager.com js.hsadspixel.net
2	consent.cookiebot.com	blog.sonatype.com consent.cookiebot.com
1	api.hubapi.com	cdn.bizible.com
1	syndication.twitter.com	platform.twitter.com
1	api.company-target.com	cdn.bizible.com
1	id.rlcdn.com	blog.sonatype.com
1	js.hs-analytics.net	blog.sonatype.com
1	js.hsadspixel.net	blog.sonatype.com
1	js.hs-banner.com	blog.sonatype.com
1	api-na1.hubapi.com	blog.sonatype.com
1	cdn.bizibly.com	blog.sonatype.com
1	app.hubspot.com	blog.sonatype.com
1	tag.demandbase.com	blog.sonatype.com
1	t.sf14g.com	blog.sonatype.com
1	use.typekit.net	www.sonatype.com
1	alb.reddit.com	blog.sonatype.com
1	px4.ads.linkedin.com	blog.sonatype.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	snap.licdn.com
1	p.typekit.net	www.sonatype.com
1	client.lunio.ai	blog.sonatype.com
1	trk.techtarget.com	blog.sonatype.com
1	www.redditstatic.com	blog.sonatype.com
1	static.ads-twitter.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	consentcdn.cookiebot.com	consent.cookiebot.com
1	www.sonatype.com	blog.sonatype.com
1	js.driftt.com	blog.sonatype.com
1	platform.linkedin.com	blog.sonatype.com
1	use.fonticons.com	blog.sonatype.com
0	fonticons-free-fonticons.netdna-ssl.com Failed	use.fonticons.com
157	56

This site contains links to these domains. Also see Links.

Domain
www.sonatype.com
dev.sonatype.com
lift.sonatype.com
ossindex.sonatype.org
my.sonatype.com
help.sonatype.com
support.sonatype.com
partners.sonatype.com
video.sonatype.com
www.facebook.com
www.linkedin.com
twitter.com
pypi.org
pepy.tech
www.bleepingcomputer.com
answers.microsoft.com
www.virustotal.com
kc.mcafee.com
axsharma.com
www.youtube.com
github.com
guides.sonatype.com
learn.sonatype.com
www.requesteasy.com

Subject Issuer	Validity	Valid
blog.sonatype.com Cloudflare Inc ECC CA-3	`2022-05-20` - `2023-05-20`	a year	crt.sh
use.fonticons.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-15` - `2024-01-15`	a year	crt.sh
consent.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-04` - `2023-06-06`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
io.bizible.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-30` - `2023-07-31`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2022-06-09` - `2023-06-09`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2022-05-06` - `2023-05-06`	a year	crt.sh
drift.com Amazon	`2022-08-24` - `2023-09-21`	a year	crt.sh
www.sonatype.com Cloudflare Inc ECC CA-3	`2022-06-15` - `2023-06-15`	a year	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2022-10-30` - `2023-10-30`	a year	crt.sh
*.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-15` - `2023-06-17`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2022-11-25` - `2023-05-25`	6 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-11-03` - `2023-02-01`	3 months	crt.sh
www.redditstatic.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-05-15`	6 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-07-25` - `2023-07-25`	a year	crt.sh
*.lunio.ai Amazon	`2022-07-06` - `2023-08-04`	a year	crt.sh
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-14` - `2023-10-15`	a year	crt.sh
linkedin.oribi.io Amazon	`2022-07-07` - `2023-08-06`	a year	crt.sh
www.google.de GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-05-14`	6 months	crt.sh
www.google.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2022-12-09` - `2023-03-09`	3 months	crt.sh
t.sf14g.com Go Daddy Secure Certificate Authority - G2	`2022-07-11` - `2023-08-12`	a year	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2022-08-17` - `2023-09-18`	a year	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-06` - `2023-11-06`	a year	crt.sh
*.prod.mplat-ppcprotect.com Amazon	`2022-10-20` - `2023-11-19`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2022-03-08` - `2023-03-07`	a year	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2022-05-07` - `2023-05-07`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2022-09-16` - `2023-10-18`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Frame ID: D89FB4FDEE74BE87AE32156E3132C7C6
Requests: 134 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: DDE5040F7592C35079A57DBB75D97218
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.3da3731af9a8a2b242ed5500485bb22f.html?origin=https%3A%2F%2Fblog.sonatype.com
Frame ID: B0828ADCEA7BBFCF1DD2AC5C0258C16D
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLnNvbmF0eXBlLmNvbTo0NDM.&hl=en&v=Gg72x2_SHmxi8X0BLo33HMpr&size=invisible&badge=inline&cb=e2t3ec6a8dcc
Frame ID: B3D2C1CB95B1EF76210A3C31E71A7B25
Requests: 7 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 800E8FB26F53A5281613DE0F42EB04D7
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=Gg72x2_SHmxi8X0BLo33HMpr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Frame ID: 2D93D65B5278C05B0962B9040E4E2B45
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

New 'pymafka' Malicious Package Drops Cobalt Strike on macOS, Windows, Linux

Detected technologies

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Cookiebot (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.cookiebot\.com

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

157
Requests

97 %
HTTPS

67 %
IPv6

41
Domains

56
Subdomains

51
IPs

6
Countries

3858 kB
Transfer

7739 kB
Size

45
Cookies

121 Outgoing links

These are links going to different origins than the main page.

URL: https://www.sonatype.com/

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/software-supply-chain-management
Title: OverviewAutomate your software supply chain security

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/firewall
Title: FirewallBlock malicious open source at the door

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/nexus-repository
Title: RepositoryBuild fast with centralized components

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/open-source-security-dependency-management
Title: LifecycleReduce risk across software development

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/integrations
Title: IntegrationsWork in the tools, languages, and packages you already use

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/pricing
Title: Pricing

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/software-developers
Title: Developers

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/appsec-professionals
Title: Application Security

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/legal-and-compliance-officers
Title: Legal & Compliance

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/government
Title: Government

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/banking-and-financial-services
Title: Financial Services

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/manufacturing
Title: Manufacturing

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/technology-and-software
Title: Technology

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/healthcare
Title: Healthcare

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/resources/log4j-vulnerability-resource-center
Title: Log4j Resource Center

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/state-of-the-software-supply-chain/introduction
Title: State of the Software Supply Chain Report

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/launchpad
Title: Launchpad

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/resources/whitepapers-reports-and-books
Title: Whitepapers & eBooks

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/resources/webinars
Title: Webinars

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/customer-success
Title: Customer Stories

Search URL Search Domain Scan URL

URL: https://dev.sonatype.com/
Title: DevZone

Search URL Search Domain Scan URL

URL: https://lift.sonatype.com/getting-started
Title: Sonatype Lift

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/repository-oss-download
Title: Nexus Repository OSS

Search URL Search Domain Scan URL

URL: https://ossindex.sonatype.org/?__hstc=31049440.ed6eafca2068e58ca37a746763892c33.1663615143440.1672951953033.1672958098117.111&__hssc=31049440.141.1672958098117&__hsfp=1383244671
Title: Sonatype OSS Index

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/vulnerability-scanner
Title: Nexus Vulnerability Scanner

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/training
Title: Training & Workshops

Search URL Search Domain Scan URL

URL: https://my.sonatype.com/
Title: My Sonatype

Search URL Search Domain Scan URL

URL: https://help.sonatype.com/docs
Title: Documentation

Search URL Search Domain Scan URL

URL: https://support.sonatype.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/partners
Title: Find a Partner

Search URL Search Domain Scan URL

URL: https://partners.sonatype.com/prm/English/s/applicant
Title: Become a Partner

Search URL Search Domain Scan URL

URL: https://partners.sonatype.com/
Title: Log In

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/company/
Title: About

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/company/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/resources/upcoming-events
Title: Events

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/press-releases
Title: Newsroom

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/contactus
Title: Contact

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/request-a-personalized-demo
Title: BOOK A DEMO

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/lifecycle?topnav=true
Title: Nexus LifecycleEliminate OSS risk across the entire SDLC.

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/firewall?topnav=true
Title: Nexus FirewallProtect Nexus and Artifactory repos from OSS risk.

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/advanced-development-pack?topnav=true
Title: Advanced Development Pack

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/advanced-legal-pack?topnav=true
Title: Advanced Legal Pack

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/sonatype-lift?topnav=true
Title: Sonatype LiftFind and fix security, performance, and reliability bugs during code review.

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/repository-oss?topnav=true
Title: Nexus Repository OSS Universally manage binaries and artifacts for FREE.

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/repository-pro?topnav=true
Title: Nexus Repository ProUniversally manage binaries and artifacts with HA and support.

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/en-us/products/container?topnav=true
Title: Nexus Container Identify and remediate OSS risk in containers for build and run-time protection.

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/infrastructure-as-code?topnav=true
Title: Infrastructure as Code Pack

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/software-supply-chain-management?topnav=true
Title: Full Spectrum Platform

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/pricing?topnav=true&hsLang=en-us
Title: Plans & PRICING

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/software-developers?topnav=true
Title: Developers

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/appsec-professionals?topnav=true
Title: Application Security

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/devsecops-leaders?topnav=true
Title: DevSecOps

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/legal-and-compliance-officers?topnav=true
Title: Legal & Compliance

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/government?topnav=true
Title: Government

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/banking-and-financial-services?topnav=true
Title: Financial Services

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/manufacturing?topnav=true
Title: Manufacturing

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/technology-and-software?topnav=true
Title: Technology

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/healthcare?topnav=true
Title: Healthcare

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/resources/whitepapers-reports-and-books?topnav=true
Title: Whitepapers & eBooks

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/resources/webinars?topnav=true
Title: Webinars

Search URL Search Domain Scan URL

URL: https://video.sonatype.com/?topnav=true
Title: Videos

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/resources/upcoming-events?topnav=true
Title: Events

Search URL Search Domain Scan URL

URL: https://my.sonatype.com/?topnav=true
Title: My SonatypeCustomer support, product guides & documentation, online courses, community, and more.

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/integrations?topnav=true
Title: Sonatype Integrations

Search URL Search Domain Scan URL

URL: https://ossindex.sonatype.org/?__hstc=31049440.d5ab0fbc6553211f149a678e47fa8ad9.1538587991933.1610484080896.1610550007599.1814&__hssc=31049440.2.1610550007599&__hsfp=2873996859
Title: Sonatype OSS Index

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/vulnerability-scanner?topnav=true
Title: Nexus Vulnerability Scanner

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/free-developer-tools?topnav=true
Title: Free Developer Tools

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/company/?topnav=true
Title: About Sonatype

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/intelligence?topnav=true
Title: About Nexus Intelligence

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/partners?topnav=true
Title: Partners

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/company/careers?topnav=true
Title: Careers at Sonatype

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/press-releases?topnav=true
Title: Press Releases

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/company/media?topnav=true
Title: Media

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/contactus?topnav=true
Title: Contact Us

Search URL Search Domain Scan URL

URL: http://www.facebook.com/share.php?u=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux%3Futm_medium%3Dsocial%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux%3Futm_medium%3Dsocial%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&url=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&source=tweetbutton&text=New%20%27pymafka%27%20Malicious%20Package%20Drops%20Cobalt%20Strike%20on%20macOS%2C%20Windows%2C%20Linux

Search URL Search Domain Scan URL

URL: https://pypi.org/project/pykafka/#description
Title: PyKafka

Search URL Search Domain Scan URL

URL: https://pepy.tech/project/pykafka
Title: 4,240,305 times

Search URL Search Domain Scan URL

URL: https://pepy.tech/project/pymafka
Title: around 300

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-29th-2022-new-operations-emerge/
Title: ransomware groups like LockBit

Search URL Search Domain Scan URL

URL: https://answers.microsoft.com/en-us/ie/forum/all/what-is-iexploreexe-and-should-it-be-on-my/bfecb92d-b728-4593-8c25-699a11df8b61
Title: typically

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/137edba65b32868fbf557c07469888e7104d44911cd589190f53f6900d1f3dfb/details
Title: VirusTotal

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/b117f042fe9bac7c7d39eab98891c2465ef45612f5355beea8d3c4ebd0665b45/detection
Title: VirusTotal

Search URL Search Domain Scan URL

URL: https://kc.mcafee.com/corporate/index?page=content&id=KB94406
Title: Cobalt Strike beacons

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/press-release-blog/next-generation-nexus-intelligence
Title: automated malware detection

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/axsharma/

Search URL Search Domain Scan URL

URL: https://twitter.com/Ax_Sharma

Search URL Search Domain Scan URL

URL: https://axsharma.com/?rel=author

Search URL Search Domain Scan URL

URL: https://twitter.com/sonatype
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/sonatype
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Sonatype
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/sonatype
Title: YouTube

Search URL Search Domain Scan URL

URL: https://github.com/sonatype
Title: GitHub

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/sonatype-lift
Title: Sonatype Lift

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/advanced-legal-pack
Title: Advanced Legal Pack

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/lifecycle-foundation
Title: Nexus Lifecycle Foundation

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/container
Title: Nexus Container

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/auditor
Title: Nexus Auditor

Search URL Search Domain Scan URL

URL: https://ossindex.sonatype.org/
Title: OSS Index

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/free-developer-tools
Title: Free Developer Tools

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/resources/nexus-intelligence-insights
Title: CVE Insights

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/solutions/devsecops-leaders
Title: DevSecOps

Search URL Search Domain Scan URL

URL: https://video.sonatype.com/
Title: Videos

Search URL Search Domain Scan URL

URL: https://guides.sonatype.com/
Title: Guides

Search URL Search Domain Scan URL

URL: https://help.sonatype.com/
Title: Documentation

Search URL Search Domain Scan URL

URL: https://learn.sonatype.com/
Title: Online Courses

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/company/analyst-recognition-and-insights
Title: Analyst Recognition

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products/intelligence
Title: Nexus Intelligence

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/company/investors
Title: Investors

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/company/media
Title: Media Coverage

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/company/press-kit
Title: Press Kit

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/trust-center
Title: Trust Center

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/nexus/free-developer-tools
Title: Free Tools

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/company
Title: About

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/terms-of-service?hsLang=en-us
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/privacy-policy?hsLang=en-us
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/hubfs/legal/Modern-Slavery-and-Human-Trafficking-Statement.pdf?hsLang=en-us
Title: Modern Slavery Statement

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/events-terms-and-conditions?hsLang=en-us
Title: Event Terms and Conditions

Search URL Search Domain Scan URL

URL: https://www.requesteasy.com/5ee2-5766
Title: Do Not Sell My Personal Information

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 61

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&time=1674578170906&url=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39209%26time%3D1674578170906%26url%3Dhttps%253A%252F%252Fblog.sonatype.com%252Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&time=1674578170906&url=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&time=1674578170906&url=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&liSync=true&e_ipv6=AQKnSvYk9c7F8wAAAYXkoxZk56TAnSkSrpsy7t_JQx2tGgiUKKZMsJXT1mATyyHNcg

Request Chain 120

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AAJrjU7HoBIAAB_9diiOJQ HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAJrjU7HoBIAAB_9diiOJQ&verifyHash=1b46d20e1fc32ccb78cf9cde70d0c0802a1d6c1e

157 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux Show response
blog.sonatype.com/ 144 KB
23 KB 1301ms
1233ms Document
text/html 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9830df4b71e34ef2fff9c0d94f223eb6bec008425c324d7edadc7998b06bc805

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: s-maxage=7200,max-age=5
cache-tag: CT-73883837965,CG-3737438004,P-1958393,L-4063610545,L-6651455434,L-99192407457,W-95640241925,CW-40666130479,CW-40666130714,E-3797839657,E-3937994511,E-5296077409,E-5296081041,E-68016447380,MENU-95640241925,PGS-ALL,SW-4,B-3737438004,GC-32156494138
cf-cache-status: MISS
cf-ray: 78ea2fb4bb039b3a-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Tue, 24 Jan 2023 16:36:10 GMT
edge-cache-tag: CT-73883837965,CG-3737438004,P-1958393,L-4063610545,L-6651455434,L-99192407457,W-95640241925,CW-40666130479,CW-40666130714,E-3797839657,E-3937994511,E-5296077409,E-5296081041,E-68016447380,MENU-95640241925,PGS-ALL,SW-4,B-3737438004,GC-32156494138
last-modified: Tue, 24 Jan 2023 16:36:10 GMT
link: </hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js>; rel=preload; as=script, </hs/hsstatic/HubspotToolsMenu/static-1.143/js/index.js>; rel=preload; as=script, </hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A0YAyrLzXcjP62Xid28mB1%2BmGjWR7KfliS0BgicSZnz6o5Uo8kFyJ9t6AgdS3AAKtKM83F8IOP%2B8y9tDd0axuXjT2VNodGzX2bjtCUf97fm0c%2BWmTzxKu3ycRBaLDla7YQXQNxixZQqfxPkpnYDh"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
x-hs-content-id: 73883837965
x-hs-https-only: worker
x-hs-hub-id: 1958393
x-hubspot-correlation-id: 5f4cf645-291e-42be-9956-4282f7fc003e
x-trace: 2B544F7B5A3ED291DCD1130D71B2D30C76C204AFD9000000000000000000

GET
H2 200 comment_listing_asset.js Show response
blog.sonatype.com/hs/hsstatic/AsyncSupport/static-1.122/js/ 8 KB
4 KB 80ms
78ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

043cfebfa4ec302e0368eadbae54853a5b6caff633b3d1e02a32f2cd2f71e1fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 f47fcc9b2aa47ced36c40c318e6f006a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 4D3b_.jtdSCbU1XTktruWk73HT0wxWk7
age: 28535606
x-amz-cf-pop: DUS51-P2
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:09 GMT
server: cloudflare
etag: W/"2455723721db341ff86a4f64384a9c0d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kzU9dq2UFNNMFl4cI%2BavL82sIBXnnmCcddT1%2BlFlrPNF3wwchvAwHKuRq6FCyj7hZQ%2BoBWEhRD4rARrSZ4YHuOoO5%2F269ma7rY3TL5Ces6J5vu6Ka7Gd3xVoBHkhypk3wrlwkeRvDgJKoOvXxq5H"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 78ea2fbc78549b3a-FRA
x-amz-cf-id: l4586TCY42m6dNyn7iZ01ghdwlg_u3vnMfBhReCaJuZCQh_oAgNcLg==
expires: Wed, 24 Jan 2024 16:36:10 GMT

GET
H2 200 index.js Show response
blog.sonatype.com/hs/hsstatic/HubspotToolsMenu/static-1.143/js/ 10 KB
4 KB 64ms
63ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs/hsstatic/HubspotToolsMenu/static-1.143/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9293649926b2fefcc745d0745f7069515068d051a0e5da1a8af0099fcbc2a285

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 985c0b2ec44bdebc7f24f26d1e427d30.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: tYk7zfZxv1cPKMqgfjKc2KKrk..2BkHm
age: 3544376
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 14 Dec 2022 14:39:49 GMT
server: cloudflare
etag: W/"a058511f8075f32c8de21808866260c5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o51pIEZxFtLefSW6eSESTOquJK4H4IWL7zc4LpJAchlYeH%2BXdd3%2F4SZCw0vShlMhBwJ5FKUnXvC0bC25mfTX4mPF9XsxEVv1Qu%2B0f3ecNjG64coNSHNnb43o%2FvdOg2372gphE9jp3bkO5W6C8hAB"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 78ea2fbc78579b3a-FRA
x-amz-cf-id: 7uf3U4SgtHuHxAl7GcqaHj8nwwz1CIWmCzF9e6co52JSPabT1klVSA==
expires: Wed, 24 Jan 2024 16:36:10 GMT

GET
H2 200 project.js Show response
blog.sonatype.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
1 KB 165ms
164ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 7ef588f1ad9c3a185cdaf4119943040e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
age: 28535550
x-amz-cf-pop: DUS51-P2
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
server: cloudflare
etag: W/"ef84f26c310485299d6b75777414eddb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NlLpj2u3EM6Y5IFGOnMaLUt92cRF1yHIDKk6Gja21vdSyjkkIbHb6OqMli61J5DC%2FD4ZmfFsi9eDcVj29si9peBHZL%2FPxkYGW5tjV1WyACY5o9AA3bs8fTTnGeyksWa2ucqam%2FOvKiy06Ky3C1WQ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 78ea2fbc785b9b3a-FRA
x-amz-cf-id: LNgj2ZIytuqwkMnVDvc_2UlrPogsB_9S_K5-bFYWj8ZYsrBK9EcLUw==
expires: Wed, 24 Jan 2024 16:36:10 GMT

GET
H2 200 project.js Show response
blog.sonatype.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 62ms
61ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 6642832e0f3e501fb9fdc5f35d4351d8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
age: 26982357
x-amz-cf-pop: AMS54-C1
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8AYm5SlAukUJ1u1kJtdFuHQ2UwhZYNjw4UjSElq7yVZp4VHtjwQMwoYbTZKsntd4oC6OBlUFm2G6yHAlNeX1jkvQ58zZ3wPpwzHX2xzBur7AU54KZGw%2B05nRg%2Ff4wd0cr9cliFuJi8boolp0jUYX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 78ea2fbc785d9b3a-FRA
x-amz-cf-id: QGpm7pNuMeHHjdOSQvVabr4yyJkQjvNfrf7wMr7R3QfV9nZTL386XA==
expires: Wed, 24 Jan 2024 16:36:10 GMT

GET
H2 200 v2.js Show response
blog.sonatype.com/_hcms/forms/ 507 KB
164 KB 129ms
128ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e44d349fe00dd104a953b5ba8131f028200afe25d049ccbf05ddd8cd8507bd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 872e43fac89d80c9557000efb9c31650.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: wstbftgAu_fN9iJHS8wxid9yTlRYOT2g
age: 31
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=forms-embed/static-1.2593/bundles/project-v2.js&cfRay=78ea2efcf5ca5c8c-IAD
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 24 Jan 2023 02:05:13 UTC
server: cloudflare
etag: W/"a1f0905852ac5882ba2a5d739999a877"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jUIb8lZUtUpNyDqLr78lzTTGwq%2BMY8ClZ8kZ6X2MuoHmqHJ%2F4q3vp7JD1tPscrSJMoiMQwNrKxtVggggc8otDd0y6jGHg%2Bhxv%2FDDWLvl%2FdFFUbQ1odjxvVJ0QGy%2BuQQcRPQ4sFf%2FCl8iiCxqHAaG"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
cf-ray: 78ea2fbc785e9b3a-FRA
x-amz-cf-id: OAJD613X7jycmIhEjr5EGpJUvF1mVL9V1Xb6KSqi5ThQmb3mwpjcTg==
x-hs-target-asset: forms-embed/static-1.2593/bundles/project-v2.js

GET
H2 200 jquery-1.7.1.js Show response
blog.sonatype.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ 92 KB
34 KB 76ms
75ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 ddd7d19501f4b19d560bfedbdd9b13ce.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: null
age: 31481322
x-amz-cf-pop: DUS51-P2
content-encoding: br
x-cache: Hit from cloudfront
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 25 Nov 2014 17:03:30 GMT
server: cloudflare
etag: W/"ddb84c1587287b2df08966081ef063bf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6DzE48jqL1A2oySxav8IHnyTus0ZgZC8khU9DSLarSz%2FLNK10OgW17ArmSGLOoVjCHVA8MIe7%2BnxONkuztb4vWjU15DaUjdek2Qwg8OwKK5jhgP1W%2BHhxAb5%2Bwb5pCfQBxEp%2Fp2WjhTNnci%2BYq5b"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 78ea2fbc78609b3a-FRA
x-amz-cf-id: fm5oEyshHguW5eyTWJujGExVMJHQq6j4KXVELLj8_f20U-gCmo27Iw==
expires: Wed, 24 Jan 2024 16:36:10 GMT

GET
H2 200 module_40666130714_MEGA_Menu_Code_Jan_2021_NEW_MEGA.min.css
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/40666130714/1673214663056/ 5 KB
2 KB 59ms
58ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/40666130714/1673214663056/module_40666130714_MEGA_Menu_Code_Jan_2021_NEW_MEGA.min.css

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

859dd670bfc208ae2e408430d7fe758bc63d60acbac4728ce7c8ec39d3b56e58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 d0f195624e615b103c40900f88cfd922.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: kyPe5ezp5JLrBdag6wazgB19PrJ9Rb8A
age: 2944
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-amz-request-id: V6WA122ACXKA346N
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: H+eXfz/yQJtAW9Ts97LMzoLHGzkdldyBmqIOYeXR0AfT1x2U5RTBlYT1Jocv/Pe69LtI0Eqcc9k=
last-modified: Sun, 08 Jan 2023 21:51:04 GMT
server: cloudflare
etag: W/"f7405cce8e295f9ba104b11c96fe3e63"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1673214663056
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PR5OqP0Pc8Lq45mTRjyzGmhaZAG%2Bv%2BX1lMDPK9jN9BE62Ix2%2FqK8niMPrSZ0%2B%2B8OaKnwNT487CCPNo5zSe6gxdLwsoAzyBnJYCS2pNQ6pXwysulp3MkTXscB4um1DnPzvgPQ76F8RyZIkiM%2Bn3i4"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 78ea2fbc78619b3a-FRA
x-amz-cf-id: XddX-q9qHFtkWRMLonrYEfg1R_7qt3YxpoXDzb3nwvbtWMZJ2aJZ1Q==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 comments_listing_asset.css
blog.sonatype.com/hs/hsstatic/AsyncSupport/static-1.122/sass/ 1 KB
1 KB 125ms
124ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs/hsstatic/AsyncSupport/static-1.122/sass/comments_listing_asset.css

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed92c951c39983af4f5fac78a5bab4c390b3faf7c46e2a35256ee38f5443ffa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: LQgaE1SSZjkxZtePb5jE9vLc6kDw7LTx
age: 31527048
x-amz-cf-pop: FRA50-C1
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"6b1d31d121f4c84e5ee3b7d7446495d8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zTLqHzhy4qWgGl5k3FkHKdjOmjo9s%2BSVBI0%2BngQFFxbpBvLMvYWckSgP0pf1KGzlkxo%2FKsXDdIdBxX571FBwn0SN2VnR1Hfr0FqEuTzjAJ1eW8fZx0i2ef8bghbsuzfqBPQ4bhJejMAAqgZT3uN8"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 78ea2fbc78639b3a-FRA
x-amz-cf-id: fJXTM8_wGdLcvZA0pcUe1GoGeXAikcdvRMnesJjyhs53QY25pZR11A==
expires: Wed, 24 Jan 2024 16:36:10 GMT

GET
H2 200 Form-quality-check.min.js Show response
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3937994511/1591984849376/In_Use/In_Use_JS/ 5 KB
2 KB 74ms
73ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3937994511/1591984849376/In_Use/In_Use_JS/Form-quality-check.min.js

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

649608e574d0bd7ea291196bc900c2001903ad5e188a3211d627c9940476c9fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 8b1ca38f6b0e2c14ce8c202175f971a6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ixP9zRm6k_iyP_Gd8Rjtyznd6k3Hrisb
age: 2944
x-amz-cf-pop: IAD55-P1
x-amz-server-side-encryption: AES256
x-amz-request-id: B886N5VGV7RQPVX5
content-encoding: br
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: YNiougl0796lKxJqArbY2iGD5Ir+H7F5aC4NKnuyd17kRUdNSyaml1KD++YP3KnzyJKYl3uEObI=
last-modified: Fri, 12 Jun 2020 18:00:50 GMT
server: cloudflare
etag: W/"9419bd1cbfef42c242cc20a5ef55f14b"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zVNlLMAPombCuf64Y0%2F5uyDxI%2BYpxMsmSl69Dh3r%2BIqaeDy6OpfGCDAkSnN6BtguJ7WlWgiVO8PIi2htMuwO8XChVM9EwoDhhlHBcksU81aBDJ2Rl5qltUKdHwoRy7JsRTbcQ1yk3EgDlDLTh8Bz"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 78ea2fbc886c9b3a-FRA
x-amz-cf-id: Hv0rQlGe1qAkBXfUrO-QWAP4rY7T6bwXhN6Rkg5ud-MnDD5XMPCioQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 jquery.mousewheel-3.0.6.pack.js Show response
blog.sonatype.com/hubfs/Plugins/fancybox/lib/ 1 KB
2 KB 69ms
68ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hubfs/Plugins/fancybox/lib/jquery.mousewheel-3.0.6.pack.js

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

687be205607d7985c36d90cacc8d60ef919a61bfc72c630cda50e90467b75879

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 57ba1933a852bdb178dbe4a1e2e3a5fa.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-3954371994,P-1958393,FLS-ALL
x-amz-version-id: N239Basx9RkFh4_62Uj5Cg29YYiW1qQm
age: 424041
x-amz-cf-pop: FRA56-P7
x-amz-request-id: GTH1WWM9EKXSNTZ2
content-encoding: br
edge-cache-tag: F-3954371994,P-1958393,FLS-ALL
cache-tag: F-3954371994,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: ITkYVI7JnM6hsvfVYMtNRQ43nSaZ15zTNcsz2j0WWm4X6NUA4jy0nkgdX+YblYgRUhYspGSKoadARKqCcxUWnw==
last-modified: Sun, 08 Oct 2017 10:31:43 GMT
server: cloudflare
etag: W/"fde6509fae2cafdb6d97e4a9a60cce66"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4xvd4YACYadyVq5iAOXvfYbNI0MUo63JdGFRd0SCyPxMb4OM0hL3f3e%2BP%2F4BQMefYRhfgECttBxTjSnSt%2FkrtF7PY9ucfn5wl6K0JbRYy7yZcapJYX%2F01xqXoLjBF07i2fjPxm7XskWmFFxVmdA6"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 78ea2fbc886e9b3a-FRA
x-amz-cf-id: aBzfOMKvwWSe6Q2GT4b67_7_y82oSiKwCliFtONgyoX1Kjl1tw8EAg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 jquery.fancybox.css
blog.sonatype.com/hubfs/Plugins/fancybox/source/ 5 KB
2 KB 157ms
156ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hubfs/Plugins/fancybox/source/jquery.fancybox.css?v=2.1.5

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

45954ed7abdd3d5e540ffb3eb87a97c5296c769e5b277f4e325dec68550ef176

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-4027706718,FD-3954371989,P-1958393,FLS-ALL
age: 117370
x-amz-request-id: ZXAGFCS8CQRTKFE6
x-amz-server-side-encryption: AES256
edge-cache-tag: F-4027706718,FD-3954371989,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: W/"49ed279baba6326854f76f2d19bc6260"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1458858760266
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 f3d57c6f1e03e389abd50b7f7535cee4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: psHtNdRrClcHuVA.KnduQMUK0BMU2A8L
x-amz-cf-pop: FRA56-P7
x-cache: RefreshHit from cloudfront
cache-tag: F-4027706718,FD-3954371989,P-1958393,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: z8YOJ7Ag9r0ELqkiZ69P53LA2HxON3kXOpXIRBpk/uyL7EiiGPec7siGQUXHNy7bIz5jYbNXljk=
last-modified: Tue, 26 Jan 2021 16:02:08 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aqWODBadcFdPoxhMuh3oskw5whBZzF%2F2CAinQPlQP66XSbaOsB6UdNxHaPlJmPSkHPhmnx9mUPsn0SmQblrb1RJy3SidoNmlz8AFjhbxilw02PZUpAi5xh28llLsplovBZt%2BJQa1V54YlENt3GPC"}],"group":"cf-nel","max_age":604800}
cf-ray: 78ea2fbc78659b3a-FRA
x-amz-cf-id: WTOw7MWf8sYd6RpHgKfGaWpxe9PMaZBQ9W92IWiTAPEHpmd4YaSb7w==

GET
H2 200 jquery.fancybox.pack.js Show response
blog.sonatype.com/hubfs/Plugins/fancybox/source/ 23 KB
9 KB 127ms
126ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hubfs/Plugins/fancybox/source/jquery.fancybox.pack.js?v=2.1.5

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc50bf49cbe79ee49b4ee8b56f26ff4877bc4945c16f260b1481ba2355c96347

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-4136544545,P-1958393,FLS-ALL
x-amz-version-id: gK_R8lKQW19_z5wOz.PPr9fie3q4S3DG
age: 424041
x-amz-cf-pop: FRA56-P7
x-amz-request-id: 5FHHCX4F76GSJMWS
content-encoding: br
edge-cache-tag: F-4136544545,P-1958393,FLS-ALL
cache-tag: F-4136544545,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: YS1kCOirulayOhj8wXQkpMxyFjfv3voVjkxOhoTABZUBiGHY6CkBMqM5hbJ2MJArrqHJXMcQens=
last-modified: Sun, 08 Oct 2017 10:41:13 GMT
server: cloudflare
etag: W/"cc9e759f24ba773aeef8a131889d3728"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N%2FJbMGJRxULrTRRokF6L%2BbwAJA3lDe%2FzzMt1hRn3Rooq1uluIDjX2Khc5bRWXesmYh41WXHB6DUDo0I0fOM9VKMHsjIcj1TXkTi79NiLh%2FVNlRN%2FsqiVg9TWVTqKWUu25DEd55OhaHeLJqpRtnH5"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 78ea2fbc88709b3a-FRA
x-amz-cf-id: LFXCY8aYSW2hYT9h6aismmQAPDATl5XPo1hR-LOpWUj5IhZToptI3Q==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 jquery.fancybox-buttons.css
blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/ 2 KB
1 KB 75ms
75ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-buttons.css?v=1.0.5

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae270bcb50f2d50d85d66e5fa909ad765d6a899b387bb6508d3d3e94bad43ec1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 13234883000891123bda3fd8d846da9c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-4027706753,P-1958393,FLS-ALL
x-amz-version-id: kbrCPSDCUsY8GVlkKM29UBD.BEcZBDz2
age: 266115
x-amz-cf-pop: MXP64-C2
x-amz-request-id: BGDFSXDTZNAT81T7
content-encoding: br
edge-cache-tag: F-4027706753,P-1958393,FLS-ALL
cache-tag: F-4027706753,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: RZ3Ij/IXmYzDCqxnwOkdG+M4pMZo1twhGHhAqLWm/qSKVd5p+0DfWK+9Asd5Yd03/Q3wJlDVsdI=
last-modified: Sun, 08 Oct 2017 10:36:25 GMT
server: cloudflare
etag: W/"cac75538c2e3ddfadef839feaca8e356"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oilnJMZqcVzM1ptEZj%2F9WQbQopA%2B6j0p3zlwHC63mGYds3AOOF67DD3O5HqcAItXSwke0QHIy2AxyVKAo1mfrDsuXoqv51UNcZMhTRgFUVnDxI61SGsacPx2g2HWQ9PRN8OUJQ42HtoXqhKMAha1"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 78ea2fbc78669b3a-FRA
x-amz-cf-id: nGYz6SpTlDEssTrk2xVqeaGxkkL0-E6s21crs5pHG0WNgfe2gMOENA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 jquery.fancybox-buttons.js Show response
blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/ 3 KB
2 KB 76ms
76ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-buttons.js?v=1.0.5

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d63b8ad7966c80ce51051da38da14f52b99cfb019aec650b2437fc74fac1560

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 837a869ba82f4a85a2e5810b11746698.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-4136544565,P-1958393,FLS-ALL
x-amz-version-id: ZE12P4Vy5anoj21v8aesIIqe9Ci1UkLB
age: 424040
x-amz-cf-pop: FRA56-P7
x-amz-request-id: V90GWZGZ63C8G4HZ
content-encoding: br
edge-cache-tag: F-4136544565,P-1958393,FLS-ALL
cache-tag: F-4136544565,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: kY7OVJywzny4YMu6ndvxVa2TeIQhVpAqFGN6bNsEd3G6Nii4JUpTNH+gi7m1TCsDFSSTXbbVpf8=
last-modified: Sun, 08 Oct 2017 10:41:13 GMT
server: cloudflare
etag: W/"f53c246661fb995a3f12e67fa38e0fa0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wwbVIXMS5X51BGlyIPXdIEeDBPYUariqYUmeMCp7212YSfROXINP3dc7YZ6Ljwurcvt%2F05GWA1MNHOcv%2F2ZFRynF%2F%2Fg9uTD1mytvkMlvMo1BDOztTFYsLkKZZt7QH07RKVeJ6wwO8Jcf0ocbKBKq"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 78ea2fbc88729b3a-FRA
x-amz-cf-id: -UMnt3hK0nuWckPrLuwwkH3HNG_pX5Djnm6Yz85U4Fp165eYTATkVQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 jquery.fancybox-media.js Show response
blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/ 5 KB
3 KB 125ms
124ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-media.js?v=1.0.6

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e53e650a83dbce1ab8d93c365299f2e8f5070c414c9ea302f2422ca65f5fdab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 85310f8b6878a9cfaa0218e021ae364e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-4006500847,P-1958393,FLS-ALL
x-amz-version-id: mHmECpOxlpTVvF.m76YYZ2gUPPyel1xG
age: 424040
x-amz-cf-pop: FRA56-P7
x-amz-request-id: 85DSKXXFPRT28CMB
content-encoding: br
edge-cache-tag: F-4006500847,P-1958393,FLS-ALL
cache-tag: F-4006500847,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: o9xyWy0UYY6U95Ja+QHlcCJfRWgWCYXxwAsS2mB2tLllExFGue60lvz9ODkDEVKFcB2lVBePamQ=
last-modified: Sun, 08 Oct 2017 10:34:56 GMT
server: cloudflare
etag: W/"c017067f48d97ec4a077ccdf056e6a2e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2rPnRz7r0aQ20S93JgxGiODpfK1cEbUVIcpYeXqx4xlo3QGcmcjml5tidAi7YBeNoIZyLVVtRK4pYsReNFn0y2Ti73%2BroQgvtKvBMul3p84WKt%2B32DgUmRv6612E%2FpBwURWcOn0IS2atK8%2B%2FN7Vv"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 78ea2fbc88759b3a-FRA
x-amz-cf-id: wQeCnyTF06N_Oot4xrYuowsqZtO3zkQKxmxL6n5RYmA6d_R1FHlsWw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 jquery.fancybox-thumbs.css
blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/ 735 B
1 KB 108ms
107ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-thumbs.css?v=1.0.7

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d836d81acb5d5e712c55c4f7911d93513fe1d7d0336353085aa5bd0f36b6998c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 26f61e70ac4b967ea82841cbd2dc7cf0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-4027706748,P-1958393,FLS-ALL
x-amz-version-id: uEwu_H_pGSmwXIYOLYGG4BSsHEGUDz4P
age: 117370
x-amz-cf-pop: FRA56-P7
x-amz-request-id: 3C8W6QD0A9XC8SH2
content-encoding: br
edge-cache-tag: F-4027706748,P-1958393,FLS-ALL
cache-tag: F-4027706748,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: dzQksVQG8JiYjy/U3sDRaKKGTDPFgoJlNcdAmJ0ovPnEjbKlMk40r6pWTlxuldTD4G7MX+d4Qww=
last-modified: Sun, 08 Oct 2017 10:36:25 GMT
server: cloudflare
etag: W/"52ddd84a9f42c1d4cd86d518a7f7e8bc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rfRAZIt1%2FOPt%2BJn%2FE15E3LGTUD1SBnB1uyoXF8DDucGWy3wdSaHK9ConxHED4JUA7QLbLbs7UtP7gkF8rGK1CTtUKNAx7Uj5nYpB%2B%2BmcBLrgGb7f%2BPRjPrmyMG6ZrdRlT7HPAwHaZGrXo0CgXtYr"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 78ea2fbc88739b3a-FRA
x-amz-cf-id: B59IPl3eA8p8mr9zk5MYhrQohT8eFocNgRdouEXY_5JxblwpB1olow==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 jquery.fancybox-thumbs.js Show response
blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/ 4 KB
2 KB 73ms
72ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-thumbs.js?v=1.0.7

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ba02b924fc5beeb370ed64d478401e94a513e970cac2c46266c708348135cf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-4136544560,P-1958393,FLS-ALL
x-amz-version-id: TslnQYfkYOrp30w5R4Xsi5EhshX1lwMn
age: 424040
x-amz-cf-pop: FRA56-P7
x-amz-request-id: 20CBHZY4S1KFZ3HC
content-encoding: br
edge-cache-tag: F-4136544560,P-1958393,FLS-ALL
cache-tag: F-4136544560,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: DqSccthNDag8iBeHe1tCvDAPDGwpHz2TZWnCTFmOIcotpIdTLg2+CbMzsLD8pBRfEcWoCFH2oYY=
last-modified: Sun, 08 Oct 2017 10:41:13 GMT
server: cloudflare
etag: W/"cf1fc1df534eede4cb460c5cbd71aba6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E9e%2B%2BbEvwHVtQ%2BzuGHAu2x30yUUNXj1%2BA5f0wyfPEHOMoxxxA2UPjAvVBNH4Dn6xTBIY98u9NLv3V%2BAW65NTRJDOhogxMjYbJFyyy8h1%2FD7JIowcyKKyScFypAYfYUpxW%2BZ7R7FiKY1RU9mevZVK"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 78ea2fbc88789b3a-FRA
x-amz-cf-id: AG6dus_MnH95XiQAGlajlkNsqo6H6BBXrEkyMfNQLjW45c5D-K-14g==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 cae69742.js Show response
use.fonticons.com/ 601 B
936 B 298ms
14ms Script
text/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fonticons.com/cae69742.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: /
Resource Hash: 92861ccd95894977f67967b2c673b19ac3079ce2ba73eb409560b08a2e756ec4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
content-encoding: gzip
x-sp-metadata: HS256.CIquwJ4GEogBCiRjODEzMjhiOC1jMTY5LTQ4MWEtOTY5Mi1iMThmYTkzZjQ0NzAQ8OHT8J2/7wIaBgj6kcCeBiINODAuMjU1LjEwLjE5OSiqgAMwAzgEQhZUTFNfQUVTXzEyOF9HQ01fU0hBMjU2WiAzZTliMjA2MTAwOThiNmM5YmZmOTUzODU2ZTU4MDE2YRorCAESJDNiZDNkYWE4LWVlNzgtNDRkYy05ZjQ1LWYwMjRhOWNjMGFmNRiAAyIYCAISFGNkczIxNS5mcjguaHdjZG4ubmV0.w3lANKNmBLGRvFpqfUbRngxaU6j0ECX/McsCaf+Qdsg=
last-modified: Fri, 22 Apr 2016 13:22:04 GMT
etag: "e50d1c66e0803c94f9a401405de86e90"
vary: Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-hw: 1674578170.cds163.fr8.hn,1674578170.cds215.fr8.c
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60, private, must-revalidate
accept-ranges: bytes
content-length: 384

GET
H2 200 uc.js Show response
consent.cookiebot.com/ 102 KB
32 KB 52ms
17ms Script
application/javascript 2a02:26f0:3500:18::1724:a29d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/uc.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:18::1724:a29d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 9fe2e07fabf55a4f8ce9c6f65b2d68e43e541b4bf3fababc1ee6ee951b1082a2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
date: Tue, 24 Jan 2023 16:36:10 GMT
content-encoding: gzip
last-modified: Tue, 10 Jan 2023 10:00:26 GMT
etag: "019a65cda24d91:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-expose-headers: Request-Context
cache-control: public, max-age=1151
accept-ranges: bytes
content-length: 32026
expires: Tue, 24 Jan 2023 16:55:21 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 110 KB
43 KB 63ms
26ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-137036301-1

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

db0226b185929ca9bb36e9d5adf0d2f3563eb03ac4079f7ee98fe51da8b2c60a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44018
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 24 Jan 2023 16:36:10 GMT

GET
H2 200 modules_combine.min.css
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/68016447380/1648666483336/In_Use/In_Use_CSS/css/ 15 KB
4 KB 67ms
66ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/68016447380/1648666483336/In_Use/In_Use_CSS/css/modules_combine.min.css

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dde45008d0b75cc54b7d105eab050eb5a1d05ba4d9b5922adfc703227a77e900

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 ebd7b246dc1b8bef0a7a10752563dc62.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: CfcFgpOhSoUhkCqLCSnO4QqPdk9ji_EO
age: 2944
x-amz-cf-pop: IAD55-P1
x-amz-server-side-encryption: AES256
x-amz-request-id: TJJP96ZWE4NG287Q
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 63lehg5XREojSwl+BorW6kFRHI/s+GA0xk+JTaM7LIEKLfwlixY56WadGDr28xkDsaugzxEedFM=
last-modified: Wed, 30 Mar 2022 18:54:44 GMT
server: cloudflare
etag: W/"e6e0be2325d19c59ff2cf89a70c76a19"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1648666483443
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7q%2B7%2FynEmsgkl269FTqRMHo6NZug8CSNGrvjgWo3osmw4E2CuSzSzj%2FtU9JFXg%2BTVV3lQ9dryq2%2Fb723db8JegkUNZC15JdIgmLNokUbCxlsxKdhrOBL0E93UraOcPj2v5V4rjQr2OtuoYqQtyxn"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 78ea2fbc88799b3a-FRA
x-amz-cf-id: 0n6BbucKaHgRxSe8AwWF6IHWnW0q6-2fmCZF6BQiaYgrqB6SIWnJbg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 83 KB
32 KB 59ms
16ms Script
application/x-javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D4) /
Resource Hash: 1ae740ebbe1a0c68cdf60b2d5df40126d47e6c69d19bf794b8a99ad5ceb81992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
content-encoding: gzip
last-modified: Thu, 19 Jan 2023 23:20:21 GMT
server: ECS (frb/67D4)
age: 62278
etag: "6ebc1995c2cd91:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 32327

GET
H2 200 in.js Show response
platform.linkedin.com/ 509 KB
160 KB 312ms
28ms Script
text/javascript 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: 669ddd18ea3daf8803fd6ed9f18f3dc2410447c93336e298ab45f556f0430cec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
content-encoding: gzip
x-cdn-client-ip-version: IPV6
server: Play
x-li-pop: prod-lor1-x
x-cdn: AKAM
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-lor1
cache-control: public, max-age=3600
x-li-proto: http/1.1
content-length: 163382
x-li-uuid: AAXzBP7L0NUlZuyRN6QD/g==
expires: Tue, 24 Jan 2023 17:27:43 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1674574627360/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 158ms
128ms Stylesheet
text/css 2606:4700::6811:f3cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1674574627360/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f3cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3484
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Tue, 24 Jan 2023 15:37:09 GMT
server: cloudflare
etag: W/"94daf62e7e6df83595c6251fb0c7c055"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1674574628026
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h6MQDt5g62kK8TY6zxR%2Bu5kqSWWDQy%2Fg4LnVKAdJuemqueHO%2FkRJFvrbfU4aFvTtUTzpcxN5DVH1T0LqciZNdvGCrVXBn3hXQh7%2FgvzXBNxv30FuEpoU0%2F1HBxWVxTtsSU%2BVpkUv%2FwzhU6DA2hI%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 78ea2fbcbecd9006-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 hs_default_custom_style.min.css
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1673291315737/In_Use/In_Use_CSS/default/ 58 KB
12 KB 71ms
70ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1673291315737/In_Use/In_Use_CSS/default/hs_default_custom_style.min.css

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6e3f5e3aba4ff03f2744dcbfa8a58b66f7e106e4ee5189bb55736aa76ef0747

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 965a8e3a7cc0b0dabf91fcd2f78a55da.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: _CYmHhXhdj.b0dEzxa.194QIX7pxanj9
age: 2944
x-amz-cf-pop: IAD55-P1
x-amz-server-side-encryption: AES256
x-amz-request-id: FMX2M3E0BRPTDBHR
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-encoding: br
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: NiWl8Xc00/n2wLmue2nPkS2EFUIW+XNs0VmToQ0JsiTexXnbYYH/tIpovaxqgFlyV2fBVlVkkMU=
last-modified: Mon, 09 Jan 2023 19:08:37 GMT
server: cloudflare
etag: W/"1ae0993a3ff2fa00f931d4221bf6c1ef"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1673291316731
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GWgOqviEyxw%2FFe8ArcUEnzRwaf0VWUFNMdSFdAbo2fjWXlpxvtJyrGAfUMNE%2F45AOmwpJJAEAAHddU3wH0tS4zE8SJRuQZOaz3V5Y9fT8nE2a7b7jmFMDvi5loug7HoXBBJKZr%2BG%2FOgrdxMJIc%2FL"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 78ea2fbc887a9b3a-FRA
x-amz-cf-id: aH3mD5G5zcuE5GZ7f4VK0ekK2eChs_TEt_eySmGHSJGrbH0-Da4Olw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 Updates-Fall-2017.min.css
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/5296081041/1673297081594/In_Use/In_Use_CSS/ 135 KB
25 KB 107ms
107ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/5296081041/1673297081594/In_Use/In_Use_CSS/Updates-Fall-2017.min.css

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

603319952094ae9f33c9ce1d6c90fdf0f6ea506217f66d6df0acf5bbd7a4ef18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 a12c29ca3e64ac2015cf4f6c9099b8ce.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: fFCV0PMhoT8cJbHozk4978rvITw.Bu6g
age: 2944
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-amz-request-id: J4ECKE17H0Z1X4RF
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: ax2l24XTO8UL3RuNXPGHcvjmVD5SoSKxB7+TVC27rMI6qqVEAx+xEV+IdYK45STmQFrH9qxAiDXsJ9zE0T7H52519h9VygpbnNCFPTrfkkQ=
last-modified: Mon, 09 Jan 2023 20:44:44 GMT
server: cloudflare
etag: W/"45ea5ebd14a720b088e8f6222e985cfd"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1673297083175
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VKx%2Bwq7utUSJpFaOVIHY7jyKNr%2BR59K3PwZYkcW7VqNAvU%2B4bEiEhM3E6lz0zix4UttDnjdIS3cW4BzYuIwF0Pg2zliC9RmIH%2BNNTL6F7361OyflNLa5Es%2FjO6%2FO11E2IkK%2FQctRGM%2F2krdPcMNA"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 78ea2fbc887d9b3a-FRA
x-amz-cf-id: V6UPW-V3bgPM0iKcqUqonbNVbyJG7t-fG5ZfF-M1NHhBs-ArSx5FUg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 SON_logo_main@2x%20copy%20trimmed.png
blog.sonatype.com/hs-fs/hubfs/ 4 KB
5 KB 84ms
80ms Image
image/png 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.sonatype.com/hs-fs/hubfs/SON_logo_main@2x%20copy%20trimmed.png?width=165&name=SON_logo_main@2x%20copy%20trimmed.png

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff18340a32be3a5bf651560244f61742000ef4fc3687a5b72bad798df21b5c79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 8beba0476250d2240f748269153a9f96.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 377777
x-amz-cf-pop: IAD55-P1
cf-polished: origSize=6046, status=vary_header_present
x-amz-server-side-encryption: AES256
edge-cache-tag: F-7285854710,P-1958393,FLS-ALL
cache-tag: F-7285854710,P-1958393,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4182
last-modified: Mon, 09 Jan 2023 21:54:05 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "e50b0cb3408378deff4eaa9e717df90c"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8nhzRTi84akZMgyp5qDTBoRAfjT7Yi2gBUdYhivpiiJTcmmlnUVzpGgyi63F7K%2BIb8XNkO79JDf9ARUqsSeK505SCw%2F6TV4ioMZPNuBKfhBYSmRrkvEBSLrxzdHNs1VbIm2mQo7XXXce%2BEE7G5FG"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 78ea2fbedc349106-FRA
x-amz-cf-id: 4BhwDuU4xWQkat4MYljA2WRFuZQ747vdLVCI2N67AA1En-Ra74KMUg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 blog-attack-100.jpg
blog.sonatype.com/hubfs/Blog%20Images%202022/ 258 KB
259 KB 960ms
956ms Image
image/jpeg 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.sonatype.com/hubfs/Blog%20Images%202022/blog-attack-100.jpg

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2bce9a8a86dd2ab282d2af02defb52480b5d284bbf26cbf417709c253f3a747d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-74034299284,FD-68246726812,P-1958393,FLS-ALL
x-amz-request-id: EKH6AAPW4D1MFEYQ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-74034299284,FD-68246726812,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: "e832759881d951b6e4cf01f3774ba2ef"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1652994531653
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Tue, 24 Jan 2023 16:36:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 65RikiAmRfl8_FgGZqRU9jMqbxOoCTSG
x-amz-cf-pop: MXP64-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-74034299284,FD-68246726812,P-1958393,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 263741
x-amz-id-2: 5PvtCzhP0bflu3COJngDetvkBaQYFXoh0RGsNOZrdBv3vZ3UvTWUS5mruLTLiPOzdRnYSX+cCaE=
last-modified: Thu, 19 May 2022 21:08:52 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bT5nzS40Pb%2BjNuLsqC6ZCIOBwzKCOEOc29%2F1qnZFqSkWEsm2HV3O8%2BxtIFAjYemAQI%2B%2Fg3imJp6P30jBmoewQGpbSuooLwzPxSYEO07gmvknsHrkUtNXxPPKvyUG3F8mrFbkMWFrRuYUEq%2Fu4y1C"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 78ea2fbedc379106-FRA
x-amz-cf-id: 2ru3mrNtDcFMUvRHi98sqWkS1qzZLUiXzoA3KHQ92mTvQIrkr5e15A==

GET
H3 200 akshay%20ax%20sharma.jpeg
blog.sonatype.com/hubfs/ 33 KB
34 KB 55ms
51ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.sonatype.com/hubfs/akshay%20ax%20sharma.jpeg

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e57bed5ad74d01e390c6c88cff69a8a573c8d08a127f4dfe8fc80f397504d51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-7618951662,P-1958393,FLS-ALL
age: 23014
x-amz-request-id: 14G8QPKSR1KPMNEV
edge-cache-tag: F-7618951662,P-1958393,FLS-ALL
x-hs-https-only: worker
content-disposition: inline; filename="akshay%20ax%20sharma.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
cf-bgj: imgq:85,h2pri
etag: "05bf826725f866d18596285df12261d6"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 af287426c130b47dba79bf825f91ebba.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: eJ4YI7RINvXgKM3v312ykCq5Y_UAIELs
x-amz-cf-pop: ZRH50-C1
cf-polished: qual=85, origFmt=jpeg, origSize=58267
x-cache: RefreshHit from cloudfront
cache-tag: F-7618951662,P-1958393,FLS-ALL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 33742
x-amz-id-2: gK2A2kGcsg70FlNbmt9nsjtsyyKEiHIWbBW18SaUaaiAtq2ehQVqb0uzKMpGvREsUwMEFCPazu4=
last-modified: Fri, 15 Feb 2019 17:59:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6HVCoOsUdanlrIUWGs5FQFEe%2BIbSDQNWrSTyzksMNADrFNVMyUq8NokiKaM%2BYvXS6Yw3exI%2BmJmLoJPWvEHy7QkY6ITDqnhx46dptD3MzehHuL5zKb32vHw8FgvMdYMhKhz%2B0oBG56i4ObpUA18T"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 78ea2fbedc399106-FRA
x-amz-cf-id: VhygnB6ycvNsvu7mG4kr82pgxutj5eayc2BsAVORr6iCkHxk0ha03Q==

GET
H3 200 blog-ThisweekinMalware-3-100-100.jpg
blog.sonatype.com/hubfs/Blog%20Images%202022/ 79 KB
80 KB 100ms
95ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.sonatype.com/hubfs/Blog%20Images%202022/blog-ThisweekinMalware-3-100-100.jpg

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1bbb53878a02f209c08b50132a24c13916be3d5aa8333f71fb45d4564fc5688b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-75642066552,FD-68246726812,P-1958393,FLS-ALL
age: 23014
x-amz-request-id: 3A33JYNKGMA8QVW6
x-amz-server-side-encryption: AES256
edge-cache-tag: F-75642066552,FD-68246726812,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="blog-ThisweekinMalware-3-100-100.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
cf-bgj: imgq:85,h2pri
etag: "96f860a6cbff1bac09e8365820a9b3d1"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1654631652689
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 697e9166a29142e018dae0e083c25f18.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: sdctgB9WnBXTkwq1lfBPkQMKK5.Gq94K
x-amz-cf-pop: ZRH50-C1
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=197505
x-cache: RefreshHit from cloudfront
cache-tag: F-75642066552,FD-68246726812,P-1958393,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 80434
x-amz-id-2: szOMwDKIZHHYdK6Vu8FLiCh6uSix3CDHl5x3QM5Yb3FYRSeW+xHwGZyytcV+aNoK+KrMWrC7HAc=
last-modified: Tue, 07 Jun 2022 19:54:13 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wggaW%2BlGr9WbONJWMVnCGwF%2BXm4iHJ%2FzkulCky6MdJGuSvfmtiNhvxryRJAVkPNVdBSUy3FSGHxWmNjpwei9XQAo0pOJR2dTQlz4ne33YIRsU6Odou6AKV6G6bCjEeC0kIuHVYBdY1hhdBQyMXTA"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 78ea2fbedc3b9106-FRA
x-amz-cf-id: ybgdv1jeP2nQGrH3rvIkHq7ff_gS8Feqtce0MioLgLVo-eWpsW-OyQ==

GET
H3 200 blog-open-source-containers-components-100.jpg
blog.sonatype.com/hubfs/Blog%20Images%202022/ 51 KB
52 KB 101ms
97ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.sonatype.com/hubfs/Blog%20Images%202022/blog-open-source-containers-components-100.jpg

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fe66b673672aabd8e12bd3325ca8314f4b770ad8ced29b97ce7943d076322fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-80247429035,FD-68246726812,P-1958393,FLS-ALL
age: 102929
x-amz-request-id: B52Z34M3JN3H7GMV
x-amz-server-side-encryption: AES256
edge-cache-tag: F-80247429035,FD-68246726812,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="blog-open-source-containers-components-100.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
cf-bgj: imgq:85,h2pri
etag: "e984f8c5650b0317f1dc52947db8b191"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1658853644815
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 4a95385e61c9df8f5f8de6338a3fe59a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: JN_T4FG5sA4xQff7o9ooMt2fWbinYM31
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=356528
x-cache: RefreshHit from cloudfront
cache-tag: F-80247429035,FD-68246726812,P-1958393,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 52162
x-amz-id-2: UrY0qZOC5FODGg6/qZcZjiu8Vhmw+9pLpSQfhlslLpuHuRNtqI3qiw12Fjcy9EAtEy/Wbn51tsk=
last-modified: Tue, 26 Jul 2022 16:40:45 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nvjtD87XCbu6CDBGJveCGeQabOmsjI9XekrCUhSdmpqsOaN9zjVvSXtP0PZppFoQNXygTdM4HQ84gLGksRD088qggdyyIVYQtD1oxnAP%2F8etoq9Y7574yHs%2FN8aFgpoFn1QxORKVOlFoOdnJHtFT"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 78ea2fbedc3d9106-FRA
x-amz-cf-id: KI0DSOyvlp7RAAewZ3w_xOq6OBuI3YQy2dm7tSxOtqjABvZpnOtYMg==

GET
H3 200 blog-open-source-components-dependencies-100.jpg
blog.sonatype.com/hubfs/Blog%20Images%202022/ 39 KB
40 KB 111ms
107ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.sonatype.com/hubfs/Blog%20Images%202022/blog-open-source-components-dependencies-100.jpg

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7be1a13e6e46c18c928788b6433d1233f80cc35601f213e59924431015e79b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-80249837446,FD-68246726812,P-1958393,FLS-ALL
age: 419748
x-amz-request-id: V8WZXWRKW3GP2MSZ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-80249837446,FD-68246726812,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="blog-open-source-components-dependencies-100.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
cf-bgj: imgq:85,h2pri
etag: "0e57bca89903bb91bc3e5711e9ea7f19"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1658853644883
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 645f43b8717568c0a4b2c8f32ab504dc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: K3bJ7A68Iv_i0e5yMDp3DTB3Su4ujTzR
x-amz-cf-pop: MXP64-P1
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=311466
x-cache: RefreshHit from cloudfront
cache-tag: F-80249837446,FD-68246726812,P-1958393,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 39790
x-amz-id-2: 5yHpAq49GBXZ9vo2CqZVqhelOkYiuVCUOK9kT3JnOIf+Y9IMm12A9mQao6GQgyUHol5v4X7drpw=
last-modified: Tue, 26 Jul 2022 16:40:45 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ljSPU8LRlpR8DXu1NANaFYbMgAMQiZJp0c6h0eJR9A54zSYO%2F3NB%2FHY4FDxQgghuL4%2FjXngGVaql09e4Rv7KNbsW%2BaH%2FGYh%2FCWlMlVFF2b6HZIpj%2BnpP3XVdlD0QKYj9myR0qjcP40cXM4TUyp0i"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 78ea2fbedc3f9106-FRA
x-amz-cf-id: MGpcijShtFYNpFA6IESdqa3xs6dlvYR0m4g6JKavR7EqeEH8cH46lg==

GET
H3 200 blog-protection-100.jpg
blog.sonatype.com/hubfs/Blog%20Images%202022/ 29 KB
31 KB 67ms
63ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.sonatype.com/hubfs/Blog%20Images%202022/blog-protection-100.jpg

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d502451b73e61b8f0c65ac9987259e7dda95743c66726276c0f35e96bd28aa7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-74033129251,FD-68246726812,P-1958393,FLS-ALL
age: 419756
x-amz-request-id: 0VWWWTMTYDAQ601V
x-amz-server-side-encryption: AES256
edge-cache-tag: F-74033129251,FD-68246726812,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="blog-protection-100.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
cf-bgj: imgq:85,h2pri
etag: "ca4774601c363578d7f7129cb26730ad"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1652994531890
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 2f9d40e1286737e2a1a91819dee481a8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: gJIZHFRuYUrI4X20ibUhWHFnlePsvKXO
x-amz-cf-pop: MXP64-P1
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=278865
x-cache: RefreshHit from cloudfront
cache-tag: F-74033129251,FD-68246726812,P-1958393,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 30040
x-amz-id-2: A7+eVjHK/HAB1cHL17qCVlN75NN1WYZnix4hG5DqgQXySIL/UNtuq02V1cuOIE8sX5N172U0e4c=
last-modified: Thu, 19 May 2022 21:08:52 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=puCikOvJbn0elUA2XnGEj8fde5Yxj8dUNaM%2Fsf15i37rwxGCTFjNzCQ1wl27aT7jMDnOaOXz120UQcc5Br1OlLwDg%2FaWwynuvngcpz%2FwsP2vR3mWALIFyReyWA7bmBzQXRoGK3GhLruhuDZ8JznF"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 78ea2fbedc409106-FRA
x-amz-cf-id: QR_65wPsjDXf0nP7CiqqRfR_Mv9po0xl8oy7iV_ObVNpVeeo8bIEGw==

GET
H3 200 image2-Jan-17-2023-03-20-15-2541-PM.png
blog.sonatype.com/hubfs/ 565 KB
566 KB 86ms
82ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.sonatype.com/hubfs/image2-Jan-17-2023-03-20-15-2541-PM.png

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

610e5a57ff470fab70750d8d4bd446abeddff7e60f30be9eea5c25660440b454

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-98850874784,P-1958393,FLS-ALL
age: 125749
x-amz-request-id: CKSWF3D1QDMD2RGS
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98850874784,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="image2-Jan-17-2023-03-20-15-2541-PM.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
cf-bgj: imgq:85,h2pri
etag: "6aba7bfeb869f3d08c928e6af1fad1f0"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673968815254
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 b103085320b440f2b61bad94c412ff70.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 8VZz5ccKQ8vfEoYI1UGMFirjzjql2uI8
x-amz-cf-pop: ZRH50-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=1006938
x-cache: RefreshHit from cloudfront
cache-tag: F-98850874784,P-1958393,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 578370
x-amz-id-2: 4rcaoa+F4TpaaJT0DalXjEMeGI0QTz7GJaIKWogAPVSMQK0VCaLmVt9CyzW7L+30/PNo/YNqW4N4zsA2HwzHyA==
last-modified: Tue, 17 Jan 2023 15:20:16 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B%2Fg%2FWnmgnVu6veZGXINQez8BsTciMwElPyjewN2ZTmQykXWY3oFHMfQKjJSYpYhS%2BhmvvhbgCZbk2hP1Esx6PtWJ%2BDqaV098Q9V5RNrzM2KDeUpUULn4Budu9kh%2BmzRlOSPoQ3LlIeTZf2mtkDYy"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 78ea2fbedc419106-FRA
x-amz-cf-id: pnyLetvrk6luq2akpIsZT15nI6gz51PCDbZS8N0Yv0_EyondyETGbg==

GET
H3 200 blog-vulnerability-2-100.jpg
blog.sonatype.com/hubfs/Blog%20Images%202022/ 72 KB
73 KB 124ms
120ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.sonatype.com/hubfs/Blog%20Images%202022/blog-vulnerability-2-100.jpg

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3a7fb799db156074b53854d21cd69385f1eb3702e61728bd24f7a25859f4227

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-74035276051,FD-68246726812,P-1958393,FLS-ALL
age: 102927
x-amz-request-id: DC04NA1FHV29WTFM
x-amz-server-side-encryption: AES256
edge-cache-tag: F-74035276051,FD-68246726812,P-1958393,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="blog-vulnerability-2-100.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
cf-bgj: imgq:85,h2pri
etag: "e5200abf69a359f32e163c1cb5849855"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1652994532698
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 a5010656f4f762c0fdffac3448496b86.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: lbbHID7zltbhMCophFNLLH19TsMH9MbH
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=447817
x-cache: RefreshHit from cloudfront
cache-tag: F-74035276051,FD-68246726812,P-1958393,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 73804
x-amz-id-2: u0vsXEXFTyNCrNkn1OeVIclgoDdmPWQLFBZwvDrU4mRMiLTTGJ9rcbc5dt4TMX8uT8oMt3ePyFA=
last-modified: Thu, 19 May 2022 21:08:53 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tZ7%2FuMgtsNaVXKiuKz8ZuUVvx%2BY%2FM5T6l5i8%2FGD3FNHW5PZgqXhzHFoGIWr6WV83N7ciT%2BM2RRJxUj3hCKil%2FAMnK4bRP0wEy9Hw8bhNfwQkaEbrtStnoiCBPwWGYBus8wCHxB1LO9XoohanWvhu"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 78ea2fbedc439106-FRA
x-amz-cf-id: mEEhjrX2zbRyI5udLM1nSiA_1vFBBaa-8SJZmez3F916V5JjqfkmnQ==

GET
H3 200 SON_logo_white@2x%20copy%20trimmed.png
blog.sonatype.com/hs-fs/hubfs/ 2 KB
3 KB 131ms
126ms Image
image/png 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=130&name=SON_logo_white@2x%20copy%20trimmed.png

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

970486c67848d803aec605e627bf01dbe8760d510fcec8e15762c902425f145e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 b2179245b8d8ae2b245dd8946895eb1e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 377777
x-amz-cf-pop: IAD55-P1
cf-polished: origSize=2773, status=vary_header_present
x-amz-server-side-encryption: AES256
edge-cache-tag: F-7285975615,P-1958393,FLS-ALL
cache-tag: F-7285975615,P-1958393,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1886
last-modified: Mon, 09 Jan 2023 21:54:04 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "0d48500fc4e2c17121ad55b8c0321402"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2HDt88Tv8roumI6R%2BqWceBv6yfhAHDNDQSgP9qbr0WtehbJOrSwW%2FVWGKogRp2SPCDyVSsvzVdYsGX635umcRdAv6TBPW8nUdpw0nmOc%2FWuuBRuN2z9pc0dfDhhRuNziiYcz5P%2BBYn8tHb4B7hyv"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 78ea2fbedc449106-FRA
x-amz-cf-id: VJHctCfjjeLsXEVPyim_t6bKY9jZqgg3tyRGhgHO4tjaizWBuc1zHg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 SON_logo_white@2x%20copy%20trimmed.png
blog.sonatype.com/hs-fs/hubfs/ 2 KB
3 KB 131ms
122ms Image
image/png 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=145&name=SON_logo_white@2x%20copy%20trimmed.png

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

73ed376f92ddc098bfca009b8b7e702d2aecd19f10fb55b9d0d1fc75d851897c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 b2179245b8d8ae2b245dd8946895eb1e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 377777
x-amz-cf-pop: IAD55-P1
cf-polished: origSize=3322, status=vary_header_present
x-amz-server-side-encryption: AES256
edge-cache-tag: F-7285975615,P-1958393,FLS-ALL
cache-tag: F-7285975615,P-1958393,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2194
last-modified: Mon, 09 Jan 2023 21:54:03 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "564b0a83218686599002a3e5c0c3b7e3"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ywVA9GoJHA7TIm2sNaPhFUtWEtCYHbPrvzk0NaHHYLFIyVObLqATcBDq4n7XaHrLdvpnkyebtaokbFls0urh9jkwVfEWeao0wq87pUsyWdFinzYJCHiDCzbTB55KF8ZJIvhzFRbIrfBWosS3nXLw"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 78ea2fbedc4c9106-FRA
x-amz-cf-id: NT-_VETMi6Y2RCaCLE8ClPwC_JVZgR5JfBLihpznCv9p_e1IN9B1Ew==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 module_40666130714_MEGA_Menu_Code_Jan_2021_NEW_MEGA.min.js Show response
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/40666130714/1673214662253/ 1 KB
2 KB 47ms
46ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/40666130714/1673214662253/module_40666130714_MEGA_Menu_Code_Jan_2021_NEW_MEGA.min.js

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4856f1810c158116e228cedba87479fd678b5333ed7125395340d06825044675

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 0501dadffc52b06a0cf6aadc57586acc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: yusSfTExkqOWteA3eYWUiP5jGWYuYlts
age: 92
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-amz-request-id: TATRX1MFS0AWVZE6
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: llwFnzMmjNERNQHk29g2dJvrCCpRYMst5YCqPbtNT1pb82Se4NGR5+l2taz12mhRrMC7Br1e+zc=
last-modified: Sun, 08 Jan 2023 21:51:03 GMT
server: cloudflare
etag: W/"04af230045dc96070805d4fa2028f867"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1673214662253
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CRJX%2B02ikNW932I%2Bl0IaHjxo82clM4FJm%2FwFQ8fnhYSFb2JJ2HBe0LaktCVkKEGELRG0%2Badn5%2BQGj1MW0C03i3Y8LyCaszaEic3ViA2LIt8%2FTQ1Gyq%2Fx%2FUcI4%2BK4RoXxVsaPkeIr4jTuaOicUdSr"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 78ea2fbe5b789106-FRA
x-amz-cf-id: kGMVTsBFERqkcbG1YNtAZN4Uc0wqygB3-5wGz_16GBB7n-p0iClFJQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 1958393.js Show response
blog.sonatype.com/hs/scriptloader/ 1 KB
1 KB 446ms
436ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs/scriptloader/1958393.js?businessUnitId=0

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

94e0411d8c56aca907785c9ec9e0e557e390e4c120c523470cac8e3e4aaba252

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 44e22261-5b57-407a-b0df-610abeb20836
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 24 Jan 2023 16:34:38 GMT
server: cloudflare
x-trace: 2BEB750E5270F84EB556719EB7785DA62842403ADD000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://blog.sonatype.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ki6u4CWeU%2FwKOCjKQohXlgkvNVmhF1VbrC%2FO6SyLjdZxGktkRIomJKv3sPswTbVess7v3UWY3gY%2FWETDNX3zehbx4XBXikBbVwrhC0HZxJDcEZcG3gdxkttqMs8TZwSKjM%2BQgcwadb5rIGeW%2BzW"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 78ea2fbedc509106-FRA
expires: Tue, 24 Jan 2023 16:37:11 GMT

GET
H3 200 Sonatype-Main.js Show response
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/5296077409/1623972639539/ARCHIVES_NOT_IN_USE/NOT_IN_USE_CSS_JS_and_MISC/ 1 KB
1 KB 80ms
75ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/5296077409/1623972639539/ARCHIVES_NOT_IN_USE/NOT_IN_USE_CSS_JS_and_MISC/Sonatype-Main.js

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3db1acdfdb5eca3a6604286fdd964e8cab2442c3778dfc8ac36d70ac1b257e36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 0920aeb1eced22df07c9ece1cab0a554.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: YEXzL2aHtsEiuvbX9EKjlJoLeI6aG509
age: 92
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-amz-request-id: 8AM8HRC05HDDMP0Q
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 66UQCRV5HWcYDlETvQtKrjcHM8AvT64M4KGA2Kpl6SAIsC068kVzYsgHq0fstkLS4AzDidh2jow=
last-modified: Thu, 17 Jun 2021 23:30:40 GMT
server: cloudflare
etag: W/"fd57b248dc71a98d500fccbf9455edd8"
vary: Accept-Encoding
x-amz-meta-created-unix-time-millis: 1623972639539
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HuGTYdADaQ3NrRDkZkEVgY0nmRgLMv%2BrrPI04gOVdOVZjEQO096CqtZDMqyWhGO7Lk0FLkgzBG0mZ2R6IX6EbXyElSbvemuAGHmGXZcYRO4KngnFSOoMO3EBtkOMGz9wmZGf1lFOBEbONlnvPgaF"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 78ea2fbedc339106-FRA
x-amz-cf-id: 2UcUUYjNybXudqXIFhxFZox_AfFlT2JjGbWXOm-yWKa5d4T4FnRfnQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 283 KB
91 KB 71ms
35ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TT8R4P

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

faea20c46ab29e25a27d14398d1af520a4180879a697537e67c542923ae3b38d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 93422
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 24 Jan 2023 16:36:10 GMT

GET cae69742.css
fonticons-free-fonticons.netdna-ssl.com/kits/cae69742/ 0
0

GET
H2 200 99hz8ezzd9gu.js Show response
js.driftt.com/include/1674578400000/ 211 KB
60 KB 226ms
137ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1674578400000/99hz8ezzd9gu.js

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

879dedec5195d98536a1bae45110bbe50a40f51f6609611ecb7707331f077e5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-amz-version-id: 4W4dql3Y.0BXOBWnNvAiMu6Y7sbrg74o
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Tue, 24 Jan 2023 16:36:10 GMT
via: 1.1 0162e02b2d0212054988a68716227daa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 233
last-modified: Mon, 23 Jan 2023 19:28:44 GMT
server: istio-envoy
etag: W/"70ba0a6fcd1d4a78e6cce2ca86251178"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: J_8t5ufFXxZgs_WnGQ1O6LdbGs_iQ5ywlBek_Y-DI5I38vS9R5VCPw==

GET
H2 200 ressponsive.min.css
cdn2.hubspot.net/hub/1958393/hub_generated/template_assets/1470395970193/custom/page/web_page_basic/ 77 B
465 B 115ms
113ms Stylesheet
text/css 2606:4700::6811:f3cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/1958393/hub_generated/template_assets/1470395970193/custom/page/web_page_basic/ressponsive.min.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1673291315737/In_Use/In_Use_CSS/default/hs_default_custom_style.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f3cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7fc32dbd9d7ba36243de341ee5f34a64a9ae095afee6ada8ce1f3d14c22c1dfd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1673291315737/In_Use/In_Use_CSS/default/hs_default_custom_style.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 404577
x-amz-cf-pop: IAD55-P5
x-amz-meta-md5-hash: e1be8528cd2b50bd34b2434539994980
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Fri, 05 Aug 2016 11:19:31 GMT
server: cloudflare
etag: W/"e1be8528cd2b50bd34b2434539994980"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4z%2B5XUzUhESsGwOqqJe1t1i3vjZknCGCjS2M4QXdJHFegQqTk%2F1zLwbix9QJwZhZGCKHZl0iPKooUUnw%2FUkbilxS0HG523S0Ta%2FBP41XVZw2UwY%2B4AJgrqpe8pagOqS5xX0x0KfXW%2FGJOkLBmWo%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 78ea2fbeca3e9006-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 Proxima-Nova-Extras.css
www.sonatype.com/hubfs/Fonts/ 6 KB
2 KB 166ms
72ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sonatype.com/hubfs/Fonts/Proxima-Nova-Extras.css

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1673291315737/In_Use/In_Use_CSS/default/hs_default_custom_style.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4308de018a95634260c56b7806ed795a797b9352e36dc10ed3cfd8262fc39f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1673291315737/In_Use/In_Use_CSS/default/hs_default_custom_style.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-28057205616,FD-3797246449,P-1958393,FLS-ALL
x-amz-version-id: YgXnGlF4WQ1AstClwlTILsPDXJB27Jsh
age: 424517
x-amz-cf-pop: FRA56-P7
x-amz-server-side-encryption: AES256
x-amz-request-id: 2W32TT56CBCQ7XH5
content-encoding: br
edge-cache-tag: F-28057205616,FD-3797246449,P-1958393,FLS-ALL
cache-tag: F-28057205616,FD-3797246449,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: UDA2/431CFZwU13dQ94Ogs0Tu8H4KH+AmuT+udKMbDM3VjVICfbVL0CaDP1mwECJ6I8BFeUOu10=
last-modified: Mon, 06 Apr 2020 20:03:28 GMT
server: cloudflare
etag: W/"081ee9523e1034ef58341ede01254dfb"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rRJOlp%2FLKmv6pnA%2BLLUf29Oik47zW7lUYoAhOkGD5dzfuB%2F1c8yIfRPhtAaS0CeGntjCuAKx1U2Jp%2BGUdu%2Fe2CfmfpqblkpexyTFMWe1Zw12pKe%2BhCTVD%2BnM8mjgGxN9Ha0oPIU6U2AHWzE89iM%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 78ea2fbf5a6e2be5-FRA
x-amz-cf-id: mTchvIo3LoWmCiWzNeJCRoE3aY1vd7MVT7Sc_WeS9fVrz5TpPZLt2g==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 proximanova.css
1958393.fs1.hubspotusercontent-na1.net/hubfs/1958393/Fonts/ 4 KB
1 KB 207ms
154ms Stylesheet
text/css 2606:4700:4400::6812:2128
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://1958393.fs1.hubspotusercontent-na1.net/hubfs/1958393/Fonts/proximanova.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1673291315737/In_Use/In_Use_CSS/default/hs_default_custom_style.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2128 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 549bf3e4406e886adc00448706a432b1c5633532df4098acc5235be3459da32d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1673291315737/In_Use/In_Use_CSS/default/hs_default_custom_style.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
via: 1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-3944818967,P-1958393,FLS-ALL
x-amz-version-id: Nx1ip_m09IOUG29Oo2hvpQOOKZSH0Vcn
age: 713252
x-amz-cf-pop: FRA56-P7
x-amz-request-id: R6NSB406HKM3WGD6
edge-cache-tag: F-3944818967,P-1958393,FLS-ALL
cache-tag: F-3944818967,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-id-2: xKAbKlJhlDHi6U00/mmu0nQbM0UASMkveafQrmD+xmk06dgia/2f4SU3q/nIYXafGv+Sotk/YYA=
last-modified: Sun, 08 Oct 2017 10:31:18 GMT
server: cloudflare
etag: W/"82d3f802db703aec190e50c8ae99deab"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 78ea2fbf19839235-FRA
x-amz-cf-id: 3oMRqqzj2N7kU5P_N6DkvX-TWsmhILSZYkVg3EBOL3Q7NcCMJK5jgw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 font-awesome.css
1958393.fs1.hubspotusercontent-na1.net/hubfs/1958393/Fonts/font-awesome/css/ 32 KB
7 KB 220ms
166ms Stylesheet
text/css 2606:4700:4400::6812:2128
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://1958393.fs1.hubspotusercontent-na1.net/hubfs/1958393/Fonts/font-awesome/css/font-awesome.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1673291315737/In_Use/In_Use_CSS/default/hs_default_custom_style.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2128 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 082b0736a3408950e50fd65a090921003fe83d89ec6e3084549a01d5dfa9e854

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1673291315737/In_Use/In_Use_CSS/default/hs_default_custom_style.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
via: 1.1 b238d3f6f579ec0d467edb5df6f43bbe.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-meta-cache-tag: F-3948811917,P-1958393,FLS-ALL
x-amz-version-id: m9Z5f4v3tZv6bWFPUKxjPuJ3lp5IXZnA
age: 1101230
x-amz-cf-pop: MXP64-P1
x-amz-request-id: G0T21VFVXGE0DC58
edge-cache-tag: F-3948811917,P-1958393,FLS-ALL
cache-tag: F-3948811917,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-id-2: ZxSEH8UGHPRH/CacL3vJB5IHkUUIKVXxW6xxQfENFmbVXlzZWcdY+oC1CMIydBCGQs//3zaxLS8=
last-modified: Sun, 08 Oct 2017 10:31:29 GMT
server: cloudflare
etag: W/"5343ee1a287a65ff20961476fd8a6188"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 78ea2fbf19869235-FRA
x-amz-cf-id: TXAuHFPvz8Hr4_GRJfoF09N7fSTf1jF44gqKE0EJLjm-oVldgHfX8w==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 bc-v4.min.html Show response
consentcdn.cookiebot.com/sdk/ Frame DDE5 627 B
692 B 35ms
8ms Document
text/html 2a02:26f0:3500:887::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:887::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104

Request headers

Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=31535935
content-encoding: gzip
content-length: 392
content-type: text/html
date: Tue, 24 Jan 2023 16:36:10 GMT
etag: "3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires: Wed, 24 Jan 2024 16:35:05 GMT
last-modified: Mon, 04 Apr 2022 07:23:49 GMT
server: AkamaiNetStorage
server-timing: cdn-cache; desc=HIT edge; dur=1
vary: Accept-Encoding
x-akamai-transformed: 9 - 0 pmb=mRUM,1

GET
H2 200 cc.js Show response
consent.cookiebot.com/9958dd21-8504-4dbf-8e2f-e736792a6843/ 373 B
576 B 61ms
57ms Script
application/x-javascript 2a02:26f0:3500:18::1724:a29d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/9958dd21-8504-4dbf-8e2f-e736792a6843/cc.js?renew=false&referer=blog.sonatype.com&dnt=false&init=false
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:18::1724:a29d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: eb0b73587ed3d49455f35a1c39b0c1f26f971b627ff1c241654a3859f9d6703a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-expose-headers: Request-Context
cache-control: private, max-age=60
content-length: 362
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 88ms
20ms Script
text/javascript 2a00:1450:400d:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-137036301-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 24 Jan 2023 16:21:44 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 866
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20085
expires: Tue, 24 Jan 2023 18:21:44 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/981320274/ 2 KB
2 KB 82ms
52ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/981320274/?random=1674578170859&cv=11&fst=1674578170859&bg=ffffff&guid=ON&async=1&gtm=2wg1n0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&tiba=New%20%27pymafka%27%20Malicious%20Package%20Drops%20Cobalt%20Strike%20on%20macOS%2C%20Windows%2C%20Linux&us_privacy=1YNY&auid=1169656619.1674578171&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TT8R4P

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50720a0f3fab94bc0a0885e3c251ab72bc1340470dc2a036490170dfcc7d12a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Jan 2023 16:36:10 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 951
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 35ms
12ms Script
application/x-javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TT8R4P

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=9101
accept-ranges: bytes
content-length: 4777

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 63ms
32ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TT8R4P

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

1d26490f083b209ef29e08d092649725edf15ac2b33ad62fdeaafd37f7d79d6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 24 Jan 2023 16:36:10 GMT
last-modified: Mon, 23 Jan 2023 19:59:24 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ACE396876ADF496B998A94509AE4EBCE Ref B: FRA31EDGE0521 Ref C: 2023-01-24T16:36:10Z
etag: "076bc30652fd91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11552

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 57ms
8ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TT8R4P
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-hhn-etou8220086-HHN

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 106 KB
28 KB 35ms
9ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ef8f067f829af7c95936a36f38e54c98ab090f937f5557e4c78829ed8fcf5ffd

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 24 Jan 2023 16:36:10 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27859
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: Q/m5QqrnAALMpQuwEpjeE9ZG1cIWkUgp4frTZYr43ZLrci0tDR/ajVsFNott+J1UyRam35nW7R36vmbhSyY5cA==
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 23 KB
8 KB 65ms
21ms Script
application/javascript 2a04:4e42:400::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: cda252dc01c656d59193d8d696f26c3e95f10b87711e2413e28362532bae984a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Mon, 23 Jan 2023 21:56:14 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "03d5db9dfd00a5719bb4c9261e6fa1bb"
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 7356

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 123ms
57ms Script
text/javascript 2606:4700::6812:d9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 448
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=1200
cf-ray: 78ea2fc07a3a9b28-FRA
expires: Tue, 24 Jan 2023 16:38:42 GMT

GET
H2 200 60f8ORF9ZgHyb-Bs0IZB5A4nMBfFFKvw_fLuFXaQ.js Show response
client.lunio.ai/ 67 KB
30 KB 49ms
6ms Script
text/js 2600:9000:206f:ce00:3:902:8a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client.lunio.ai/60f8ORF9ZgHyb-Bs0IZB5A4nMBfFFKvw_fLuFXaQ.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:ce00:3:902:8a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 11c754269decbf165d8adfbf94f256111fbb8e2fd81ee55ab90646949866d195

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-amz-version-id: _043FDSYPKXWmRQC5JNHp3YclwmyJMAz
content-encoding: br
via: 1.1 cc763905c39a59494c951c09271b0422.cloudfront.net (CloudFront)
date: Tue, 24 Jan 2023 03:42:19 GMT
last-modified: Mon, 14 Nov 2022 17:08:42 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 47108
etag: W/"7786f25a9966258b69902f00b00f9e45"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/js
x-amz-cf-id: 22yGI9csVGYPxRC-ZFFlHrW07lTSlzsNduKBBijuDqTmkQac0tSvSw==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 233 KB
80 KB 32ms
30ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-2TMM6KZPXQ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TT8R4P

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e6ec334f8d16d2eb6ef6edbd23edbf864b0dc7fcb13510345a062b929263a1d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 81376
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 24 Jan 2023 16:36:10 GMT

GET
H2 200 p.css
p.typekit.net/ 5 B
181 B 73ms
9ms Stylesheet
text/css 2a02:26f0:3500:16::215:148b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=ymj3prt&ht=tk&f=137.138.139.140.169.170.171.172.173.174.175.176.5474.5475.25136.25137&a=28114372&app=typekit&e=css
Requested by: Host: www.sonatype.com
URL: https://www.sonatype.com/hubfs/Fonts/Proxima-Nova-Extras.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sonatype.com/hubfs/Fonts/Proxima-Nova-Extras.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
last-modified: Sat, 16 Oct 2021 08:18:43 GMT
server: nginx
etag: "616a8ae3-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/39209/domain/blog.sonatype.com/ 36 B
379 B 68ms
19ms XHR
application/json 2600:9000:21a1:4c00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/39209/domain/blog.sonatype.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21a1:4c00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 12:55:04 GMT
content-encoding: gzip
via: 1.1 ab8469a6d336e6ae83223495412c7556.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC51-C1
age: 13266
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=35682
x-amz-cf-id: -FwTHn_Qc6tzLHZ9KLuTlpT-PxxvFjk0yNk42PRW61Q6u4HnDvn7sg==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&time=1674578170906&url=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39209%26time%3D1674578170906%26url%3Dhttps%253A%252F%252Fblog.sonatype.com%252Fne...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&time=1674578170906&url=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&time=1674578170906&url=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&liSync=tr...

0
265 B

229ms
197ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&time=1674578170906&url=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&liSync=true&e_ipv6=AQKnSvYk9c7F8wAAAYXkoxZk56TAnSkSrpsy7t_JQx2tGgiUKKZMsJXT1mATyyHNcg
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 9D901BA8A5784F6F9D21E803A0B17BE6 Ref B: FRAEDGE1419 Ref C: 2023-01-24T16:36:11Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXzBR0S3ApnUgLFsc4PWw==

Redirect headers

date: Tue, 24 Jan 2023 16:36:10 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 231D71EB46B44C2DA26AFB416A20D146 Ref B: FRAEDGE1906 Ref C: 2023-01-24T16:36:11Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&time=1674578170906&url=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&liSync=true&e_ipv6=AQKnSvYk9c7F8wAAAYXkoxZk56TAnSkSrpsy7t_JQx2tGgiUKKZMsJXT1mATyyHNcg
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXzBR0PW+BHT1Dx1H1uow==

GET
H2 200 645539512625749 Show response
connect.facebook.net/signals/config/ 378 KB
108 KB 10ms
10ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/645539512625749?v=2.9.94&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

520660fe835b85111a502b09449d7ea2bc38a34a67d70f734db3c0526e86bc67

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 24 Jan 2023 16:36:10 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 110580
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: AKjMbLU9lyzsUqrKzl1hY/rTho28BRLO9hN5yXZYz/TsliSj1mVjb+PEFOUcjeLKtJgPUMCotieqb4mveLGLDA==
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
348 B 41ms
15ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-2TMM6KZPXQ&gtm=2oe1n0&_p=364508621&_gaz=1&cid=1600589894.1674578171&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1674578170&sct=1&seg=0&dl=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&dt=New%20%27pymafka%27%20Malicious%20Package%20Drops%20Cobalt%20Strike%20on%20macOS%2C%20Windows%2C%20Linux&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2TMM6KZPXQ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Jan 2023 16:36:10 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
255 B 69ms
24ms Ping
text/plain 2a00:1450:400c:c04::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-2TMM6KZPXQ&cid=1600589894.1674578171&gtm=2oe1n0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2TMM6KZPXQ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c04::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Jan 2023 16:36:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 94ms
62ms Image
image/gif 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-2TMM6KZPXQ&cid=1600589894.1674578171&gtm=2oe1n0&aip=1&z=1579242537

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Jan 2023 16:36:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 39 KB
39 KB Other
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4b83253cd59eccd1793cf76278c09d928a989e22498559f9693d3dbe0ced1345

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type: application/octet-stream

GET
H2 200 adsct
t.co/1/i/ 43 B
377 B 143ms
116ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=3b01636c-aad6-468d-9126-a57ef57c9235&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=134b061c-bc45-4294-8b2e-09d017760c02&tw_document_href=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&tw_iframe_status=0&txn_id=nv7ri&type=javascript&version=2.3.29

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-response-time: 105
date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 62f9a7fdedc9332e
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 78c74bf7db8769296aa710c0a32021504ce08a2fbebbb6cdce319c7d43802fcc
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
726 B 142ms
116ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=3b01636c-aad6-468d-9126-a57ef57c9235&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=134b061c-bc45-4294-8b2e-09d017760c02&tw_document_href=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&tw_iframe_status=0&txn_id=nv7ri&type=javascript&version=2.3.29

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-response-time: 105
date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: cb108aac8869106a
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: f8f2c4e4f8a772c44cd1ef49f5bb0d09660246964c7a054273a865f77f7b6f55
content-length: 43

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
157 B 138ms
105ms Image
image/gif 151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1674578171004&id=t2_2fnbqoqz&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=9e054a1c-d45b-4979-864b-49c93cda98b6&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_65e23bc4
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
via: 1.1 varnish
server: Varnish
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 /
www.google.com/pagead/1p-user-list/981320274/ 42 B
548 B 52ms
23ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/981320274/?random=1674578170859&cv=11&fst=1674576000000&bg=ffffff&guid=ON&async=1&gtm=2wg1n0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&tiba=New%20%27pymafka%27%20Malicious%20Package%20Drops%20Cobalt%20Strike%20on%20macOS%2C%20Windows%2C%20Linux&fmt=3&is_vtc=1&random=1035390867&rmt_tld=0&ipr=y

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Jan 2023 16:36:11 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/981320274/ 42 B
548 B 44ms
43ms Image
image/gif 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/981320274/?random=1674578170859&cv=11&fst=1674576000000&bg=ffffff&guid=ON&async=1&gtm=2wg1n0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&tiba=New%20%27pymafka%27%20Malicious%20Package%20Drops%20Cobalt%20Strike%20on%20macOS%2C%20Windows%2C%20Linux&fmt=3&is_vtc=1&random=1035390867&rmt_tld=1&ipr=y

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Jan 2023 16:36:11 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ProximaNova-Light-webfont.woff2
cdn2.hubspot.net/hubfs/1958393/Fonts/ 20 KB
21 KB 142ms
123ms Font
application/font-woff2 2606:4700::6811:f3cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hubfs/1958393/Fonts/ProximaNova-Light-webfont.woff2
Requested by: Host: 1958393.fs1.hubspotusercontent-na1.net
URL: https://1958393.fs1.hubspotusercontent-na1.net/hubfs/1958393/Fonts/proximanova.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f3cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3a24ee554eac3f45e56c23dbd2c6a00823b4f98fff5cd252715d1f818142dad

Request headers

Referer: https://1958393.fs1.hubspotusercontent-na1.net/
Origin: https://blog.sonatype.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
via: 1.1 f358cf5f46d10c349187abd5e20e06ce.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-3944811672,P-1958393,FLS-ALL
x-amz-version-id: _8yz9ZjF7LQYfTsY7yUCaRvghdOgqaN0
age: 448085
x-amz-cf-pop: FRA56-C1
x-amz-request-id: H4DGWHJC2QD5WR5P
edge-cache-tag: F-3944811672,P-1958393,FLS-ALL
cache-tag: F-3944811672,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-length: 20128
x-amz-id-2: CTzUeGzu6M9BX5Rmtz9CNnCo06NQWbE03tA6LRxeyUAsFGbh1KXR200ACBYBsrMFdirJGIToyaM=
last-modified: Sun, 08 Oct 2017 10:31:17 GMT
server: cloudflare
etag: "8b7a2ea3ead03ba763da54c65bc6975c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aT%2BDw22tVrJTMnv30Vlv4xnynbBmz83ahAnMwWx%2BAA8WpczB4lhlaW8iSTcA8v2%2Bm1YnIPa%2Fq14LmRcqayK34oV0XXuS%2FHO5z%2FSj37TAMaYXLRZ6soz9rQ4PES0mFGs43FohFpbGPf1FcyVbxPg%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 78ea2fc0ed519b6a-FRA
x-amz-cf-id: 9PMuFITBdyqHv0JSKHEFdIkDvWdIc0nfMtQ6qPvLgKqAvdsi8nMl_Q==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 ProximaNova-Sbold-webfont.woff2
cdn2.hubspot.net/hubfs/1958393/Fonts/ 20 KB
21 KB 126ms
126ms Font
application/font-woff2 2606:4700::6811:f3cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hubfs/1958393/Fonts/ProximaNova-Sbold-webfont.woff2
Requested by: Host: 1958393.fs1.hubspotusercontent-na1.net
URL: https://1958393.fs1.hubspotusercontent-na1.net/hubfs/1958393/Fonts/proximanova.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f3cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a

Request headers

Referer: https://1958393.fs1.hubspotusercontent-na1.net/
Origin: https://blog.sonatype.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
via: 1.1 6e5ec1ef7875ec0751cb61200df7f212.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-3943825497,P-1958393,FLS-ALL
x-amz-version-id: 9IshFJybfsXsTU7IggT7Rm3P84yGu_.L
age: 1581494
x-amz-cf-pop: FRA56-P7
x-amz-request-id: XXA7QXYX49RS3YJC
edge-cache-tag: F-3943825497,P-1958393,FLS-ALL
cache-tag: F-3943825497,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-length: 20344
x-amz-id-2: dQys1hkhCpMvgatfxTOoRqdvrZSTiKaTCTRhYK63Qm2nwjSMRizAH1YHZ+HNH1L/kIh5NGjyRh4=
last-modified: Sun, 08 Oct 2017 10:31:15 GMT
server: cloudflare
etag: "a96ff4477074c6395b7305d2d98fde8e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ktHY3hvUyMxlr1Xwq5JC%2BEBvSRFakdVv7UfrGaReEhpp7dQDR0H4%2BYMGpMVM%2BHQvKSm%2F8ZOE7u0hdrB293xWlPkYg1hP0LB2e9g5xe5xdCklB3ONHTcBT3IV%2BJLSNQOuxiPmsXFLRD0ECGhl1Nw%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 78ea2fc11da49b6a-FRA
x-amz-cf-id: T96eEVy68iOtIAYD2fIIUU89FVCXa65Bm7zGoubkpuvDMF4OylpkNQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
210 B 41ms
40ms XHR
text/plain 2a00:1450:400d:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=364508621&t=pageview&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&ul=en-us&de=UTF-8&dt=New%20%27pymafka%27%20Malicious%20Package%20Drops%20Cobalt%20Strike%20on%20macOS%2C%20Windows%2C%20Linux&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=327621895&gjid=416585554&cid=1600589894.1674578171&tid=UA-137036301-1&_gid=748603674.1674578171&_r=1&_slc=1&gtm=2ou1n0&z=713817118

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Jan 2023 16:36:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
69 B 41ms
41ms XHR
text/plain 2a00:1450:400d:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=364508621&t=pageview&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&ul=en-us&de=UTF-8&dt=New%20%27pymafka%27%20Malicious%20Package%20Drops%20Cobalt%20Strike%20on%20macOS%2C%20Windows%2C%20Linux&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=969879203&gjid=569228219&cid=1600589894.1674578171&tid=UA-1693297-38&_gid=748603674.1674578171&_r=1&_slc=1&gtm=2wg1n0TT8R4P&cd1=0&z=1590936989

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Jan 2023 16:36:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 56ms
34ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=645539512625749&ev=PageView&dl=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&rl=&if=false&ts=1674578171090&sw=1600&sh=1200&v=2.9.94&r=stable&ec=0&o=30&fbp=fb.1.1674578171089.356604962&it=1674578170930&coo=false&rqm=GET

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 24 Jan 2023 16:36:11 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 204 26080357.js Show response
bat.bing.com/p/action/ 0
136 B 103ms
103ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/26080357.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ARR/3.0

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 24 Jan 2023 16:36:10 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 800F7A5083854EAF9B69CED025D664E7 Ref B: FRA31EDGE0521 Ref C: 2023-01-24T16:36:11Z
x-powered-by: ARR/3.0
x-cache: CONFIG_NOCACHE

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
466 B 126ms
117ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1534989&r=1674578171098&ref=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 1534989
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
via: 1.1 google
x-guploader-uploadid: ADPycdvJ-saIXIvP_mDxfBX1xRIVDg4YAgCpYcVDw_TIDodtrKrNE9LAlUXdpbXKQQ5oOCGUst45mt0zMn7PJjzOpliPBw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Tue, 24 Jan 2023 17:36:11 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 143ms
112ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1534989&r=1674578171098&ref=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://blog.sonatype.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 24 Jan 2023 16:36:11 GMT
expires: Tue, 24 Jan 2023 16:36:11 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ADPycdvddOizgVbIeUH1RwLpq5xkB4ic1XVeyaQB1w8cSDpXFIn55vHrCOBrsp7V6S9ITerLi9ahFsd4SwsLpXy5Nr07ohxoTsLD

GET
H3 200 json Show response
blog.sonatype.com/_hcms/forms/embed/v3/form/1958393/57d70dc2-fdae-4a95-864a-471335c8677b/ 20 KB
5 KB 170ms
169ms XHR
application/json 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/_hcms/forms/embed/v3/form/1958393/57d70dc2-fdae-4a95-864a-471335c8677b/json?hs_static_app=forms-embed&hs_static_app_version=1.2593&X-HubSpot-Static-App-Info=forms-embed-1.2593

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6769d747f2d6880a6a13061eaca3f81e35a7a894e73e78a80c06b53cfa5d1d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: application/json, text/plain, */*
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-origin-hublet: na1
date: Tue, 24 Jan 2023 16:36:11 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: fdf5a946-fde0-487c-b2db-0e12e4c774e0
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
x-trace: 2B66D95F3CCB447BA8B7E148D41F6C5FF0BD32CAD5000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dLzTvusNmXr6MPXM%2FdreDXhWaNbxCSziqxJZ2mp%2Br2Gcgmw2alVEUy6Tpume%2FPow%2BMipImFu%2FCDpmzpom4Jmo%2Fv1F2J8d9AuxuATZEKF4fEA70ubgt4%2FEUEEUSxBaNne3gbQtP6Vj2EuwqdXcUsi"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 78ea2fc199019106-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H3 200 json Show response
blog.sonatype.com/_hcms/forms/embed/v3/form/1958393/d7496d0c-2f9e-4dce-8d5f-d273392fc6fa/ 22 KB
5 KB 437ms
436ms XHR
application/json 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/_hcms/forms/embed/v3/form/1958393/d7496d0c-2f9e-4dce-8d5f-d273392fc6fa/json?hs_static_app=forms-embed&hs_static_app_version=1.2593&X-HubSpot-Static-App-Info=forms-embed-1.2593

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b56cd88d5e4a9de7e8951b6a64ba18c37211942cd7d21425fc84559b700a754

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: application/json, text/plain, */*
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-origin-hublet: na1
date: Tue, 24 Jan 2023 16:36:11 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: ab5b2d93-69a8-4d8c-bc9d-391dad0d2692
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
x-trace: 2BB7559C729124A94A98C792B933BD9962CCB0D312000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hAZ4Rob3hmHxW2OTlaxkJIA4qQr%2Fh1ZCOQCjxsXgZbpLv0RBgsoZJ27fnl%2BC6%2FCvj%2BY8hHXiJc7DdF%2BYpl%2FQVecQvdP24yVMvZpfNWikqUeoB5fK5aU6h81lMxv5YgsrlsXyQ4hQ7CLWSi87jbIw"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 78ea2fc199099106-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H2 200 fontawesome-webfont.woff2
1958393.fs1.hubspotusercontent-na1.net/hubfs/1958393/Fonts/font-awesome/fonts/ 65 KB
66 KB 153ms
132ms Font
application/font-woff2 2606:4700:4400::6812:2128
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://1958393.fs1.hubspotusercontent-na1.net/hubfs/1958393/Fonts/font-awesome/fonts/fontawesome-webfont.woff2?v=4.5.0
Requested by: Host: 1958393.fs1.hubspotusercontent-na1.net
URL: https://1958393.fs1.hubspotusercontent-na1.net/hubfs/1958393/Fonts/font-awesome/css/font-awesome.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2128 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Request headers

Referer: https://1958393.fs1.hubspotusercontent-na1.net/hubfs/1958393/Fonts/font-awesome/css/font-awesome.css
Origin: https://blog.sonatype.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
via: 1.1 c0c888b299b9797c37778648bae22064.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-4079175725,P-1958393,FLS-ALL
x-amz-version-id: 3UroynpaV5eWzCWsV891qGxKLQ155y_G
age: 715568
x-amz-cf-pop: BRU50-C1
x-amz-request-id: 68Z6XRTH9ZE0GKNG
edge-cache-tag: F-4079175725,P-1958393,FLS-ALL
cache-tag: F-4079175725,P-1958393,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-length: 66624
x-amz-id-2: BJGfLgWZayDKnl5QYcPTSHRi2z5YtNk656jIhI0Ind6gOmSZvXAOU7P7obho0AoHLEZGM60DIHw=
last-modified: Sun, 08 Oct 2017 10:38:42 GMT
server: cloudflare
etag: "db812d8a70a4e88e888744c1c9a27e89"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 78ea2fc1cabc9a24-FRA
x-amz-cf-id: ZfxUtzR33SRIdlXYyADJZ4m54N2sV5trOWTy3-pV9CbrJj9XRS0ScQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 l
use.typekit.net/af/6e816b/00000000000000003b9b3064/27/ 19 KB
19 KB 78ms
15ms Font
application/font-woff2 2a02:26f0:11a::217:9a58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/6e816b/00000000000000003b9b3064/27/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n5&v=3
Requested by: Host: www.sonatype.com
URL: https://www.sonatype.com/hubfs/Fonts/Proxima-Nova-Extras.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a::217:9a58 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1beec7aae56b70d05ead8a649fa529d94391cd7ff4976634afa38709e9855c48

Request headers

Referer: https://www.sonatype.com/
Origin: https://blog.sonatype.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
server: nginx
etag: "189a667f664e55d860e015add84222b22aeab918"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 19520

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 40ms
39ms XHR
text/plain 2a00:1450:400d:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=364508621&t=pageview&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&ul=en-us&de=UTF-8&dt=New%20%27pymafka%27%20Malicious%20Package%20Drops%20Cobalt%20Strike%20on%20macOS%2C%20Windows%2C%20Linux&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAUABAAAAACAAI~&jid=1026468702&gjid=152885966&cid=1600589894.1674578171&tid=UA-1693297-29&_gid=748603674.1674578171&_r=1&_slc=1&z=1665879145

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Jan 2023 16:36:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 403 sf14g.js
t.sf14g.com/ 0
0 420ms
93ms Script
text/html 34.235.206.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://t.sf14g.com/sf14g.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.206.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-206-112.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

GET
H2 200 adsct
t.co/i/ 43 B
94 B 113ms
112ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=5&eci=2&event_id=870c2adf-53d7-485b-bade-baa56625e1ec&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=134b061c-bc45-4294-8b2e-09d017760c02&tw_document_href=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nv7ri&type=javascript&version=2.3.29

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-response-time: 104
date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 2861ba0d2f8e3c57
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 78c74bf7db8769296aa710c0a32021504ce08a2fbebbb6cdce319c7d43802fcc
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
94 B 126ms
125ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=5&eci=2&event_id=870c2adf-53d7-485b-bade-baa56625e1ec&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=134b061c-bc45-4294-8b2e-09d017760c02&tw_document_href=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nv7ri&type=javascript&version=2.3.29

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-response-time: 113
date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: b0c4f0d09269b9f5
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: f8f2c4e4f8a772c44cd1ef49f5bb0d09660246964c7a054273a865f77f7b6f55
content-length: 43

GET
H2 200 eUSOivES.min.js Show response
tag.demandbase.com/ 81 KB
21 KB 43ms
9ms Script
application/javascript 13.32.27.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.demandbase.com/eUSOivES.min.js

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.65 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-65.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

27f35036a7d439e1b73b2e0ef288ba0fbfb598f907e8fb2967d1d6d032174009

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-amz-version-id: ZiTI.rKhYXhUHmx6YA3Wm5tF22VsybUJ
content-encoding: gzip
via: 1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
date: Tue, 24 Jan 2023 16:34:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA56-C2
age: 146
x-cache: Hit from cloudfront
last-modified: Wed, 19 Oct 2022 08:04:18 GMT
server: AmazonS3
etag: W/"3ddff3293a53895525a3daeb8fdd1509"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-id: iBqnOs6x-31b7FxFMU8l8YSYp1-ckwiiu5E_WRjO0K3SU3b1owwf2w==

GET
H2 200 adsct
t.co/i/ 43 B
93 B 117ms
116ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=5&eci=2&event_id=675a7f5d-209b-44d1-99bd-7258d2d24221&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=134b061c-bc45-4294-8b2e-09d017760c02&tw_document_href=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nv7ri&type=javascript&version=2.3.29

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-response-time: 106
date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: a31fea89c9d12009
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 78c74bf7db8769296aa710c0a32021504ce08a2fbebbb6cdce319c7d43802fcc
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
94 B 116ms
115ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=5&eci=2&event_id=675a7f5d-209b-44d1-99bd-7258d2d24221&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=134b061c-bc45-4294-8b2e-09d017760c02&tw_document_href=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nv7ri&type=javascript&version=2.3.29

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-response-time: 107
date: Tue, 24 Jan 2023 16:36:10 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 51ec85e279842cd9
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: f8f2c4e4f8a772c44cd1ef49f5bb0d09660246964c7a054273a865f77f7b6f55
content-length: 43

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 12ms
12ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

440395954b1ed434b207659350f1e73ca23b0324d2dcfe1129c5d17052387d41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 24 Jan 2023 16:36:11 GMT
content-md5: 0VWhtEBWWJBtUd+qx8U7cg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: N6zspypkjXCcNBJ1P/DkeXkjyIH34Qs5eBoPk3YMAVlO6ZaOCzcjxVopwEs/deQSeGbv5Jyf/BCIUPF3Vts08w==
x-fb-content-md5: b4137e5b6deb816545d142a0093327c0
cross-origin-opener-policy: same-origin-allow-popups
etag: "27312867596f2d99f24dd70b2d18ab15"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
priority: u=3,i
expires: Tue, 24 Jan 2023 16:45:20 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 64ms
9ms Script
application/javascript 93.184.220.66
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6713) /
Resource Hash: 2b4ea37ec31f94cc477c23b52eb3602b05b321f6e629109cd138aac2fa081eb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Tue, 24 Jan 2023 16:36:11 GMT
Content-Encoding: gzip
Age: 728
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 29165
x-amzn-internal-status: 304
Last-Modified: Sat, 14 Jan 2023 01:47:45 GMT
Server: ECS (frb/6713)
Etag: "1f7a9d98d378a9b1ef4dcec793a1c434+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

POST
H2 200 recv Show response
click.prod.mplat-ppcprotect.com/ 20 B
380 B 54ms
44ms Fetch
application/json 2600:9000:2250:6a00:c:8c1e:5700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://click.prod.mplat-ppcprotect.com/recv
Requested by: Host: client.lunio.ai
URL: https://client.lunio.ai/60f8ORF9ZgHyb-Bs0IZB5A4nMBfFFKvw_fLuFXaQ.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:6a00:c:8c1e:5700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 02c045b5a38b1e9a01bf15ab6d48d526dc60a726bf041fe32d153b4ffd71e761

Request headers

Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
content-type: application/json

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
via: 1.1 f7e6fd9466c5c2a3b15f0fb077de1afa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P2
x-amzn-trace-id: Root=1-63d008fb-387d420a56d682b5308111d4
x-amzn-requestid: 63f14193-d417-44e2-b786-15d15e5be598
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
x-amz-apigw-id: fQZXSH5TrPEFtbg=
content-length: 20
x-amz-cf-id: IuoM9yWLexldCw2gcOwv1amdxgLcJZ2w-Z1ICzGpGVgFmiV1zYL8JQ==

OPTIONS
H2 200 recv
click.prod.mplat-ppcprotect.com/ Frame 0
0 62ms
10ms Preflight
application/json 2600:9000:2250:6a00:c:8c1e:5700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://click.prod.mplat-ppcprotect.com/recv
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:6a00:c:8c1e:5700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://blog.sonatype.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: *
age: 9780
content-length: 0
content-type: application/json
date: Tue, 24 Jan 2023 13:53:11 GMT
via: 1.1 f7e6fd9466c5c2a3b15f0fb077de1afa.cloudfront.net (CloudFront)
x-amz-apigw-id: fQBfJHUNrPEFcpw=
x-amz-cf-id: vnbRcRKDavoQ_NkyAyj2j2LpGscYN4VvHjhx4AX4ikkabhdTnbe5dg==
x-amz-cf-pop: FRA60-P2
x-amzn-requestid: 446d9e9c-9c65-4756-b323-2254b8c8ee69
x-cache: Hit from cloudfront

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 26ms
26ms XHR
text/plain 2a00:1450:400c:c04::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-137036301-1&cid=1600589894.1674578171&jid=327621895&gjid=416585554&_gid=748603674.1674578171&_u=YADAAUAAAAAAACAAI~&z=755198028

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 24 Jan 2023 16:36:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 facebook-circle-trim.png
blog.sonatype.com/hs-fs/hubfs/ 573 B
2 KB 48ms
47ms Image
image/png 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=24&name=facebook-circle-trim.png

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ad6932c69716dc7601219b8269bb2337ef92ded125cd5184e639c83927e1836

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 3718533b4f5d67c52ce24dc2e8ef04b4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 377778
x-amz-cf-pop: IAD55-P1
cf-polished: origSize=1122, status=vary_header_present
x-amz-server-side-encryption: AES256
edge-cache-tag: F-6716653300,P-1958393,FLS-ALL
cache-tag: F-6716653300,P-1958393,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 573
last-modified: Thu, 29 Dec 2022 15:33:46 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "27deccf63e050f41d5f04be1741dea1e"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VThD1xWQv6yBmOi96MTC15eU%2BKbqwbUN3DZdPAHqP5tHbqRwLjg2GzGrVlfhQtcBp0dDwNC8IEhoHN0VF60L1vnRQh%2Bs34nGxc8PQdQD%2BhJFy8wu0QmsYmmdt48fzaAbOt%2BdQzwxlbHNb5uPgkMJ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 78ea2fc1e9a99106-FRA
x-amz-cf-id: rEMr4zjTty_5SnKd1BjDHK2Ao1vTeuoZCGMVKR5SRNVkMIKlHvuBTw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 Linked-In-Circle-trim.png
blog.sonatype.com/hs-fs/hubfs/ 596 B
2 KB 58ms
55ms Image
image/png 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=24&name=Linked-In-Circle-trim.png

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a7d977f8f4490e8f37261f6d2cd3fec5b22278373a0ba1fab265a249287f6fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 1bc23a6188e36846e1cf72b17d7ac1ac.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 377778
x-amz-cf-pop: IAD55-P1
cf-polished: origSize=1143, status=vary_header_present
x-amz-server-side-encryption: AES256
edge-cache-tag: F-6716653299,P-1958393,FLS-ALL
cache-tag: F-6716653299,P-1958393,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 596
last-modified: Mon, 09 Jan 2023 21:54:04 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "754c3ce4f023324371da06734a84a699"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M6Ek9rM5QG0QycjpNe1%2BSeg7DYVF0Hz79IB%2BMAMex9UwEBJ2nWgx86%2F1xQq9xWys0qZWLs02n4oFRtN7tuNSqpwmbAD7gNnDBRgpgXMOf1FLLapdVvl7D9p0%2F2xQShiPBVbdrtnyjSV6GKEplUGz"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 78ea2fc1e9ab9106-FRA
x-amz-cf-id: SbmIU3j8eQOpPqmv1bxwM1UGr3_dIbgJ5T2yiiCq0VwwDqO207mxrQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 Twitter-circle-trim.png
blog.sonatype.com/hs-fs/hubfs/ 598 B
2 KB 41ms
38ms Image
image/png 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=24&name=Twitter-circle-trim.png

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

23a1bc7b61375c09f9b442ba659707d599b912eecd4fb6c85bc3022620362a91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 de349bd2105a0a744704f391ff854e62.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 397631
x-amz-cf-pop: IAD89-P1
cf-polished: origSize=1160, status=vary_header_present
x-amz-server-side-encryption: AES256
edge-cache-tag: F-6716653301,P-1958393,FLS-ALL
cache-tag: F-6716653301,P-1958393,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 598
last-modified: Mon, 09 Jan 2023 21:54:03 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "705b1e9283075d0a9d20eb9499cb9ec0"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=crp8wql73YCJlfxN0MvZxEP0B%2BBcbLecTwl4cqsDCayRvgUngtfzw9mo3filzvtlUXIPGib5rEMR5VvYHtxAv13uLXju7CJbA2yq3iwuXm3LBW5Fpqb%2B1Xzj6z8XJMBkN6GWS1blatQ6GBT07y03"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 78ea2fc1e9ad9106-FRA
x-amz-cf-id: QER4Kaof4t5b1JlMPkVhg6RZsSZ6clKqwEqAMXGeB54v-kZGVXf88A==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 mail-circle.png
blog.sonatype.com/hs-fs/hubfs/ 701 B
2 KB 64ms
61ms Image
image/png 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=24&name=mail-circle.png

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c48a4c0d958d7652bdc4f62f7880f81daa2ce4d79a0f03f6d59cced2eea9754

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 8bf94e29f889f8d0076c4502ae008b58.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 377778
x-amz-cf-pop: IAD55-P1
cf-polished: origSize=1307, status=vary_header_present
x-amz-server-side-encryption: AES256
edge-cache-tag: F-6653767664,P-1958393,FLS-ALL
cache-tag: F-6653767664,P-1958393,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 701
last-modified: Sat, 31 Dec 2022 19:35:29 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "bcbac84885a1fe7465b79dcf3fb6e107"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MTga%2BJASXNQ%2BAYfZePeborxmvyfH8JyYcU59HEkKsWZwA2jlzwN0sHX4hCFXhZgrmcgARXT9Ah21%2FuEd%2Bc1LM5DWizPmKY8qYjxfDqS%2B2c8Hnk5gHJLI1aXjDCNrwh5YoYQ4iFWPtbPWo3CpBQme"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 78ea2fc1e9b19106-FRA
x-amz-cf-id: y6YBiLLsQiqtO5tl_5MMf6Mj-AEvrDAUvGd8mIMmqjUPeKEQ-bG8wA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 image-png-May-18-2022-01-18-04-63-PM.png
blog.sonatype.com/hs-fs/hubfs/ 58 KB
59 KB 431ms
428ms Image
image/png 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.sonatype.com/hs-fs/hubfs/image-png-May-18-2022-01-18-04-63-PM.png?width=716&name=image-png-May-18-2022-01-18-04-63-PM.png

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a018ee76e539a15932d2b1a84f4a5a330e5772ec56681d3742d2bae758c020e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 470d4277236d0557f3e42c6bfe9dac78.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-73887343903,P-1958393,FLS-ALL
cache-tag: F-73887343903,P-1958393,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: Miss from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 59115
last-modified: Thu, 12 Jan 2023 18:48:22 GMT
server: cloudflare
etag: "1f93d76729970413906306a458317a47"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WVzjmOXxX%2FR14%2BjvtD0CnBUVd2WDJtCkosg3Q9w341s5UyLEgr18Y5h122Z43scMD8zLZvf%2FBirD%2FA8nJARP0V0jNBpRdDHqxAP532m6iig7WXkTQKPTHpX0%2F83wiSpLiHZ9QBX6LonRIeS%2BIoAX"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 78ea2fc1e9b79106-FRA
x-amz-cf-id: 3n3cvFeeQYCA0xpB47x84Xj6Gg3fdIRASlW1v_YrBT6oroxSYIw2ew==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 image-png-May-18-2022-01-24-21-09-PM.png
blog.sonatype.com/hs-fs/hubfs/ 194 KB
195 KB 370ms
367ms Image
image/png 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.sonatype.com/hs-fs/hubfs/image-png-May-18-2022-01-24-21-09-PM.png?width=733&name=image-png-May-18-2022-01-24-21-09-PM.png

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2c15ff6d88c1075ed18ecd491c657d70eac35d28e698c18bcaf61a9df0c084c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-73888208716,P-1958393,FLS-ALL
cache-tag: F-73888208716,P-1958393,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 198770
last-modified: Mon, 23 Jan 2023 19:25:09 GMT
server: cloudflare
etag: "15e7da958d3ef08cd4c779534cf1f6a7"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kTAT6AKhLtsGqy7%2B5qbuzzqnn8zP%2FhDcQAf7HWbRQkqJb5PTicB7HHOZ%2Br2IHSrKyOqfewyPaDtlKruk9GdeBybjdjNC%2FLXjqr%2BmBCSbAhOCiuuO7AVVoa1yIUJRMJEJrWvNcgQCe3YWTasYVBbN"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 78ea2fc1e9b99106-FRA
x-amz-cf-id: DzpiNfvGXepNikUqT0tvrxoxZ6lUMkfnNOGqebHO8K4whvn2OsC1pQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 image-png-May-18-2022-02-53-27-40-PM.png
blog.sonatype.com/hs-fs/hubfs/ 87 KB
88 KB 371ms
369ms Image
image/png 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.sonatype.com/hs-fs/hubfs/image-png-May-18-2022-02-53-27-40-PM.png?width=720&name=image-png-May-18-2022-02-53-27-40-PM.png

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

91c89b313ec36936b96fbd02cdf0d4be2ad5f5f81e8702ad4bc7d2202d79098e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 470d4277236d0557f3e42c6bfe9dac78.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-73896150534,P-1958393,FLS-ALL
cache-tag: F-73896150534,P-1958393,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 88924
last-modified: Mon, 23 Jan 2023 19:25:15 GMT
server: cloudflare
etag: "1f80a4ccfb03d8e762d178ba93c84bbb"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wpQuMAd1U2SO6guEdMdaXJlLmBvtQzDPwzdiiBgVEGFaE4%2BkkYRHNlKqYyO7hVTQGFjHqc%2BesjeS0hjhPopWM8q91Kzm%2B8BNyn%2F3V6CcQZhptofGhpKg317tg8RBtxuQj9Ydm0tz7ZepASPIaOL1"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 78ea2fc1e9bd9106-FRA
x-amz-cf-id: z2OUiFLcqR6h2KPC3C6FtBzRQAqpP65pDgqQkI9CF_hD3bLJKz4xeA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 U-cofx0-oAHuk7B8hQ_0YBbx7E9LQSW04uag5iP4Q7mdyUWkjohGvAiYYykP8LnvXzbz7CUADYOIt3X4KVAozG7Sxz7PFEffVVl_TP2LufuKfXcPzVvjvk3Br_IPtFK9776-HbUE.png
blog.sonatype.com/hs-fs/hubfs/Imported%20sitepage%20images/ 99 KB
100 KB 42ms
39ms Image
image/png 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.sonatype.com/hs-fs/hubfs/Imported%20sitepage%20images/U-cofx0-oAHuk7B8hQ_0YBbx7E9LQSW04uag5iP4Q7mdyUWkjohGvAiYYykP8LnvXzbz7CUADYOIt3X4KVAozG7Sxz7PFEffVVl_TP2LufuKfXcPzVvjvk3Br_IPtFK9776-HbUE.png?width=624&name=U-cofx0-oAHuk7B8hQ_0YBbx7E9LQSW04uag5iP4Q7mdyUWkjohGvAiYYykP8LnvXzbz7CUADYOIt3X4KVAozG7Sxz7PFEffVVl_TP2LufuKfXcPzVvjvk3Br_IPtFK9776-HbUE.png

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d93f6d7a53810dd2fb4c9d14b7d32e88ca9084fd3ffa79a113c221eb41c05fd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 3500e6db5ae43764ed5ca43fc6d56058.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 32027
x-amz-cf-pop: IAD89-P1
cf-polished: origSize=113466, status=vary_header_present
x-amz-server-side-encryption: AES256
edge-cache-tag: F-65333674618,FD-59273491383,P-1958393,FLS-ALL
cache-tag: F-65333674618,FD-59273491383,P-1958393,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 101398
last-modified: Fri, 20 Jan 2023 11:15:29 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "54b4339e9fd0a698dd5237eebfc79e3e"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SAyxRSYNQ6xXsyr1AFJvqElSiEkjaAPtbx0TIC3PU%2FCTH4QzIdzAaQoblPxagDBF4kZFECdL4ZP%2B09ev3Jboxu9oX%2FSD07z4fca0rZDur%2FI6OP9BWhrh4oi91wckHGvtCz1NQy7%2FiS50TYMUACk%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 78ea2fc1e9c09106-FRA
x-amz-cf-id: StQWK8vRJw1mfWWiUqZsOTogUC5OJZwwDaWaBrM3dpZkf570ELLSYA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 25ms
22ms XHR
text/plain 2a00:1450:400c:c04::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-1693297-38&cid=1600589894.1674578171&jid=969879203&gjid=569228219&_gid=748603674.1674578171&_u=YADAAUABAAAAACAAI~&z=2030401473

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 24 Jan 2023 16:36:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
749 B 247ms
216ms Script
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=1958393&callback=jsonpHandler

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs/hsstatic/HubspotToolsMenu/static-1.143/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
server: cloudflare
x-hubspot-correlation-id: bb82cfb3-9032-41f0-a9c2-be7a66152fbe
x-trace: 2BE7BF05C9A5B75A2874E294BCE9F6ACD41BA3EC1D000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports"}]}
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 78ea2fc22bb0910c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
reporting-endpoints: default="https://exceptions.hubspot.com/csp/reports?cfRay=78ea2fc22bb0910c&resource=unknown"

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
327 B 8ms
8ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=24c12a73dc80469ec08ab888cd2d044b&_biz_s=65bd8a&_biz_l=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&_biz_t=1674578170824&_biz_i=New%20%27pymafka%27%20Malicious%20Package%20Drops%20Cobalt%20Strike%20on%20macOS%2C%20Windows%2C%20Linux&_biz_n=0&rnd=27685&cdn_o=a&_biz_z=1674578171211
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6760) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Jan 2023 16:36:11 GMT
last-modified: Wed, 18 Jan 2023 14:12:16 GMT
server: ECS (frb/6760)
age: 527035
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: Image/GIF
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
203 B 9ms
8ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizibly.com/u?_biz_u=24c12a73dc80469ec08ab888cd2d044b&_biz_s=65bd8a&_biz_l=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&_biz_t=1674578171213&_biz_i=New%20%27pymafka%27%20Malicious%20Package%20Drops%20Cobalt%20Strike%20on%20macOS%2C%20Windows%2C%20Linux&rnd=452307&cdn_o=a&_biz_z=1674578171213
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67C2) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Jan 2023 16:36:11 GMT
last-modified: Thu, 19 Jan 2023 23:58:40 GMT
server: ECS (frb/67C2)
age: 405451
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: Image/GIF
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 public Show response
api-na1.hubapi.com/comments/v3/comments/thread/ 74 B
719 B 211ms
154ms Script
application/javascript 2606:4700::6811:c8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-na1.hubapi.com/comments/v3/comments/thread/public?portalId=1958393&offset=0&limit=1000&contentId=73883837965&collectionId=3737438004&callback=jsonp_1674578171214_5234

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c8cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3db40b7f51a170412ffb8a831a5eb26b5c1500b8e3ecaa7af926a9115bf6ddd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-hubspot-correlation-id: acfad8bb-dd35-470b-878a-6fbdacbe9ae3
x-trace: 2B8A619A9A5BEF9EE5176986C5772FC91326FCFE19000000000000000000
vary: origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n6AL1ZKCUMYhLKChJOkMxUAuLjEiirsIb1LNn0%2BQ0J%2FEvxodEpSolG9qg3NtYQV5y%2F9QwCw1uI7n%2Bav4UTCWJ5BpuuEdbf4NOLE3MRDrk%2Ft%2FUcXgjDjE8OBSNruix7iQRD1toL2ruCuAxsGtY7Nl1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-credentials: false
cf-ray: 78ea2fc299a65b26-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 204 0
bat.bing.com/action/ 0
288 B 37ms
33ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=26080357&tm=gtm002&Ver=2&mid=b2004465-d157-4a37-ba31-fd2624567b29&sid=35f217d09c0511edbc9aef1605949714&vid=35f323209c0511ed87f395e712097cd4&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=New%20%27pymafka%27%20Malicious%20Package%20Drops%20Cobalt%20Strike%20on%20macOS,%20Windows,%20Linux&p=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&r=&lt=2213&evt=pageLoad&sv=1&rn=66972

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 24 Jan 2023 16:36:10 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4DA9BB0B507C4B6C8ECF2EF521E16603 Ref B: FRA31EDGE0521 Ref C: 2023-01-24T16:36:11Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 55ms
33ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-137036301-1&cid=1600589894.1674578171&jid=327621895&_u=YADAAUAAAAAAACAAI~&z=1162197985

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Jan 2023 16:36:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 61ms
39ms Image
image/gif 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-137036301-1&cid=1600589894.1674578171&jid=327621895&_u=YADAAUAAAAAAACAAI~&z=1162197985

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Jan 2023 16:36:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 31ms
21ms XHR
text/plain 2a00:1450:400c:c04::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-1693297-29&cid=1600589894.1674578171&jid=1026468702&gjid=152885966&_gid=748603674.1674578171&_u=aADAAUABAAAAACAAI~&z=2004184198

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c04::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 24 Jan 2023 16:36:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 54ms
33ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-1693297-38&cid=1600589894.1674578171&jid=969879203&_u=YADAAUABAAAAACAAI~&z=1128018999

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Jan 2023 16:36:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 61ms
40ms Image
image/gif 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-1693297-38&cid=1600589894.1674578171&jid=969879203&_u=YADAAUABAAAAACAAI~&z=1128018999

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Jan 2023 16:36:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/1958393/ 203 KB
63 KB 205ms
164ms Script
text/javascript 2606:4700:4400::6812:21ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/1958393/banner.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs/scriptloader/1958393.js?businessUnitId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:21ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d59b88df0787427df41aba8e87c48c0cd07d73a2c8d51638f6abb5658ef9bd44

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
x-amz-version-id: xAcrYQ7CYMt7KmQvsWUfeojQJj4.I2M9
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 2EG8V52RQCR2KQS6
x-amz-server-side-encryption: AES256
x-amz-id-2: F5H4H9M9q6GWduCjLWmqs7RuXt046xew8htq9VLfM+9R55PKMSUkuvpIB2puwYsdYtNtBbt+W4Q=
last-modified: Thu, 08 Dec 2022 20:36:52 GMT
server: cloudflare
etag: W/"95ed0578234bd7665f3025a54d537dda"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://ossindex.sonatype.org
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 78ea2fc27c4d90a2-FRA
expires: Tue, 24 Jan 2023 16:41:11 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 68ms
27ms Script
application/javascript 2606:4700::6811:73b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsadspixel.net/fb.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs/scriptloader/1958393.js?businessUnitId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:73b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27f0d709041eb37753cad3710e46e3860ce42c28c8992d29e8c58fba33fa9910

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
x-amz-version-id: SDrNOl8ziD8gAW.Yx4_m5h0e_hjF8Ssn
via: 1.1 872e43fac89d80c9557000efb9c31650.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-amz-cf-pop: IAD12-P3
age: 380
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.316/bundles/pixels-release.js&cfRay=78ea267a6dd990b5-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-amz-replication-status: COMPLETED
last-modified: Fri, 20 Jan 2023 04:29:49 UTC
server: cloudflare
etag: W/"c400e8c1e05d683a64923854807562fd"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
cache-control: max-age=600
cf-ray: 78ea2fc27abb9177-FRA
x-amz-cf-id: a9ulVqiRnVlBkgT2elOQIMy6qIl4rx_jssO02BsFw7kyYaI7u8gh9Q==
x-hs-target-asset: adsscriptloaderstatic/static-1.316/bundles/pixels-release.js

GET
H2 200 1958393.js Show response
js.hs-analytics.net/analytics/1674578100000/ 75 KB
21 KB 198ms
157ms Script
text/javascript 2606:4700::6811:45b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1674578100000/1958393.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs/scriptloader/1958393.js?businessUnitId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:45b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 327b2c88d65784cc25e13c61e3081c6be556673e4fe25923a4a550784cef8c5e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: BEDSHV659QKR0P31
x-amz-server-side-encryption: AES256
x-amz-id-2: HI2AQCOIElIujtZ46/n47riD8+P7ie3t8yF9EV3lr/QuR5EyFGikJBf4uf+sPG7cD/0oxqhHpP4=
last-modified: Wed, 18 Jan 2023 19:57:52 GMT
server: cloudflare
etag: W/"fc4883d8396936a1ade9f3a942d655ec"
vary: origin, Accept-Encoding
content-type: text/javascript
cache-control: max-age=300, public
access-control-allow-credentials: false
cf-ray: 78ea2fc27b442bb8-FRA
expires: Tue, 24 Jan 2023 16:41:11 GMT

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 116 B
524 B 132ms
119ms Script
text/javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/xdc.js?_biz_u=24c12a73dc80469ec08ab888cd2d044b&_biz_h=-1906410348&cdn_o=a&jsVer=4.22.11.28
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6711) /
Resource Hash: 17446d73e0758a4a5f218a0fa4257b7f41fad13c2a19a8e9936192508cb8fb1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:10 GMT
content-encoding: gzip
server: ECS (frb/6711)
etag: 77BA3262
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
content-length: 217

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 302 KB
85 KB 26ms
10ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=64a1e3aebb95c19ef1fb2178c16da0a1

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ad3600126efde4c0362795fd2059f2a83a4577933eb7ce2a70d56f028f30552f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Origin: https://blog.sonatype.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 24 Jan 2023 16:36:11 GMT
content-md5: PsUglFjKT7/SW5/xQmN48A==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86782
x-fb-rlafr: 0
x-fb-debug: Jhh1M4fKsRNdwsQ2C8LJEnufeXfgAcxGuswR2PkhPA2mxacsO+Up1Vd1LqEOUnBFWb+bJGjtsVaReVOoqkj0bg==
x-fb-content-md5: cc91af6adff222ad397e9edf1c814bfc
cross-origin-opener-policy: same-origin-allow-popups
etag: "025ce1f50d0621be8a55062a3bd4e8bb"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
priority: u=3,i
expires: Wed, 24 Jan 2024 12:44:26 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AAJrjU7HoBIAAB_9diiOJQ
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAJrjU7HoBIAAB_9diiOJQ&verifyHash=1b46d20e1fc32ccb78cf9cde70d0c0802a1d6c1e

26 B
409 B

101ms
101ms

Image
image/gif

52.222.214.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAJrjU7HoBIAAB_9diiOJQ&verifyHash=1b46d20e1fc32ccb78cf9cde70d0c0802a1d6c1e
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Protocol: HTTP/1.1
Server: 52.222.214.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-56.fra56.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Tue, 24 Jan 2023 16:36:12 GMT
Via: 1.1 d9523e44e96d2539081596bb1d268d44.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P3
Transfer-Encoding: chunked
X-Cache: Miss from cloudfront
Content-Type: image/gif
Vary: Origin
Connection: keep-alive
trace-id: 1e4777dadf8751f9
X-Amz-Cf-Id: WNc57VNYDJnP3XmoQE37Yo_L_CA0Z2gksghPHkaSKDfgfrl2EaqiVg==

Redirect headers

Date: Tue, 24 Jan 2023 16:36:12 GMT
Via: 1.1 d9523e44e96d2539081596bb1d268d44.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P3
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AAJrjU7HoBIAAB_9diiOJQ&verifyHash=1b46d20e1fc32ccb78cf9cde70d0c0802a1d6c1e
Connection: keep-alive
trace-id: 121a25edfcca398b
Content-Length: 0
X-Amz-Cf-Id: zUBOAY0R_rTRt3ZE_SAk2WIZPieGSX8e2NDTmAnQbLiJom99K5ZSUA==

GET
H2 451 464526.gif
id.rlcdn.com/ 0
98 B 66ms
20ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 401 ip.json Show response
api.company-target.com/api/v2/ 12 B
511 B 81ms
57ms XHR
text/plain 65.9.95.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&page_title=New%20%27pymafka%27%20Malicious%20Package%20Drops%20Cobalt%20Strike%20on%20macOS%2C%20Windows%2C%20Linux

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.89 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-89.prg50.r.cloudfront.net

Software

nginx /

Resource Hash

d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
via: 1.1 6fc3cae9692b6db972e4990be9921fae.cloudfront.net (CloudFront)
www-authenticate: DemandBase API v2
x-content-type-options: nosniff
x-amz-cf-pop: PRG50-C1
x-cache: Error from cloudfront
request-id: dfe45ad8-d866-41b7-b0ae-18314eab2651
content-length: 12
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://blog.sonatype.com
access-control-expose-headers
vary: Origin
access-control-allow-credentials: true
x-amz-cf-id: pmOortSf1_0MfniHnTpjaU6Mdl83Yn-JI057JjL8U9H-9tw0jqVbfQ==

GET
H/1.1 200
OK widget_iframe.3da3731af9a8a2b242ed5500485bb22f.html Show response
platform.twitter.com/widgets/ Frame B082 320 KB
104 KB 22ms
8ms Document
text/html 93.184.220.66
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.3da3731af9a8a2b242ed5500485bb22f.html?origin=https%3A%2F%2Fblog.sonatype.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/673A) /
Resource Hash: 8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74

Request headers

Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 915313
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105445
Content-Type: text/html; charset=utf-8
Date: Tue, 24 Jan 2023 16:36:11 GMT
Etag: "50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified: Sat, 14 Jan 2023 01:38:30 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/673A)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 41ms
32ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-1693297-29&cid=1600589894.1674578171&jid=1026468702&_u=aADAAUABAAAAACAAI~&z=776777376

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Jan 2023 16:36:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 43ms
34ms Image
image/gif 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-1693297-29&cid=1600589894.1674578171&jid=1026468702&_u=aADAAUABAAAAACAAI~&z=776777376

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Jan 2023 16:36:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
438 B 165ms
141ms Image
image/gif 2606:4700::6810:5905
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5905 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: bf5b1217-7ce8-4f3d-a9b5-7bd2bc0c52d9
x-trace: 2B00E8ED810DB96B927E2C5CBE3F3DD40A81B338A0000000000000000000
vary: origin
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 78ea2fc2ef342c4d-FRA
content-length: 35
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 1 KB
660 B 17ms
16ms Script
text/javascript 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_b00e4c90_241c_4ad6_80ac_805087bf98b4&render=explicit&hl=en

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a28e66a6e05e1f21f0fcb13fc02fdf4a8cdb49b36dd108c8df3540a57ea9fce4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 639
x-xss-protection: 1; mode=block
expires: Tue, 24 Jan 2023 16:36:11 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame B082 1 KB
732 B 191ms
124ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=e054d10e0aeda555cd24070d31ee2a438f12813e

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.3da3731af9a8a2b242ed5500485bb22f.html?origin=https%3A%2F%2Fblog.sonatype.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

1a35c9edc3f6eb0a3d42c7757f945ff8878566565089e68ceef1134100417aae

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-response-time: 110
date: Tue, 24 Jan 2023 16:36:10 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Tue, 24 Jan 2023 16:36:11 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 9cca39be87835233
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: 08408baad9b8a26d52892ad4bcc6901aed9d71e26c815365bc494c969e8657f3
content-length: 411

GET
H2 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
168 B 131ms
130ms Image
image/gif 2606:4700::6810:5905
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5905 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: 73b6ec09-b339-4963-bd47-1e2df9e39914
x-trace: 2B12DD9A5EB010B480EAD67030284E998E3A5A4104000000000000000000
vary: origin
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 78ea2fc33fd82c4d-FRA
content-length: 35
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/ 401 KB
161 KB 39ms
13ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_b00e4c90_241c_4ad6_80ac_805087bf98b4&render=explicit&hl=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b3e6d9ed5dd1f0d2c611513d27ab4a4377757fb0b7804af25f11a656e5094dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Origin: https://blog.sonatype.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 11:03:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19986
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 163892
x-xss-protection: 0
last-modified: Mon, 16 Jan 2023 01:02:16 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 24 Jan 2024 11:03:05 GMT

GET
BLOB 200
OK 07f23ad2-1b35-4d60-b587-a9cff2adfefb
https://blog.sonatype.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://blog.sonatype.com/07f23ad2-1b35-4d60-b587-a9cff2adfefb
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 184 B
906 B 180ms
142ms XHR
application/json 2606:4700::6811:c9cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=1958393

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c9cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3813d3e4d5a01c191805f430a3ce0a2027f1a7bf532175c826a41f23cee173b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 6963f928-9527-47e5-9f0a-eb17cb626ca8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
x-trace: 2BD5E998629944D07B9B226F476294829B35948DD5000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.sonatype.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZXXccYskVejoP5LuoCD5zu9WVaa%2BlfRKWkOfbJxkDYEwcKh8TReDyXSu4cM9VwBWBEs7rkyL1mA%2B0Hhf35DhtwT12heFYJLxKTYuJmJgdZVT7GiedfKom177f2Qq42xcCbPL6ynkrQExObJE"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 180
access-control-allow-credentials: false
cf-ray: 78ea2fc3ee842bbb-FRA
access-control-allow-headers: *

GET
H3 200 anchor Show response
www.google.com/recaptcha/enterprise/ Frame B3D2 43 KB
22 KB 27ms
26ms Document
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLnNvbmF0eXBlLmNvbTo0NDM.&hl=en&v=Gg72x2_SHmxi8X0BLo33HMpr&size=invisible&badge=inline&cb=e2t3ec6a8dcc

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

12e439f51ea438714869fdd6339305c8fad47e5a47d55817f37a992ba879678a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Nehq0fexYV4qy2oU0R_TfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22900
content-security-policy: script-src 'report-sample' 'nonce-Nehq0fexYV4qy2oU0R_TfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 24 Jan 2023 16:36:11 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/ Frame B3D2 52 KB
24 KB 26ms
8ms Stylesheet
text/css 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLnNvbmF0eXBlLmNvbTo0NDM.&hl=en&v=Gg72x2_SHmxi8X0BLo33HMpr&size=invisible&badge=inline&cb=e2t3ec6a8dcc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a59bb42cb945084820cd1eb370a22a68fa9451b9e57abb1daada408d2ff64e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:33:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 147
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24262
x-xss-protection: 0
last-modified: Mon, 16 Jan 2023 01:02:16 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 24 Jan 2024 16:33:44 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/ Frame B3D2 401 KB
160 KB 31ms
13ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b3e6d9ed5dd1f0d2c611513d27ab4a4377757fb0b7804af25f11a656e5094dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 11:03:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19986
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 163892
x-xss-protection: 0
last-modified: Mon, 16 Jan 2023 01:02:16 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 24 Jan 2024 11:03:05 GMT

GET
H2 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
168 B 147ms
146ms Image
image/gif 2606:4700::6810:5905
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5905 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: 3e9ea90e-9c57-4a7b-a99a-cc96f5eaf88e
x-trace: 2B499E7A053971E26D4F0151BBD68D82A38C924A89000000000000000000
vary: origin
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 78ea2fc46a0d2c4d-FRA
content-length: 35
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
393 B 143ms
143ms Image
image/gif 2606:4700::6810:5905
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5905 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: 9659f5ff-127e-41b8-925a-4dd60c92251f
x-trace: 2BC959478C7E719095E21F0CB90C3437C2D63BBB88000000000000000000
vary: origin
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 78ea2fc489f36955-FRA
content-length: 35
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 16ms
16ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-2TMM6KZPXQ&gtm=2oe1n0&_p=364508621&gdid=dMWZhNz&cid=1600589894.1674578171&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1674578170&sct=1&seg=0&dl=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&dt=New%20%27pymafka%27%20Malicious%20Package%20Drops%20Cobalt%20Strike%20on%20macOS%2C%20Windows%2C%20Linux&en=scroll&epn.percent_scrolled=90&_et=24
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2TMM6KZPXQ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Jan 2023 16:36:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
www.facebook.com/tr/ Frame 800E 0
50 B 17ms
12ms Document
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://blog.sonatype.com
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://blog.sonatype.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Tue, 24 Jan 2023 16:36:11 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame B3D2 2 KB
2 KB 8ms
7ms Image
image/png 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 18:59:47 GMT
x-content-type-options: nosniff
age: 596184
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Tue, 24 Jan 2023 18:59:47 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B3D2 15 KB
16 KB 38ms
11ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 19:21:27 GMT
x-content-type-options: nosniff
age: 594884
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Jan 2024 19:21:27 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B3D2 15 KB
15 KB 39ms
12ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 18:59:48 GMT
x-content-type-options: nosniff
age: 596183
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 17 Jan 2024 18:59:48 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 8ms
8ms Script
application/x-javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=9099
accept-ranges: bytes
content-length: 4777

GET
H3 200 webworker.js
www.google.com/recaptcha/enterprise/ Frame B3D2 102 B
134 B 17ms
17ms Other
text/javascript 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=Gg72x2_SHmxi8X0BLo33HMpr

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8eb3bfd91a1144cf7f20c5ddd6383097d0f206537bfc2575a7ac5f4acf0cee80

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLnNvbmF0eXBlLmNvbTo0NDM.&hl=en&v=Gg72x2_SHmxi8X0BLo33HMpr&size=invisible&badge=inline&cb=e2t3ec6a8dcc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Tue, 24 Jan 2023 16:36:12 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/enterprise/ Frame 2D93 7 KB
1 KB 24ms
23ms Document
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=Gg72x2_SHmxi8X0BLo33HMpr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

55c5294661d4f9e9bde110b060275bb957e0d1fc358b13f489443003e054406b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qwxV1a7u1fN6ygDDdNABgg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 1119
content-security-policy: script-src 'report-sample' 'nonce-qwxV1a7u1fN6ygDDdNABgg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 24 Jan 2023 16:36:12 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/ Frame 2D93 52 KB
24 KB 14ms
8ms Stylesheet
text/css 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=Gg72x2_SHmxi8X0BLo33HMpr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a59bb42cb945084820cd1eb370a22a68fa9451b9e57abb1daada408d2ff64e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:33:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 148
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24262
x-xss-protection: 0
last-modified: Mon, 16 Jan 2023 01:02:16 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 24 Jan 2024 16:33:44 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/ Frame 2D93 401 KB
160 KB 16ms
10ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=Gg72x2_SHmxi8X0BLo33HMpr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b3e6d9ed5dd1f0d2c611513d27ab4a4377757fb0b7804af25f11a656e5094dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 11:03:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19987
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 163892
x-xss-protection: 0
last-modified: Mon, 16 Jan 2023 01:02:16 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 24 Jan 2024 11:03:05 GMT

POST
H3 200 reload Show response
www.google.com/recaptcha/enterprise/ Frame 2D93 39 KB
23 KB 40ms
40ms XHR
application/json 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

06d07a1bda1e89aa1d816afa0603a86506b60a6fdbf5ad98a554dd2672317520

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=Gg72x2_SHmxi8X0BLo33HMpr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Tue, 24 Jan 2023 16:36:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24024
x-xss-protection: 1; mode=block
expires: Tue, 24 Jan 2023 16:36:12 GMT

GET
H3 200 refresh_2x.png
www.gstatic.com/recaptcha/api2/ Frame 2D93 600 B
624 B 9ms
7ms Image
image/png 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/refresh_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 08:44:59 GMT
x-content-type-options: nosniff
age: 546673
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 600
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Wed, 25 Jan 2023 08:44:59 GMT

GET
H3 200 audio_2x.png
www.gstatic.com/recaptcha/api2/ Frame 2D93 530 B
554 B 10ms
8ms Image
image/png 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/audio_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 23 Jan 2023 23:42:15 GMT
x-content-type-options: nosniff
age: 60837
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 530
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Mon, 30 Jan 2023 23:42:15 GMT

GET
H3 200 info_2x.png
www.gstatic.com/recaptcha/api2/ Frame 2D93 665 B
689 B 11ms
9ms Image
image/png 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/info_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sat, 21 Jan 2023 15:32:43 GMT
x-content-type-options: nosniff
age: 263009
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 665
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Sat, 28 Jan 2023 15:32:43 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 2D93 15 KB
15 KB 13ms
10ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 19:21:27 GMT
x-content-type-options: nosniff
age: 594885
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Jan 2024 19:21:27 GMT

GET
H2 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 2D93 15 KB
15 KB 45ms
43ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 20 Jan 2023 06:37:10 GMT
x-content-type-options: nosniff
age: 381542
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15340
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 20 Jan 2024 06:37:10 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 2D93 15 KB
15 KB 45ms
42ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 17 Jan 2023 18:59:48 GMT
x-content-type-options: nosniff
age: 596184
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 17 Jan 2024 18:59:48 GMT

GET
H3 200 payload
www.google.com/recaptcha/enterprise/ Frame 2D93 38 KB
38 KB 22ms
19ms Image
image/jpeg 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/recaptcha/enterprise/payload?p=06AFY_a8Wl8qvDgeLi3SzW-BHMzCBCBGSDLgCqGaKBgHG3D6PsGf801fh3IZChYKza62YAkqZsd4K3JpgzgKyx34-VWgklAB-2b6xXdkzfrUk3ETJhxvqy3e_r_4kaXU1v9Rxpeky7uqExBNj4258HFMAjOsTMtd1022msFJ6FKhJHPO5Bxa6qRdXqxkut7mxpkag1SY_-RAPw&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0ed8f5b6dbd4b150567f7d1f60a27fb68c7f160b421ed45dba34709c03b5ef51

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=Gg72x2_SHmxi8X0BLo33HMpr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 16:36:12 GMT
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: private, max-age=30
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39258
x-xss-protection: 1; mode=block
expires: Tue, 24 Jan 2023 16:36:12 GMT

POST
H3 204 collect
region1.analytics.google.com/g/ 0
17 B 15ms
15ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-2TMM6KZPXQ&gtm=2oe1n0&_p=364508621&gdid=dMWZhNz&cid=1600589894.1674578171&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAE&sid=1674578170&sct=1&seg=0&dl=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&dt=New%20%27pymafka%27%20Malicious%20Package%20Drops%20Cobalt%20Strike%20on%20macOS%2C%20Windows%2C%20Linux&_s=3
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2TMM6KZPXQ&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 24 Jan 2023 16:36:16 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.sonatype.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonticons-free-fonticons.netdna-ssl.com
URL: https://fonticons-free-fonticons.netdna-ssl.com/kits/cae69742/cae69742.css

Verdicts & Comments Add Verdict or Comment

238 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

45 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-20 13:28:50	Name: _GRECAPTCHA Value: 09AOOcfwsaXfxy-tEDnT6ra8S-Y-fyR7e9ibolTKvrmu-OoiC1cu1hxtGHJOyDmNyB8hd7VtAHzcFYxrV_DOayhlo
.blog.sonatype.com/	1970-01-20 09:09:39	Name: __cf_bm Value: ORKfNR6HiOs5i9ExZrS.nxV9H9b_xZl9UDGH4DMd4C4-1674578170-0-AXGa0nrT/GQ92WEoHYdZHMgmCO+VSCHj0e2RcuXvJor182qWWHS2CkaOBYm1k7M7csRf2s0K3cO0ZZqiCkjT2m4=
.blog.sonatype.com/	1969-12-31 23:59:59	Name: __cfruid Value: f7412cf8613681a2501588aa26d91df900cae4c8-1674578170
.sonatype.com/	1970-01-20 17:55:14	Name: _biz_uid Value: 24c12a73dc80469ec08ab888cd2d044b
.sonatype.com/	1970-01-20 09:09:39	Name: _biz_sid Value: 65bd8a
.sonatype.com/	1970-01-20 17:55:14	Name: _biz_nA Value: 1
.www.sonatype.com/	1970-01-20 09:09:39	Name: __cf_bm Value: qK92s77p8Ayhhz2iXCrgs6fW4bmxXpLCP8Sf0ib4Bss-1674578170-0-ASD/KabVVad+iMi3a0zAvBu4FJjFArI2SEBao17WdPwIaJCK6Ttm9HgnmCLUe9ODdB4K/7RDY6zBwj9WFrvnihQ=
.www.sonatype.com/	1969-12-31 23:59:59	Name: __cfruid Value: f7412cf8613681a2501588aa26d91df900cae4c8-1674578170
.sonatype.com/	1970-01-20 11:19:14	Name: _gcl_au Value: 1.1.1169656619.1674578171
.doubleclick.net/	1970-01-20 09:09:39	Name: test_cookie Value: CheckForPermission
.techtarget.com/	1970-01-20 09:09:39	Name: __cf_bm Value: kdFfJoOMwLYT83cu1omnRHYyJnQ4d6YROcSrnClXoSA-1674578170-0-AV5sJwomwqIvhRDNGAb9OCsMg83JKbNPMbXTfF7m71YpWpkCxEHYVAUgRzx89PDU+VczF5oD9ygCLhcu5ahngpM=
blog.sonatype.com/	1970-01-20 09:11:04	Name: ln_or Value: eyIzOTIwOSI6ImQifQ%3D%3D
.sonatype.com/	1970-01-20 11:19:14	Name: _rdt_uuid Value: 1674578171004.9e054a1c-d45b-4979-864b-49c93cda98b6
.sonatype.com/	1970-01-20 18:45:38	Name: _ga Value: GA1.2.1600589894.1674578171
.sonatype.com/	1970-01-20 09:11:04	Name: _gid Value: GA1.2.748603674.1674578171
.sonatype.com/	1970-01-20 09:09:38	Name: _gat_gtag_UA_137036301_1 Value: 1
.sonatype.com/	1970-01-20 09:09:38	Name: _gat_UA-1693297-38 Value: 1
.sonatype.com/	1970-01-20 11:19:14	Name: _fbp Value: fb.1.1674578171089.356604962
.twitter.com/	1970-01-20 18:45:38	Name: guest_id_marketing Value: v1%3A167457817107451862
.twitter.com/	1970-01-20 18:45:38	Name: guest_id_ads Value: v1%3A167457817107451862
.twitter.com/	1970-01-20 18:45:38	Name: personalization_id Value: "v1_ZAYR223uH+1aj990JLGOHw=="
.twitter.com/	1970-01-20 18:45:38	Name: guest_id Value: v1%3A167457817107451862
.t.co/	1970-01-20 18:45:38	Name: muc_ads Value: 677ac359-dcdc-481f-a33e-058135dd1346
.linkedin.com/	1970-01-20 09:52:50	Name: UserMatchHistory Value: AQJxNWp2-T8smAAAAYXkoxSsyVS-fBFHVsiX51PyobSpDogsYJYakXz06oP4_QCkzOnI-vCv6pU2tw
.linkedin.com/	1970-01-20 09:52:50	Name: AnalyticsSyncHistory Value: AQIuDuzaXHRQcgAAAYXkoxSs4fXD4nb4OBvNvKAwoaYhn9qshSUX84NH2ZygHDyVgXfsd4SVBpMFsLxs-6DkRg
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 17:55:14	Name: bcookie Value: "v=2&00ef321a-cc5e-483b-80f4-d4c1f908d092"
.linkedin.com/	1970-01-20 09:11:04	Name: lidc Value: "b=OGST08:s=O:r=O:a=O:p=O:g=2472:u=1:x=1:i=1674578171:t=1674664571:v=2:sig=AQHHpVfCdqa0pRfMOOyvroRyuix94iCz"
.sonatype.com/	1970-01-20 09:09:38	Name: _gat_cdt Value: 1
.sonatype.com/	1970-01-20 09:11:04	Name: _uetsid Value: 35f217d09c0511edbc9aef1605949714
.bizible.com/	1970-01-20 17:55:14	Name: _BUID Value: 24c12a73dc80469ec08ab888cd2d044b
.bizibly.com/	1970-01-20 17:55:14	Name: _BUID Value: 0adf61ab95cd7cdb0e19ba285e4b4cd9
.sonatype.com/	1970-01-20 18:31:14	Name: _uetvid Value: 35f323209c0511ed87f395e712097cd4
.sonatype.com/	1970-01-20 17:55:14	Name: _biz_pendingA Value: %5B%5D
.bing.com/	1970-01-20 18:31:14	Name: MUID Value: 16CF29BED5746EF4064A3B1DD4FF6FBA
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 17:55:14	Name: bscookie Value: "v=1&20230124163611c2a4eb1b-4e71-4df1-8d70-7099641aef65AQFmh9LG5jzzaP8dbPx7BuIHBJR_v4x1"
.linkedin.com/	1970-01-20 13:28:50	Name: li_gc Value: MTswOzE2NzQ1NzgxNzE7MjswMjFaAwDbKyEajCo6AdBjUWEvHh4YPHcXiM6vRtJjfTRAtg==
.sonatype.com/	1970-01-20 17:55:14	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
.hubspot.com/	1970-01-20 09:09:39	Name: __cf_bm Value: VJZlAULR3WHKce4C7MEsxhr3DKqBevQqJdKjx2RJf3Q-1674578171-0-ASulai5+XkSFM7LY3doMZIDbw2oSmf1wTsnCY8NjZZhwAHHVXoRtrSDMp5VUaF5RNOKnHj/2mumQixFTKbJWHSg=
.sonatype.com/	1970-01-20 18:45:38	Name: _ga_2TMM6KZPXQ Value: GS1.1.1674578170.1.0.1674578171.59.0.0
.bidr.io/	1970-01-20 18:38:08	Name: bito Value: AAJrjU7HoBIAAB_9diiOJQ
.bidr.io/	1970-01-20 18:38:08	Name: bitoIsSecure Value: ok
.company-target.com/	1970-01-20 18:45:38	Name: tuuid Value: abd8559b-135b-473e-8e84-2d01b8e06af2
.company-target.com/	1970-01-20 18:45:38	Name: tuuid_lu Value: 1674578172

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://id.rlcdn.com/464526.gif Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fblog.sonatype.com%2Fnew-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux&page_title=New%20%27pymafka%27%20Malicious%20Package%20Drops%20Cobalt%20Strike%20on%20macOS%2C%20Windows%2C%20Linux Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://t.sf14g.com/sf14g.js Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1958393.fs1.hubspotusercontent-na1.net
alb.reddit.com
analytics.twitter.com
api-na1.hubapi.com
api.company-target.com
api.hubapi.com
app.hubspot.com
bat.bing.com
blog.sonatype.com
cdn.bizible.com
cdn.bizibly.com
cdn.linkedin.oribi.io
cdn2.hubspot.net
click.prod.mplat-ppcprotect.com
client.lunio.ai
connect.facebook.net
consent.cookiebot.com
consentcdn.cookiebot.com
fonticons-free-fonticons.netdna-ssl.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hsforms.com
googleads.g.doubleclick.net
ibc-flow.techtarget.com
id.rlcdn.com
js.driftt.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
match.prod.bidr.io
p.typekit.net
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
segments.company-target.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
syndication.twitter.com
t.co
t.sf14g.com
tag.demandbase.com
trk.techtarget.com
use.fonticons.com
use.typekit.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.redditstatic.com
www.sonatype.com
fonticons-free-fonticons.netdna-ssl.com
104.244.42.131
104.244.42.5
104.244.42.8
13.107.42.14
13.32.27.65
146.75.120.157
151.101.1.140
151.139.128.10
152.195.15.58
18.66.112.55
2001:4860:4802:32::36
2600:9000:206f:ce00:3:902:8a80:93a1
2600:9000:21a1:4c00:2:53b2:240:93a1
2600:9000:2250:6a00:c:8c1e:5700:93a1
2606:2c40::c73c:671c
2606:2c40::c73c:67e4
2606:4700:4400::6812:2128
2606:4700:4400::6812:21ab
2606:4700::6810:5905
2606:4700::6811:45b0
2606:4700::6811:73b0
2606:4700::6811:c8cc
2606:4700::6811:c9cc
2606:4700::6811:f3cc
2606:4700::6812:d9f
2606:4700::6813:9b53
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:801::2003
2a00:1450:4001:806::2008
2a00:1450:4001:80e::2004
2a00:1450:4001:80f::2003
2a00:1450:4001:813::2003
2a00:1450:4001:830::2002
2a00:1450:400c:c04::9a
2a00:1450:400d:80d::200e
2a02:26f0:11a::217:9a58
2a02:26f0:3500:16::215:148b
2a02:26f0:3500:16::215:149b
2a02:26f0:3500:16::215:14a0
2a02:26f0:3500:18::1724:a29d
2a02:26f0:3500:887::f09
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a04:4e42:400::396
34.111.208.231
34.235.206.112
35.244.174.68
52.211.150.89
52.222.214.56
65.9.95.89
93.184.220.66
02c045b5a38b1e9a01bf15ab6d48d526dc60a726bf041fe32d153b4ffd71e761
043cfebfa4ec302e0368eadbae54853a5b6caff633b3d1e02a32f2cd2f71e1fd
06d07a1bda1e89aa1d816afa0603a86506b60a6fdbf5ad98a554dd2672317520
082b0736a3408950e50fd65a090921003fe83d89ec6e3084549a01d5dfa9e854
0ba02b924fc5beeb370ed64d478401e94a513e970cac2c46266c708348135cf2
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0ed8f5b6dbd4b150567f7d1f60a27fb68c7f160b421ed45dba34709c03b5ef51
11c754269decbf165d8adfbf94f256111fbb8e2fd81ee55ab90646949866d195
12e439f51ea438714869fdd6339305c8fad47e5a47d55817f37a992ba879678a
17446d73e0758a4a5f218a0fa4257b7f41fad13c2a19a8e9936192508cb8fb1b
1a35c9edc3f6eb0a3d42c7757f945ff8878566565089e68ceef1134100417aae
1ae740ebbe1a0c68cdf60b2d5df40126d47e6c69d19bf794b8a99ad5ceb81992
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1bbb53878a02f209c08b50132a24c13916be3d5aa8333f71fb45d4564fc5688b
1beec7aae56b70d05ead8a649fa529d94391cd7ff4976634afa38709e9855c48
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1d26490f083b209ef29e08d092649725edf15ac2b33ad62fdeaafd37f7d79d6f
21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a
23a1bc7b61375c09f9b442ba659707d599b912eecd4fb6c85bc3022620362a91
257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4
27f0d709041eb37753cad3710e46e3860ce42c28c8992d29e8c58fba33fa9910
27f35036a7d439e1b73b2e0ef288ba0fbfb598f907e8fb2967d1d6d032174009
2a7d977f8f4490e8f37261f6d2cd3fec5b22278373a0ba1fab265a249287f6fb
2b4ea37ec31f94cc477c23b52eb3602b05b321f6e629109cd138aac2fa081eb5
2bce9a8a86dd2ab282d2af02defb52480b5d284bbf26cbf417709c253f3a747d
2d63b8ad7966c80ce51051da38da14f52b99cfb019aec650b2437fc74fac1560
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
327b2c88d65784cc25e13c61e3081c6be556673e4fe25923a4a550784cef8c5e
3813d3e4d5a01c191805f430a3ce0a2027f1a7bf532175c826a41f23cee173b5
3b56cd88d5e4a9de7e8951b6a64ba18c37211942cd7d21425fc84559b700a754
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3db1acdfdb5eca3a6604286fdd964e8cab2442c3778dfc8ac36d70ac1b257e36
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
440395954b1ed434b207659350f1e73ca23b0324d2dcfe1129c5d17052387d41
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
45954ed7abdd3d5e540ffb3eb87a97c5296c769e5b277f4e325dec68550ef176
4856f1810c158116e228cedba87479fd678b5333ed7125395340d06825044675
4a59bb42cb945084820cd1eb370a22a68fa9451b9e57abb1daada408d2ff64e1
4b83253cd59eccd1793cf76278c09d928a989e22498559f9693d3dbe0ced1345
4e44d349fe00dd104a953b5ba8131f028200afe25d049ccbf05ddd8cd8507bd3
4e57bed5ad74d01e390c6c88cff69a8a573c8d08a127f4dfe8fc80f397504d51
4fe66b673672aabd8e12bd3325ca8314f4b770ad8ced29b97ce7943d076322fc
520660fe835b85111a502b09449d7ea2bc38a34a67d70f734db3c0526e86bc67
549bf3e4406e886adc00448706a432b1c5633532df4098acc5235be3459da32d
55c5294661d4f9e9bde110b060275bb957e0d1fc358b13f489443003e054406b
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
603319952094ae9f33c9ce1d6c90fdf0f6ea506217f66d6df0acf5bbd7a4ef18
610e5a57ff470fab70750d8d4bd446abeddff7e60f30be9eea5c25660440b454
649608e574d0bd7ea291196bc900c2001903ad5e188a3211d627c9940476c9fe
669ddd18ea3daf8803fd6ed9f18f3dc2410447c93336e298ab45f556f0430cec
687be205607d7985c36d90cacc8d60ef919a61bfc72c630cda50e90467b75879
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b3e6d9ed5dd1f0d2c611513d27ab4a4377757fb0b7804af25f11a656e5094dd
6c48a4c0d958d7652bdc4f62f7880f81daa2ce4d79a0f03f6d59cced2eea9754
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104
73ed376f92ddc098bfca009b8b7e702d2aecd19f10fb55b9d0d1fc75d851897c
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7d502451b73e61b8f0c65ac9987259e7dda95743c66726276c0f35e96bd28aa7
7fc32dbd9d7ba36243de341ee5f34a64a9ae095afee6ada8ce1f3d14c22c1dfd
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
859dd670bfc208ae2e408430d7fe758bc63d60acbac4728ce7c8ec39d3b56e58
879dedec5195d98536a1bae45110bbe50a40f51f6609611ecb7707331f077e5d
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
8ad6932c69716dc7601219b8269bb2337ef92ded125cd5184e639c83927e1836
8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8eb3bfd91a1144cf7f20c5ddd6383097d0f206537bfc2575a7ac5f4acf0cee80
91c89b313ec36936b96fbd02cdf0d4be2ad5f5f81e8702ad4bc7d2202d79098e
92861ccd95894977f67967b2c673b19ac3079ce2ba73eb409560b08a2e756ec4
9293649926b2fefcc745d0745f7069515068d051a0e5da1a8af0099fcbc2a285
94e0411d8c56aca907785c9ec9e0e557e390e4c120c523470cac8e3e4aaba252
970486c67848d803aec605e627bf01dbe8760d510fcec8e15762c902425f145e
9830df4b71e34ef2fff9c0d94f223eb6bec008425c324d7edadc7998b06bc805
9fe2e07fabf55a4f8ce9c6f65b2d68e43e541b4bf3fababc1ee6ee951b1082a2
a018ee76e539a15932d2b1a84f4a5a330e5772ec56681d3742d2bae758c020e8
a28e66a6e05e1f21f0fcb13fc02fdf4a8cdb49b36dd108c8df3540a57ea9fce4
a2c15ff6d88c1075ed18ecd491c657d70eac35d28e698c18bcaf61a9df0c084c
a6e3f5e3aba4ff03f2744dcbfa8a58b66f7e106e4ee5189bb55736aa76ef0747
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad3600126efde4c0362795fd2059f2a83a4577933eb7ce2a70d56f028f30552f
ae270bcb50f2d50d85d66e5fa909ad765d6a899b387bb6508d3d3e94bad43ec1
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b3a7fb799db156074b53854d21cd69385f1eb3702e61728bd24f7a25859f4227
b7be1a13e6e46c18c928788b6433d1233f80cc35601f213e59924431015e79b9
bc50bf49cbe79ee49b4ee8b56f26ff4877bc4945c16f260b1481ba2355c96347
c3a24ee554eac3f45e56c23dbd2c6a00823b4f98fff5cd252715d1f818142dad
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
cda252dc01c656d59193d8d696f26c3e95f10b87711e2413e28362532bae984a
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f
d3db40b7f51a170412ffb8a831a5eb26b5c1500b8e3ecaa7af926a9115bf6ddd
d4308de018a95634260c56b7806ed795a797b9352e36dc10ed3cfd8262fc39f3
d59b88df0787427df41aba8e87c48c0cd07d73a2c8d51638f6abb5658ef9bd44
d6769d747f2d6880a6a13061eaca3f81e35a7a894e73e78a80c06b53cfa5d1d6
d836d81acb5d5e712c55c4f7911d93513fe1d7d0336353085aa5bd0f36b6998c
d93f6d7a53810dd2fb4c9d14b7d32e88ca9084fd3ffa79a113c221eb41c05fd3
db0226b185929ca9bb36e9d5adf0d2f3563eb03ac4079f7ee98fe51da8b2c60a
dde45008d0b75cc54b7d105eab050eb5a1d05ba4d9b5922adfc703227a77e900
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e53e650a83dbce1ab8d93c365299f2e8f5070c414c9ea302f2422ca65f5fdab4
e6ec334f8d16d2eb6ef6edbd23edbf864b0dc7fcb13510345a062b929263a1d8
eb0b73587ed3d49455f35a1c39b0c1f26f971b627ff1c241654a3859f9d6703a
ed92c951c39983af4f5fac78a5bab4c390b3faf7c46e2a35256ee38f5443ffa2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef8f067f829af7c95936a36f38e54c98ab090f937f5557e4c78829ed8fcf5ffd
f50720a0f3fab94bc0a0885e3c251ab72bc1340470dc2a036490170dfcc7d12a
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
faea20c46ab29e25a27d14398d1af520a4180879a697537e67c542923ae3b38d
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
ff18340a32be3a5bf651560244f61742000ef4fc3687a5b72bad798df21b5c79
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

blog.sonatype.com Open in urlscan Pro 2606:2c40::c73c:671c Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

157 Requests

97 %HTTPS

67 %IPv6

41 Domains

56 Subdomains

51 IPs

6 Countries

3858 kBTransfer

7739 kBSize

45 Cookies

121 Outgoing links

Redirected requests

157 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.sonatype.com Open in urlscan Pro
2606:2c40::c73c:671c Public Scan

Screenshot
Live screenshot

Full Image

157
Requests

97 %
HTTPS

67 %
IPv6

41
Domains

56
Subdomains

51
IPs

6
Countries

3858 kB
Transfer

7739 kB
Size

45
Cookies

157 HTTP transactions
1 data transactions