Submitted URL: http://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Effective URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Submission: On August 07 via api from DE — Scanned from DE

Summary

This website contacted 47 IPs in 3 countries across 37 domains to perform 150 HTTP transactions. The main IP is 2606:2c40::c73c:67e1, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.reversinglabs.com.
TLS certificate: Issued by GTS CA 1P5 on July 24th 2023. Valid for: 3 months.
This is the only time www.reversinglabs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:2c40::c7... 209242 (CLOUDFLAR...)
62 2606:2c40::c7... 209242 (CLOUDFLAR...)
1 151.101.65.181 54113 (FASTLY)
1 2606:2800:233... 15133 (EDGECAST)
1 2606:4700::68... 13335 (CLOUDFLAR...)
9 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 108.138.15.119 16509 (AMAZON-02)
1 52.222.139.53 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
4 2a03:2880:f08... 32934 (FACEBOOK)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
1 65.9.95.21 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:480... 20940 (AKAMAI-ASN1)
1 2a04:4e42:200... 54113 (FASTLY)
1 2600:9000:210... 16509 (AMAZON-02)
1 52.207.107.232 14618 (AMAZON-AES)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:2800:234... 15133 (EDGECAST)
3 2a03:2880:f17... 32934 (FACEBOOK)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
2 2600:9000:220... 16509 (AMAZON-02)
4 4 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
9 95.101.111.184 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
6 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 151.101.65.140 54113 (FASTLY)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.244.42.136 13414 (TWITTER)
1 2a02:26f0:480... 20940 (AKAMAI-ASN1)
1 3.33.220.150 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
150 47
Apex Domain
Subdomains
Transfer
63 reversinglabs.com
www.reversinglabs.com
2 MB
10 6sc.co
j.6sc.co — Cisco Umbrella Rank: 5439
c.6sc.co — Cisco Umbrella Rank: 8622
ipv6.6sc.co — Cisco Umbrella Rank: 5612
b.6sc.co — Cisco Umbrella Rank: 3549
18 KB
9 hubspotusercontent-na1.net
3375217.fs1.hubspotusercontent-na1.net
213 KB
6 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 2577
www.google.com — Cisco Umbrella Rank: 3
929 B
6 linkedin.com
platform.linkedin.com — Cisco Umbrella Rank: 3010
px.ads.linkedin.com — Cisco Umbrella Rank: 391
www.linkedin.com — Cisco Umbrella Rank: 539
px4.ads.linkedin.com — Cisco Umbrella Rank: 6039
165 KB
5 hubspot.com
app.hubspot.com — Cisco Umbrella Rank: 5177
track.hubspot.com — Cisco Umbrella Rank: 2254
forms.hubspot.com — Cisco Umbrella Rank: 4396
4 KB
5 gstatic.com
fonts.gstatic.com
80 KB
4 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 170
221 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 73
361 KB
3 hsforms.com
forms.hsforms.com — Cisco Umbrella Rank: 4156
forms-na1.hsforms.com — Cisco Umbrella Rank: 6801
3 KB
3 facebook.com
www.facebook.com — Cisco Umbrella Rank: 107
292 B
3 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 1003
syndication.twitter.com — Cisco Umbrella Rank: 1212
132 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 55
region1.google-analytics.com — Cisco Umbrella Rank: 1869
21 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 5576
562 B
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 54
stats.g.doubleclick.net — Cisco Umbrella Rank: 115
2 KB
2 oribi.io
cdn.linkedin.oribi.io — Cisco Umbrella Rank: 870
750 B
2 hscollectedforms.net
js.hscollectedforms.net — Cisco Umbrella Rank: 4645
forms.hscollectedforms.net — Cisco Umbrella Rank: 4755
26 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 745
script.hotjar.com — Cisco Umbrella Rank: 967
59 KB
2 adsrvr.org
js.adsrvr.org — Cisco Umbrella Rank: 1375
insight.adsrvr.org — Cisco Umbrella Rank: 604
3 KB
1 hubapi.com
api.hubapi.com — Cisco Umbrella Rank: 3473
1 KB
1 reddit.com
alb.reddit.com — Cisco Umbrella Rank: 1468
637 B
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2187
21 KB
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2192
16 KB
1 hsleadflows.net
js.hsleadflows.net — Cisco Umbrella Rank: 4274
86 KB
1 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 3228
3 KB
1 usemessages.com
js.usemessages.com — Cisco Umbrella Rank: 4789
22 KB
1 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 4388
2 KB
1 quora.com
q.quora.com — Cisco Umbrella Rank: 3965
417 B
1 metadata.io
cdn.metadata.io — Cisco Umbrella Rank: 33170
2 KB
1 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1326
8 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 783
5 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 77
1 KB
1 cookieinfoscript.com
cookieinfoscript.com — Cisco Umbrella Rank: 90872
4 KB
1 hsappstatic.net
static.hsappstatic.net — Cisco Umbrella Rank: 5423
5 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 257
27 KB
1 hubspot.net
cdn2.hubspot.net — Cisco Umbrella Rank: 7970
2 KB
1 vidyard.com
play.vidyard.com — Cisco Umbrella Rank: 12467
23 KB
150 37
Domain Requested by
63 www.reversinglabs.com 1 redirects www.reversinglabs.com
js.usemessages.com
9 3375217.fs1.hubspotusercontent-na1.net www.reversinglabs.com
7 b.6sc.co www.reversinglabs.com
5 region1.analytics.google.com www.googletagmanager.com
5 fonts.gstatic.com fonts.googleapis.com
4 connect.facebook.net www.reversinglabs.com
connect.facebook.net
4 www.googletagmanager.com www.reversinglabs.com
www.googletagmanager.com
www.google-analytics.com
js.hsadspixel.net
3 track.hubspot.com
3 px.ads.linkedin.com 3 redirects
3 www.facebook.com www.reversinglabs.com
2 forms.hsforms.com www.reversinglabs.com
2 www.google.de www.reversinglabs.com
2 cdn.linkedin.oribi.io snap.licdn.com
2 platform.twitter.com www.reversinglabs.com
platform.twitter.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 forms.hubspot.com js.hsleadflows.net
1 insight.adsrvr.org js.adsrvr.org
1 region1.google-analytics.com www.googletagmanager.com
1 ipv6.6sc.co j.6sc.co
1 c.6sc.co j.6sc.co
1 syndication.twitter.com platform.twitter.com
1 www.google.com www.reversinglabs.com
1 forms.hscollectedforms.net js.hscollectedforms.net
1 forms-na1.hsforms.com www.reversinglabs.com
1 api.hubapi.com js.hsadspixel.net
1 alb.reddit.com www.reversinglabs.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 googleads.g.doubleclick.net www.googletagmanager.com
1 j.6sc.co www.reversinglabs.com
1 px4.ads.linkedin.com www.reversinglabs.com
1 www.linkedin.com 1 redirects
1 app.hubspot.com www.reversinglabs.com
1 js.hs-analytics.net www.reversinglabs.com
1 js.hscollectedforms.net www.reversinglabs.com
1 js.hs-banner.com www.reversinglabs.com
1 js.hsleadflows.net www.reversinglabs.com
1 js.hsadspixel.net www.reversinglabs.com
1 js.usemessages.com www.reversinglabs.com
1 ws.zoominfo.com www.reversinglabs.com
1 q.quora.com www.reversinglabs.com
1 cdn.metadata.io www.reversinglabs.com
1 www.redditstatic.com www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 script.hotjar.com static.hotjar.com
1 fonts.googleapis.com www.reversinglabs.com
1 static.hotjar.com www.reversinglabs.com
1 js.adsrvr.org www.reversinglabs.com
1 cookieinfoscript.com www.reversinglabs.com
1 static.hsappstatic.net www.reversinglabs.com
1 cdnjs.cloudflare.com www.reversinglabs.com
1 cdn2.hubspot.net www.reversinglabs.com
1 platform.linkedin.com www.reversinglabs.com
1 play.vidyard.com www.reversinglabs.com
150 53
Subject Issuer Validity Valid
www.reversinglabs.com
GTS CA 1P5
2023-07-24 -
2023-10-22
3 months crt.sh
*.vidyard.com
GlobalSign Atlas R3 DV TLS CA 2023 Q2
2023-07-01 -
2024-08-01
a year crt.sh
platform.linkedin.com
DigiCert SHA2 Secure Server CA
2023-07-11 -
2024-07-10
a year crt.sh
hubspot.net
Cloudflare Inc ECC CA-3
2023-04-06 -
2024-04-05
a year crt.sh
hubspotusercontent-na1.net
Cloudflare Inc ECC CA-3
2023-01-26 -
2024-01-25
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-07-03 -
2024-07-02
a year crt.sh
hsappstatic.net
Cloudflare Inc ECC CA-3
2023-04-10 -
2024-04-09
a year crt.sh
cookieinfoscript.com
E1
2023-06-14 -
2023-09-12
3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2023-04-12 -
2024-05-13
a year crt.sh
*.hotjar.com
Amazon ECDSA 256 M01
2023-03-09 -
2024-04-06
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-07-10 -
2023-10-02
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2023-05-16 -
2023-08-14
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2023-07-10 -
2023-10-02
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2023-07-10 -
2023-10-02
3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-02-01 -
2024-01-31
a year crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-04-12 -
2023-10-08
6 months crt.sh
*.metadata.io
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2023-01-18 -
2024-01-07
a year crt.sh
*.quora.com
R3
2023-07-12 -
2023-10-10
3 months crt.sh
zoominfo.com
Cloudflare Inc ECC CA-3
2023-04-04 -
2024-04-03
a year crt.sh
*.twimg.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-07-28 -
2024-07-26
a year crt.sh
hubspot.com
Cloudflare Inc ECC CA-3
2023-02-05 -
2024-02-05
a year crt.sh
linkedin.oribi.io
Amazon RSA 2048 M01
2023-06-08 -
2024-07-07
a year crt.sh
6sc.co
R3
2023-05-25 -
2023-08-23
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-07-10 -
2023-10-02
3 months crt.sh
www.google.de
GTS CA 1C3
2023-07-10 -
2023-10-02
3 months crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1
2023-04-19 -
2023-10-15
6 months crt.sh
hubapi.com
Cloudflare Inc ECC CA-3
2023-04-07 -
2024-04-06
a year crt.sh
www.google.com
GTS CA 1C3
2023-07-10 -
2023-10-02
3 months crt.sh
syndication.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2023-02-05 -
2024-02-05
a year crt.sh

This page contains 4 frames:

Primary Page: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Frame ID: 59D71E963AF03073EC3DD3258FE44C9E
Requests: 147 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.reversinglabs.com
Frame ID: D4117B6F3AEEBD5E7B6E9A372F668FBD
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 2289E89C75C4FDD1A63FE85EA9EC2F44
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=7qhctws&ref=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&upid=8t4axvj&upv=1.1.0
Frame ID: F2421FA3DEA8A2A13EDB92B93402C8E5
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

VMConnect: Malicious PyPI packages imitate popular open source modules

Page URL History Show full URLs

  1. http://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules HTTP 301
    https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics

Overall confidence: 100%
Detected patterns
  • lightbox(?:-plus-jquery)?.{0,32}\.js

Overall confidence: 100%
Detected patterns
  • //platform\.linkedin\.com/in\.js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

150
Requests

99 %
HTTPS

79 %
IPv6

37
Domains

53
Subdomains

47
IPs

3
Countries

3484 kB
Transfer

7025 kB
Size

35
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules HTTP 301
    https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 107
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691411918484&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&tm=gtmv2 HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691411918484&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&tm=gtmv2&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D976924%26time%3D1691411918484%26url%3Dhttps%253A%252F%252Fwww.reversinglabs.com%252Fblog%252Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691411918484&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691411918484&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQL88xtyiX5pFwAAAYnQAbL2dgHYHWj5WWDlS13epaxmSxlB1TZr464OmIo3JxSH

150 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
www.reversinglabs.com/blog/
Redirect Chain
  • http://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
  • https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
133 KB
28 KB
Document
General
Full URL
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d58fcc9b037c7817d2d7565a677f19616b2ca13d2575df0a2c82f4ad60b0ec87
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-ray
7f2f93e589c01e49-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Mon, 07 Aug 2023 12:38:37 GMT
edge-cache-tag
CT-128190968732,CG-3375217,CG-5901382633,P-3375217,L-11118979719,L-11735000539,CW-103636562700,CW-10782554896,CW-11119297579,CW-11395370497,CW-114796045952,CW-115016303498,CW-115021731904,CW-11538883136,CW-23776629869,CW-23799638916,CW-28186900061,CW-36845096476,CW-6520974104,CW-79001037452,CW-80857835930,CW-80864562095,CW-80864563080,CW-80868056874,CW-87757605656,E-10528761402,E-10777459487,E-11119463588,E-11190015046,E-11395370929,E-11395383304,E-11708570900,E-21052151416,E-23712622487,E-28203361861,E-38216899954,E-5951651806,E-6021532803,E-6021916068,E-6519964395,E-70521421874,PGS-ALL,SW-1,B-112999115134,B-5901382633,B-70179327783,B-94488163452,GC-103819429689,GC-115009898400,GC-115015365221,GC-115020232564,GC-25875947801,GC-25876057703,GC-26129507391,GC-28186555742,GC-80858624881,GC-80970810765,GC-80971492144,GC-81200326231,GC-87768577627
etag
W/"fc65ff0bb81ce00ae84caf0244109953"
last-modified
Sun, 06 Aug 2023 04:05:31 GMT
link
</hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rVe4ZUzKeTWPD%2B5BVmQKn5en2zeVbiVzIQmbHbsLxUVFRZ77nW7ISdRAoyuTwI5%2Fw73K%2FAPWaBaLI8AS421KyriDye491Vzw2mjPXqevrdlb23%2FHAqaebfnUWsIH6gHdarHx0TcvZbg7%2B%2BQqnwPuHUnjzw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-hs-cache-config
BrowserCache-5s-EdgeCache-0s
x-hs-cache-control
s-maxage=10800, max-age=0
x-hs-cf-cache-status
HIT
x-hs-content-id
128190968732
x-hs-https-only
worker
x-hs-hub-id
3375217
x-hs-prerendered
Sun, 06 Aug 2023 04:05:31 GMT

Redirect headers

CF-RAY
7f2f93e1bdd1382c-FRA
Cache-Control
s-maxage=3600,max-age=120
Connection
keep-alive
Content-Length
0
Date
Mon, 07 Aug 2023 12:38:37 GMT
Location
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
NEL
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3HGvfq2PEaRXiGAWS54DGHe2ChNKahYEH2U0XfBg0AcbgjGolhXhokxRlfKDlLWEcMqHp637FKQJMlauhBOeELcuDk%2F%2Foz8dKWJAYWjOvoFzGQjbSGNalrnjshfNGxlo8VPNXMAGvrrDh2Z7QKCsxKRKXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Vary
Accept-Encoding
X-Hs-Https-Only
worker
alt-svc
h3=":443"; ma=86400
index.js
www.reversinglabs.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/
11 KB
5 KB
Script
General
Full URL
https://www.reversinglabs.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 04a40fe66992666426f66bb0ade3912a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
9321201
x-amz-cf-pop
TXL50-P4
x-amz-server-side-encryption
AES256
x-amz-version-id
inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 21 Apr 2023 15:17:56 GMT
server
cloudflare
etag
W/"0bbd63c0750f141fd5cec04a9393647e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eu2S9JgcvNOt9cSd4dH8EKQ9C4m7GBqcufBA4N8TB8yL2opkFDUUaM5PV%2BUFhSJm3lZfOqjJ4STPdxIRzmlAUZXr6WGCd5729Njsp3La1COzeHfaEEwOKnPQAAPtakB5qwN%2FIk82Q0ZPwGkuW7uL4Ritqw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7f2f93e5eaa91e49-FRA
x-amz-cf-id
8NRs2Wm2ubi5t9HUvpgx9SMwAJYAnsUpgxBkSQl1rau6_0XB0E7nLw==
expires
Tue, 06 Aug 2024 12:38:37 GMT
project.js
www.reversinglabs.com/hs/hsstatic/cos-i18n/static-1.53/bundles/
1 KB
1 KB
Script
General
Full URL
https://www.reversinglabs.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 f7b7cf90592cf6a380fd34cc45e9c4b4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
3905247
x-amz-cf-pop
FRA50-C1
x-amz-server-side-encryption
AES256
x-amz-version-id
P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 09 Nov 2021 16:12:42 GMT
server
cloudflare
etag
W/"61ca66de658cab9587e4636894680d5d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JPZPBZxYHkz54eGzod%2F4HSLOXJSkE03A267x2TSC7fhDJz5U%2FX0Da8fQcJOdo5wGSkUcRRlJ8VZtYiVeiXnPFg2wNkJXcX4XMWBWLdMCGME0IJPqm%2BZXzhYwiTWdJtpn5PoPaAo6vk%2FmWmEHaT31KbtQuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7f2f93e5eaac1e49-FRA
x-amz-cf-id
tyTcy9dgKTSNID40zzq7pAE5RO6j0NXSyXm_SEcHdFKq3bYxrnlF3A==
expires
Tue, 06 Aug 2024 12:38:37 GMT
v2.js
www.reversinglabs.com/_hcms/forms/
526 KB
172 KB
Script
General
Full URL
https://www.reversinglabs.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dcf5ab0268e05f2e26960055d40e37a5ec0cb225dcc9da43f52967710cea56b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
538
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3512/bundles/project-v2.js&cfRay=7f2f86c265dd1e68-FRA
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-evy-trace-listener
listener_https
etag
W/"c93e66dd60926c55c794dc765ffe6c1a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.3512/bundles/project-v2.js
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 736ad67f05a9a5a8fd5ed8cba30196f4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-amz-version-id
ti0_iiw7PITtrft.AIEOPeRnP3ag2uRE
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
a1d10288-66a2-40aa-a18a-afddc8fb2726
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
a1d10288-66a2-40aa-a18a-afddc8fb2726
last-modified
Tue, 01 Aug 2023 10:17:49 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HLs9cW53WzpCAIGdsHavutN2hlktxAP8svfYLc7xmxkyNb1zGJfipiRmZuS%2FNt57RVWa%2BzImbSKgm8%2F%2Fx1VKRLI9iARJPhFzNaw9B0670sCWs7ilNKWcU%2FBvDr9iIibrsEfAHY2QFH1G1HymgIvfo1d%2BSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-qrxbq
cf-ray
7f2f93e5eaad1e49-FRA
x-amz-cf-id
XLCwHoC819q8sUuz6vG1EX4Ee42GnPYph_1nD7_tMfQNfjPcJBSpRg==
stickybar.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/38216899954/1683495050466/Modules/StickyBar/
4 KB
2 KB
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/38216899954/1683495050466/Modules/StickyBar/stickybar.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9ff889aa2badd5dcf9989574fa2006fb183febc1685353d19bf1dd28ed7c1b2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
3475
x-amz-request-id
A1EP1F3CR54NCV7Q
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"424627ea38e47986af8095e0d67d40e2"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1683495051068
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 814e6200dbb5865e94b7b0c1ba6129fe.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
jgLYEQ4EOqvxpqZTyxVIjrm84TepXoQY
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
114
alt-svc
h3=":443"; ma=86400
x-amz-id-2
Lc6djJd1ckKCs+aBHkYMonVKhz1sxjFxH09hsCTMR2phNMdXw4mGMkPvk2JbdJkNU/5N8So/Jf8=
x-evy-trace-route-configuration
listener_https/all
x-request-id
2adbc651-67b9-4ddb-8b5e-19f4d1a74cbf
last-modified
Sun, 07 May 2023 21:30:52 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vec44VA9l663jL0UbF1tUpCcee16fe41ijlf8jn5B8o7ESVEmia9NUsbwOSXRbIKBL8Xf%2FzGf18oBCphr5KD69YvI8PCSL3wkM5r%2B4V9T0sG6I9hfIJ2oyqahRiJX5bMuW%2FV6DWZ3ApSwG%2F2E8lFoHjCiw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-hlzsf
access-control-allow-credentials
false
cf-ray
7f2f93e5eab11e49-FRA
x-amz-cf-id
Xe60HxEZc2yldg7dFlLAwerCj3PHyAGkt5L1BTEeWIilFZDlnvsUIw==
site-menu.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11119463588/1690214555806/Redesign_june_2019/Coded_Files/CSS/Components/
6 KB
3 KB
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11119463588/1690214555806/Redesign_june_2019/Coded_Files/CSS/Components/site-menu.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb8d8c2427fab53f2c4d0c70d9661c7d33d995e486cdb923b0c6d65b6b4fef19
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
3475
x-amz-request-id
ZNCGH859ZJ43QA1Y
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
x-evy-trace-listener
listener_https
etag
W/"eb32609c5026ffac513b3e81d68d3ded"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1690214556506
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 b4346add631a498bf6cdbf88cbc5ff12.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
GKLmHl3sCXmnSkwVBkhk10OG72nsj2BC
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
850b9dc4-e94f-44ab-8f9e-453a59548e6b
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
212
alt-svc
h3=":443"; ma=86400
x-amz-id-2
/RHDl8GKbOMBQsxfj8mZiFKJA25WzIa+5TvSVN7jHCsJ2bFGQJEVov6/9S/i2vvam53kcXHxbVo=
x-evy-trace-route-configuration
listener_https/all
x-request-id
850b9dc4-e94f-44ab-8f9e-453a59548e6b
last-modified
Mon, 24 Jul 2023 16:02:37 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ksZXkQUaABGBH7jcGrouKtJKCIf7wAY58uwhuZX3ehoUk1LzkYXlVFWCcMRDRdlKmxp%2BQ17%2F5%2B052Rdn%2BDejiWyAsCa0AQuG1m7OmabCwhs%2FiZdl1gtnUPr9ldF9PmFclrss4H6vAuCGkMpf%2FpONS%2B6OhA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-mxtb7
access-control-allow-credentials
false
cf-ray
7f2f93e5eab21e49-FRA
x-amz-cf-id
PDTq2iw3fKj-4YIkxpy39-MMuABvHOd6G1A8JrEeVYXLht5g0YONTA==
micromodal.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11395383304/1628866683496/Redesign_june_2019/Coded_Files/CSS/Components/
4 KB
2 KB
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11395383304/1628866683496/Redesign_june_2019/Coded_Files/CSS/Components/micromodal.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e634b615e771259a6dc723ef2cda097c480ad26dc92faa6450c5e4e16e3288a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 76cd2de9f0213e8c76093c6b346e8118.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
3475
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-amz-request-id
PKX5WKZH50E94JRG
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
x-amz-version-id
e3VxwMWpNWQvL0ZQahFb1P28o.8Kjgu5
content-encoding
br
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
alt-svc
h3=":443"; ma=86400
x-amz-id-2
3vVFdX2bBKeuRcpj9kZF/8DixH3aM6CEmZkHKeQ02h8mjB0w4L0YdblJ8Y1f9sdPTeOPxVJNYAg=
last-modified
Fri, 13 Aug 2021 14:58:04 GMT
server
cloudflare
etag
W/"20c2f66e9f10bed15056fd6b975b8a75"
vary
Accept-Encoding
x-amz-meta-created-unix-time-millis
1628866683533
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sjiogb2A%2BPazgMM8NvV6FNs2jKAuV%2BxyyRoIRuuPNExg%2FJ70aTGGWKmrsfyeps5SZL6FHH74cbbylPXNc%2FRSizmcROIyaJbRx8zW8qtuC91jQVwgeKJfMRt9oH546D3QekpcoC0Dt001%2FXLrl6FBBiMT9w%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
7f2f93e5eab51e49-FRA
x-amz-cf-id
eMZABG-yy-ZPoiIh9tcex2YDd75038raUKBcpCNhhpUuakPjvuwP5w==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
module_11395370497_Redesign_june_2019_Custom_Modules_Site_Search_Input_-_Header_Modal.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/1563505647497/
610 B
1 KB
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/1563505647497/module_11395370497_Redesign_june_2019_Custom_Modules_Site_Search_Input_-_Header_Modal.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
249d08c8fde3e1912f9d6d25ff14eed26f4adea29df815b794933eb133f8ec37
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
3475
x-amz-request-id
JB5SVVAFV64TP92N
x-evy-trace-route-service-name
envoyset-translator
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"6b50e831aa1329ecfc246611e5b73e07"
vary
origin, Accept-Encoding
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 f9efe5e72b7e5cc47bf34a0b0debcbe2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
n_rdB5Zjo6jQpLlilRmMi5fLWw35sgNj
x-amz-cf-pop
IAD89-C1
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
120
alt-svc
h3=":443"; ma=86400
x-amz-id-2
EnvLWXbAaEFDMC1QNhyzIUnbTFF0aHoD7xBlpPdrnnJ91aKnogzPDjc/mGf0MhHLqK48jItTT0Q=
x-request-id
9480ca65-5be2-4d53-9f16-131f7190d94d
x-evy-trace-route-configuration
listener_https/all
last-modified
Fri, 19 Jul 2019 03:07:28 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VO8DppcLJLPzLObI1gX8bOtZIev5qHinj7dcXdJR1NJuKQTo3u5VU7QqOlRUs1x71aTKjZ48lHDcOFPCpI1iiC7%2FnoVfZrvM%2BJ8EMfloyK9P%2F3o6p8bFr%2FSb9UlmeZW8m4yvu%2FzDAmO%2FExwraYUsfvBDiA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-rwfnd
access-control-allow-credentials
false
cf-ray
7f2f93e5eab61e49-FRA
x-amz-cf-id
WKvnWN3OPguQqMgb-6qFPlMld0lrN8GuoWhpgKt4aHUI8MLq-9WikA==
module_103636562700_Footer_Categories_Text_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/103636562700/1677161481432/
89 B
1005 B
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/103636562700/1677161481432/module_103636562700_Footer_Categories_Text_-_global.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
350dfd290fcaf704accd61883b7d6dd6e2fcb8d6f10c747ba96707c20bddc000
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
273
x-amz-request-id
FG38BH5B0JR6000H
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
etag
W/"0e24424bd7a91e1adc940105ffcd26d9"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1677161481432
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 ccabfbceff64477665e33f03003a399c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
S9Og3Ezj9hRyblXN9qKf01bBpHlkGn4t
x-amz-cf-pop
IAD55-P5
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
5f7GIt1aENWESExKfXOaZIfHRR0dnIJh1rB0oCl10zkmfZC1l8fTr1b1ClnCQ6020pjwTAvRNXw=
last-modified
Thu, 23 Feb 2023 14:11:22 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eI3GkUBDWicEMAAmqt0SH7tGZtBANJCQ7EQAMIRxjlYzydSOodD%2FdwA5CYYZVDbA5FiWdW%2B46hnCrI1Q7ssPlpZ8vWsDuXx9tVUCwJBzsI1zYXbCN%2FGo5QsvwPbLd62JAerxhWh2J%2Fhey5G%2FgN1LFDd23Q%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
false
cf-ray
7f2f93e5eab71e49-FRA
x-amz-cf-id
bims1NpWPZ-AJUFMAcwO3Ol7ICTLGhTMPkM_uE23kV1ubMGrJs-Qlg==
module_87757605656_Footer_Categories_Blog_Listing_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/87757605656/1666371595958/
135 B
950 B
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/87757605656/1666371595958/module_87757605656_Footer_Categories_Blog_Listing_-_global.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
abe603cadd5d178715e8d259697dd4470bf63c6ad1115eb0af8715c778640133
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
273
x-amz-request-id
J0BDQQ8Z2R6Q18B3
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"13b7e92cbbf8ac04eec1f7b100347115"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1666371595958
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 71c1b7cb74a6a3840a4f2be73ffddc84.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
kLOdiFo6YnWIpiP8BLnJdzSgnAZ9CfEh
x-amz-cf-pop
IAD12-P2
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
118
alt-svc
h3=":443"; ma=86400
x-amz-id-2
/SP8qB7u6RED1HOjsNp1HO/9ql2yKnHWH2rbXds8QM630L/D9KLRyta53eljdkJDh+BKa6UHxs4=
x-evy-trace-route-configuration
listener_https/all
x-request-id
ab099d62-c0cd-4c8f-b34d-b5ddd29fe0cb
last-modified
Fri, 21 Oct 2022 16:59:56 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I%2BvLHvPRivg%2FEQBnHj%2B3CAshfEtiZiSR5xDdKnN9ir%2B0%2Fhwx%2FvrbWWEwY%2FM8NYKugVosPJGjcp%2Fl2gUyOyHOVKke9d7uyCZRiQGyc652t1I%2FXySDteBEAyNhjcpC28z0UAYIgX6j2Gv%2Bc4GI3jZ6qYW3ug%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-7hqzq
access-control-allow-credentials
false
cf-ray
7f2f93e5eab91e49-FRA
x-amz-cf-id
xCsJCYaUJrQiiC60c8XyudaV4QjVTHTFfS1VnS7vsGDMAt36-zpI1Q==
module_36845096476_Blog_listing_card_grid.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/36845096476/1683635695217/
304 B
1 KB
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/36845096476/1683635695217/module_36845096476_Blog_listing_card_grid.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2e0e46665e34d5b09152a1ab9be9e89802f26f40b6e1a29780bf07ae94bc2376
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
1570
x-amz-request-id
493BPZ3TQ3W0EMJR
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"bfd6c45ad0a0ed80b73460eea867fdb6"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1683635695217
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 0cba74644cedf83bb6fb7dc90d8b0980.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
QEtrj8a5Jw.zNpvkZ3KAKAvL2xgpFoi3
x-amz-cf-pop
IAD12-P2
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
112
alt-svc
h3=":443"; ma=86400
x-amz-id-2
MMxDYlGAKstu6xcv7FF1yOTH82QSEPxgsUHCfDREspFI3X/rVg/KSkoCdSqFHVVi7kUtUPPCOns=
x-evy-trace-route-configuration
listener_https/all
x-request-id
70a882f2-5814-44ee-a5ae-368b05624550
last-modified
Tue, 09 May 2023 12:34:56 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YWpzGkkQYnaVox9lSjsApVFGPXi%2FkZy%2BW1lu1H6QBUxd%2Bz8Q9FWbfH%2FO3ayJd3L0P15jpxL6tG%2F9Iu%2BrbuWWdPjM6tTzM3OwUgWpdHkJipowK8MM7bkrBupeFSpk8SGLpEoCXiFjHbWxB2KSxeBU2GIUSg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-fwhk5
access-control-allow-credentials
false
cf-ray
7f2f93e5eabb1e49-FRA
x-amz-cf-id
nFSROtreYfVNhvwYYd0UDd-5eq1Mmw_0_LvzBmqdiBlPGjVMp0yAdw==
module_80864562095_Sidebar_Categories_Blog_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80864562095/1659712321004/
419 B
965 B
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80864562095/1659712321004/module_80864562095_Sidebar_Categories_Blog_-_global.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7d36be0a73651297b0f6b15b1aa2e63a204489bb9c552c11e0cf7db771081d4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
1569
x-amz-request-id
NAYX3P3QBFXSJ0XW
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
etag
W/"d7c0ecedc0f1ad068aa363dbf6f552be"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1659712321004
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 6f3546b6b501aaa8c1b4750231158188.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
kytFTmhcx66YfyEHUvgGyzju7VPEYvXs
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
Z9kOjStGIvTfaj8fcvCKu5QQ+/9/yXsNCNlkDg7YeIRxGZxM2Zuxkim0/blpoD8/cnIl5JAsKsE=
last-modified
Fri, 05 Aug 2022 15:12:02 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uq7IvcHPNS8jo7F4ouHFTa%2BSvg413aAFS7xzpGoQDczW5BbO2rVxJip9WfPLDv%2FZ%2Bw%2Fg2f0zJtyIIZSyi06hhb469l69%2F%2FG%2BdiBCX5H5N9Hp8wkzM5sZTyUTUGkCEgJpvIYIEb1UAqTWvCmL%2FzeRAPjCLA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
false
cf-ray
7f2f93e5fac81e49-FRA
x-amz-cf-id
O86xJHE49-iPfxDzp58DEiqXVNoF2204Ahc8nNeaZbdHAGFJcCVWrQ==
module_80868056874_Sidebar_Social_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80868056874/1659702739351/
298 B
951 B
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80868056874/1659702739351/module_80868056874_Sidebar_Social_-_global.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f419ad33d162aefac608940b47d2a524fca46eee0c82f877710a6369e68be33c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
273
x-amz-request-id
W55KP3V7GCYTT5VJ
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
etag
W/"ea0c94f5b1324d7913f6a18ec1f3fe14"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1659702739351
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 9349b115ae66d16aae68deb9bb5eebc2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
shmO1QlyhGMyDoImESYiUCU5phlmEXau
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
cKw162B6s/TTfi1hZkUMlxR9NdhSfD13YgO8wXz4hsqeYUcAJgyMeplb+4Bw2hKpwz56LaGBWWI=
last-modified
Fri, 05 Aug 2022 12:32:20 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UBk1nwmpgh3wi8sLClO0bVMtGYg9KG4gwjtx%2BQdtbW2MizSoHAkMmE%2B5%2FL8MOmuj47TBpcB%2BzoGjJm662NM40dEQ%2BHdow1V%2F3cGd6f28vOoM5bfufiGKeea%2FGzr9DhUxFthyhhsZY3oWNlFE%2FdRIYg3WQA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
false
cf-ray
7f2f93e5facf1e49-FRA
x-amz-cf-id
nIm2z5atrDp7US-wG15qGwRScBPTszJGqcDE6fWPEVhlRasYpaDDZg==
module_80857835930_Sidebar_Blog_Subscribe_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80857835930/1659449374148/
620 B
1 KB
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80857835930/1659449374148/module_80857835930_Sidebar_Blog_Subscribe_-_global.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2d14bf82ef15e64d7503eed437a43ad5f26d4f5bcac6745870c32f1ed77a8a6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
273
x-amz-request-id
QBC7V12NZ78KQ3QK
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"058524ab080d84460f7e7c6d2ecb4d89"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1659449374148
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 5d4199dbed922d7847172f5631f32dbc.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
e1cZxYRKfUgD2rKmkLGGtFZUzq.7EtsO
x-amz-cf-pop
IAD12-P2
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
144
alt-svc
h3=":443"; ma=86400
x-amz-id-2
JqWlzxaBD5sLjdAkdFmK1hql5U9NrW5dZp1n2BFFnfMLFhbRVqi8gVfaP4l1SoH7KUbMEa39nGU=
x-evy-trace-route-configuration
listener_https/all
x-request-id
1b2490a2-9cdc-439e-8ad0-530c8d03b4ae
last-modified
Tue, 02 Aug 2022 14:09:35 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dm6XGoG%2Bo5L2loiRH4QlAHakJ8hXrM0sDarf1c2tuaIHAs2bXWN%2F8D%2F9uPE4WYqeDWfBFjwFrmhj%2BJ736aHJ6NPhgoBCqRqTVjb6Wy%2B3ZADF%2F0H5t8HLpO%2BWqOLeTVVLBGvJy%2BqOXhlgy%2Fp4rw1YGbOL2w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-7hqzq
access-control-allow-credentials
false
cf-ray
7f2f93e5fad41e49-FRA
x-amz-cf-id
4IReVkVOLhsMQP_1O6Gk1Mnw5PUItz3KDpagfdoT2Bn0nldLhBUfIA==
module_80864563080_Sidebar_Blog_Favorite_Post_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80864563080/1670427753922/
581 B
1010 B
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/80864563080/1670427753922/module_80864563080_Sidebar_Blog_Favorite_Post_-_global.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cafcf576874435cca6e41394ae820ab1573b83f8b405d10d3ff8add93614c8fe
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
273
x-amz-request-id
BJV8WW2DKPH7Z3AZ
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
etag
W/"c2bccdea5694cead22c9370560abd5e0"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1670427753922
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 470d4277236d0557f3e42c6bfe9dac78.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
wr_YakpyxY_udxaEA70Z09_FgvspAnTj
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
jmBuLq6BQdKGsr9b0femdhBPNrQuzwsgVN02YtZT0Mh38hfcd4Ju37WLq63GpBuJ9Whx5O6BfUM=
last-modified
Wed, 07 Dec 2022 15:42:34 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cTjd1bC%2Bfr9uxxCcpQ8udDW0I7w9KbhXNyNCbwK1B3xTr0AdO2s98Sfc5hutIKXKN%2BesLbNZnrPZDpAt%2BxOvt%2F7BLfwTh1wa9DdO1Zc7vIVAnOe67jVhoTo1Ugbuo1sQBuzngegRPLXdQb3oGUtiQO0ptA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
false
cf-ray
7f2f93e5fad61e49-FRA
x-amz-cf-id
hXCjuUDQv_t30SVYJkqspA-k2z6e_pq6og2eCLpy3O1Yb1KTx6U32g==
module_114796045952_Sidebar_ConversingLabs_Latest_Post_Block_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/114796045952/1683726402031/
449 B
1 KB
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/114796045952/1683726402031/module_114796045952_Sidebar_ConversingLabs_Latest_Post_Block_-_global.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d6d019be5fdd6ed212ab83345278024e52cb55e59e5a577644a58f1c29ae316
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
273
x-amz-request-id
1ZWPRY4T8RG5FBX9
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"8518a5951d9ad4d2295f309cf6fca5e1"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1683726402031
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 90ac509e6263ee9fa7bb3f1ed1f46118.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
AQN4k9CjDjzeOb4WGe179iRQS2cuvN7I
x-amz-cf-pop
IAD55-P3
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
123
alt-svc
h3=":443"; ma=86400
x-amz-id-2
6K0VBtV/5SlAb1taN90asHPq5fzkTfPUeUwGYp3puajuy/55zsup7qAFUEik9P06pIXqOUgK3CU=
x-evy-trace-route-configuration
listener_https/all
x-request-id
776cbc17-31d8-444d-a4fa-8237b1225682
last-modified
Wed, 10 May 2023 13:46:43 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yqSw7yDDqbxLYR8M0OOy2JONjYGus0r8Hgj2LCrcRaJmZHmA3K2zD%2BoyqZWT5fWLcMA1VvEqP%2FKkMD5BYq2QfknI3EOufTPMlH2443J%2BfWjn9uKcLdn4UtmPWyKLskNGOguljzxID1S4g4Ibjxqh%2BputOA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-hlzsf
access-control-allow-credentials
false
cf-ray
7f2f93e5fada1e49-FRA
x-amz-cf-id
aCcoQlUlrPmuTAJpQvqlVfR-qxCZTPQFToO94h0EwgY4qOIQY1r2zg==
module_115016303498_Sidebar_ReversingGlass_Latest_Post_Block_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/115016303498/1683726382481/
449 B
1 KB
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/115016303498/1683726382481/module_115016303498_Sidebar_ReversingGlass_Latest_Post_Block_-_global.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d6d019be5fdd6ed212ab83345278024e52cb55e59e5a577644a58f1c29ae316
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
273
x-amz-request-id
0WSX39427J1AS112
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"8518a5951d9ad4d2295f309cf6fca5e1"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1683726382481
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 b64454e3c1123ac098282f1036154740.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
kE2bMXeYWn_ktJqXj7KUhR8Fu5cHi1x4
x-amz-cf-pop
IAD55-P3
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
135
alt-svc
h3=":443"; ma=86400
x-amz-id-2
PW5+eWD9+xuuphm0jZbqbs12I5xghMcILTCbUgQxi2xPmBxVBs2q5a6cC6+jJLZGKMXQe6Tng7s=
x-evy-trace-route-configuration
listener_https/all
x-request-id
bf630b5b-dfad-40fb-be66-6907bb0b9973
last-modified
Wed, 10 May 2023 13:46:23 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FdnJ3JvCoc6X4f6yKWPLma4vP5QSBQn7lynf5XnOd2exyCZap9OgOlegz6B9E8E9tFi76UnYUQfLaeNfN4NYiIMmwWX8TcHxFoCvCYoCSFjvi6o0%2BzVc8L6mzMVy0I%2Bor1jyjXf%2B4httho3aqTYcYeACVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-fwhk5
access-control-allow-credentials
false
cf-ray
7f2f93e5fadc1e49-FRA
x-amz-cf-id
uuvQbsRPHfQRoKUdPc9CdrHq4khVP5eIig2tHSi4wmDEv8XOJo5d4w==
module_115021731904_Sidebar_SPD_Latest_Post_Block_-_global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/115021731904/1683728917797/
449 B
1 KB
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/115021731904/1683728917797/module_115021731904_Sidebar_SPD_Latest_Post_Block_-_global.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d6d019be5fdd6ed212ab83345278024e52cb55e59e5a577644a58f1c29ae316
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
273
x-amz-request-id
FZ7AC83PSS98SKD7
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"8518a5951d9ad4d2295f309cf6fca5e1"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1683728917797
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 d4564d6809e10e731bfdfae814a717f8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
_NB7Ho2f9mjVTOSpgbcz46QGtgjcNPEf
x-amz-cf-pop
IAD55-P3
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
134
alt-svc
h3=":443"; ma=86400
x-amz-id-2
VFqhNEo69Eom5zdF27L0BoBqLcEsNE+6NT4gvpsJwKDcqBUCspDQOL27i0/xPUFMy1z6BIDvln4JjkfAEwvByH5rewwErVDf7pCBZOvWyt4=
x-evy-trace-route-configuration
listener_https/all
x-request-id
48b01650-ff18-4237-a242-538decc54d8d
last-modified
Wed, 10 May 2023 14:28:38 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BCuQPXWQlXDYXAvjaTyXPZ5F29ozxazgBC38lzMNNRfXZCUiUUoMsTghcQFBJqiPGNQw%2F9wYpWj8c3z4lPV7tTy8YNmWFqkmKOaA6o8jlzEacacxAWZhOtvlX03%2BdLgj5dw2q%2BT6TpQuiKXxGuy3hjuiUg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-7hqzq
access-control-allow-credentials
false
cf-ray
7f2f93e5fadf1e49-FRA
x-amz-cf-id
ML-o27nR3DM5iAcRNOXPn07RaCZMoZxnkpdGul3CDRqf1SxiLLfAxg==
footer-redesign-2019.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/10777459487/1628866681200/Redesign_june_2019/Coded_Files/CSS/Components/
1 KB
1 KB
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/10777459487/1628866681200/Redesign_june_2019/Coded_Files/CSS/Components/footer-redesign-2019.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
27215dede1579d37bcf4ab9ef8fc7d968bd02081c4e61d77837a9bb8f6ca9511
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 615f410a3a080a335933e9fa08c15260.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
3475
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-amz-request-id
13BPYR4ZD49HWNBG
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
x-amz-version-id
KkIg9v6XZx4VO697E4AlyOGL9YPPr5d0
content-encoding
br
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
alt-svc
h3=":443"; ma=86400
x-amz-id-2
l+7N9XEj50YDxDIG2RQfGMg46loAU0AxrPqMjMyBj2/MlSfF99sod29VueMDOynZ4oX+MNvtNQk=
last-modified
Fri, 13 Aug 2021 14:58:02 GMT
server
cloudflare
etag
W/"74345f5a0d3875bb7f758b06d4778849"
vary
Accept-Encoding
x-amz-meta-created-unix-time-millis
1628866681235
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kATwkBGWZEjevJ6UGJRiPE1AP2lbZMdt2DlOR6BdEB8KhuppSVqmD4NV0wizRFEGcWvbYqpX3h5aIpYLXzmXcujdu0jf7OvU7nQ%2Bc85wtsX64xo4GsuALVzxQZQBusHGF5TVYk7L0NX4bniVPVnI5ccA3g%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
7f2f93e5fae11e49-FRA
x-amz-cf-id
yeFhFqC1sRNzMPiReWpksZWr2r7Lr_3YWPXLSxuiT03iNvq4v2L0tw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
module_10782554896_Footer_-_Redesign_-_2019_-_Global.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/10782554896/1684325396009/
126 B
956 B
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/10782554896/1684325396009/module_10782554896_Footer_-_Redesign_-_2019_-_Global.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
04245f85425b7978fbfd092971444a755772b93d9fb41f4c58f388e520403afd
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
3475
x-amz-request-id
7X42C64NHK6DKKZ6
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
PENDING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"d5024537c90d258c2752af5a17a95367"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1684325396009
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 b77313059f3d50280ced20238b151620.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ojCcsa3Hbm8KsKBjYnw5U.TUyefQWjmM
x-amz-cf-pop
IAD12-P3
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
137
alt-svc
h3=":443"; ma=86400
x-amz-id-2
jViwf9FZMI3kLz81OlMSSEAWGIfG1h+N5HMjut2XqQyD4f6sd57vNh+/LOTvlzEnwFAGwQi7P7Q=
x-evy-trace-route-configuration
listener_https/all
x-request-id
1c219a50-149b-4e7e-ba61-da9af93808d0
last-modified
Wed, 17 May 2023 12:09:57 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n1scoSx9twE6jSI6H%2FcKxdD7q176fGty6MaRkteLYBCUUPGFqehvG0XZAhcbfE3JBDU%2FJm%2FCRHAZOLvwkewDUOVoJuPEA%2FNV5ZWXMO8Vo0OHDdDQrRCvT0R3mOzVks1WxQlztdcZS2jAVlaKPR5n2okS4g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-fhfns
access-control-allow-credentials
false
cf-ray
7f2f93e5fae21e49-FRA
x-amz-cf-id
Xs8vXP8hIaef8GUa2GMcOarXIxX2NnRBzGnlNEQRE3wajQwH5yQhMg==
Reversing_Labs_November2018-style.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/
143 KB
24 KB
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
61ce08dbad99d88826d7e7d374b628662137c7893a943d6a541cf4b0455c5067
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
273
x-amz-request-id
9BY06TDA00GEHJTS
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"3d0f457bdc611022c3f48f57eb877977"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1685359417818
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 6400936fc4525d1c60e3e8fee9d4806e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
AcrfIRW95QY88SeuDIXAFoVt.4x1ZQWb
x-amz-cf-pop
IAD12-P2
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
139
alt-svc
h3=":443"; ma=86400
x-amz-id-2
GkxM6CyUTGG0PBFgMJaDRztxsWFbJcPlZ0/7OioWm4zjLouo3IjGbhgJ83dkKDN715dWTz+6LH0HE9fsUUy+aoo105Uo0mmZotlTj0R0A+k=
x-evy-trace-route-configuration
listener_https/all
x-request-id
87030c20-b4df-4c9a-a844-9982d6c02ddf
last-modified
Mon, 29 May 2023 11:23:38 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9hAZf73vVtYN9r9xFgTAwpHzJ1XSXUMlynqhoKR3OyQyhzClCJIvqCkNE7faLv31nHKPz9mXzpe2QQx%2FOielhLu91w0gAxR2JzBQL77X3nGihVB0zMO2gRS7qm6sopiWDcv2wkwy77DF4o94BBrn6G%2F2%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-9xkdz
access-control-allow-credentials
false
cf-ray
7f2f93e5fae41e49-FRA
x-amz-cf-id
EfnvyHcxkM0r5MgmZNSmpahxHbS44buGtkHilNHaDyIqxvzzMKUqGQ==
v4.js
play.vidyard.com/embed/
70 KB
23 KB
Script
General
Full URL
https://play.vidyard.com/embed/v4.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.181 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
86bc7c25a3bf03fad86ce1733e1a562b1395d60635b29960b7b3f68aefa8bc7a
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-cache-hits
2
date
Mon, 07 Aug 2023 12:38:38 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31557600
age
384
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
23020
x-served-by
cache-fra-eddf8230091-FRA
x-china
0
last-modified
Mon, 19 Jun 2023 19:37:16 GMT
etag
"4e2f211a0d5f0f0e82bcf94c1f18d11d"
vary
X-China, accept-language, Accept-Encoding
content-type
application/javascript
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
expires
Thu, 01 Jan 1970 00:00:00 GMT
in.js
platform.linkedin.com/
510 KB
160 KB
Script
General
Full URL
https://platform.linkedin.com/in.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CE6) /
Resource Hash
6704b253ed39cb1e00173052347237e27bae3727ffc23ec7c4f563d156e1f6de
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn-client-ip-version
IPV6
x-cdn
ECST
age
162
x-cache
HIT
x-cdn-proto
HTTP2
content-length
163639
x-li-uuid
AAYCVHzVZjAzEE/krxb/og==
last-modified
Mon, 07 Aug 2023 12:35:55 GMT
server
ECAcc (frc/4CE6)
x-li-pop
prod-ltx1-x
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
x-li-fabric
prod-ltx1
cache-control
public, max-age=3600
x-li-proto
http/1.1
accept-ranges
bytes
expires
Mon, 7 Aug 2023 13:35:55 GMT
layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1691156845456/hubspot/hubspot_default/shared/responsive/
4 KB
2 KB
Stylesheet
General
Full URL
https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1691156845456/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d0c9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-encoding
br
age
255006
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
x-evy-trace-listener
listener_https
etag
W/"94daf62e7e6df83595c6251fb0c7c055"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1691156846066
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Mon, 07 Aug 2023 12:38:37 GMT
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
360d3742-4e44-4d59-b9be-9c67e2e8f82b
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
172
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
360d3742-4e44-4d59-b9be-9c67e2e8f82b
last-modified
Fri, 04 Aug 2023 13:47:27 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LRjmbMZaAwJw0eyka%2B1EfA3sSgzk%2Bh0aOjEKRd6hO%2BnmXDw3MOTQbXOtmVfCpQAVxKLfaJ29EEeMIqsRpl01ytoJFlPhgPw6Yl9WyW0FkBx52x8%2FHlS6MxXcxPT10%2B1csEEanNcxyIh5hR6MwBo%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-hml5r
cf-ray
7f2f93e60b5f30cc-FRA
RL-custom.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/5951651806/1659964887293/Reversinglabs_July2018_Theme/Coded_Files/
12 KB
4 KB
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/5951651806/1659964887293/Reversinglabs_July2018_Theme/Coded_Files/RL-custom.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a5f6ffeb8930092b29aef8860e2c8ebbe25dd2dcdf70ab4b6b137c4b4592f70
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
3475
x-amz-request-id
GYFX9S0VJ2F7DK27
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
etag
W/"87c5bc53e5805378faf6e71727ae7d28"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1659964888595
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 7afe17509cf46af31fd4ba3c3d932fa6.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
rddr3nP1mNXXwP_ajL22vN12Zg.dfVCT
x-amz-cf-pop
IAD89-P1
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
4BtpIFyAF9kJ1DUx4TalGP5f0s8rbwYV464lijj9qfuclNNPNl6/zTGf8jpX/6vvuutAg1dtXWQ=
last-modified
Mon, 08 Aug 2022 13:21:29 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DHw3ZITKDoJq%2BVXaM5h%2FZNOT%2FcfEb%2BYGjJ1xjwkCyjpEywtuJzEJUkN9M0wYDfGsLkXa3pLaritCuly3dSJXZGmSzBvzFeNNmdczNTmM6wcpBLaZ0TBEmUx0jaw1%2B3RSDD2YHOBRH3dr0SQliLeOH9nEEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
false
cf-ray
7f2f93e5fae61e49-FRA
x-amz-cf-id
4PDOm1OFIjEyHFtgWcj1txxPBlIpztijXEtaNgw5Yt7EqH_06aH47Q==
site-redesign-june-2019.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/10528761402/1689162268961/Redesign_june_2019/Coded_Files/CSS/Modules/
11 KB
3 KB
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/10528761402/1689162268961/Redesign_june_2019/Coded_Files/CSS/Modules/site-redesign-june-2019.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c889e86e6c42fc475d139233bc09a8fe599673cfeebe015bd3083cd1ea994e93
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
3475
x-amz-request-id
C67VNPFCGTB66AF7
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"a6b54e2468e63ef91aa2333794289d8a"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1689162269645
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 99baebf4b5bb631267dcfa82456151cc.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
cM9nJ1gR34B3YQ2cLQTyj7pejlMLYf.6
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
1474e339-698f-4678-ac49-46d176a69129
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
117
alt-svc
h3=":443"; ma=86400
x-amz-id-2
X7RU/r2YFdcytCOlgM3h5/PV30HyOohS2Xaa5t4y75gPm8QMm1r2rhFCkhlXSZA0DcGrag1V4Rt9F5pg0FstSq+Yz90fCNIJHulrHuua1/Q=
x-evy-trace-route-configuration
listener_https/all
x-request-id
1474e339-698f-4678-ac49-46d176a69129
last-modified
Wed, 12 Jul 2023 11:44:30 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hOr1Bq2nWGP9SQIN%2BVOuk8NmriSIOA7ysyuNI3%2FiU82XDeL%2BNp5T1%2BNlXMkNmxfIXovxqq5wzBH1K8F%2BqtEykkqj9Qc9YkE0KoB2xOBXNUHeSOzULwSOF4PdHS7%2BscUYbrY%2FkOEgo6MfuXKqLJMVXxruIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-fhfns
access-control-allow-credentials
false
cf-ray
7f2f93e5fae91e49-FRA
x-amz-cf-id
V1blr6uorwDl5n385W2TrhgZrQ1kZSwtT96BG6jm5T3ARQRqDRqRzw==
blog.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/23712622487/1628866682579/Coded_files/Modules/
3 KB
2 KB
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/23712622487/1628866682579/Coded_files/Modules/blog.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a612c9ad7bdfdfeb71ed257ea676a5bca9db5694ee8a0f0c1f8a96330429ea3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 68fbda872a4e92e0774a97bdd960d43a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
273
x-amz-cf-pop
IAD55-P1
x-amz-server-side-encryption
AES256
x-amz-request-id
PVBQ3EHJNVZ3DH5B
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
x-amz-version-id
Mz.2Pn4CEDs4ZaIeZ_NrZ0_ijfcT5uxW
content-encoding
br
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
alt-svc
h3=":443"; ma=86400
x-amz-id-2
AdFAJyDDt47mtRTm+i+5mhvXqYtw9R4oSCKHdYAWd98hoxhiv0ezOVUN1dsAJIxIAcj89A31sb0=
last-modified
Fri, 13 Aug 2021 14:58:03 GMT
server
cloudflare
etag
W/"86cceae70fe2cace0184968b3abea7a2"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1628866682656
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PyrJxmfQ8yAOxbduw9V09nMdALaejmf8EA9oQa%2BUGscIAZNcOcNrhF8aneHBV5ChASAOen4qfB9dcu5rjZeW2v1Kzl5mPwzhXekDyfBi1BEWnzFvWZYkn5QkSuQabs1w%2FtEFQGi3U%2BwVWgm4cM3mznVWrg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
7f2f93e5faeb1e49-FRA
x-amz-cf-id
ndNi6dzlnwd484cxdvYO2SvfsrFDtE_lpva3vv_rbCYqMwWHz0nWIQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
conversing.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/70521421874/1671120024586/Redesign_june_2019/Coded_Files/CSS/Modules/
2 KB
2 KB
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/70521421874/1671120024586/Redesign_june_2019/Coded_Files/CSS/Modules/conversing.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc2fab7ad17829305a9146a6a0db45bf46dba8b104548a2777c5583c0aff059d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
273
x-amz-request-id
ZNJBP63G4HZA6SNR
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"03194bf820a8d747a9c4e33f60a3d8a6"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1671120025512
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 3042bd56e0ca0a7910df89f6b5e95e9e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ezK3yCXod3kovn6QNb0kvlsgyxcpZGDT
x-amz-cf-pop
IAD12-P3
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
200
alt-svc
h3=":443"; ma=86400
x-amz-id-2
+Zzz88AR6TnPmkGnh8P2BiBvu2MeC2Or4HF7xPgOdz7TJLET9nGRqLgrHOD3nvxBIjDLmtB415Y=
x-evy-trace-route-configuration
listener_https/all
x-request-id
b9fb29b1-b2d7-4900-bf46-651073bbc2db
last-modified
Thu, 15 Dec 2022 16:00:26 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vx3tUNRbhGT9BdJFVEyWmYhtvZgP8OYA3MTcPUxAWHoB1PBQAcIKaG0Pzb%2Bmy%2FzbgwrU0BKEsS4Nh4%2FrmAQqPDTrnrZSTzjgtKOczLHut%2FZ9O5cqTBJZkURNaSG4geYVSVMULFOZZ7iJSUpGRmJR4mp3Qg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-hlzsf
access-control-allow-credentials
false
cf-ray
7f2f93e5faef1e49-FRA
x-amz-cf-id
lBf9ld_lYAdRxP-NnQ-OStGk8HCPEYRAudBi1GxstWP-MAyhELexcg==
simplelightbox.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6021532803/1569840493756/Reversinglabs_July2018_Theme/Coded_Files/
5 KB
2 KB
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6021532803/1569840493756/Reversinglabs_July2018_Theme/Coded_Files/simplelightbox.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c44bc92eb78d7b1596789095812e8c24f5c3f9b4835318cf329204d1efc37abb
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 cea67f5ca1b497624430e599aa6b7c62.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
1570
x-amz-cf-pop
IAD89-P1
x-amz-request-id
WPZ5SBN1S7NMVMA1
content-encoding
br
x-cache
Miss from cloudfront
x-amz-version-id
Y9o3twj1TmNPLtARM7I8GKUA.atzxWnP
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
alt-svc
h3=":443"; ma=86400
x-amz-id-2
kQyRDAImdosMo8wT8pgKTpv7tWbjbnIkXjGbn4j9nsZUhG0EF/sM/OJZstvG9qmgqxLzf3lLMBE=
last-modified
Mon, 30 Sep 2019 10:48:14 GMT
server
cloudflare
etag
W/"9c259f55b65931c5838c0f7cd5f58f93"
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aCXhEoVx8jlgzcx6qprbzK2Ujh%2B11da18kMrMJGjMT%2Fnd7rwuW5rJhcZoJy0ItNDA4VYUeCY7TOGHGGkmHNozYfS1oaWSSb356wcZ%2BpiZB8CdAjt2C0GG72KT4kn524ndL6yDCxML2zylHx3hMt%2BYZVugw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
7f2f93e5faf11e49-FRA
x-amz-cf-id
uo8Gv5YQe4kY1BmDhHk-1_ZCQKnflPaEaQ6XLBDp_kRV3VECkDNowg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
tag-list.min.css
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11708570900/1657723424898/Modules/Tag_list_-_inline/
834 B
1 KB
Stylesheet
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11708570900/1657723424898/Modules/Tag_list_-_inline/tag-list.min.css
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f631dc190b0572010591fe489a4d434db77ce0ff6156e9e7e9aa745156c095c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
273
x-amz-request-id
S1VHDE6JGXN3JXYD
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"d0f8005c0d02f9ea2078b355ed1700b3"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1657723425746
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
R3vEp_hu.nAXB21yRaHK818uFUl.x7KV
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
157
alt-svc
h3=":443"; ma=86400
x-amz-id-2
3Dq1Y2qMlgqiNtUVPL+65uXwWaBj4LnCuua8ormEk2DaBBMdFN+obyTt20r73uGpQFRUYJGrsRY=
x-evy-trace-route-configuration
listener_https/all
x-request-id
f8d8f1d4-6106-4e26-8d1d-8cf2eb3e6bce
last-modified
Wed, 13 Jul 2022 14:43:46 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ikkW12a0LWNrn9Izc16kkEqzKdBzSpwYaT6l5sLkoqvu3rRjSCPB1kbDaanIaEmG0KWfREGNKQNSlA%2BWI45uWE3B4v8urecxYvibZPwEomgKE7bBum%2BGAFWRQufDGdBA7hrYioi%2Fms40ZU3hW84PWkB1zQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-r4k2f
access-control-allow-credentials
false
cf-ray
7f2f93e5faf21e49-FRA
x-amz-cf-id
lSdYvW3dlZslQ1RUVCGop2NeeS-V9ctOnZ0quVdT00UmrYvjZqb1vQ==
rl-com-logo.svg
www.reversinglabs.com/hubfs/Reversing_Labs_November%202018/Images/
3 KB
2 KB
Image
General
Full URL
https://www.reversinglabs.com/hubfs/Reversing_Labs_November%202018/Images/rl-com-logo.svg
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ed697a94ae987ec690170223f411112068b61caf8678788cb4c37347249fd00
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 7a788183b525e282cda9d52b8c9a05fc.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-6517800726,FD-6517800709,P-3375217,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
253299
x-amz-cf-pop
ATH50-C1
x-amz-request-id
0BSKF5ZSPRCYGDV3
content-encoding
br
edge-cache-tag
F-6517800726,FD-6517800709,P-3375217,FLS-ALL
cache-tag
F-6517800726,FD-6517800709,P-3375217,FLS-ALL
x-amz-version-id
BUsncvg3SahbgModZfK7dQUIXXLSPFen
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
alt-svc
h3=":443"; ma=86400
x-amz-id-2
CjS0KvRN4W9HA56VkwCGrKFtUwYEPqC3QxC4qhNjTuMp42sCFhut3wREWPKKpfjJaoPO9EwAZGTIj9MVmSRjKA==
last-modified
Wed, 14 Nov 2018 07:33:54 GMT
server
cloudflare
etag
W/"86ace497147ac2cd02198f3cde44219e"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dBVngariu8O9T%2FgWDqjMhJi%2BNKjhxlmNZK11CK4pIKD1VbKhQihhGWsfIwxo531fJyGPkv0mguAjrgqcFqeZ1X8sf%2FMpgYygg4doI2hzRBhyxjn6ZvIlQdRVtyeYKJiIFHYIg%2B6qsmqauYbEOG1T%2FietNw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray
7f2f93e78c712c6a-FRA
x-amz-cf-id
3u1hcZsSs9ZYKmdN2lUqtcAu8bqcZlfEr3OopO-EObaLvJ_1G9W1oQ==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
karlo_zanki.jpg
www.reversinglabs.com/hubfs/Imported_Blog_Media/authors/
18 KB
19 KB
Image
General
Full URL
https://www.reversinglabs.com/hubfs/Imported_Blog_Media/authors/karlo_zanki.jpg
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
262c51d03e4bdb5c91511e2df131b608a522b7a96c6a89048ceb90084b3402dc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-24367560330,FD-8444884887,P-3375217,FLS-ALL
age
256
x-amz-request-id
PKHM0R0GVMP9YQDR
edge-cache-tag
F-24367560330,FD-8444884887,P-3375217,FLS-ALL
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
cf-bgj
imgq:85,h2pri
etag
"c40419dee622f0738b5c1f8a5152db50"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/jpeg
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 2b0fb614bbb9725d108c7b6cf26875c6.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
lfcykLsw0R1YXz10xZ03n4UPI8BPc.OS
x-amz-cf-pop
CDG53-C1
cf-polished
degrade=85, origSize=90381, status=webp_bigger
x-cache
Miss from cloudfront
cache-tag
F-24367560330,FD-8444884887,P-3375217,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
18276
x-amz-id-2
9N3OUkcv4aYVfarYCVnGjMBGSr6sgASDEmr0Kg7yK7QzFt/2NMauc5C6rnPq4ZfG+zQ8v6yWZQ4=
last-modified
Tue, 14 Jan 2020 16:45:17 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U62DLMZ%2F2YpDWg%2Fkv07sX69Yk4gc4fv615%2BbWTyPbbbph115pIbW7ztglDUGtGTlBAsCiFutm0wgrwVCAmkyT16XguFo5wYoQFNioq7wMER018Fm2ntDJGeU4GQXI72Nc30lETX6KJ2LlfHBjhhp87wJPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7f2f93e78c742c6a-FRA
x-amz-cf-id
KAfqI1ukFq089WAI1FCWrtw-e9XPzNNCZl--8dpX2sHMv_oDQaetJA==
vmconnect-blog-figure1-behaviors.png
www.reversinglabs.com/hs-fs/hubfs/Blog/
52 KB
53 KB
Image
General
Full URL
https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure1-behaviors.png?width=1455&name=vmconnect-blog-figure1-behaviors.png
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cebbc0e23f1d58a574eab9a677d14629b3aa59a6fbfb0133feb3e03f0e43f754
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 b59465a36dda3b4ec573f7a87861306c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-128372092758,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
53054
cf-resized
internal=ok/m q=0 n=696+0 c=1+25 v=2023.7.3 l=53054
last-modified
Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cfufej3QaZimVEgmG-b-ZxJre5GKd00Nl93VqLII45DQ:a0a8e391d1e908289a78165d747c52a3"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zk02VGmTEK1mSJrf5RlHgiPCLh3LptQaF6bV9N0%2FmgPCj%2FDCRKTlf3iLI%2F9h3kROWH0Is3SAIQzefcsSRsptp13eXtFiwI8%2FmRFEY6mqbFnUpOZsw8fW657BG%2BYoHC4ZsyQPPeyOuu0M7XitxaY%2BEhyo6g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e78c762c6a-FRA
vmconnect-blog-figure2-init.png
www.reversinglabs.com/hs-fs/hubfs/Blog/
22 KB
23 KB
Image
General
Full URL
https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure2-init.png?width=1455&name=vmconnect-blog-figure2-init.png
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b452e67d0f273f9147920b2ec0783838b1ee33727eb9c6fae0a7cff22bf0ac85
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 ade5b31bd02630f0b5fc77309a9d7038.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-128372335896,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
22832
cf-resized
internal=ok/m q=0 n=704+139 c=0+0 v=2023.7.3 l=22832
last-modified
Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cfFt2DVxVAwJfmRRxOIQy60dx2GKd00Nl93VqLII45DQ:7da2d727a22e07f170b074d37a6a926e"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BlehMVfOkCcvcRg3nZ8muk5Wj5e0coE5lL%2Bxa%2BrVw%2BVaHl%2BJdlBw8SJdYfhtHmeIycgxTOvOmTlCjFdn9qkSRgibshNIGfNHgfiByfdtOOXEnhmhqigeOOsgP8FgQqNFLVsMAgeFbmZLHkA8d9GaB6S92A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e78c782c6a-FRA
vmconnect-blog-figure4-loop.png
www.reversinglabs.com/hs-fs/hubfs/Blog/
17 KB
18 KB
Image
General
Full URL
https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure4-loop.png?width=1455&name=vmconnect-blog-figure4-loop.png
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddb82c84e1cb4f9ed0e23ada938029f0ac7a79f8a8215eee7bd5177726c02c32
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 76d5d69c7419d6e5ee08d1a87f9d8316.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-128374422914,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
17238
cf-resized
internal=ok/m q=0 n=760+77 c=0+0 v=2023.7.3 l=17238
last-modified
Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cf_SALb2FHaXCWedM222ZRwjYzGKd00Nl93VqLII45DQ:9d3990287e545845bf5381744ab07eff"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qxFwZd%2FoAPmQpZAuxVcjXWH7NpWYngP659LGsZJRawFVAPrhP%2BBfI55YCBS6txC9%2BwqpiIw%2FThx16ueJa%2B9bfmfBGLkr1GnEg8jhdfAq%2FvPIao4YqzQMGJpFoddKwBkIYfD3vIR2TxrkI3d9amwOb97fIA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e78c7b2c6a-FRA
vmconnect-blog-figure5-PyPI_author.png
www.reversinglabs.com/hs-fs/hubfs/Blog/
41 KB
42 KB
Image
General
Full URL
https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure5-PyPI_author.png?width=1455&name=vmconnect-blog-figure5-PyPI_author.png
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
68858bf90cb3efb40b74dc096a0c14d3d7d8df522e30067cbee82f0640af2bab
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 7c75723adf667c2274cb64e1ba92db6c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-128341467472,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
42454
cf-resized
internal=ok/m q=0 n=896+0 c=2+153 v=2023.7.3 l=42454
last-modified
Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cf4eAidWT4Kfyr0376G4LYBTEkGKd00Nl93VqLII45DQ:dfca138c459dd0bde26f427b54882fb0"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pNyUNllWKgJ%2BA0VuSurGY2gOhYXkLNMqV%2B6CAlgOcTflPos3flJDM%2Fv9Mmg0Vn9QqXyb6DbeRfeXHCEfp0Mh4UbmrTvQAiL7iYN2yWi1SV9Cq7%2BeiB0AIirZjAxNJKi4av3rLGooazkqsa4N44NJel4ilQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e78c7e2c6a-FRA
vmconnect-blog-figure6-PyPI_project.png
www.reversinglabs.com/hs-fs/hubfs/Blog/
186 KB
186 KB
Image
General
Full URL
https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure6-PyPI_project.png?width=1455&name=vmconnect-blog-figure6-PyPI_project.png
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cc3652de6720e88bb9378b09d34a2e807d1706b7a59a2d29903a68fa481759d5
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 b09c8a20b29053a362f3c1085a0f8990.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-128374414403,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
189956
cf-resized
internal=ok/m q=0 n=960+201 c=0+0 v=2023.7.3 l=189956
last-modified
Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cfFfRcqUYlcTr9pFJWgfYd3pdbGKd00Nl93VqLII45DQ:1cfbe751e2673baa5ce60b4c41060984"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c5yV2R3lPXVYW7DdeiVIhTfUVuIAHV7apw7rWmOFGg%2FXwDZP%2BpCCN3olNx1GJjbdUcZZ9HKF1U7zuaQ0K55UcIensTXWvT2cHufkAIUzK%2BWz8%2By6TWmUuwJYL9VjeKzjI6AuruApWqNjDx4jx8Ct6ciLTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e78c822c6a-FRA
vmconnect-blog-figure7-husky_github.png
www.reversinglabs.com/hs-fs/hubfs/Blog/
40 KB
41 KB
Image
General
Full URL
https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure7-husky_github.png?width=1455&name=vmconnect-blog-figure7-husky_github.png
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0f80d27eb235c529b6f87057ab7763ab82f8eb2396e8d40df573eb80e5364ec
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 62c57d3992f5571b9941423fe3037e08.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-128372092759,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
40814
cf-resized
internal=ok/m q=0 n=906+0 c=5+134 v=2023.7.3 l=40814
last-modified
Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cf6mRjUQKEMCNe1MHl4G6669OlGKd00Nl93VqLII45DQ:65453383a0255d7d93786baa4e8ea55e"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nvl2iZ4%2Foms9y%2FlNbOMBxmahltW595D4wbWrgeB5jEy5k%2B4T73xjNTWkm3XrBEzHdapfwH65E9BNmk6TVcx7XWB1ltFzK8Z6MrdWH1dOgxlPVBhWuiMVD4DvNPDavzw44MC%2FLhfmjA7VvAd6cwy6vSmlpA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e78c852c6a-FRA
vmconnect-blog-figure8-init_gihub.png
www.reversinglabs.com/hs-fs/hubfs/Blog/
21 KB
21 KB
Image
General
Full URL
https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure8-init_gihub.png?width=1455&name=vmconnect-blog-figure8-init_gihub.png
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4fe6def01e693b4ff7f8a5baa5663c2b2eb7a228d7eb28ca379d255b640df211
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 a8f403e7a1e295eca645452cd239f186.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-128373652739,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
21010
cf-resized
internal=ok/m q=0 n=892+552 c=0+0 v=2023.7.3 l=21010
last-modified
Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cfs-ifkdVbVAVeuQWW3EQdNzUMGKd00Nl93VqLII45DQ:cbfb25e399f643ee0577249514d1bb1a"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sYEcxxHKM0YakH4937%2BmvAis8CWekeTdpz4L7KWfw3FTuD7N%2BovbaqMLuOrdj2obr3pkSzflQXiasTTIJ5QF3JWT3Wk3BrLVk0rahJ%2Bu4hEreBo8qBxXI1to7dfgv9gwakE97w282GxM3IsBwknv0vFqjA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e78c872c6a-FRA
vmconnect-blog-figure9-VMConnect.png
www.reversinglabs.com/hs-fs/hubfs/Blog/
161 KB
162 KB
Image
General
Full URL
https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure9-VMConnect.png?width=1455&name=vmconnect-blog-figure9-VMConnect.png
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d09af97ee06f58b7c0e071433e4f08dcfc244e3786639a601e31d3227418473a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 070b0d2884a220757828cffa8af8afd4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-128372335897,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
165108
cf-resized
internal=ok/m q=0 n=736+139 c=0+0 v=2023.7.3 l=165108
last-modified
Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cfDtEuFLyHnqiI5u-mEeIjwAyrGKd00Nl93VqLII45DQ:b7c5d069ae16571551aedfc140d1cd44"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6NWMP4qbNsmT4bt%2B8QDd4jNkcOeoQ%2BimkQFDN7ayNuAam%2BjkLdT39W5zxyhtUEYbtTnOPPvil5xvDGBhizztCmRMXiRZbJi9iFA5REU3xKCokHBmRcphfTkTtoWy0flqQyilJj5iVrClhreCCCqoUfmGXg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e78c892c6a-FRA
vmconnect-blog-figure10-vconnector.png
www.reversinglabs.com/hs-fs/hubfs/Blog/
169 KB
170 KB
Image
General
Full URL
https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure10-vconnector.png?width=1455&name=vmconnect-blog-figure10-vconnector.png
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e600901c3822e2410c8113d763d1f8babb08aab7d06aa1c861be265408cdf649
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 3e0d912790c2cd730e222487cbb10f98.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-128371840411,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
173076
cf-resized
internal=ok/h q=0 n=14+156 c=0+0 v=2023.7.3 l=173076
last-modified
Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cftFp7EBIUJYCcv0x9uuWvalXcGKd00Nl93VqLII45DQ:a3fd118096a03f915ee02d3e659ce71b"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IqFMwqroPS2Vue1vWq1dVqBijmqIL0IY2OgLmzDEK93De5e223kA5iYWKfmgJ5Tik4IJVUOCFK0Dtzos13alNppaGrYpkfiLaQOuySjfv%2BqAd8PcLk%2Fmn9C6z0WRarsF2vz%2B8I3hjzTQjiVrOWCYZccacg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e78c8b2c6a-FRA
must-see-sessions-black-hat-2023.jpg
3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/
38 KB
38 KB
Image
General
Full URL
https://3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/must-see-sessions-black-hat-2023.jpg?width=480&name=must-see-sessions-black-hat-2023.jpg
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7426c1c0d2289ccde69718bb10ae44a1a6602702194410999afb700e1e580d94
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
via
1.1 5c91d033409cd7607633594f94b09064.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag
F-128445232020,P-3375217,FLS-ALL
content-length
38412
cf-resized
internal=ok/m q=0 n=188+0 c=11+33 v=2023.7.3 l=38412
last-modified
Fri, 04 Aug 2023 17:26:35 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cfYumcyN5h7tB9G9kNrISFMtgNzQG3Dz_JuxJXtzypDQ:c2dafc0f4f9381d2204a0799a5f235ec"
vary
Accept, Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e7bb5a2bc7-FRA
Join-us-at-Bsides%2c-Black-Hat%2c-Def-on.png
3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/
21 KB
21 KB
Image
General
Full URL
https://3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/Join-us-at-Bsides%2c-Black-Hat%2c-Def-on.png?width=480&name=Join-us-at-Bsides%2c-Black-Hat%2c-Def-on.png
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
867e2af897e43a15b5cb0cbf905ba563964426f8707d602891643fe039aa2566
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
via
1.1 776fbf9a4fc4b393f157f9f75dd29a06.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag
F-125626784020,P-3375217,FLS-ALL
content-length
21380
cf-resized
internal=ok/m q=0 n=350+0 c=6+33 v=2023.7.3 l=21380
last-modified
Thu, 20 Jul 2023 15:32:15 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cfKQAtJ6vhYxPAvRVg0GlPAx7QzQG3Dz_JuxJXtzypDQ:b0ec1614a8085e5cb245b7a0f678054a"
vary
Accept, Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e7bb5c2bc7-FRA
air-gap-remote-access-kaspersky.jpg
3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/
44 KB
45 KB
Image
General
Full URL
https://3375217.fs1.hubspotusercontent-na1.net/hub/3375217/hubfs/air-gap-remote-access-kaspersky.jpg?width=480&name=air-gap-remote-access-kaspersky.jpg
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29d170b4f372603eff8bafec8eedd2dc57712f5e38b276f31c4a5295eeeb9de3
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
via
1.1 afd822e99baebd9321fa9aa8f9350e78.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag
F-128135521287,P-3375217,FLS-ALL
content-length
45536
cf-resized
internal=ok/m q=0 n=210+0 c=11+34 v=2023.7.3 l=45536
last-modified
Thu, 03 Aug 2023 12:49:14 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cfKtefQyCYdAtrcIkKJuwm6qaCzQG3Dz_JuxJXtzypDQ:24f11135095e0a03c427cb44e068bda0"
vary
Accept, Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e7bb5e2bc7-FRA
tag.svg
www.reversinglabs.com/hubfs/
946 B
2 KB
Image
General
Full URL
https://www.reversinglabs.com/hubfs/tag.svg
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8dc97419c862f91c4279fb9e2d9a0b7b9b63982ae1d3700a351ea1950c46f564
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-79211394341,P-3375217,FLS-ALL
age
256
x-amz-request-id
E01Y81VPVHD41TD5
x-amz-server-side-encryption
AES256
edge-cache-tag
F-79211394341,P-3375217,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
etag
W/"27594f47645e4d58406fd3cf3d07e0a2"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1657811796583
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
aRYhGFr8YswkXmWbJnGhRE6TAiUwxgKw
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-79211394341,P-3375217,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
W9fWfkyXzVhcsgKPhrOLob4TsO7RFDVainp6spzW/jPNDFITJ0LGEA+GYiP6PyrifYZHYa2mfx8=
last-modified
Thu, 14 Jul 2022 15:16:37 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8h%2FR7yraf1x7VLp78Jq%2FJmvvw1u7qI%2FGSMit1P1EucwjlGNHxxmHI%2Bh8Ft2%2FeR6MvswHjCaQnjpuKfh1Y9I0rOTBm0iNW%2BxS83UC2XgTud3Nr78XdX2PqR%2FGv6wJUU8cYv9JHJ7kyP3PwwzjUhCXcEySRw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
7f2f93e78c8d2c6a-FRA
x-amz-cf-id
ARoyVi_iZh_qPK_iyRH4nsUAmGue5Vhk9LnsNw5jgBRVRcmWsLHh7A==
puzzle.png
www.reversinglabs.com/hs-fs/hubfs/images/
190 B
1006 B
Image
General
Full URL
https://www.reversinglabs.com/hs-fs/hubfs/images/puzzle.png?width=24&name=puzzle.png
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ba44383bc980179d0772e2785fdb088c71034b7c54607e739bc56c0e1002250
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 1977dea801f0741d1661725223f1ca34.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-80971515058,FD-41794900664,P-3375217,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
190
cf-resized
internal=ok/m q=0 n=490+0 c=0+0 v=2023.7.3 l=190
last-modified
Wed, 03 Aug 2022 11:16:38 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cfTEUp8Ew9ax83YU-aC7YLXg9u1csUNuQbJ8Ycnj_pDQ:e388a2e47cf27a736b1d0bbd369fa3d1"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8lSwSZfGwa0bk8b7SlftvPV4u9Q1T4tR1FThkb9zRJcy2JJ1GgCghXfvar8g%2BLI4Qjv0OoxAaUjD9xEFFBldaVcMKvgH%2BDgczflX3hhw%2BAEZjuyj7Dn3QPF2hGGewJzRDl2wNKtMkT5uUdYg21FPnVOE%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e78c8f2c6a-FRA
tag-dev-devsec-ops.png
www.reversinglabs.com/hs-fs/hubfs/images/
170 B
987 B
Image
General
Full URL
https://www.reversinglabs.com/hs-fs/hubfs/images/tag-dev-devsec-ops.png?width=24&name=tag-dev-devsec-ops.png
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
94e9a5e460eda83b3532d27cbb92a176ac95f1429ae89f9164d47a29d3370ee2
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 5cf1e5a040860c85477a2471f3114b6a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-85478930439,FD-41794900664,P-3375217,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
170
cf-resized
internal=ok/m q=0 n=730+0 c=0+0 v=2023.7.3 l=170
last-modified
Tue, 20 Sep 2022 12:31:04 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cfv7c03z3Ffq_nGeIA5yKSc4mh1csUNuQbJ8Ycnj_pDQ:9183b185622ef93c463aaa428f1f5ec1"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1MeR6%2BR%2F5eg25tF8IJUqRmVlUPNaeUAIP0ExwyDb1cehC%2BIrknr%2FRWmeCl%2BisDtvplGuU2L0HfI1MLmfodpxcBy8FAx3QXh5IFg12YsSCiGaEa9uvMha6r6%2FoEm2%2BgZ8ePBf0bZKhxfiOsn3QXEaDyb7RQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e78c912c6a-FRA
ico-threat-research.png
www.reversinglabs.com/hs-fs/hubfs/images/
292 B
1 KB
Image
General
Full URL
https://www.reversinglabs.com/hs-fs/hubfs/images/ico-threat-research.png?width=24&name=ico-threat-research.png
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b1ecc91aa14b48acb2f7655cc2f4285d7839ab8d239982d4473b02917cd55db
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 4b37353de520ea1ab6c2182115335218.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-80135253149,FD-41794900664,P-3375217,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
292
cf-resized
internal=ok/m q=0 n=922+0 c=0+0 v=2023.7.3 l=292
last-modified
Mon, 25 Jul 2022 15:07:22 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cfUSLvJ4c4Cy57IRZiA1hwxqgf1csUNuQbJ8Ycnj_pDQ:e7151140ece53d72171148a7324d4b11"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2V2CUVP6qW8t0UOL6rvnLFYzDHyeEVjZ2YZKMj9KaNFA7aAgQshJTyGcD%2FapgNIZ1C9J9jqRmWSVfmQM%2FCWMORKKjiThJtzBR7Da%2FBMyMJsOMP5JxfelBCnKUNNSg60t2NWLXk7foOBmR8IvZldkUSGpvw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e78c932c6a-FRA
alarm.png
www.reversinglabs.com/hs-fs/hubfs/images/
224 B
1 KB
Image
General
Full URL
https://www.reversinglabs.com/hs-fs/hubfs/images/alarm.png?width=24&name=alarm.png
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
be806513bf84af0e310b27e6d4c7eaa56119e06690c7b0bc50d728b7e82b3c9f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 099a327961f82798658bf21aa210d4a0.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-80978517010,FD-41794900664,P-3375217,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
224
cf-resized
internal=ok/m q=0 n=615+0 c=0+0 v=2023.7.3 l=224
last-modified
Wed, 03 Aug 2022 11:17:23 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cf8LPChb5JPnuX8S6grriML_Pq1csUNuQbJ8Ycnj_pDQ:e129885aca10039ee2de1413175bc2d5"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FRrvcLTwvAsEYYgt%2B9M8NGSqf0EfdaBeSBOeGVHIY67H%2BlpDDg6cypgQIrPbkqia%2FnnanEL5bo%2Fqk3UzcEbUIze05dMjxFvBuuvgy60sz4gFDG7qts61WiD12amqLNqZr5AMMaKsiO1haSEoTgFkbrH4%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e78c952c6a-FRA
terminal.png
www.reversinglabs.com/hs-fs/hubfs/images/
198 B
1020 B
Image
General
Full URL
https://www.reversinglabs.com/hs-fs/hubfs/images/terminal.png?width=24&name=terminal.png
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4bc7148ba69c82eccc86c4a9b90d4cf456d9129c9503ad143c8005735f3fb8ba
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-80972444337,FD-41794900664,P-3375217,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
198
cf-resized
internal=ok/m q=0 n=564+0 c=0+0 v=2023.7.3 l=198
last-modified
Wed, 03 Aug 2022 11:18:30 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cf6bMIImIWOdGtWqvTkruXE1Mt1csUNuQbJ8Ycnj_pDQ:df29f53ad31749ce8ebed7c59dfda5a3"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zzulVRVSa3%2BFE1fw9N3GN8E7oQm746zzLRzmGscNEWgABtC6qsUNDVGK%2BAOM%2BzU6%2BzNS5Bv0ydGExtCfkOR67hO4OHvEbTcYjaiEmWNYjJtWigGV9dXeJTOp3VIsWwEsbeNjORBVI3974pD5U8%2BSpqSSLw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e78c962c6a-FRA
calendar-three.png
www.reversinglabs.com/hs-fs/hubfs/images/
222 B
1 KB
Image
General
Full URL
https://www.reversinglabs.com/hs-fs/hubfs/images/calendar-three.png?width=24&name=calendar-three.png
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
09d01a00c23781420e6623249a514a995ea7dd8417159f308ca5391078243928
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 ebc2f999559db1a05f6ebf1e799bb574.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-80978517087,FD-41794900664,P-3375217,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
222
cf-resized
internal=ok/m q=0 n=719+0 c=0+0 v=2023.7.3 l=222
last-modified
Wed, 03 Aug 2022 11:19:08 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cfSCUVVewrbUrCezSPDCvLRaq61csUNuQbJ8Ycnj_pDQ:18503effdeb9c9bf3130e4d9c19e5f39"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tNHCrZITtda%2BRCJlcBljZ8We5oVNxzkI3gfDZRBm5vlVxPi7QqdZCOprw6CQ8NOBcsPXpq292zmCJoXcrd66kZ%2Bq0CDfQO%2FL5i3%2FQpvKohK%2BTrOZkXfWvQxVuiDDlt4Q8JOVn86QK7gQ4TV%2Fi%2FXnKatv0A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e78c972c6a-FRA
ConversingLabs-S4E10-Creating-the-Standard-for-Supply-Chain-Risk.jpg
www.reversinglabs.com/hubfs/ConversingLabs/
126 KB
128 KB
Image
General
Full URL
https://www.reversinglabs.com/hubfs/ConversingLabs/ConversingLabs-S4E10-Creating-the-Standard-for-Supply-Chain-Risk.jpg
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d57a29c035e1164e865f08b030edaa603ee2a60d806138df4c2975eac83cb08f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-119368537456,FD-69168798251,P-3375217,FLS-ALL
age
256
x-amz-request-id
J0XZ9TCJD3A45S0R
x-amz-server-side-encryption
AES256
edge-cache-tag
F-119368537456,FD-69168798251,P-3375217,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
content-disposition
inline; filename="ConversingLabs-S4E10-Creating-the-Standard-for-Supply-Chain-Risk.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
cf-bgj
imgq:85,h2pri
etag
"8edb1e262542561f086a7d70308044f2"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1686228293352
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 80566e72ab185c08a79ba1ca1348350a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
dPT6TZvb.kLAJ9gmDvqn5Ei_fgYVy3Sm
x-amz-cf-pop
CDG53-C1
x-hs-alternate-content-type
text/plain
cf-polished
qual=85, origFmt=jpeg, origSize=252204
x-cache
RefreshHit from cloudfront
cache-tag
F-119368537456,FD-69168798251,P-3375217,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
129440
x-amz-id-2
x0RKq7/c1kF9NmFMk6T9HMnccC3g8W7vGO3O1x1hcaKnQXNbSpMf+hJCHVTiQ7Sm+MlZhsp72wc=
last-modified
Thu, 08 Jun 2023 12:44:54 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bs2B0C2nsMz8aXc8bINgOHp9x7Dt8pt3NolpL2lT9CFD5a%2BC7M4Fn9cWcKO7EuxBwnZxmxSPR7TJEhaLW5kgvnWFEw1LtmOoMmADBt%2Fp%2F0Zwh77%2FzR8tU1uve5QvVzHQtvuPQkfc%2FAHKhhizU5%2FOhtrQ7w%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7f2f93e78c982c6a-FRA
x-amz-cf-id
P5Lv9JBx7td4GL13ayTUVSljMRkzyVjw7523OWTNEqLP0o_qQZDHPA==
SSCS%20Vulns%20vs%20Malware%20v2%20%281%29.png
www.reversinglabs.com/hubfs/
458 KB
459 KB
Image
General
Full URL
https://www.reversinglabs.com/hubfs/SSCS%20Vulns%20vs%20Malware%20v2%20%281%29.png
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec283af1b220ae388d616832c82a2612f2630ac572784dd39b6d2c5b8e81e7aa
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-128054183304,P-3375217,FLS-ALL
age
256
x-amz-request-id
CYC9KF0CVAQ1P9T5
x-amz-server-side-encryption
AES256
edge-cache-tag
F-128054183304,P-3375217,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
content-disposition
inline; filename="SSCS%20Vulns%20vs%20Malware%20v2%20%281%29.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
cf-bgj
imgq:85,h2pri
etag
"6fd3531028492e6451288b395ff0aba1"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1691007621369
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 837a869ba82f4a85a2e5810b11746698.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
1gITI7UH1lp9vpl7Goz4qSuO9Ek5JrFZ
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=531429
x-cache
RefreshHit from cloudfront
cache-tag
F-128054183304,P-3375217,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
468664
x-amz-id-2
TXhwwDBzjJP4JIJC7xkFR9K8rMrxYHa7prMpEWq+Q6V0+IL4d7zjD6uKmHzioiJWlqRtU3QwUWgT2Fy2N2r9rKOZYS4jpl7rZmcjbqqXH7Y=
last-modified
Wed, 02 Aug 2023 20:20:22 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2FB%2FVUd%2FZ5dNVV8LLqr16PM7OMSXnZY0eDm6yJ60HJHG%2BtzxXrpJSX%2FARzpQf1c53cvqc93ZkmzJhX%2FzcIgVktpHvluLVuUNj%2BCQw4JGkhXObVhXwdE2hLOs0zz2mzyCFpBA7FG9hPeZL5eLaf7Zdv73aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7f2f93e78c9a2c6a-FRA
x-amz-cf-id
S8P50aGiWMOKpsXvOXAEbf37DRWdVy74YKxRL9UDpQ8jOsGWoyfZ7w==
Webpage-Banner-Software-Package-Deconstruction-EP07-1400x732.jpg
www.reversinglabs.com/hubfs/
98 KB
99 KB
Image
General
Full URL
https://www.reversinglabs.com/hubfs/Webpage-Banner-Software-Package-Deconstruction-EP07-1400x732.jpg
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
199a07091795dc18d5f648c8ae6ea323b953a6232f814e35c0217925de105a94
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-127116244143,P-3375217,FLS-ALL
age
256
x-amz-request-id
DWBEMC3RPDQCKZRR
x-amz-server-side-encryption
AES256
edge-cache-tag
F-127116244143,P-3375217,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
content-disposition
inline; filename="Webpage-Banner-Software-Package-Deconstruction-EP07-1400x732.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
cf-bgj
imgq:85,h2pri
etag
"d863474a07d18297d34a6ab8da71a3c8"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1690395688500
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 837a869ba82f4a85a2e5810b11746698.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
p9dFM0KI5I.1lHtGTE3Sw.K9.1pZvEwT
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
cf-polished
qual=85, origFmt=jpeg, origSize=254194
x-cache
RefreshHit from cloudfront
cache-tag
F-127116244143,P-3375217,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
100108
x-amz-id-2
P5zw/fxtP8pRYoKAfmmT0n12Dob6PEB/oHRFCsIkeoDUFcZFB5ICQH/yZOeDlrdhzE1ayEOhbhw=
last-modified
Wed, 26 Jul 2023 18:21:29 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fqQPBshC1WvjML2T0ex2IYHq4bOzcq8sN2KTsjFGa4u8%2FMZx0IL7UOeh%2FYGrryEmEIKs4%2FxoA8ZShQMbioxS6YFeNQjPcI7m3texb1c4A4xdfU6m5MTWw76HNIcPKnBdLgt%2BZRn2KxwBcghkC9UpUhGeWA%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7f2f93e78c9b2c6a-FRA
x-amz-cf-id
j9MJqxusj4-FemnqMYyppKseF9SXzlETuWMHdh7PcTfote9MCCdCyw==
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.7.0/
85 KB
27 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.0/jquery.min.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://www.reversinglabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:37 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
330842
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27437
last-modified
Tue, 01 Aug 2023 17:19:52 GMT
server
cloudflare
cf-cdnjs-via
cfworker/r2
etag
"64c93eb8-6b2d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CLCg21Zlq3zXwosgI7708rtlvUkSRllsL55fynonrAi1KAasyo%2Br1wstzXvelDJ2T%2BuH3JcSQBFBw%2B2lyIdFDTCYicHdxnrupZGj7V8Xm5vgpTKcOyPCp9D95J1cuDie%2Fl18OZGf%2Fd3kGJYYEEqhvKHc"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7f2f93e759b29296-FRA
expires
Sat, 27 Jul 2024 12:38:37 GMT
embed.js
static.hsappstatic.net/content-cwv-embed/static-1.372/
12 KB
5 KB
Script
General
Full URL
https://static.hsappstatic.net/content-cwv-embed/static-1.372/embed.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:8f65 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48caefba7197eca695349c196a4fb51a5998c8f3bd365988462d71e3c65a4b1d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
x-amz-version-id
y7ND9ey1AdjRUW5XrlhHQ1urKE3DE81O
via
1.1 50c53efe331c3da25a4faf191817af8c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P2
age
429589
x-amz-server-side-encryption
AES256
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 01 Aug 2023 20:39:52 GMT
server
cloudflare
etag
W/"fa27a9379786a382617de08f3ae57836"
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hEfQi7PydnBSDDAnW4QHJ9DplERZ8GQ80n06nEpfilA22F1Fp3y%2FSiIhPHM4JQLWofHerkgWvxOyr2tCz5yC8ZJ0WPkRaL94Drbwm1pKsUhvsPu0WiGnELHP9V8T%2FWEUjxAiTRFVn9shcDa10uoquFBiVkw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7f2f93e7be0930db-FRA
x-amz-cf-id
ZejM7o2IGdqbpx3kpYe0vgkIk1BYOQ1Z2uEMcCLzMK_i0fnF7zQJ0Q==
expires
Tue, 06 Aug 2024 12:38:38 GMT
simple-lightbox-min.js
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6021916068/1569840500063/Reversinglabs_July2018_Theme/Coded_Files/
7 KB
4 KB
Script
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6021916068/1569840500063/Reversinglabs_July2018_Theme/Coded_Files/simple-lightbox-min.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6dc97993d7e4803aeb35d0e9a24f0393eceb43de5f7ff0f0e437f1b05aea4e2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
1449
x-amz-request-id
H42K3MH7TZVXFF5H
x-evy-trace-route-service-name
envoyset-translator
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"d02c339064b8d2b370bc4e18fa6ae421"
vary
origin, Accept-Encoding
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 07 Aug 2023 12:38:37 GMT
strict-transport-security
max-age=31536000
via
1.1 c3d335addde48969fafe25d4064cee80.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
FsEJuIr7CYCWLWb_isdf3JLdbLwDP7p.
x-amz-cf-pop
IAD12-P3
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
253
alt-svc
h3=":443"; ma=86400
x-amz-id-2
h84pfZiqlEUqzWk3B4QyWId8zMJDoF3j4jPsPmK2zkGBSl3nw0TayFcgwDhKxeVxxVo5TJCE+4E=
x-request-id
13bed4ec-9bf0-4b6e-bca4-8a5fd2a4a053
x-evy-trace-route-configuration
listener_https/all
last-modified
Mon, 30 Sep 2019 10:48:21 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WBz%2BgI6nfMQ3fMJI4f%2F%2BBiRnPuzZZlvsOq%2FsWwL2MsY0YZZ2aeAqFjDUB4ABY9uBamGf6%2F9GJsWOpFE%2BA7jUOyH08ijd6YSK9XpU13h4MrGF2%2F4Uromr4mmMA1upvD3HTP%2FJ7PO6h40O%2BLz3Fyu6pgVwzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-fwhk5
access-control-allow-credentials
false
cf-ray
7f2f93e73bee2c6a-FRA
x-amz-cf-id
HVhQ5PMUnqs7Zcwj-8vhwczl-jEJI2QPAl3Zy9hfDABHiQte0CrN_Q==
rd-2019-main.min.js
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11190015046/1639664698263/Redesign_june_2019/Coded_Files/JS/
2 KB
2 KB
Script
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11190015046/1639664698263/Redesign_june_2019/Coded_Files/JS/rd-2019-main.min.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
589ec6096d83ed322d2e1cf7b85f978ecfe80dc19aab6ac106ef5e2352e32269
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 76cd2de9f0213e8c76093c6b346e8118.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
1451
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-amz-request-id
QXAKKV605TCW3TKQ
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-version-id
I5.cidQ.vGRls6iGZkmuPTBztEr2IVdj
content-encoding
br
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
alt-svc
h3=":443"; ma=86400
x-amz-id-2
al8Wc69xjlzHvs4gpMe9/Iso02SO9EE+ukpUNT1yBBJdow4f6zL1BZXBPa47b5hrkevkVOcefSzi7bSS5EcWSA==
last-modified
Thu, 16 Dec 2021 14:24:59 GMT
server
cloudflare
etag
W/"b2a254916a67659b4df42aa3c333359a"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1639664698586
content-type
application/javascript; charset=utf-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PBhJKVRS0THBBxBa9gDqCbEpSljlj6MxJ0cbdIAVKRRg8J2FDDkvnDfzaShQltSEZtlFcUekd3LRrtev4bpWXAMUveMGHUgsH3lCTEJToBfUiOGJutXYzXh3baA6DF0GX68ePTHlRIWG3iiK0JAGrS6aVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
7f2f93e75c2d2c6a-FRA
x-amz-cf-id
cogTIp21qXCH2v81KP_O5BvJx_XlrCjAhSvf5i3ZgO7WAPFNxYekuQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
jscookie.min.js
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/28203361861/1586494134457/Redesign_june_2019/Coded_Files/JS/
1 KB
2 KB
Script
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/28203361861/1586494134457/Redesign_june_2019/Coded_Files/JS/jscookie.min.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc595999f7c46e3f7a293c86fcc256c35467e9947bf0051464628416f1db14f0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 7afe17509cf46af31fd4ba3c3d932fa6.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
1451
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
x-amz-request-id
K28V1B3MJR1BZSRS
content-encoding
br
x-cache
RefreshHit from cloudfront
x-amz-version-id
_PdfjdMgm8.M2DiCSVpcYFrpWe519SIO
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
alt-svc
h3=":443"; ma=86400
x-amz-id-2
8WJ6zAWv8exRqfwhvUkw2eGkB9eDLymzsBbtL7C9fbcoMpAtwiW5HpOUYqhSfDOqlHoNPHRTlCf8zgiFYujpIw==
last-modified
Fri, 10 Apr 2020 04:48:55 GMT
server
cloudflare
etag
W/"93c12b195cd05418a85b4eafc15c92fb"
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pD6Uk1zkMZD74OziIvkSBgFlBU%2BwM2e6C5Twf6zNLN9og1GEr0WxxfBKwkpi7%2Byu4CrEV31gpE38jhONIEjUpSBO8P%2Fwf3qSPs6eqAVmFvkHT%2BiIwNioglNWulQP%2FXWKlbDqeWferiASiC7SJalzKLugAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
7f2f93e78c5c2c6a-FRA
x-amz-cf-id
j1fzQ3lcm-cEghPkReQtyxiDSywU6k6vIE-Zse7dff0xWWj7am3xhg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
tiny-slider.min.js
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/21052151416/1577281626952/Redesign_june_2019/Custom_Modules/Sliders/JS/
31 KB
14 KB
Script
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/21052151416/1577281626952/Redesign_june_2019/Custom_Modules/Sliders/JS/tiny-slider.min.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
37eae8190baecf55f16575bf754238976116ad37b55f81e27db05743461cd507
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
1450
x-amz-request-id
2JVMWBXVTKZK3WGV
x-evy-trace-route-service-name
envoyset-translator
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"6603e5d1b1eded8b550dc3ef7fbe687d"
vary
origin, Accept-Encoding
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 5e5b56398a1fcf5517d27e383d71ef9a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
a_gzCem69enGGi103.H.X02BRl8OY0mV
x-amz-cf-pop
IAD12-P2
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
129
alt-svc
h3=":443"; ma=86400
x-amz-id-2
y1266HGii0quwd7y77CLcjvqDAm2ES7vUOIq2Q6bi8H/3oI8OJ/Pan8WJ4IxOyHLbBGj2007Zu0=
x-request-id
b602f0e8-c731-4b1d-a194-9cc2cb18dbc9
x-evy-trace-route-configuration
listener_https/all
last-modified
Wed, 25 Dec 2019 13:47:07 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7wgZY%2Fbd0ALChJwH43dBemjyPZTqAKn9hMRbA%2F%2BS9jZHPxPX%2F3bcthk7jPa7gznzFpMV8QXtGrWHW7cEg4ICNL9FOHmXuWjC9X2q%2FJafaId68mSpTPKWGaXY%2BvQI0Yx1GPzzT7HZ5RUTIxGOcq4qFParxg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-7hqzq
access-control-allow-credentials
false
cf-ray
7f2f93e78c5f2c6a-FRA
x-amz-cf-id
wTwsjwehv8LXH_FdyOsMaatUq6wQbtVggc7V7K8Sf5_ibLAUz6Rfww==
module_28186900061_StickyBar.min.js
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/28186900061/1683494323317/
1 KB
2 KB
Script
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/28186900061/1683494323317/module_28186900061_StickyBar.min.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f35c317df74c5ceaca83bc620ab17f68e882a21e5378933002f20aae3af0517f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
1451
x-amz-request-id
80GNJQM6FRHN4BA8
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"05f529f2d7b3ca476f37bdcf0b96ef7e"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1683494323317
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 7a99ed3f39c18af8fe138a695e5f657c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
Dj1AN92dBhP0GYrdJYdEZgTGEMSZDLdS
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
98
alt-svc
h3=":443"; ma=86400
x-amz-id-2
1hy2ztk0sACwGhSaHXYGJTePyK2ElHBN6n6KqLJWX/hSVZLtLds/IPQ+WQYqlA9cxxggdjz4BtA=
x-evy-trace-route-configuration
listener_https/all
x-request-id
f572166f-83a7-408e-93ef-ff2c31e30e6d
last-modified
Sun, 07 May 2023 21:18:44 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lqenF5tV7aYhpVj8U3i8pkXbwXRMXOTkM2Gyu558KUuDJGhI%2FZfzhDZGa8bQUm4MUSAjdDdj9xwyj1BZ1Q3xXQx8rL48pPOj%2BxjcnaG2dxEoVzr0OnlMWvNsq76XZmDAx%2FXoyjRlCPCP%2F61R5BOe7x8NNw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-rwfnd
access-control-allow-credentials
false
cf-ray
7f2f93e78c612c6a-FRA
x-amz-cf-id
nXR_gmwXMnT_HcUaEkIukORt9QClCbVkQ6HKo-u93_Kum0m6YhmVKQ==
micromodal.js
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11395370929/1569840498778/Redesign_june_2019/Coded_Files/JS/
5 KB
3 KB
Script
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/11395370929/1569840498778/Redesign_june_2019/Coded_Files/JS/micromodal.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9b277f813652ab4fc3476fe4b9771d2d29e10204caef39416ad8d30e45fc5a2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 349b149961d8d2361c29d4be4b5847f2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
1450
x-amz-cf-pop
IAD89-P1
x-amz-request-id
DH3YHWCBPAWYR0GG
content-encoding
br
x-cache
RefreshHit from cloudfront
x-amz-version-id
3FilIB6THj7cvPLh93UnKYXf5w_lQZsq
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
alt-svc
h3=":443"; ma=86400
x-amz-id-2
H4yVQ47lxBKOsu4E4DcRU082QJyRgJ9mxvqZPQLU3lb2Xg2K5AsKMwMAGWdknf43qY5fAMTvbQSMZzEDLIEAbQ==
last-modified
Mon, 30 Sep 2019 10:48:19 GMT
server
cloudflare
etag
W/"84194eded494d011e2828f00329b15c6"
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UPPXBdbmFstW4%2F5bB4hVZTQJV12I0ZlzM406K49%2BZ%2FRgJg645Q76u6MaoP7vpxsRcEgTKIv7UDVLYeoZMNYjRgm90vxA9Wu%2BjLiivTBvAhXq5nE3AdpAzcCTz6QeTh7jFNl%2FiGQAK48Vmq7rKszsuIu4bA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
7f2f93e78c662c6a-FRA
x-amz-cf-id
jNPL0FyAW44KLax8rCzueuIH4UlA-KciXH4L5rWT3KkEO0Oke9KHZw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
module_11395370497_Redesign_june_2019_Custom_Modules_Site_Search_Input_-_Header_Modal.min.js
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/1563505647431/
3 KB
2 KB
Script
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/1563505647431/module_11395370497_Redesign_june_2019_Custom_Modules_Site_Search_Input_-_Header_Modal.min.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
130eb7bbe1dca232b6636767637e6bdc2a35fc2d412db3a601593d79c1d743a5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 9557da2570df16242f84a67f254d7f30.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
1450
x-amz-cf-pop
IAD89-P1
x-amz-request-id
YENQGM0DXA4PD3QK
content-encoding
br
x-cache
RefreshHit from cloudfront
x-amz-version-id
uYaggxrRRLpm1_Oqgp40jmGQ7KENtM4f
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
alt-svc
h3=":443"; ma=86400
x-amz-id-2
ah4mHnpwgLDHPcpgQ6FYzMqRc4NNAEoyiFSzxGtO6/6ninErR9aUF3LkpqjUaZ7YNg1/rOyMtWo=
last-modified
Fri, 19 Jul 2019 03:07:28 GMT
server
cloudflare
etag
W/"c27b7b6ea1f66fa47d64742279aee97a"
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GiY0765CzhzceSC566qqgzA40hGH0Lvgy2JEAIsaRdoezZeO6E4qIW5todjAlf65MxHye4E9g6kRiip7aL59jJglASvE%2BQ13r5tPzAVLCa93geVvR1KJbJYCryOMblMjNwWm9Qjh9i2cK2Wkk4NWoOJSZg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
cf-ray
7f2f93e78c682c6a-FRA
x-amz-cf-id
ydoYCgCX4bUclP34ECKNjfcO9sL0WLU2AriowzZqQoK6fgFQZ0tZ-w==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
module_36845096476_Blog_listing_card_grid.min.js
www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/36845096476/1683635694467/
723 B
2 KB
Script
General
Full URL
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/module_assets/36845096476/1683635694467/module_36845096476_Blog_listing_card_grid.min.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
96012ea1e665f4555d84592c02ed5ee2ae06ae12e7869c7878a9fb15cf2bd729
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
1450
x-amz-request-id
49376P20C5N2Z5NJ
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"a26b824a33500d5b24e748588dd1c35a"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1683635694467
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 624a1750702d82319b25f17c35c73d04.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
vX4VGHX7oLkggy1lxnxWYDLA5rVHVqKM
x-amz-cf-pop
IAD89-P2
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
114
alt-svc
h3=":443"; ma=86400
x-amz-id-2
lIjufGA3ZDty/JYLu572sxuNz17BFUtLeN1DL+Fk3VccVQXeBz49aN972HyHJBYd+XhB3bkzLZg=
x-evy-trace-route-configuration
listener_https/all
x-request-id
988abf89-8a76-45b9-b1b2-c1393cc5ac83
last-modified
Tue, 09 May 2023 12:34:55 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yiDyL%2BPC8OCdm%2B9ykQKRFIsiuFRz%2F5OhfGnVxD1uD36JREIkqsdyhXFAM79VxmookNmvicd7RAFQaTsy3FJXuz%2FyicEXnFrk0mledFhFn3dfKGesQJZrnOFBMdX0hYLd6eWC7ceNqg9XvXcdzkCd%2BgosFg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-fwhk5
access-control-allow-credentials
false
cf-ray
7f2f93e78c702c6a-FRA
x-amz-cf-id
p-enmljeQRSm9qto_xg_OQ_4375sVjbuPKBVHvIjeyUn05v21cU0pg==
3375217.js
www.reversinglabs.com/hs/scriptloader/
3 KB
1 KB
Script
General
Full URL
https://www.reversinglabs.com/hs/scriptloader/3375217.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
05e4c18474627c67ace9a50f24f38cb57a9a69b05c85fec997f6eae42425b0d0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
16
x-evy-trace-route-service-name
envoyset-translator
x-hs-https-only
worker
x-evy-trace-listener
listener_https
cf-bgj
minify
vary
origin, Accept-Encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://www.reversinglabs.com
x-evy-trace-virtual-host
all
cache-control
public, max-age=60
expires
Mon, 07 Aug 2023 12:39:38 GMT
date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
be1d9c74-9982-4df3-870c-f80564636806
cf-polished
origSize=2975
x-envoy-upstream-service-time
7
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
be1d9c74-9982-4df3-870c-f80564636806
last-modified
Mon, 07 Aug 2023 12:38:22 GMT
server
cloudflare
x-trace
2B9368B8845AC6D9763DF1EF3B9116F7DBAEF70AED000000000000000000
access-control-max-age
3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wQGW0xVKh10Prh6jnH279ERy29uuM8QM2PdIoHlDoggzcuQrtYp8AkNx5u4I7HlohG0GAk0Ceb%2B9mvgHrK3SaYlT7OQVBrU7Myt%2F0v4r27zQIQYExVF%2FPes1JkBaM2PE5XNNCSWzB%2FFN1vPFpBx5PFEcxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-598c95b5b7-ds89m
access-control-allow-credentials
true
cf-ray
7f2f93e78c9c2c6a-FRA
cookieinfo.min.js
cookieinfoscript.com/js/
7 KB
4 KB
Script
General
Full URL
https://cookieinfoscript.com/js/cookieinfo.min.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ab31a97c236988bb6e415187b2197cdbf689664173015dffd6da8eb96b1626f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
V93SY3VBGRB0WMB1
age
3884
x-amz-meta-cb-modifiedtime
Mon, 03 Jul 2023 14:52:01 GMT
alt-svc
h3=":443"; ma=86400
x-amz-id-2
daJpPtetTlqFPeODXsBZTk82IA+ZbPndfm7CDM1imBbTNYG5B5nth8mlRBq2zWBOk4qc+LCMARo=
last-modified
Wed, 05 Jul 2023 10:39:27 GMT
server
cloudflare
etag
W/"d15d93068c1121f63008407d339bd819"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1RTqRuP%2F9FFITzXnYZsJlj4gXdZYYqmOSvvz6aJv18iMUzO0EaDN%2Flx5cexv0OWb0hupYOwvfW5DrDAuuZb3LAn8ccDDeLulhbJhym9ywAnJFQGekAVwA75jxtUWIX8LwrzIptAlckZSX5LsjFqsY7Mx2g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
cache-control
max-age=2678400
cf-ray
7f2f93e7d9cf35fc-FRA
up_loader.1.1.0.js
js.adsrvr.org/
5 KB
3 KB
Script
General
Full URL
https://js.adsrvr.org/up_loader.1.1.0.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.138.15.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-15-119.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Sun, 06 Aug 2023 20:10:51 GMT
Content-Encoding
gzip
Via
1.1 9672a97668a5842cedcfaee3e743019e.cloudfront.net (CloudFront)
Last-Modified
Tue, 01 Aug 2023 20:10:44 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA56-P7
Age
59268
x-amz-server-side-encryption
AES256
ETag
W/"b7474eac210849250426a8f6a39d00f3"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/x-javascript
X-Cache
Hit from cloudfront
Connection
keep-alive
X-Amz-Cf-Id
xiq7PtA68wm-txuN32qegMpKzfSJnTgag_LvoxO-kOZdCht9HPb_Jw==
hotjar-3176008.js
static.hotjar.com/c/
10 KB
4 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-3176008.js?sv=6
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.139.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-139-53.ams50.r.cloudfront.net
Software
/
Resource Hash
2e5436b217fb1a7d9d2365cccfcc95e7483fcba03205c3a216d512302e982d4d
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Mon, 07 Aug 2023 12:38:21 GMT
via
1.1 ff991951152c9edc076607bc5a471612.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS50-C1
age
18
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
etag
W/ea37d1e0bcd47d6c2f7b79a987e66f2b
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
x-amz-cf-id
23wxaejm74RQPxs_KyXdr_Bi3i0zuLs5BXaRqpG5PkwaWCzBD6ZCMg==
gtm.js
www.googletagmanager.com/
269 KB
92 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0913c513fbd0a298da9a66a21d71eadfa4b6b3f3c65cdeecccedaad495d3d785
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
93762
x-xss-protection
0
last-modified
Mon, 07 Aug 2023 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 07 Aug 2023 12:38:38 GMT
fbevents.js
connect.facebook.net/en_US/
172 KB
47 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9b78354357bc04de9fa52562968bad64ef1311b665cc6ea927d2ec08bcc82cd8
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 07 Aug 2023 12:38:38 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
47151
x-xss-protection
0
pragma
public
x-fb-debug
DN/yoleGLfmjbRkMXzLdvs+7Uz5dio47GfDUAhx0IudEG9X0w1Rjt8GMvFLszAxus3UZwH5hxg1YrrNfJdJo1Q==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
css
fonts.googleapis.com/
16 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e40c8f9d7a3c7c71ee109b2ae4df7dd9b6e3b0cd287d77f9a98312c53392ae25
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 07 Aug 2023 12:38:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 07 Aug 2023 12:34:27 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 07 Aug 2023 12:38:38 GMT
hero_bg_small_2019.jpg
www.reversinglabs.com/hubfs/images_redesign_2019/
21 KB
22 KB
Image
General
Full URL
https://www.reversinglabs.com/hubfs/images_redesign_2019/hero_bg_small_2019.jpg
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
716dcc9643502eb35aa1f08b4805ec1f377daad3e67c11f9d00d65c6fc6336cf
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-11448703956,FD-11023975807,P-3375217,FLS-ALL
age
192792
x-amz-request-id
QA8X8QDKH7P9XNQQ
edge-cache-tag
F-11448703956,FD-11023975807,P-3375217,FLS-ALL
x-hs-https-only
worker
content-disposition
inline; filename="hero_bg_small_2019.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
cf-bgj
imgq:85,h2pri
etag
"1f3df8332048ad0295bff3a1c64cc9a4"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 9672a97668a5842cedcfaee3e743019e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
a5PUnngJgc3ZEsbtfbAJjo5eXZD8MNrM
x-amz-cf-pop
FRA56-P7
cf-polished
qual=85, origFmt=jpeg, origSize=95096
x-cache
RefreshHit from cloudfront
cache-tag
F-11448703956,FD-11023975807,P-3375217,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
21652
x-amz-id-2
bR90yqiBJ7Dh9dAqPm1PCyYRStpPFpC6pAebiUQJjEUv7DMavDut9DMDqJdX/XoowM/Spr2H4uY=
last-modified
Sat, 20 Jul 2019 18:01:05 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IZmFanRmZgq8DB7w%2BcU10WUzdQrTejEeDIgPd1JN5SwfKEwVDVCIKejQl%2BRPueCN3LfaA%2BL%2BmesbSxbffd6Yy5dPD0Tig5mmMMN8CE%2FQqXsiz7jukOlyrUszBs1sGVcJM2CTY4wEYySYURbOavKVIQI1Tg%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7f2f93e7ccf32c6a-FRA
x-amz-cf-id
9QahqkLMvEtd_FkZ8LYa1FR_USyTXZvlXY5WNql-D1665D9EsLPY4w==
Tungsten-Semibold.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/
20 KB
21 KB
Font
General
Full URL
https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/Tungsten-Semibold.woff
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ae4a0865523070959595a6df44d592fd924f6a8503d913a2cbfb81b5df45e62

Request headers

Referer
https://www.reversinglabs.com/
Origin
https://www.reversinglabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
via
1.1 9672a97668a5842cedcfaee3e743019e.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
HIT
x-amz-meta-cache-tag
F-28202642064,FD-5926386258,P-3375217,FLS-ALL
x-amz-version-id
zHy7ciep2n8U9dRoPSeIZ0ms5UoFs.HW
age
992130
x-amz-cf-pop
FRA56-P7
x-amz-server-side-encryption
AES256
x-amz-request-id
9HES1HN2AB3CW3X4
edge-cache-tag
F-28202642064,FD-5926386258,P-3375217,FLS-ALL
cache-tag
F-28202642064,FD-5926386258,P-3375217,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
x-amz-id-2
G0rx5jzH1sa0akP/ogiaVC008jTdSMUKBtd+TQzYvdE3eUMlL+H/mOs45mBeWu7B7M/+aTkDvDc=
last-modified
Fri, 10 Apr 2020 04:06:19 GMT
server
cloudflare
etag
W/"c4cba999623da66f241554c075076b87"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/font-woff
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray
7f2f93e7ff0c2c32-FRA
x-amz-cf-id
kai8iPgsCStSXfyujR7d1hI1ngOMEm_jOq-IYaatJWW67MyuMHJxIA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
Tungsten-Book.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/
21 KB
22 KB
Font
General
Full URL
https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/Tungsten-Book.woff
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a5131ba88c40e02e211f48163838569b854a383f19817b94db2f4e83f5d044d

Request headers

Referer
https://www.reversinglabs.com/
Origin
https://www.reversinglabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
via
1.1 36d9e1bd4f00d39c57a56679dc44e264.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
HIT
x-amz-meta-cache-tag
F-11651164052,FD-5926386258,P-3375217,FLS-ALL
x-amz-version-id
DhZpSF_okm4kqA3d5rsX6px.W1gW4AHr
age
870037
x-amz-cf-pop
FRA56-C1
x-amz-request-id
3QDQJSSJ8MMGZZKA
edge-cache-tag
F-11651164052,FD-5926386258,P-3375217,FLS-ALL
cache-tag
F-11651164052,FD-5926386258,P-3375217,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
x-amz-id-2
ray8vnyquALJVx+kHorNbSvZm5IWo+dO3mHfbHxSDe1WaV/OJJCMqzRPcnosgtNHm+/dRrRo6zk=
last-modified
Sun, 28 Jul 2019 19:57:28 GMT
server
cloudflare
etag
W/"ab8a234e214dd3506e9fada6b6eafdca"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/font-woff
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray
7f2f93e80f142c32-FRA
x-amz-cf-id
8tynB1KacC6D_r4ABRLXXyI6MIrIEEZm6XDzSK4BbyRqQD3IEv88Yw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
rl-icons.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversing_Labs_November%202018/Font/
4 KB
5 KB
Font
General
Full URL
https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversing_Labs_November%202018/Font/rl-icons.woff
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9103cd19fa0db417520474c8682d15529708804e7d5dcee981c8a19a7c083875

Request headers

Referer
https://www.reversinglabs.com/
Origin
https://www.reversinglabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
via
1.1 9987fa8ab620895e83d1d8f10c40f6d2.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
HIT
x-amz-meta-cache-tag
F-6528836102,FD-6528836052,P-3375217,FLS-ALL
x-amz-version-id
7Fg3.Df2IKZXcjymNQNOrpeZRI7DlXZ.
age
870037
x-amz-cf-pop
FRA56-P4
x-amz-server-side-encryption
AES256
x-amz-request-id
QY3YDVS7EE4JNT5W
edge-cache-tag
F-6528836102,FD-6528836052,P-3375217,FLS-ALL
cache-tag
F-6528836102,FD-6528836052,P-3375217,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-amz-id-2
aQvVcV/XN0Elsnwa2qlYLNKxw2auzld/2F3RJ4EeGvuW1lFPCdjVBKOuW5omhyCCnnSejpnGxQJDc0wrBsWhzbQd7Hf30OIQzWDVU/OZokA=
last-modified
Fri, 24 Apr 2020 14:40:36 GMT
server
cloudflare
etag
W/"97ca286c0b94878b6b2adf44559b6265"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/font-woff
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray
7f2f93e80f112c32-FRA
x-amz-cf-id
-6on92kr7vCMb6MqqALUFxDYAaOgqTGrA6XxpE6Qxjgev3zOu1lmkQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/
16 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.reversinglabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Tue, 01 Aug 2023 17:26:14 GMT
x-content-type-options
nosniff
age
501144
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 31 Jul 2024 17:26:14 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.reversinglabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Fri, 04 Aug 2023 17:49:54 GMT
x-content-type-options
nosniff
age
240524
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 03 Aug 2024 17:49:54 GMT
TungstenNarrow-Medium.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/
21 KB
21 KB
Font
General
Full URL
https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/TungstenNarrow-Medium.woff
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70d1119d232eb54079a766d9e1564320f2c20e6e71683e31edf766c26e9c678e

Request headers

Referer
https://www.reversinglabs.com/
Origin
https://www.reversinglabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
via
1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
HIT
x-amz-meta-cache-tag
F-10570558853,FD-5926386258,P-3375217,FLS-ALL
x-amz-version-id
HmXdIK8Bc_0fkfivtLAcWmXE077h5rsG
age
870037
x-amz-cf-pop
FRA56-P7
x-amz-request-id
DV8B5T4WJ4DACZ5A
edge-cache-tag
F-10570558853,FD-5926386258,P-3375217,FLS-ALL
cache-tag
F-10570558853,FD-5926386258,P-3375217,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
x-amz-id-2
AM80tg4xEENofUxyamgPmkbUrCLc6Rzznr8erp5Ed13rqcZbaIWWDB5ZeoVhRSsGfHayQesAXC0=
last-modified
Tue, 18 Jun 2019 15:58:22 GMT
server
cloudflare
etag
W/"650100235aa1598769f1744ec1674c39"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/font-woff
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray
7f2f93e80f0f2c32-FRA
x-amz-cf-id
EtjULFwChECI0hZJhYnHiZt5mzojpWn-Wqz3XJpTrzeDLt8EXjH47A==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.reversinglabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sat, 05 Aug 2023 10:18:14 GMT
x-content-type-options
nosniff
age
181224
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15740
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 04 Aug 2024 10:18:14 GMT
Tungsten-Medium.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/
19 KB
19 KB
Font
General
Full URL
https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/Tungsten-Medium.woff
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84240275eed2746f9d66bb0a5f46915d74ba6a7c6e210ba4634a16e03ca54270

Request headers

Referer
https://www.reversinglabs.com/
Origin
https://www.reversinglabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
via
1.1 64f5a3ab7bfb476c633b87746aced0ee.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
HIT
x-amz-meta-cache-tag
F-10570055973,FD-5926386258,P-3375217,FLS-ALL
x-amz-version-id
8RS6BKpEUu5kELkbXI3oOka23XcEIvrY
age
992130
x-amz-cf-pop
FRA56-P4
x-amz-request-id
ECRHAA8KBPGPF31E
edge-cache-tag
F-10570055973,FD-5926386258,P-3375217,FLS-ALL
cache-tag
F-10570055973,FD-5926386258,P-3375217,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
x-amz-id-2
o9T2/mI1OHh12f3WfGPui3zISn5+wl7JP7gG5OXcBxr+kMEF40USv+u6+UnpXb+u62nHglDWBvk=
last-modified
Tue, 18 Jun 2019 15:58:23 GMT
server
cloudflare
etag
W/"e62b1278f1fdeb9765b266aa18905620"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/font-woff
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray
7f2f93e80f122c32-FRA
x-amz-cf-id
jh5Dv-FD1oBgSClsYcWm0HHvs3f6YyvUoqiEz3Fb0mrrsY0NxgYNNg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2
fonts.gstatic.com/s/roboto/v30/
17 KB
17 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb8007225d94a099cddbade7ea904667c0dd0b68d5e30778e5c6257589ab94d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.reversinglabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sat, 05 Aug 2023 06:05:35 GMT
x-content-type-options
nosniff
age
196383
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17508
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 04 Aug 2024 06:05:35 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,300i,400,500,700,900&display=swap&subset=latin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.reversinglabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sat, 05 Aug 2023 11:08:17 GMT
x-content-type-options
nosniff
age
178221
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 04 Aug 2024 11:08:17 GMT
Tungsten-Light.woff
3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/
21 KB
22 KB
Font
General
Full URL
https://3375217.fs1.hubspotusercontent-na1.net/hubfs/3375217/Reversinglabs_July2018/Fonts/Tungsten-Light.woff
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs-fs/hub/3375217/hub_generated/template_assets/6519964395/1685359416657/Reversing_Labs_November2018_Theme/Coded_Files/Reversing_Labs_November2018-style.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ac9f879f23b53c0856f5a719a5d2913f2890b5e06b60a8879945c245080fc52

Request headers

Referer
https://www.reversinglabs.com/
Origin
https://www.reversinglabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
via
1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
HIT
x-amz-meta-cache-tag
F-11651159874,FD-5926386258,P-3375217,FLS-ALL
x-amz-version-id
oZWO71JPrAMaAkHUdMvYTNjF0GR2Ck4O
age
1088319
x-amz-cf-pop
FRA56-P7
x-amz-request-id
T16E8HBE2P178JDP
edge-cache-tag
F-11651159874,FD-5926386258,P-3375217,FLS-ALL
cache-tag
F-11651159874,FD-5926386258,P-3375217,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-amz-id-2
bd7LG2RDPGIfJ35J+iVCGVKgChqn5bZysDCnFBYDFFP+/XvuvGQROhVfWhOrakVlOd+JjGzZYoEFwxDSlKYqpwl2yhTyuPXx1k7tsv4CBzs=
last-modified
Sun, 28 Jul 2019 19:57:28 GMT
server
cloudflare
etag
W/"100aa5d32672286f544f73831e764ee1"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/font-woff
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray
7f2f93e84f802c32-FRA
x-amz-cf-id
g76tsnC5ZzLBE2RSU2eBo3kv7UGg7MyaRhPZnsOvkdg5r6WtuT2fzw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
VMConnect-Blog.jpg
www.reversinglabs.com/hs-fs/hubfs/Blog/
152 KB
152 KB
Image
General
Full URL
https://www.reversinglabs.com/hs-fs/hubfs/Blog/VMConnect-Blog.jpg?width=1400&height=732&name=VMConnect-Blog.jpg
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b99e57a180459ef9973b9bb3f41ce4a28c015ac31ec686c087bf21f42d366608
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 4066580ab3ec717b57597f204d9bb30e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-127998140035,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
155290
cf-resized
internal=ok/m q=0 n=902+0 c=21+117 v=2023.7.3 l=155290
last-modified
Wed, 02 Aug 2023 12:32:32 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cfNOMcKaoDQTmxnUSgND4a2FbXsvDsvdffkG1yWKzcDQ:7a382c8e2e8d51d238303bd14e4a96b4"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zAJCck9UkAWU5Dd2Hs8zd0JZD8%2BdT5deIRsdYrMyVe0mi96nnsxXaFM%2FmdcbSCeGFFzeWNwAnd2kZWkeFjkczrLJgya94OTXPhldlOBlJuvujPj2sXHTICBpFvVCv%2Bj9OwCXC1Q1eLQKXfGfsdt6TK5LHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e88df92c6a-FRA
vmconnect-blog-figure3-config.png
www.reversinglabs.com/hs-fs/hubfs/Blog/
39 KB
40 KB
Image
General
Full URL
https://www.reversinglabs.com/hs-fs/hubfs/Blog/vmconnect-blog-figure3-config.png?width=570&height=226&name=vmconnect-blog-figure3-config.png
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e4d408ece6803ecb0c2356f7c16a9e1acdbf01228830ac38274ec1ada687e36
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
via
1.1 01e7df96c01c9ecdb1cce1b6595ae260.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-128372297775,FD-11822274822,P-3375217,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
40172
cf-resized
internal=ok/m q=0 n=712+0 c=0+21 v=2023.7.3 l=40172
last-modified
Fri, 04 Aug 2023 12:08:01 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cfKEFYek-osWhpe5X8gXArZyh18sSmAPwuejBK1TPFDQ:a4db244b42098e0fbad80bc9b9c81d06"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jOwQxu1SFUppuf4y4Ey2gGg2Jww3tslAUwxoInMDZcYMm4vijp0erU5J9pEn%2FeldP5H4X6s3KGEOpZHH3jgVv94pgZGU0%2BAfUaKkIpQ9MGAstpWr0sejKqS2IAREMRmG%2FoTuTjgjzQHvwv5O%2BEWdsRm8Ig%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
7f2f93e88dfb2c6a-FRA
modules.92ff9978854791af68a7.js
script.hotjar.com/
223 KB
55 KB
Script
General
Full URL
https://script.hotjar.com/modules.92ff9978854791af68a7.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3176008.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.95.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-95-21.prg50.r.cloudfront.net
Software
/
Resource Hash
f827ec383239317deb9387ea204a9a0089594aaa0a763922e3d85222010531e2
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 03 Aug 2023 15:14:07 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
age
336271
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
55640
last-modified
Thu, 03 Aug 2023 15:13:59 GMT
etag
"9e14d47807cbae60a1fa1410419e20a1"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
GBdrF8CvSgBrQVfPGxYRLNpyvDVF4YnCyia8ArL8NnzfrJpHcNr-aQ==
1076912843267184
connect.facebook.net/signals/config/
306 KB
87 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1076912843267184?v=2.9.121&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
77b1e37a44606f04534b026795250cfb8f06416adbe129533a6d855e9b573f67
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 07 Aug 2023 12:38:38 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
89044
x-xss-protection
0
pragma
public
x-fb-debug
7NY/uCoCccrXdMiXo52etnGHs5ZYcNoqeQzrtOxSc3obnotvWhzH2vEUyY/olO9yXGKujVKEwmkv7D0v7kCJ3Q==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 07 Aug 2023 11:44:24 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
3254
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Mon, 07 Aug 2023 13:44:24 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
13 KB
5 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:f::213:7ecb Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 24 Jul 2023 09:07:54 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=64492
accept-ranges
bytes
content-length
4862
pixel.js
www.redditstatic.com/ads/
23 KB
8 KB
Script
General
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Thu, 15 Jun 2023 20:49:59 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"4a205643a240cb95fa82289d62b5af7e"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
7409
site-script.js
cdn.metadata.io/
6 KB
2 KB
Script
General
Full URL
https://cdn.metadata.io/site-script.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2104:c000:9:d7d4:1380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1d4548c03b28521204ab490e46b39179b8fa196998d45215a24602306b662ab5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-amz-version-id
FA0kpUmjH6379n6SM2OzYViu4FNXSGFq
content-encoding
gzip
via
1.1 bf5caee39117de5337c47c748b716e80.cloudfront.net (CloudFront)
date
Mon, 07 Aug 2023 00:08:40 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
AMS1-C1
age
44999
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 04 Aug 2023 00:07:57 GMT
server
AmazonS3
etag
W/"2963b0a1258588f130235cbdfe809b88"
vary
Accept-Encoding, Origin
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-amz-cf-id
VKZiqsT6sHYvrQl9sTibLzfxV2jr8e_3JlLdxi_EK9B2MWOkEGuf6Q==
js
www.googletagmanager.com/gtag/
279 KB
94 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKL9P8B
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b283ab5b448ca7d12311b16a7b92f4dc4f8dcac83842ff8b0e5f61c2dfa5d259
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
95844
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 07 Aug 2023 12:38:38 GMT
pixel
q.quora.com/_/ad/91aab57be1f94ec2a2ef647592767813/
43 B
417 B
Image
General
Full URL
https://q.quora.com/_/ad/91aab57be1f94ec2a2ef647592767813/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.207.107.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-207-107-232.compute-1.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Mon, 07 Aug 2023 12:38:38 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Server
nginx
Connection
keep-alive
Content-Length
43
X-Q-Stat
,c2f56b56b5391fc042a0870c161c4579,10.0.0.106,11792,81.95.5.43,,7400790064,1,1691411918.681,0.001,,.,0,0,0.000,0.000,-,0,0,197,116,58,10,35796,,,,,,-,
Content-Type
image/gif
json
www.reversinglabs.com/_hcms/forms/embed/v3/form/3375217/24abef2a-a2f4-4889-8899-dd4026584fa9/
16 KB
4 KB
XHR
General
Full URL
https://www.reversinglabs.com/_hcms/forms/embed/v3/form/3375217/24abef2a-a2f4-4889-8899-dd4026584fa9/json?hs_static_app=forms-embed&hs_static_app_version=1.3512&X-HubSpot-Static-App-Info=forms-embed-1.3512
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/_hcms/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
74310e68d9cb6fabe0da04246f69919c5459682a242364b7c4bd4f7f257e437c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-origin-hublet
na1
date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
56f02fca-50c4-46c8-8ff1-fd933884ad5d
content-encoding
br
x-envoy-upstream-service-time
17
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
56f02fca-50c4-46c8-8ff1-fd933884ad5d
server
cloudflare
x-trace
2B242E1448D0ED3BFC1BD13E89DDFCCF55383B663A000000000000000000
vary
origin, Accept-Encoding
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-max-age
180
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-759c64d45c-f4t27
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qA2cNopDQ91rh1xDnEh7HnFcb2rMF4RuR26%2FzFLnkZDfdzaAgi4I6vsZILgIXV2GInUzmf35vfQdFU3aBeCcGgAHWl6n5%2B59vNtlu5nPuY%2BY7%2B1nvvVIbfB0zArJdNZ2KOTiXGzNpzbSjUZ4BUOKgFTukQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
7f2f93e9eff22c6a-FRA
access-control-allow-headers
*
x-robots-tag
none
JrRu3vUM8j33QSR7Bwxw
ws.zoominfo.com/pixel/
3 KB
2 KB
Script
General
Full URL
https://ws.zoominfo.com/pixel/JrRu3vUM8j33QSR7Bwxw
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
042ff07e4bf14f120b0fe849ae2604a48f22540e61c9ec46c0c206c7569b4356
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
7f2f93ea2f671c3a-FRA
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok
alt-svc
h3=":443"; ma=86400
all.js
connect.facebook.net/en_GB/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_GB/all.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
415f1b24f09d34ace4333cdd8a1a2ed4c0f74db2f4f6c76967f1a5555e87d0cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 07 Aug 2023 12:38:38 GMT
content-md5
DLCVo6WkK1ZtNv/uaQ4nsQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1687
x-fb-debug
oFLu+b+GFRaykMOoC+HuMT7vhouHDN4Cy+VvIan8YA/fn1IQh/XqguYsTk57ddDJ7lYbqBgCdLC6kZkcl27eEw==
x-fb-content-md5
b9ecef98197cb0ee143ebb1d276d6a97
cross-origin-opener-policy
same-origin-allow-popups
etag
"549b037e1884b8c7f4948f0b57aab044"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin
*
priority
u=3,i
expires
Mon, 07 Aug 2023 12:42:40 GMT
widgets.js
platform.twitter.com/
91 KB
28 KB
Script
General
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (via/F337) /
Resource Hash
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Mon, 07 Aug 2023 12:38:38 GMT
Content-Encoding
gzip
Age
32
x-amz-server-side-encryption
AES256
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length
27630
Last-Modified
Tue, 24 Jan 2023 21:41:51 GMT
Server
ECS (via/F337)
Etag
"9e99725b7a4cd730a934afba2a438bb5+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
x-tw-cdn
VZ
Cache-Control
public, max-age=1800
/
www.facebook.com/tr/
0
185 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1076912843267184&ev=Lead&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&rl=&if=false&ts=1691411918446&sw=1600&sh=1200&v=2.9.121&r=stable&ec=0&o=30&fbp=fb.1.1691411918445.2008133154&it=1691411918296&coo=false&exp=a1&rqm=GET
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 07 Aug 2023 12:38:38 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/tr/
0
31 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1076912843267184&ev=PageView&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&rl=&if=false&ts=1691411918449&sw=1600&sh=1200&v=2.9.121&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1691411918445.2008133154&it=1691411918296&coo=false&exp=a1&rqm=GET
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 07 Aug 2023 12:38:38 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
conversations-embed.js
js.usemessages.com/
76 KB
22 KB
Script
General
Full URL
https://js.usemessages.com/conversations-embed.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:63ac , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a949852daa2fe2be0d5e7dfbf2d0edf71121b49a82b1d82992aa8aa9b7c2d9b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
x-amz-version-id
ODJS4by7FZvkpoRvjuP9B12j3hHA63aR
via
1.1 3042bd56e0ca0a7910df89f6b5e95e9e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
age
491
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.13717/bundles/project.js&cfRay=7f2f87eeae5b2c75-FRA
x-cache
Hit from cloudfront
x-hubspot-correlation-id
d0a5171a-037f-4c06-918b-7440d6503593
cache-tag
staticjsapp-conversations-embed-web-prod,staticjsapp-prod
content-encoding
br
x-envoy-upstream-service-time
2
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
d0a5171a-037f-4c06-918b-7440d6503593
last-modified
Tue, 01 Aug 2023 04:58:19 UTC
server
cloudflare
etag
W/"99645c9c8dd31a70b2127da46f42c10f"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-hs-cache-status
HIT
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-s8xd8
cf-ray
7f2f93ea7f802c45-FRA
x-amz-cf-id
mu4tA330h5kqqXO2L71XA7qBmBBTzMEFK3fkyJG7JRmwY2YkDVapqg==
x-hs-target-asset
conversations-embed/static-1.13717/bundles/project.js
fb.js
js.hsadspixel.net/
6 KB
3 KB
Script
General
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:75be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e10ce26ead0eca58cd5346843538415611b745bfd29825322efad56424a4c911
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
x-amz-version-id
aAzOiTTzU7.XykyGrcpmeR7PTeB2LyLv
via
1.1 53b70ac9dc46d1c13992b291cf22a9aa.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
age
3
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.387/bundles/pixels-release.js&cfRay=7f2f93d548512c3a-FRA
x-cache
Hit from cloudfront
x-hubspot-correlation-id
5cfb6f55-83c1-4594-a4e3-f3e2a8dc610f
cache-tag
staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding
br
x-envoy-upstream-service-time
1
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
5cfb6f55-83c1-4594-a4e3-f3e2a8dc610f
last-modified
Tue, 18 Jul 2023 03:27:27 UTC
server
cloudflare
etag
W/"784f994871e489c9943a65326d43e875"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-hs-cache-status
HIT
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-8rxrz
cf-ray
7f2f93ea7c782c47-FRA
x-amz-cf-id
9GCvjBU0GlMEeAlSarLEqnGcFEyeW8lZwQuoVbpn0633c8sN9wTzSQ==
x-hs-target-asset
adsscriptloaderstatic/static-1.387/bundles/pixels-release.js
leadflows.js
js.hsleadflows.net/
540 KB
86 KB
Script
General
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:826e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96ea6b1e986879257e104371bf5f0cb0bf2bb9957a1aa73fa9df8be99aeeb157
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Origin
https://www.reversinglabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-encoding
br
age
60569
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1232/bundle/main/lead-flows-release.js&cfRay=7f29cd303a4437fb-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"039461df2d1d43031520c7d3a853f79e"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=86400, max-age=0
x-hs-target-asset
lead-flows-js/static-1.1232/bundle/main/lead-flows-release.js
date
Mon, 07 Aug 2023 12:38:38 GMT
x-amz-version-id
RIqU3aMZg9szNHjfbC8NSxVkuKgO4.TB
via
1.1 e8eec15d9551dd475d4c478f9fbb5f04.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
49fae40c-62ac-4f67-9390-099e26e3ea6f
x-cache
Hit from cloudfront
cache-tag
staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
5
x-evy-trace-route-configuration
listener_https/all
x-request-id
49fae40c-62ac-4f67-9390-099e26e3ea6f
last-modified
Thu, 03 Aug 2023 01:17:49 UTC
server
cloudflare
access-control-max-age
3000
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-5c7n7
cf-ray
7f2f93ea8d931961-FRA
x-amz-cf-id
69cYFZrVmSprSFf4csp3w_Bg2nUm_SHb0E52ohc8INUSnNhIkbE_bw==
3375217.js
js.hs-banner.com/
60 KB
16 KB
Script
General
Full URL
https://js.hs-banner.com/3375217.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c50dd5c1727efe22037460b8eaa121b22932d39ab13865d1ecf5b8372d2da4d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
x-amz-version-id
bw3Z1oFRilBSp2nJoqwzp68d0FJwmW7g
content-encoding
br
cf-cache-status
HIT
x-amz-request-id
RBE79JRCQX0SZ72C
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
c8b9a06b-c6fb-4018-9f3a-4f6653f6722c
age
251
x-envoy-upstream-service-time
16
x-amz-id-2
ZbuhtKiV1gK0wfVb9beiQKvFWNMdnvE9LeuRJBNl8kMz1OcHjxBoGP7Gzc4q/p+ibEUOQImtd+g=
x-evy-trace-listener
listener_https
x-request-id
c8b9a06b-c6fb-4018-9f3a-4f6653f6722c
x-evy-trace-route-configuration
listener_https/all
last-modified
Wed, 31 May 2023 09:21:10 GMT
server
cloudflare
etag
W/"4f3650703a78045f1ac9ea0084ff242e"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://www.reversinglabs.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-f4w7q
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
7f2f93ea78b62bb6-FRA
expires
Mon, 07 Aug 2023 12:39:27 GMT
collectedforms.js
js.hscollectedforms.net/
69 KB
25 KB
Script
General
Full URL
https://js.hscollectedforms.net/collectedforms.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:6ac7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f54b61a120e0240c98428d76beab031099f4f0379cbc623de071277255088fdc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Origin
https://www.reversinglabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-encoding
br
age
432
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.380/bundles/project.js&cfRay=7f2f895d39cf3a4f-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"85b7f9af32b27bd6cc93e80bfb2911df"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
collected-forms-embed-js/static-1.380/bundles/project.js
date
Mon, 07 Aug 2023 12:38:38 GMT
x-amz-version-id
3rNMTio6eswfsQ6sgXOFNNmyULDAVi34
via
1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
e8b3df4c-3060-41aa-8bb5-b5a09275e5a6
x-cache
Hit from cloudfront
cache-tag
staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
1
x-evy-trace-route-configuration
listener_https/all
x-request-id
e8b3df4c-3060-41aa-8bb5-b5a09275e5a6
last-modified
Mon, 10 Jul 2023 09:43:19 UTC
server
cloudflare
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-htvsg
cf-ray
7f2f93ea7e583838-FRA
x-amz-cf-id
FJA-sDkXF2qUUcKMmRQuiR55Q0F326J_8dSf-_QfD-yvFAu423w0OQ==
3375217.js
js.hs-analytics.net/analytics/1691411700000/
66 KB
21 KB
Script
General
Full URL
https://js.hs-analytics.net/analytics/1691411700000/3375217.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/scriptloader/3375217.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:88ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff5b2a04410456da0a8e7d8a4db3eacf62ab980e163a500b81781ea6c5b0a73b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
x-amz-version-id
null
content-encoding
br
cf-cache-status
HIT
x-amz-request-id
NH56HQGT841HSM9D
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
91b14c03-a758-4f5f-89ae-08449d5d320a
age
124
x-envoy-upstream-service-time
19
x-amz-id-2
BQaxrErRgwpsGnAM3uBF+KQiRLigZLpJFRFBrUV/KGfvNb4rkfRwpI7FOaFbCmpcIweODPSMAus=
x-evy-trace-listener
listener_https
x-request-id
91b14c03-a758-4f5f-89ae-08449d5d320a
x-evy-trace-route-configuration
listener_https/all
last-modified
Thu, 20 Jul 2023 15:57:16 GMT
server
cloudflare
etag
W/"a3ab9dab97e068beca49a0d2808f012f"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-2sbs7
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
7f2f93ea8a344daf-FRA
expires
Mon, 07 Aug 2023 12:41:34 GMT
has-permission
app.hubspot.com/content-tools-menu/api/v1/tools-menu/
0
1001 B
Script
General
Full URL
https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=3375217&callback=jsonpHandler
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options no-sniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
no-sniff
cf-cache-status
DYNAMIC
x-hs-worker-debug-mode
false
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
74c8e345-2a25-4ba3-9ec2-44a691214e35
x-envoy-upstream-service-time
3
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
reporting-endpoints
default="https://send.hsbrowserreports.com/csp/reports?cfRay=7f2f93eaaca41ca3&resource=unknown"
x-evy-trace-listener
listener_https
x-request-id
74c8e345-2a25-4ba3-9ec2-44a691214e35
server
cloudflare
x-trace
2B56EABF2B23D91BCAB93207B546488C5E1A6155D0000000000000000000
vary
origin, Accept-Encoding
access-control-allow-methods
GET
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-xhv87
x-evy-trace-virtual-host
all
cache-control
max-age=0
access-control-allow-credentials
true
cf-ray
7f2f93eaaca41ca3-FRA
truncated
/
37 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type
image/gif
token
cdn.linkedin.oribi.io/partner/976924/domain/reversinglabs.com/
36 B
376 B
XHR
General
Full URL
https://cdn.linkedin.oribi.io/partner/976924/domain/reversinglabs.com/token
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2204:5400:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept
*
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:01:18 GMT
content-encoding
gzip
via
1.1 0b3cd120321973f1462a42e82c43c1cc.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS50-C1
age
2240
vary
accept-encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=39449
x-amz-cf-id
TOIut92KL66qdXPdt4eVT9QEDK9I78K-xeeMyC22RSPsx8JhEpr8dw==
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691411918484&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&t...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691411918484&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&t...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D976924%26time%3D1691411918484%26url%3Dhttps%253A%252F%252Fwww.reversinglabs.com%2...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691411918484&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&t...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691411918484&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&...
0
264 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691411918484&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQL88xtyiX5pFwAAAYnQAbL2dgHYHWj5WWDlS13epaxmSxlB1TZr464OmIo3JxSH
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:39 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 9E59428ECCD748A18DD80B6055AB9F82 Ref B: FRAEDGE1521 Ref C: 2023-08-07T12:38:39Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYCVIamFCs2UuNjIP1bpQ==

Redirect headers

date
Mon, 07 Aug 2023 12:38:39 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: D3A36771E8CC4B77B692D87E9973AED9 Ref B: FRAEDGE1717 Ref C: 2023-08-07T12:38:39Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=976924&time=1691411918484&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQL88xtyiX5pFwAAAYnQAbL2dgHYHWj5WWDlS13epaxmSxlB1TZr464OmIo3JxSH
x-li-proto
http/2
content-length
0
x-li-uuid
AAYCVIai8QzbIXaMLWA+Gg==
token
cdn.linkedin.oribi.io/partner/976924/domain/reversinglabs.com/
36 B
374 B
XHR
General
Full URL
https://cdn.linkedin.oribi.io/partner/976924/domain/reversinglabs.com/token
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2204:5400:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept
*
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:01:18 GMT
content-encoding
gzip
via
1.1 0b3cd120321973f1462a42e82c43c1cc.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS50-C1
age
2240
vary
accept-encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=39449
x-amz-cf-id
1u4Fq54dhDV7W7oZhL0oX9F5HbRArSpeXN0eT8hUvqmYoVOeu72gZg==
6si.min.js
j.6sc.co/
48 KB
14 KB
Script
General
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
ae3536ecd79c98f87387cee9060be3053e0eb8fe0871e7336554812ef8138772
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 07 Aug 2023 12:38:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 20 Jul 2023 16:27:10 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"64b9605e-bf6f"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, proxy-revalidate
accept-ranges
bytes
content-length
14190
expires
Mon, 07 Aug 2023 12:38:38 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/970567826/
3 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/970567826/?random=1691411918570&cv=11&fst=1691411918570&bg=ffffff&guid=ON&async=1&gtm=45je3820&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&hn=www.googleadservices.com&frm=0&tiba=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&auid=1918334711.1691411918&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d629ada1b42f0cea2970a27304fe06b8c79afaa26a30792cc044fc66108f584a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 07 Aug 2023 12:38:38 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1390
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.analytics.google.com/g/
0
258 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-JVM9Z1XQPL&gtm=45je3820&_p=1764381245&_gaz=1&cid=375187726.1691411919&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1691411918&sct=1&seg=0&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&dt=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 07 Aug 2023 12:38:38 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.reversinglabs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
249 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-JVM9Z1XQPL&cid=375187726.1691411919&gtm=45je3820&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0b::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 07 Aug 2023 12:38:38 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.reversinglabs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.analytics.google.com/g/
0
54 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-JVM9Z1XQPL&gtm=45je3820&_p=1764381245&cid=375187726.1691411919&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1691411918&sct=1&seg=0&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&dt=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&en=Hubspot%20Form%20-%20Listener&_c=1&_et=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 07 Aug 2023 12:38:38 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.reversinglabs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.analytics.google.com/g/
0
54 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-JVM9Z1XQPL&gtm=45je3820&_p=1764381245&cid=375187726.1691411919&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=3&sid=1691411918&sct=1&seg=0&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&dt=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&en=LinkedIn%20Insight&_c=1&_et=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 07 Aug 2023 12:38:38 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.reversinglabs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.analytics.google.com/g/
0
54 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-JVM9Z1XQPL&gtm=45je3820&_p=1764381245&cid=375187726.1691411919&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=4&sid=1691411918&sct=1&seg=0&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&dt=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&en=MetaData%20Script%20Landing%20page%20Conv&_c=1&_et=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 07 Aug 2023 12:38:38 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.reversinglabs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.analytics.google.com/g/
0
54 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-JVM9Z1XQPL&gtm=45je3820&_p=1764381245&cid=375187726.1691411919&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=5&sid=1691411918&sct=1&seg=0&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&dt=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&en=Reddit%20Conversion%20Tracking&_c=1&_et=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JVM9Z1XQPL&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 07 Aug 2023 12:38:38 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.reversinglabs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
408 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-JVM9Z1XQPL&cid=375187726.1691411919&gtm=45je3820&aip=1&z=10462207
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 07 Aug 2023 12:38:38 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/
15 B
225 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1764381245&t=pageview&_s=1&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&ul=en-us&de=UTF-8&dt=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1164641203&gjid=309872791&cid=375187726.1691411919&tid=UA-32828290-1&_gid=302295635.1691411919&_r=1&_slc=1&gtm=45He3820n81MKL9P8B&z=56310750
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e5808455786f658eccda5e658ffcc1073d757dd9b70ea3c931fa7a36d583abbc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 07 Aug 2023 12:38:38 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.reversinglabs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15
expires
Fri, 01 Jan 1990 00:00:00 GMT
counters.gif
forms.hsforms.com/embed/v3/
35 B
1016 B
Image
General
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:d4f3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Mon, 07 Aug 2023 12:38:38 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
f1e2cb2d-c096-4737-9d84-0b897f017e32
x-envoy-upstream-service-time
1
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
f1e2cb2d-c096-4737-9d84-0b897f017e32
Server
cloudflare
X-Trace
2B4E0033F2A508BAC7C634F451CD829F1C8C4AF11B000000000000000000
Vary
origin
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-759c64d45c-44rkg
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
X-Robots-Tag
none
CF-RAY
7f2f93ebead28fe8-FRA
rp.gif
alb.reddit.com/
42 B
637 B
Image
General
Full URL
https://alb.reddit.com/rp.gif?ts=1691411918697&id=t2_neftrm6a&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=ddb16136-6a32-428c-8c3d-6f9a5c1c3e25&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_f5bd31b2
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:38 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html
platform.twitter.com/widgets/ Frame D411
320 KB
104 KB
Document
General
Full URL
https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.reversinglabs.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (via/F33D) /
Resource Hash
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
392980
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
105435
Content-Type
text/html; charset=utf-8
Date
Mon, 07 Aug 2023 12:38:38 GMT
Etag
"95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified
Tue, 24 Jan 2023 21:41:13 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (via/F33D)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary
Accept-Encoding
X-Cache
HIT
x-amz-server-side-encryption
AES256
x-tw-cdn
VZ
all.js
connect.facebook.net/en_GB/
303 KB
85 KB
Script
General
Full URL
https://connect.facebook.net/en_GB/all.js?hash=cd35d2383f802bc59f9d809c0e58770c
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
12c8e4eb0826656e26b370c3d2b26d918a04cb80a6c7a44f610127babdc9ca77
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Origin
https://www.reversinglabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 07 Aug 2023 12:38:39 GMT
content-md5
3DqoxuqBhtIBN5hgT7uMPg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
87049
x-fb-debug
8o9Gmd+6abdpo1ho90L/VQ9qqinTNbdClI2S/O2y396whs5Giv/Qdxh+xtpPkbLJKUrm3J1Vu++18kPGa6rSZw==
x-fb-content-md5
26ad65b6f3ade4c043c190083a02b108
cross-origin-opener-policy
same-origin-allow-popups
etag
"0234788dce3479ba38689b20b799d686"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?0
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin
*
priority
u=3,i
expires
Tue, 06 Aug 2024 11:16:40 GMT
widget
www.reversinglabs.com/_hcms/livechat/
338 B
2 KB
XHR
General
Full URL
https://www.reversinglabs.com/_hcms/livechat/widget?portalId=3375217&conversations-embed=static-1.13717&mobile=false&messagesUtk=bbfb338889e0463ea9b6adeb83dd8d32&traceId=bbfb338889e0463ea9b6adeb83dd8d32
Requested by
Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d8e30adfec247d61be8172549cc16e36bd1eb63859b8e818aa0f9965b4dcaef
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
accept-language
de-DE,de;q=0.9
X-HubSpot-Messages-Uri
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:39 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
7b39decb-9c2d-4a17-9cbc-b7ff19f53d38
x-envoy-upstream-service-time
7
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
7b39decb-9c2d-4a17-9cbc-b7ff19f53d38
server
cloudflare
x-trace
2B2858367AF05D833778A6FAC0AF15CE6527683E4F000000000000000000
vary
origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-598c95b5b7-fmst8
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials
false
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xiTg%2F%2BiOYIUQLFEnDLbAJjPWJpMuUZAkUTQysEJtHZ%2BqYk2RyfXoDm%2FTObmIBIXoD0Y6vvqKn5vmQcenhfAHIM4YcFnGUjZwDyMoPpDgUcMHaaNA4OKJAhiqnboCAO3LPlq9YrXbSLwt8Gt0l8CQ360kOw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
7f2f93eded852c6a-FRA
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
json
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/
115 B
1 KB
XHR
General
Full URL
https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=3375217
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:cbcc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95fbf2ab9776737534e11c42ed7370e97aa96be93bdda3783a252eab6d9a0e70
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:39 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
5023d720-d6a5-4fb7-9b9f-0e1f1d2f41a7
content-encoding
br
x-envoy-upstream-service-time
4
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
5023d720-d6a5-4fb7-9b9f-0e1f1d2f41a7
server
cloudflare
x-trace
2BD54EFE1FBEE6CA99C170360C65D26B1C0A14C1BD000000000000000000
vary
origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.reversinglabs.com
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-598c95b5b7-ntps2
access-control-max-age
180
access-control-allow-credentials
false
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZdvoI1ubRWfX1hHSGeFdofsG20wDRBWLT7ik1KtgjsBMDitCWiiXvm6yOimGvvSI0wIAyCI5IMqRCgnZ%2B6nmb0fatQNR1a2Enn6vA32ARhrRBYP6yhx2C9DCebKQZYKy9gfI7XviKvRzylK%2F"}],"group":"cf-nel","max_age":604800}
cf-ray
7f2f93ee48af2be0-FRA
access-control-allow-headers
*
counters.gif
forms-na1.hsforms.com/embed/v3/
35 B
1016 B
Image
General
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:d6f3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Mon, 07 Aug 2023 12:38:39 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
6a867e87-554f-4a91-b2e3-9e1ef79378b3
x-envoy-upstream-service-time
2
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
6a867e87-554f-4a91-b2e3-9e1ef79378b3
Server
cloudflare
X-Trace
2BB595CA35B1ECBBBD1287704D12D6C28D95FCAA8D000000000000000000
Vary
origin
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-759c64d45c-qr8ft
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
X-Robots-Tag
none
CF-RAY
7f2f93ee5a2f9202-FRA
js
www.googletagmanager.com/gtag/
242 KB
81 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-6H8MZ60CSB&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7b4d8e7f1be142ed2c99643dd4a0d89706fce94b2a1e639fd2eb1e8177ad6758
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:39 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
83011
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 07 Aug 2023 12:38:39 GMT
json
forms.hscollectedforms.net/collected-forms/v1/config/
115 B
460 B
XHR
General
Full URL
https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=3375217&utk=
Requested by
Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:6ac7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb71e0d749623b7c583b86934740d866e5f6fc000204c6b3cb7dfe25a888cc60
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:39 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
dde44a0b-cc98-4972-8a7c-5411fc8ef3a8
x-envoy-upstream-service-time
8
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
dde44a0b-cc98-4972-8a7c-5411fc8ef3a8
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.reversinglabs.com
x-evy-trace-virtual-host
all
cache-control
max-age=0
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-5c7n7
access-control-max-age
180
x-robots-tag
none
access-control-allow-headers
*
cf-ray
7f2f93ee8cf73838-FRA
/
www.google.com/pagead/1p-user-list/970567826/
42 B
455 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/970567826/?random=1691411918570&cv=11&fst=1691409600000&bg=ffffff&guid=ON&async=1&gtm=45je3820&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&frm=0&tiba=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2566458140&rmt_tld=0&ipr=y
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 07 Aug 2023 12:38:39 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/970567826/
42 B
154 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/970567826/?random=1691411918570&cv=11&fst=1691409600000&bg=ffffff&guid=ON&async=1&gtm=45je3820&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&frm=0&tiba=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2566458140&rmt_tld=1&ipr=y
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 07 Aug 2023 12:38:39 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
settings
syndication.twitter.com/ Frame D411
869 B
658 B
Fetch
General
Full URL
https://syndication.twitter.com/settings?session_id=c1d563bde5c3778735011f9164382252bcd61f61
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.reversinglabs.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.136 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-response-time
103
date
Mon, 07 Aug 2023 12:38:38 GMT
content-encoding
gzip
strict-transport-security
max-age=631138519
last-modified
Mon, 07 Aug 2023 12:38:39 GMT
server
tsa_o
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
x-transaction-id
052d56a529d72785
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
perf
7626143928
x-connection-hash
6a7e51fb19e10cab60acddc428c67d4b337ff8491b76f157eb0bc8ac1870202c
content-length
337
/
www.facebook.com/tr/ Frame 2289
0
76 B
Document
General
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://www.reversinglabs.com
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://www.reversinglabs.com
alt-svc
h3=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Mon, 07 Aug 2023 12:38:39 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
/
c.6sc.co/
7 B
197 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:39 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/html
access-control-allow-origin
https://www.reversinglabs.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
7
/
ipv6.6sc.co/
14 B
303 B
XHR
General
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:22::1726:62ed Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
74b8942009f393336b393dad1d725947fe03629bd9d58a76eabfc6eaf6762ead

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 07 Aug 2023 12:38:39 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://www.reversinglabs.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2a01:4a0:2b::6
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1691411919172_389993773_273415211_26_957_6_0_219";dur=1
content-length
14
expires
Mon, 07 Aug 2023 12:38:39 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=47b9f600-eba9-4cdd-8d23-48e6e7351584&session=bd358dd3-b997-43e2-8833-c503c8a38e04&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2007%20Aug%202023%2012%3A38%3A39%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Aug%202023%2012%3A38%3A39%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22125cf4892bae30e8b53458235ef53f8d%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Aug%202023%2012%3A38%3A39%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2007%20Aug%202023%2012%3A38%3A39%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReversingLabs%20threat%20researchers%20have%20identified%20a%20new%20malicious%20PyPI%20campaign%20that%20includes%20a%20suspicious%20VMConnect%20package%20published%20to%20the%20PyPI%20repo.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&pageViewId=4552ee2e-b232-455b-88c3-63050389a0e0&v=1.1.5
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:39 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
collect
region1.google-analytics.com/g/
0
54 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-6H8MZ60CSB&gtm=45je3820&_p=1764381245&ul=en-us&sr=1600x1200&cid=375187726.1691411919&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=ABAI&_s=1&dl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&dt=VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules&sid=1691411919&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6H8MZ60CSB&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 07 Aug 2023 12:38:39 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.reversinglabs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
485 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=47b9f600-eba9-4cdd-8d23-48e6e7351584&session=bd358dd3-b997-43e2-8833-c503c8a38e04&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A2b%3A%3A6%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReversingLabs%20threat%20researchers%20have%20identified%20a%20new%20malicious%20PyPI%20campaign%20that%20includes%20a%20suspicious%20VMConnect%20package%20published%20to%20the%20PyPI%20repo.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&pageViewId=4552ee2e-b232-455b-88c3-63050389a0e0&v=1.1.5
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:39 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"60bb2e15-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
js
www.googletagmanager.com/gtag/
279 KB
94 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-970567826
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
291faf0f75e8892127a53019f303db0f9a9d4f0b93db139a14de146cd017d9d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:39 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
95901
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 07 Aug 2023 12:38:39 GMT
counters.gif
forms.hsforms.com/embed/v3/
35 B
624 B
Image
General
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2
Requested by
Host: www.reversinglabs.com
URL: https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:d4f3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:39 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
020f35ce-eb9c-447e-b4e4-00dbf2d64696
x-envoy-upstream-service-time
6
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
020f35ce-eb9c-447e-b4e4-00dbf2d64696
server
cloudflare
x-trace
2B8CB91A3A220A951E2E28DB952AA1E796B72F319E000000000000000000
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-759c64d45c-g2zls
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
7f2f93efda443829-FRA
up
insight.adsrvr.org/track/ Frame F242
0
182 B
Document
General
Full URL
https://insight.adsrvr.org/track/up?adv=7qhctws&ref=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&upid=8t4axvj&upv=1.1.0
Requested by
Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private,no-cache, must-revalidate
content-type
text/html
date
Mon, 07 Aug 2023 12:38:40 GMT
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma
no-cache
x-aspnet-version
4.0.30319
__ptq.gif
track.hubspot.com/
45 B
439 B
Image
General
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2246696628&v=1.1&a=3375217&pi=128190968732&ct=blog-post&ccu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&cpi=128190968732&cgi=5901382633&lpi=128190968732&lvi=128190968732&lvc=en&pu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&t=VMConnect%3A+Malicious+PyPI+packages+imitate+popular+open+source+modules&cts=1691411919910&vi=3a91079099080def8eebd513141f2fdb&nc=true&u=60854195.3a91079099080def8eebd513141f2fdb.1691411919907.1691411919907.1691411919907.1&b=60854195.1.1691411919907&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:40 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
6ccd3cd0-26de-4b02-b119-3171355f65e2
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
15
alt-svc
h3=":443"; ma=86400
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
6ccd3cd0-26de-4b02-b119-3171355f65e2
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YoKW84Es6%2FSM0lxqobmsPb7%2FR5kSNArhUXp1o%2BvD%2Fc%2F7boDIGWgCsZgiMuEAtxowuZVomWLqhkOXOEl0SBfl3uSu1cnob2L8mkweWRcfz2vi4v2yXU0r9ouHkUy6A6t0LAg4dA2ENibTxtfQMJWy"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-5f6448c676-p7wls
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
7f2f93f37bb01ca3-FRA
x-robots-tag
none
__ptq.gif
track.hubspot.com/
45 B
621 B
Image
General
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=24abef2a-a2f4-4889-8899-dd4026584fa9&fci=53f8eb0d-4792-4a07-8db3-dd641a992f2e&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2246696628&v=1.1&a=3375217&pi=128190968732&ct=blog-post&ccu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&cpi=128190968732&cgi=5901382633&lpi=128190968732&lvi=128190968732&lvc=en&pu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&t=VMConnect%3A+Malicious+PyPI+packages+imitate+popular+open+source+modules&cts=1691411919912&vi=3a91079099080def8eebd513141f2fdb&nc=true&u=60854195.3a91079099080def8eebd513141f2fdb.1691411919907.1691411919907.1691411919907.1&b=60854195.1.1691411919907&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:40 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
384f4b12-3760-4c6c-9791-bb59d5b76994
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
7
alt-svc
h3=":443"; ma=86400
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
384f4b12-3760-4c6c-9791-bb59d5b76994
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cV74QGzhMOqAn3KTpC8jQL3CVke%2F9XItmne%2BzJzPU%2BdmCiv%2Feo65b%2BpBKFcOjsLhIpLoMtPC%2FAzWRDpDRV7uk45SHO4BHsRoz8ovJkqiAlYmTh6u7d2DDY2na59rloeVj07mo6inEuWBUjO%2F%2BE1%2F"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-5f6448c676-z7z79
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
7f2f93f38bc41ca3-FRA
x-robots-tag
none
__ptq.gif
track.hubspot.com/
45 B
437 B
Image
General
Full URL
https://track.hubspot.com/__ptq.gif?k=17&fi=24abef2a-a2f4-4889-8899-dd4026584fa9&fci=53f8eb0d-4792-4a07-8db3-dd641a992f2e&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2246696628&v=1.1&a=3375217&pi=128190968732&ct=blog-post&ccu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&cpi=128190968732&cgi=5901382633&lpi=128190968732&lvi=128190968732&lvc=en&pu=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&t=VMConnect%3A+Malicious+PyPI+packages+imitate+popular+open+source+modules&cts=1691411919913&vi=3a91079099080def8eebd513141f2fdb&nc=true&u=60854195.3a91079099080def8eebd513141f2fdb.1691411919907.1691411919907.1691411919907.1&b=60854195.1.1691411919907&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:40 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
a802641d-083d-406c-ab8c-76d27f97eb35
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
6
alt-svc
h3=":443"; ma=86400
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
a802641d-083d-406c-ab8c-76d27f97eb35
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PQeFRu6Vg2g2kJm5B0QTKx2EqixnTvKuLmHPBG27ZrFbgmOQysRaUtFDc4i1KH4mugNBnQXEmYJUr7iJy4rD3Otd2yr2wxuiLOoHgnONSql5Cr4DzfRpOzDmuMU1%2Fhr3iNkLB%2BscMbueGnfR3n%2Fd"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-5f6448c676-j9299
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
7f2f93f38bc61ca3-FRA
x-robots-tag
none
json
forms.hubspot.com/lead-flows-config/v1/config/
178 B
1 KB
XHR
General
Full URL
https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=3375217&utk=3a91079099080def8eebd513141f2fdb&__hstc=60854195.3a91079099080def8eebd513141f2fdb.1691411919907.1691411919907.1691411919907.1&__hssc=60854195.1.1691411919907&contentId=128190968732&currentUrl=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
Requested by
Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccfb5fb5ee47380f1e36f11b337ce0a42c304922ac92992b7a1ba38f0ace9395
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:40 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
d476b9da-4a45-46a0-a08d-88ab4d9f2c53
content-encoding
br
x-envoy-upstream-service-time
18
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
d476b9da-4a45-46a0-a08d-88ab4d9f2c53
server
cloudflare
vary
origin
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.reversinglabs.com
x-evy-trace-virtual-host
all
access-control-max-age
180
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=57tZkGKI%2Bo8kGZfesxsJmi8%2F6doS0KwtP%2B1fZVbF1N4LzpsCA2ltLqu6UztsbbNtMywsZBGmvO4u506afCAaK4c9XPk4GSZLJttIk7wHaDbcLI%2BovIGy5SknmZ0dFU3jQuzvvytRnizWMzTdg7DK"}],"group":"cf-nel","max_age":604800}
x-robots-tag
none
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
7f2f93f4094e4d9e-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-759c64d45c-44rkg
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=47b9f600-eba9-4cdd-8d23-48e6e7351584&session=bd358dd3-b997-43e2-8833-c503c8a38e04&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Aug%202023%2012%3A38%3A40%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Aug%202023%2012%3A38%3A39%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%221003%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReversingLabs%20threat%20researchers%20have%20identified%20a%20new%20malicious%20PyPI%20campaign%20that%20includes%20a%20suspicious%20VMConnect%20package%20published%20to%20the%20PyPI%20repo.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&pageViewId=4552ee2e-b232-455b-88c3-63050389a0e0&v=1.1.5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:40 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=47b9f600-eba9-4cdd-8d23-48e6e7351584&session=bd358dd3-b997-43e2-8833-c503c8a38e04&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Aug%202023%2012%3A38%3A41%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Aug%202023%2012%3A38%3A40%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222004%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReversingLabs%20threat%20researchers%20have%20identified%20a%20new%20malicious%20PyPI%20campaign%20that%20includes%20a%20suspicious%20VMConnect%20package%20published%20to%20the%20PyPI%20repo.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&pageViewId=4552ee2e-b232-455b-88c3-63050389a0e0&v=1.1.5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:41 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
485 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=47b9f600-eba9-4cdd-8d23-48e6e7351584&session=bd358dd3-b997-43e2-8833-c503c8a38e04&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Aug%202023%2012%3A38%3A42%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Aug%202023%2012%3A38%3A41%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223005%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReversingLabs%20threat%20researchers%20have%20identified%20a%20new%20malicious%20PyPI%20campaign%20that%20includes%20a%20suspicious%20VMConnect%20package%20published%20to%20the%20PyPI%20repo.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&pageViewId=4552ee2e-b232-455b-88c3-63050389a0e0&v=1.1.5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:42 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 02:04:22 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f03226-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=47b9f600-eba9-4cdd-8d23-48e6e7351584&session=bd358dd3-b997-43e2-8833-c503c8a38e04&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Aug%202023%2012%3A38%3A43%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Aug%202023%2012%3A38%3A42%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224006%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReversingLabs%20threat%20researchers%20have%20identified%20a%20new%20malicious%20PyPI%20campaign%20that%20includes%20a%20suspicious%20VMConnect%20package%20published%20to%20the%20PyPI%20repo.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&pageViewId=4552ee2e-b232-455b-88c3-63050389a0e0&v=1.1.5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:43 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
485 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=47b9f600-eba9-4cdd-8d23-48e6e7351584&session=bd358dd3-b997-43e2-8833-c503c8a38e04&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Aug%202023%2012%3A38%3A44%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Aug%202023%2012%3A38%3A43%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225007%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReversingLabs%20threat%20researchers%20have%20identified%20a%20new%20malicious%20PyPI%20campaign%20that%20includes%20a%20suspicious%20VMConnect%20package%20published%20to%20the%20PyPI%20repo.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&pageViewId=4552ee2e-b232-455b-88c3-63050389a0e0&v=1.1.5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 07 Aug 2023 12:38:44 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f02dad-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
b.6sc.co
URL
https://b.6sc.co/v1/beacon/img.gif?token=125cf4892bae30e8b53458235ef53f8d&svisitor=null&visitor=47b9f600-eba9-4cdd-8d23-48e6e7351584&session=bd358dd3-b997-43e2-8833-c503c8a38e04&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2007%20Aug%202023%2012%3A38%3A45%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2007%20Aug%202023%2012%3A38%3A44%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%226010%22%7D&isIframe=false&m=%7B%22description%22%3A%22ReversingLabs%20threat%20researchers%20have%20identified%20a%20new%20malicious%20PyPI%20campaign%20that%20includes%20a%20suspicious%20VMConnect%20package%20published%20to%20the%20PyPI%20repo.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22VMConnect%3A%20Malicious%20PyPI%20packages%20imitate%20popular%20open%20source%20modules%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.reversinglabs.com%2Fblog%2Fvmconnect-malicious-pypi-packages-imitate-popular-open-source-modules&pageViewId=4552ee2e-b232-455b-88c3-63050389a0e0&v=1.1.5

Verdicts & Comments Add Verdict or Comment

116 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 function| launchLightbox function| hj object| _hjSettings object| dataLayer function| fbq function| _fbq object| __core-js_shared__ object| Sslac object| IN function| $ function| jQuery function| SimpleLightbox object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| vidyardEmbed function| setImmediate function| clearImmediate object| VidyardV4 object| Vidyard object| hsVars function| hs_i18n_log function| hs_i18n_substituteStrings function| hs_i18n_insertPlaceholders function| hs_i18n_getMessage object| Cookies function| tns function| postscribe object| google_tag_manager_external object| google_tag_manager object| google_tag_data undefined| module_28186900061 function| i18n_getmessage function| i18n_getlanguage object| MicroModal undefined| module_8680713 undefined| module_36845096476 object| hubspot object| HubSpotForms object| _hsq object| hbspt object| hsFormsOnReady string| GoogleAnalyticsObject function| ga string| _linkedin_data_partner_id function| rdt string| qp object| _linkedin_data_partner_ids boolean| _already_called_lintrk object| options function| cookieinfo object| cbinstance function| ttd_dom_ready function| TTDUniversalPixelApi object| _hsp function| jsonpHandler function| lintrk object| _6si undefined| $checker number| tnsId function| onYouTubeIframeAPIReady object| GooglebQhCsO object| gaGlobal object| gaplugins object| gaData object| Metadata object| configArgs number| pixelRatio number| width number| height object| screenSize object| labels object| __twttrll object| twttr object| __twttr object| FB boolean| hubspot_live_messages_running object| HubSpotConversations boolean| PIXELS_RAN object| enabledEventSettings object| __hsCollectedFormsDebug boolean| _hspb_ran boolean| _hspb_loaded object| _paq function| sanitizeKey boolean| _hstc_loaded object| ziws object| globalRoot undefined| hns function| bindToWindowOnError object| leadflows function| OutpostErrorReporter function| _registerAvailablePopup object| _availablePopups boolean| popupPoliceActive undefined| hns2 undefined| jade undefined| I18n undefined| Pikaday undefined| reqwest undefined| exports undefined| define boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN object| __buffer boolean| _hstc_ran string| __hsUserToken number| expireDateTime boolean| LEAD_FLOW_DOCUMENT_READY_RAN

35 Cookies

Domain/Path Name / Value
.www.reversinglabs.com/ Name: __cfruid
Value: 20426d2f43a46af28b17e7a135243d85e755a699-1691411917
.www.reversinglabs.com/ Name: __cf_bm
Value: fNBFLkius1vWaoD7AvklgsuTyl2hjpKTB9XVBfqRjjg-1691411917-0-AbCU3J5G+kDFGAW8vtifpHnz11sbRajCOGMAnvyC8WvoAKdKYhz5LljSnkpPI0BmUUjXM8Wp+t0ciV59fIoP92Y=
.reversinglabs.com/ Name: _gcl_au
Value: 1.1.1918334711.1691411918
.reversinglabs.com/ Name: _fbp
Value: fb.1.1691411918445.2008133154
.reversinglabs.com/ Name: _hjSessionUser_3176008
Value: eyJpZCI6ImI2NDJkNGUzLTg3ZGEtNTI1OC05ODgzLWJkZDE1ZTk5MTM2MSIsImNyZWF0ZWQiOjE2OTE0MTE5MTg0MzEsImV4aXN0aW5nIjpmYWxzZX0=
.reversinglabs.com/ Name: _hjFirstSeen
Value: 1
.reversinglabs.com/ Name: _hjIncludedInSessionSample_3176008
Value: 0
.reversinglabs.com/ Name: _hjSession_3176008
Value: eyJpZCI6ImY3ZDBjMGZjLTgzYWYtNGM1OC1hYzkzLWMwMjI2NDhhY2RlMiIsImNyZWF0ZWQiOjE2OTE0MTE5MTg0NjksImluU2FtcGxlIjpmYWxzZX0=
.reversinglabs.com/ Name: _hjAbsoluteSessionInProgress
Value: 0
.ws.zoominfo.com/ Name: visitorId
Value: 87764878d67814820ab5b24e069c521a14f0317c8ad6720ddf07b30ae71b32e7
.zoominfo.com/ Name: __cf_bm
Value: 7OMHJsaUx1joVPOsH77Bl6yE.sjLoXOuI4PWdofEYkI-1691411918-0-Abh5dXmQlQgsJEEPH2viMNQxszIUlM4QLgn2lFMfaXHPfpSFvMcuzl7PuPmZPXqH+qAElyHTCGt3bHwg6pWl/Ts=
.zoominfo.com/ Name: _cfuvid
Value: yVQ3oKZU4vL.ctAT.udCJ.yxsEkvNBrXb60c2wjEfLI-1691411918575-0-604800000
.reversinglabs.com/ Name: _ga_JVM9Z1XQPL
Value: GS1.1.1691411918.1.0.1691411918.60.0.0
.reversinglabs.com/ Name: _ga
Value: GA1.2.375187726.1691411919
.reversinglabs.com/ Name: _gid
Value: GA1.2.302295635.1691411919
.reversinglabs.com/ Name: _gat_UA-32828290-1
Value: 1
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.reversinglabs.com/ Name: _rdt_uuid
Value: 1691411918696.ddb16136-6a32-428c-8c3d-6f9a5c1c3e25
.hubspot.com/ Name: __cf_bm
Value: b4Mkc0jBzPPp1LeUNUbmrF9U5GN0qnixoaVOlgD7sXo-1691411918-0-AUoU8Mntn7HFLO/q15SPxpMOdGtimlzxBG3IgvrHmNLLVjoWeT2pPjNnaZf5JaEjvM554YR4oCCHCOzWYVeXHWw=
.linkedin.com/ Name: li_sugr
Value: b06a15b3-65d2-4044-8b2f-02b03ee81601
.linkedin.com/ Name: bcookie
Value: "v=2&ec0a108f-5efd-4138-8210-ae22efd1e02b"
.linkedin.com/ Name: lidc
Value: "b=OGST04:s=O:r=O:a=O:p=O:g=2931:u=1:x=1:i=1691411918:t=1691498318:v=2:sig=AQF3ugt8U9K697-5fgQ1BfIt4a-yLQQI"
www.reversinglabs.com/ Name: ln_or
Value: eyI5NzY5MjQiOiJkIn0%3D
www.reversinglabs.com/ Name: _gd_visitor
Value: 47b9f600-eba9-4cdd-8d23-48e6e7351584
www.reversinglabs.com/ Name: _gd_session
Value: bd358dd3-b997-43e2-8833-c503c8a38e04
.linkedin.com/ Name: UserMatchHistory
Value: AQJk75w2GhHMAAAAAYnQAbEzYgbaHPG5OAXwLgVA5Tn3JPhYLngaYdtSRR4-EPob4OghzYq5_SmGUg
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQICshHrBk20SwAAAYnQAbEzYOHAGFyf--l69PdC6wKeYpnVnOfq1S_99u8DcpP0HfBSqGyMjZ3XLEm9Q2fMSQ
.reversinglabs.com/ Name: _ga_6H8MZ60CSB
Value: GS1.2.1691411919.1.0.1691411919.0.0.0
.www.linkedin.com/ Name: bscookie
Value: "v=1&20230807123839f14d5394-404a-43cd-86c0-a697a18718f0AQFzFspAXbDNloNTjViB4JV24ZWpRHhv"
.linkedin.com/ Name: li_gc
Value: MTswOzE2OTE0MTE5MTk7MjswMjFUTXqJ+miZTh0fjAKlSvDbIPCRZyoKq5+F8X6r5u2pxA==
.6sc.co/ Name: 6suuid
Value: b8d017023d5f0300cfe5d0642c02000095a70400
.reversinglabs.com/ Name: __hstc
Value: 60854195.3a91079099080def8eebd513141f2fdb.1691411919907.1691411919907.1691411919907.1
.reversinglabs.com/ Name: hubspotutk
Value: 3a91079099080def8eebd513141f2fdb
.reversinglabs.com/ Name: __hssrc
Value: 1
.reversinglabs.com/ Name: __hssc
Value: 60854195.1.1691411919907

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3375217.fs1.hubspotusercontent-na1.net
alb.reddit.com
api.hubapi.com
app.hubspot.com
b.6sc.co
c.6sc.co
cdn.linkedin.oribi.io
cdn.metadata.io
cdn2.hubspot.net
cdnjs.cloudflare.com
connect.facebook.net
cookieinfoscript.com
fonts.googleapis.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
forms.hubspot.com
googleads.g.doubleclick.net
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js.adsrvr.org
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
js.usemessages.com
platform.linkedin.com
platform.twitter.com
play.vidyard.com
px.ads.linkedin.com
px4.ads.linkedin.com
q.quora.com
region1.analytics.google.com
region1.google-analytics.com
script.hotjar.com
snap.licdn.com
static.hotjar.com
static.hsappstatic.net
stats.g.doubleclick.net
syndication.twitter.com
track.hubspot.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
www.reversinglabs.com
b.6sc.co
104.244.42.136
108.138.15.119
13.107.42.14
151.101.65.140
151.101.65.181
2001:4860:4802:32::36
2600:9000:2104:c000:9:d7d4:1380:93a1
2600:9000:2204:5400:2:53b2:240:93a1
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:59:254c:406:2366:268c
2606:2c40::c73c:671f
2606:2c40::c73c:67e1
2606:4700::6810:75be
2606:4700::6810:88ce
2606:4700::6810:a852
2606:4700::6811:190e
2606:4700::6811:63ac
2606:4700::6811:6ac7
2606:4700::6811:826e
2606:4700::6811:cbcc
2606:4700::6811:d4f3
2606:4700::6811:d6f3
2606:4700::6812:19c4
2606:4700::6812:8f65
2606:4700::6812:d0c9
2606:4700::6812:f0f
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:1ec:21::14
2a00:1450:4001:806::200e
2a00:1450:4001:80b::2003
2a00:1450:4001:827::2002
2a00:1450:4001:827::2004
2a00:1450:4001:828::200a
2a00:1450:4001:82f::2008
2a00:1450:4001:831::2003
2a00:1450:400c:c0b::9d
2a02:26f0:480:22::1726:62ed
2a02:26f0:480:f::213:7ecb
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
2a04:4e42:200::396
2a06:98c1:3120::3
3.33.220.150
52.207.107.232
52.222.139.53
65.9.95.21
95.101.111.184
04245f85425b7978fbfd092971444a755772b93d9fb41f4c58f388e520403afd
042ff07e4bf14f120b0fe849ae2604a48f22540e61c9ec46c0c206c7569b4356
05e4c18474627c67ace9a50f24f38cb57a9a69b05c85fec997f6eae42425b0d0
0913c513fbd0a298da9a66a21d71eadfa4b6b3f3c65cdeecccedaad495d3d785
09d01a00c23781420e6623249a514a995ea7dd8417159f308ca5391078243928
0ab31a97c236988bb6e415187b2197cdbf689664173015dffd6da8eb96b1626f
0d8e30adfec247d61be8172549cc16e36bd1eb63859b8e818aa0f9965b4dcaef
0f631dc190b0572010591fe489a4d434db77ce0ff6156e9e7e9aa745156c095c
12c8e4eb0826656e26b370c3d2b26d918a04cb80a6c7a44f610127babdc9ca77
130eb7bbe1dca232b6636767637e6bdc2a35fc2d412db3a601593d79c1d743a5
199a07091795dc18d5f648c8ae6ea323b953a6232f814e35c0217925de105a94
1a5131ba88c40e02e211f48163838569b854a383f19817b94db2f4e83f5d044d
1a5f6ffeb8930092b29aef8860e2c8ebbe25dd2dcdf70ab4b6b137c4b4592f70
1a949852daa2fe2be0d5e7dfbf2d0edf71121b49a82b1d82992aa8aa9b7c2d9b
1d4548c03b28521204ab490e46b39179b8fa196998d45215a24602306b662ab5
249d08c8fde3e1912f9d6d25ff14eed26f4adea29df815b794933eb133f8ec37
257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4
262c51d03e4bdb5c91511e2df131b608a522b7a96c6a89048ceb90084b3402dc
27215dede1579d37bcf4ab9ef8fc7d968bd02081c4e61d77837a9bb8f6ca9511
291faf0f75e8892127a53019f303db0f9a9d4f0b93db139a14de146cd017d9d1
29d170b4f372603eff8bafec8eedd2dc57712f5e38b276f31c4a5295eeeb9de3
2e0e46665e34d5b09152a1ab9be9e89802f26f40b6e1a29780bf07ae94bc2376
2e5436b217fb1a7d9d2365cccfcc95e7483fcba03205c3a216d512302e982d4d
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
350dfd290fcaf704accd61883b7d6dd6e2fcb8d6f10c747ba96707c20bddc000
37eae8190baecf55f16575bf754238976116ad37b55f81e27db05743461cd507
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b
3ac9f879f23b53c0856f5a719a5d2913f2890b5e06b60a8879945c245080fc52
3c50dd5c1727efe22037460b8eaa121b22932d39ab13865d1ecf5b8372d2da4d
3dcf5ab0268e05f2e26960055d40e37a5ec0cb225dcc9da43f52967710cea56b
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
415f1b24f09d34ace4333cdd8a1a2ed4c0f74db2f4f6c76967f1a5555e87d0cc
48caefba7197eca695349c196a4fb51a5998c8f3bd365988462d71e3c65a4b1d
4bc7148ba69c82eccc86c4a9b90d4cf456d9129c9503ad143c8005735f3fb8ba
4ed697a94ae987ec690170223f411112068b61caf8678788cb4c37347249fd00
4fe6def01e693b4ff7f8a5baa5663c2b2eb7a228d7eb28ca379d255b640df211
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
589ec6096d83ed322d2e1cf7b85f978ecfe80dc19aab6ac106ef5e2352e32269
61ce08dbad99d88826d7e7d374b628662137c7893a943d6a541cf4b0455c5067
6704b253ed39cb1e00173052347237e27bae3727ffc23ec7c4f563d156e1f6de
68858bf90cb3efb40b74dc096a0c14d3d7d8df522e30067cbee82f0640af2bab
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ba44383bc980179d0772e2785fdb088c71034b7c54607e739bc56c0e1002250
6e4d408ece6803ecb0c2356f7c16a9e1acdbf01228830ac38274ec1ada687e36
70d1119d232eb54079a766d9e1564320f2c20e6e71683e31edf766c26e9c678e
716dcc9643502eb35aa1f08b4805ec1f377daad3e67c11f9d00d65c6fc6336cf
7426c1c0d2289ccde69718bb10ae44a1a6602702194410999afb700e1e580d94
74310e68d9cb6fabe0da04246f69919c5459682a242364b7c4bd4f7f257e437c
74b8942009f393336b393dad1d725947fe03629bd9d58a76eabfc6eaf6762ead
77b1e37a44606f04534b026795250cfb8f06416adbe129533a6d855e9b573f67
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7b1ecc91aa14b48acb2f7655cc2f4285d7839ab8d239982d4473b02917cd55db
7b4d8e7f1be142ed2c99643dd4a0d89706fce94b2a1e639fd2eb1e8177ad6758
7d6d019be5fdd6ed212ab83345278024e52cb55e59e5a577644a58f1c29ae316
84240275eed2746f9d66bb0a5f46915d74ba6a7c6e210ba4634a16e03ca54270
867e2af897e43a15b5cb0cbf905ba563964426f8707d602891643fe039aa2566
86bc7c25a3bf03fad86ce1733e1a562b1395d60635b29960b7b3f68aefa8bc7a
899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1
8ae4a0865523070959595a6df44d592fd924f6a8503d913a2cbfb81b5df45e62
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8dc97419c862f91c4279fb9e2d9a0b7b9b63982ae1d3700a351ea1950c46f564
9103cd19fa0db417520474c8682d15529708804e7d5dcee981c8a19a7c083875
94e9a5e460eda83b3532d27cbb92a176ac95f1429ae89f9164d47a29d3370ee2
95fbf2ab9776737534e11c42ed7370e97aa96be93bdda3783a252eab6d9a0e70
96012ea1e665f4555d84592c02ed5ee2ae06ae12e7869c7878a9fb15cf2bd729
96ea6b1e986879257e104371bf5f0cb0bf2bb9957a1aa73fa9df8be99aeeb157
9a612c9ad7bdfdfeb71ed257ea676a5bca9db5694ee8a0f0c1f8a96330429ea3
9b78354357bc04de9fa52562968bad64ef1311b665cc6ea927d2ec08bcc82cd8
9e634b615e771259a6dc723ef2cda097c480ad26dc92faa6450c5e4e16e3288a
a9ff889aa2badd5dcf9989574fa2006fb183febc1685353d19bf1dd28ed7c1b2
abe603cadd5d178715e8d259697dd4470bf63c6ad1115eb0af8715c778640133
ae3536ecd79c98f87387cee9060be3053e0eb8fe0871e7336554812ef8138772
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b283ab5b448ca7d12311b16a7b92f4dc4f8dcac83842ff8b0e5f61c2dfa5d259
b452e67d0f273f9147920b2ec0783838b1ee33727eb9c6fae0a7cff22bf0ac85
b99e57a180459ef9973b9bb3f41ce4a28c015ac31ec686c087bf21f42d366608
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb8007225d94a099cddbade7ea904667c0dd0b68d5e30778e5c6257589ab94d1
bc595999f7c46e3f7a293c86fcc256c35467e9947bf0051464628416f1db14f0
be806513bf84af0e310b27e6d4c7eaa56119e06690c7b0bc50d728b7e82b3c9f
c44bc92eb78d7b1596789095812e8c24f5c3f9b4835318cf329204d1efc37abb
c7d36be0a73651297b0f6b15b1aa2e63a204489bb9c552c11e0cf7db771081d4
c889e86e6c42fc475d139233bc09a8fe599673cfeebe015bd3083cd1ea994e93
c9b277f813652ab4fc3476fe4b9771d2d29e10204caef39416ad8d30e45fc5a2
cafcf576874435cca6e41394ae820ab1573b83f8b405d10d3ff8add93614c8fe
cc3652de6720e88bb9378b09d34a2e807d1706b7a59a2d29903a68fa481759d5
ccfb5fb5ee47380f1e36f11b337ce0a42c304922ac92992b7a1ba38f0ace9395
cebbc0e23f1d58a574eab9a677d14629b3aa59a6fbfb0133feb3e03f0e43f754
d09af97ee06f58b7c0e071433e4f08dcfc244e3786639a601e31d3227418473a
d0f80d27eb235c529b6f87057ab7763ab82f8eb2396e8d40df573eb80e5364ec
d57a29c035e1164e865f08b030edaa603ee2a60d806138df4c2975eac83cb08f
d58fcc9b037c7817d2d7565a677f19616b2ca13d2575df0a2c82f4ad60b0ec87
d629ada1b42f0cea2970a27304fe06b8c79afaa26a30792cc044fc66108f584a
d6dc97993d7e4803aeb35d0e9a24f0393eceb43de5f7ff0f0e437f1b05aea4e2
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
ddb82c84e1cb4f9ed0e23ada938029f0ac7a79f8a8215eee7bd5177726c02c32
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e10ce26ead0eca58cd5346843538415611b745bfd29825322efad56424a4c911
e2d14bf82ef15e64d7503eed437a43ad5f26d4f5bcac6745870c32f1ed77a8a6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40c8f9d7a3c7c71ee109b2ae4df7dd9b6e3b0cd287d77f9a98312c53392ae25
e5808455786f658eccda5e658ffcc1073d757dd9b70ea3c931fa7a36d583abbc
e600901c3822e2410c8113d763d1f8babb08aab7d06aa1c861be265408cdf649
e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f
eb8d8c2427fab53f2c4d0c70d9661c7d33d995e486cdb923b0c6d65b6b4fef19
ec283af1b220ae388d616832c82a2612f2630ac572784dd39b6d2c5b8e81e7aa
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f35c317df74c5ceaca83bc620ab17f68e882a21e5378933002f20aae3af0517f
f419ad33d162aefac608940b47d2a524fca46eee0c82f877710a6369e68be33c
f54b61a120e0240c98428d76beab031099f4f0379cbc623de071277255088fdc
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f827ec383239317deb9387ea204a9a0089594aaa0a763922e3d85222010531e2
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
fb71e0d749623b7c583b86934740d866e5f6fc000204c6b3cb7dfe25a888cc60
fc2fab7ad17829305a9146a6a0db45bf46dba8b104548a2777c5583c0aff059d
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ff5b2a04410456da0a8e7d8a4db3eacf62ab980e163a500b81781ea6c5b0a73b